Re: fopen_s

David Webber wrote:
"Eugene Gershnik" <gershnik@xxxxxxxxxxx> wrote in message
news:O$6HiHnmGHA.464@xxxxxxxxxxxxxxxxxxxxxxx

How returning errno helps with error reporting and what this has to
do with security as such is beyond my imagination. Presumably
somebody at Microsoft has trouble understanding and using an API
that doesn't uniformly return error codes in COM manner.

I think we're in danger of taking this too literally in too isolated
a case. The new ...._s APIs which fill buffers (like strcpy_s) do
improve security - IIRC the debug version asserts if you try and
overfill the buffer.

You mix different things here. Debug version of CRT tries to assert whenever
you try to overflow any buffer regardless of what function you use. This
feature has been there since VC 7.0 long before the _s crap. The _s
functions usually force you to explicitly specify length of any buffer thus
making it hard to overflow in the first place. I don't know whether _s crap
is useful. Personally I cannot use it even if I wanted since anything I
write has above 0 probability of being ported.

Maybe fopen_s is not really needed for
security

Well that's exactly what MSDN says. It is supposed to improve error
reporting. However, improving reporting is described as security
enhancement... Probably some marketroid drunk more than usual while writing
this. ;-)

but is just there to complete the set?

And that's more or less what I say in the part you quoted ;-)

(Personally I find
the new ones - and all the warnings you get if you don't use them - a
pain.)

Yes though warnings are easily disabled. Personally as a customer I am
pissed off that MS have chosen to spend time on doing this _s crap instead
of something useful to me. I wonder if there are actual customers who had
this on the list of their desired features.

--
Eugene
http://www.gershnik.com


.

Relevant Pages

  • Re: fopen_s
    ... Presumably somebody at Microsoft has trouble understanding and using an API that doesn't uniformly return error codes in COM manner. ... The new ...._s APIs which fill buffers do improve security - IIRC the debug version asserts if you try and overfill the buffer. ... While it doesn't use the _s functions, the function StringCchPrintfis intended to provide the same sort of protection against buffer overflows--but only if you use it correctly. ... StringCchPrintf(szBuff, sizeof szBuff, "CWinSink refcount increased to ...
    (microsoft.public.vc.language)
  • Re: Secure C library
    ... I read much of the new "security TR", and gee, I don't know. ... the buffer from the buffer size. ... It is not hard to design a better form of buffer and string handling. ... but this is just one example of how thoughtful interface design can ...
    (comp.std.c)
  • Re: Programming skills for Pen Testers
    ... each language has its own subset of security ... To elaborate further on the subject, figure that knowing about buffer ... programming does not inevitably take part of a pen-test. ... Download FREE Whitepaper "Role of Network Behavior Analysis and Response ...
    (Pen-Test)
  • [NT] Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities
    ... Get your security news from a reliable source. ... Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities ... The Trend ServerProtect service handles RPC requests on TCP ...
    (Securiteam)
  • [Full-disclosure] [NETRAGARD-20061109 SECURITY ADVISORY] [HP Tru64 libpthread buffer overflo
    ... The pthread library (libpthread) provides interfaces for developing ... crafted buffer and inserting it into the PTHREAD_CONFIG variable. ... managed security services which enable its clients to take a proactive ... provided in this advisory. ...
    (Full-Disclosure)