Comments (14)

  1. Peter Ritchie says:

    In "Security Development Lifecycle (SDL) Banned Function Calls" you reference your book "19 Deadly Sins of Software Development"; are you sure it’s not "19 Deadly Sins of Software Security"?  …or did you guys write another book that Amazon doesn’t know about?

  2. LarryOsterman says:

    Geek!

    What’s wrong with this example?

    HRESULT Function(char *s1, char *s2) {

       char temp[32];

       HRESULT hr = StringCchCopy(temp,sizeof(temp),s1);

       if (FAILED(hr)) return hr;

       return StringCchCat(temp,sizeof(temp),s2);

    }

  3. michael_HOWARD says:

    yeah, it’s dumb – the function returns with no use of temp!! but at least it’s secure 🙂

  4. Gautam says:

    Thanks for a very informative article.

    I think there’s a small typo in one of the examples mentioned in the article-

    errno_t Function(char *s1, char *s2) {

       char temp[32];

       errno_t err = strcpy_s(temp,sizeof(temp),s1);

       if (!err) return err;  

       //shouldn’t it be- "if (err) return err;"

       return strcat_s(temp,sizeof(temp),s2);

    }

    Thanks again.

  5. Larry Osterman says:

    Michael, no, it uses StringCchCopy and passes in the size of the buffer for the 2nd parameter.  in other words, the example of how to fix your code contains a security bug.

  6. Today, Michael Howard posted a link to updated documentation that contains the new list of banned APIs

  7. Larry Osterman says:

    To be clearer: the code as written is correct, but only because sizeof(char)==1.

    A far better choice would have been to use the StringCbCopy and StringCbCat functions, that would work regardless of the type of the temp variable.

  8. Gautam Rishi says:

    Thanks for a very informative article. It was indeed required.

    But I think there was a typo in one of the examples given in that article-

    errno_t Function(char *s1, char *s2) {

       char temp[32];

       errno_t err = strcpy_s(temp,sizeof(temp),s1);

       if (!err) return err;

       // shouldn’t it be- "if (err) return err;"???

       return strcat_s(temp,sizeof(temp),s2);

    }

    thanks.

  9. In meinen Vorträgen zu SDL habe ich oft von den "Banned APIs" gesprochen. Also die APIs, die wir aus

  10. RSS It All says:

    In meinen Vorträgen zu SDL habe ich oft von den "Banned APIs" gesprochen. Also die APIs, die

  11. Michiel says:

    Are the suggested replacement functions fully and freely specified? I.e. is it possible and legal to write an second implementation that will run on other OSes?

    C++’s std::string class is of course already implemented on many other OSes.

  12. michael_HOWARD says:

    Michiel, the C functions (strcpy_s etc) are going thru the standard process right now 🙂

  13. Evaluation Center Experience the New MSDN Evaluation Center The new central location to register to download