Comments

# Peter Ritchie said on March 8, 2007 3:31 PM:

In "Security Development Lifecycle (SDL) Banned Function Calls" you reference your book "19 Deadly Sins of Software Development"; are you sure it's not "19 Deadly Sins of Software Security"?  ...or did you guys write another book that Amazon doesn't know about?

# Windows Security Feeds » Blog Archive » List of Banned APIs now available said on March 8, 2007 4:18 PM:

PingBack from http://winblogs.security-feed.com/2007/03/08/list-of-banned-apis-now-available/

# LarryOsterman said on March 8, 2007 5:10 PM:

Geek!

What's wrong with this example?

HRESULT Function(char *s1, char *s2) {

   char temp[32];

   HRESULT hr = StringCchCopy(temp,sizeof(temp),s1);

   if (FAILED(hr)) return hr;

   return StringCchCat(temp,sizeof(temp),s2);

}

# michael_HOWARD said on March 8, 2007 11:30 PM:

yeah, it's dumb - the function returns with no use of temp!! but at least it's secure :)

# Gautam said on March 9, 2007 12:53 AM:

Thanks for a very informative article.

I think there's a small typo in one of the examples mentioned in the article-

errno_t Function(char *s1, char *s2) {

   char temp[32];

   errno_t err = strcpy_s(temp,sizeof(temp),s1);

   if (!err) return err;  

   //shouldn't it be- "if (err) return err;"

   return strcat_s(temp,sizeof(temp),s2);

}

Thanks again.

# Larry Osterman said on March 9, 2007 2:10 AM:

Michael, no, it uses StringCchCopy and passes in the size of the buffer for the 2nd parameter.  in other words, the example of how to fix your code contains a security bug.

# Larry Osterman's WebLog said on March 9, 2007 2:15 AM:

Today, Michael Howard posted a link to updated documentation that contains the new list of banned APIs

# Larry Osterman said on March 9, 2007 2:16 AM:

To be clearer: the code as written is correct, but only because sizeof(char)==1.

A far better choice would have been to use the StringCbCopy and StringCbCat functions, that would work regardless of the type of the temp variable.

# Gautam Rishi said on March 9, 2007 2:21 AM:

Thanks for a very informative article. It was indeed required.

But I think there was a typo in one of the examples given in that article-

errno_t Function(char *s1, char *s2) {

   char temp[32];

   errno_t err = strcpy_s(temp,sizeof(temp),s1);

   if (!err) return err;

   // shouldn't it be- "if (err) return err;"???

   return strcat_s(temp,sizeof(temp),s2);

}

thanks.

# ~sebastianweber; said on March 9, 2007 12:01 PM:

In meinen Vorträgen zu SDL habe ich oft von den "Banned APIs" gesprochen. Also die APIs, die wir aus

# RSS It All said on March 9, 2007 12:13 PM:

In meinen Vorträgen zu SDL habe ich oft von den "Banned APIs" gesprochen. Also die APIs, die

# Michiel said on March 27, 2007 3:27 AM:

Are the suggested replacement functions fully and freely specified? I.e. is it possible and legal to write an second implementation that will run on other OSes?

C++'s std::string class is of course already implemented on many other OSes.

# michael_HOWARD said on March 27, 2007 7:25 PM:

Michiel, the C functions (strcpy_s etc) are going thru the standard process right now :)

# Robert Burke's Weblog said on April 11, 2007 7:32 AM:

Evaluation Center Experience the New MSDN Evaluation Center The new central location to register to download

New Comments to this post are disabled