Security Stuff in Whidbey - The Safer CRT

  • Article

There has always been a very strong relationship with our team and the developer division (aka DevDiv), in part because they take some of our ideas and turn them into solutions that can be used by our developer customers. And I want to take an opportunity over the next few days to outline some of the excellent security stuff added to Whidbey, most of which you will see when beta 2 ships.

One of my favorites is a more up-to-date C runtime library, dubbed the Safer CRT. Let's face it, the CRT of 20 or so years ago has turned out to be a little, well, challenging to use from a security perspective. When David and I wrote Writing Secure Code we wrote an appendix describing "issues" with certain functions in Windows and the CRT. The CRT library folks, under the watchful eye of Martyn Lovell, decided to fix the "Appendix A Problem" and they did so with the Safer CRT.

Essentially, they have deprecated a whole bunch of old CRT functions (strcpy, strncpy, _itoa and so on) I don't know the final number of functions, but my guess is it's in the 100 ballpark, and replaced them with more secure versions. For example strcpy_s, _itoa_s and so on. By "more secure" I mean more consistant functions that help make it a little harder to shoot yourself in the foot.

One interesting addition is rand_s, which calls RtlGenRandom to create cryptographically secure random numbers, rather than rand's highly predictable numbers. I mentioned how you can call RtlGenRandom directly in a prior blog. Calling rand_s is a little different to calling rand, however:

#define _CRT_RAND_S
#include "stdlib.h"
...
unsigned int r = 0;
errno_t err = rand_s(&r);