List of Banned APIs now available


We have just published the list of SDL-banned APIs, and their replacements.


http://msdn2.microsoft.com/en-us/library/bb288454.aspx


 

Comments (14)

  1. Peter Ritchie says:

    In "Security Development Lifecycle (SDL) Banned Function Calls" you reference your book "19 Deadly Sins of Software Development"; are you sure it’s not "19 Deadly Sins of Software Security"?  …or did you guys write another book that Amazon doesn’t know about?

  2. Geek!

    What’s wrong with this example?

    HRESULT Function(char *s1, char *s2) {

       char temp[32];

       HRESULT hr = StringCchCopy(temp,sizeof(temp),s1);

       if (FAILED(hr)) return hr;

       return StringCchCat(temp,sizeof(temp),s2);

    }

  3. yeah, it’s dumb – the function returns with no use of temp!! but at least it’s secure 🙂

  4. Gautam says:

    Thanks for a very informative article.

    I think there’s a small typo in one of the examples mentioned in the article-

    errno_t Function(char *s1, char *s2) {

       char temp[32];

       errno_t err = strcpy_s(temp,sizeof(temp),s1);

       if (!err) return err;  

       //shouldn’t it be- "if (err) return err;"

       return strcat_s(temp,sizeof(temp),s2);

    }

    Thanks again.

  5. Larry Osterman says:

    Michael, no, it uses StringCchCopy and passes in the size of the buffer for the 2nd parameter.  in other words, the example of how to fix your code contains a security bug.

  6. Today, Michael Howard posted a link to updated documentation that contains the new list of banned APIs

  7. Larry Osterman says:

    To be clearer: the code as written is correct, but only because sizeof(char)==1.

    A far better choice would have been to use the StringCbCopy and StringCbCat functions, that would work regardless of the type of the temp variable.

  8. Gautam Rishi says:

    Thanks for a very informative article. It was indeed required.

    But I think there was a typo in one of the examples given in that article-

    errno_t Function(char *s1, char *s2) {

       char temp[32];

       errno_t err = strcpy_s(temp,sizeof(temp),s1);

       if (!err) return err;

       // shouldn’t it be- "if (err) return err;"???

       return strcat_s(temp,sizeof(temp),s2);

    }

    thanks.

  9. In meinen Vorträgen zu SDL habe ich oft von den "Banned APIs" gesprochen. Also die APIs, die wir aus

  10. RSS It All says:

    In meinen Vorträgen zu SDL habe ich oft von den "Banned APIs" gesprochen. Also die APIs, die

  11. Michiel says:

    Are the suggested replacement functions fully and freely specified? I.e. is it possible and legal to write an second implementation that will run on other OSes?

    C++’s std::string class is of course already implemented on many other OSes.

  12. Michiel, the C functions (strcpy_s etc) are going thru the standard process right now 🙂

  13. Evaluation Center Experience the New MSDN Evaluation Center The new central location to register to download