Welcome to MSDN Blogs Sign in | Join | Help

Michael Howard's Web Log

A Simple Software Security Guy at Microsoft!
List of Banned APIs now available

We have just published the list of SDL-banned APIs, and their replacements.

http://msdn2.microsoft.com/en-us/library/bb288454.aspx

 

Posted: Thursday, March 08, 2007 12:19 PM by michael_HOWARD
Filed under:

Comments

Peter Ritchie said:

In "Security Development Lifecycle (SDL) Banned Function Calls" you reference your book "19 Deadly Sins of Software Development"; are you sure it's not "19 Deadly Sins of Software Security"?  ...or did you guys write another book that Amazon doesn't know about?

# March 8, 2007 3:31 PM

Windows Security Feeds » Blog Archive » List of Banned APIs now available said:

PingBack from http://winblogs.security-feed.com/2007/03/08/list-of-banned-apis-now-available/

# March 8, 2007 4:18 PM

LarryOsterman said:

Geek!

What's wrong with this example?

HRESULT Function(char *s1, char *s2) {

   char temp[32];

   HRESULT hr = StringCchCopy(temp,sizeof(temp),s1);

   if (FAILED(hr)) return hr;

   return StringCchCat(temp,sizeof(temp),s2);

}

# March 8, 2007 5:10 PM

michael_HOWARD said:

yeah, it's dumb - the function returns with no use of temp!! but at least it's secure :)

# March 8, 2007 11:30 PM

Gautam said:

Thanks for a very informative article.

I think there's a small typo in one of the examples mentioned in the article-

errno_t Function(char *s1, char *s2) {

   char temp[32];

   errno_t err = strcpy_s(temp,sizeof(temp),s1);

   if (!err) return err;  

   //shouldn't it be- "if (err) return err;"

   return strcat_s(temp,sizeof(temp),s2);

}

Thanks again.

# March 9, 2007 12:53 AM

Larry Osterman said:

Michael, no, it uses StringCchCopy and passes in the size of the buffer for the 2nd parameter.  in other words, the example of how to fix your code contains a security bug.

# March 9, 2007 2:10 AM

Larry Osterman's WebLog said:

Today, Michael Howard posted a link to updated documentation that contains the new list of banned APIs

# March 9, 2007 2:15 AM

Larry Osterman said:

To be clearer: the code as written is correct, but only because sizeof(char)==1.

A far better choice would have been to use the StringCbCopy and StringCbCat functions, that would work regardless of the type of the temp variable.

# March 9, 2007 2:16 AM

Gautam Rishi said:

Thanks for a very informative article. It was indeed required.

But I think there was a typo in one of the examples given in that article-

errno_t Function(char *s1, char *s2) {

   char temp[32];

   errno_t err = strcpy_s(temp,sizeof(temp),s1);

   if (!err) return err;

   // shouldn't it be- "if (err) return err;"???

   return strcat_s(temp,sizeof(temp),s2);

}

thanks.

# March 9, 2007 2:21 AM

~sebastianweber; said:

In meinen Vorträgen zu SDL habe ich oft von den "Banned APIs" gesprochen. Also die APIs, die wir aus

# March 9, 2007 12:01 PM

RSS It All said:

In meinen Vorträgen zu SDL habe ich oft von den "Banned APIs" gesprochen. Also die APIs, die

# March 9, 2007 12:13 PM

Michiel said:

Are the suggested replacement functions fully and freely specified? I.e. is it possible and legal to write an second implementation that will run on other OSes?

C++'s std::string class is of course already implemented on many other OSes.

# March 27, 2007 3:27 AM

michael_HOWARD said:

Michiel, the C functions (strcpy_s etc) are going thru the standard process right now :)

# March 27, 2007 7:25 PM

Robert Burke's Weblog said:

Evaluation Center Experience the New MSDN Evaluation Center The new central location to register to download

# April 11, 2007 7:32 AM
New Comments to this post are disabled
Page view tracker