Re: fopen_s

From: "Carl Daniel [VC++ MVP]" <cpdaniel_remove_this_and_nospam@xxxxxxxxxxxxxxx>
Date: Wed, 28 Jun 2006 10:39:20 -0700

"Eugene Gershnik" <gershnik@xxxxxxxxxxx> wrote in message
news:uoK8rBtmGHA.2372@xxxxxxxxxxxxxxxxxxxxxxx

David Webber wrote:

Maybe fopen_s is not really needed for
security

Well that's exactly what MSDN says. It is supposed to improve error
reporting. However, improving reporting is described as security
enhancement... Probably some marketroid drunk more than usual while
writing this. ;-)

Actually, it follows directly from studies of security vulnerabilities. Not
checking error codes is a major source of security vulnerabilities. Having
inconsistent ways of returning error codes is a major source of error codes
not being checked.

-cd

.

Follow-Ups:
- Re: fopen_s
  - From: Eugene Gershnik

References:
- fopen_s
  - From: mike7411
- Re: fopen_s
  - From: Eugene Gershnik
- Re: fopen_s
  - From: David Webber
- Re: fopen_s
  - From: Eugene Gershnik

Prev by Date: Re: Is nmake.exe legally redistributable ?
Next by Date: Re: rs232- [C]
Previous by thread: Re: fopen_s
Next by thread: Re: fopen_s
Index(es):
- Date
- Thread

Relevant Pages

Re: fopen_s
... improving reporting is described as security ... Not checking error codes is a major source of security vulnerabilities. ...
(microsoft.public.vc.language)
Re: fopen_s
... with security as such is beyond my imagination. ... Microsoft has trouble understanding and using an API that doesn't ... uniformly return error codes in COM manner. ...
(microsoft.public.vc.language)
Event log Error codes
... Lately we've turned on security and in out event log we ... are getting unexplained evnets, error codes 577 and 560. ...
(microsoft.public.win2000.security)