惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

GbyAI
GbyAI
Simon Willison's Weblog
Simon Willison's Weblog
Microsoft Security Blog
Microsoft Security Blog
Y
Y Combinator Blog
The GitHub Blog
The GitHub Blog
Engineering at Meta
Engineering at Meta
F
Fortinet All Blogs
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
A
About on SuperTechFans
Last Week in AI
Last Week in AI
月光博客
月光博客
有赞技术团队
有赞技术团队
P
Proofpoint News Feed
MyScale Blog
MyScale Blog
Martin Fowler
Martin Fowler
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
C
Check Point Blog
U
Unit 42
The Register - Security
The Register - Security
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Hugging Face - Blog
Hugging Face - Blog
阮一峰的网络日志
阮一峰的网络日志
V
Visual Studio Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
D
DataBreaches.Net
WordPress大学
WordPress大学
aimingoo的专栏
aimingoo的专栏
H
Hacker News: Front Page
Recent Announcements
Recent Announcements
C
CXSECURITY Database RSS Feed - CXSecurity.com
Latest news
Latest news
小众软件
小众软件
P
Palo Alto Networks Blog
PCI Perspectives
PCI Perspectives
Security Latest
Security Latest
S
Secure Thoughts
Scott Helme
Scott Helme
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Threat Research - Cisco Blogs
P
Proofpoint News Feed
M
MIT News - Artificial intelligence
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Google DeepMind News
Google DeepMind News
Recorded Future
Recorded Future
O
OpenAI News
S
Securelist
云风的 BLOG
云风的 BLOG
H
Help Net Security
T
Troy Hunt's Blog

博客园 - shelvenn's blog

Linux Samba服务器配置 MiniGUI应用程序开发 RTP QOS RTCP (转)H.264 RTP payload 格式 gcc和g++的区别(很详细的描述) RTSP简介 DirectDraw基础篇 DirectShow中常见的RGB/YUV格式(转) #Pragma应用详解 Linux下的实时流媒体编程(RTP,RTCP,RTSP) Linux多线程编程 窗口刷新时的问题(转) VC++2005快速构建安全的应用程序 strcpy ,strncpy ,strlcpy(转载) .h和.cpp文件的区别 YUV色彩空间(转自百度百科) C++ PASCAL关键字(转) SkinMagic 进行皮肤设置
strcpy_s与strcpy安全性的比较(转载)
shelvenn's blog · 2008-02-15 · via 博客园 - shelvenn's blog

在VC2005的CRT中,增加了一些具有更强安全性的CRT函数,例如strcpy_s, strncat_s等。

(MSDN: <Security Enhancements in the CRT >

Significant enhancements have been made to make the CRT more secure. Many CRT functions now have more secure versions. If a new secure function exists, the older, less secure version is marked as deprecated and the new version has the _s ("secure") suffix.

It should be noted that in this context, "deprecated" just means that a function's use is not recommended; it does not indicate that the function is scheduled to be removed from the CRT.

It should also be noted that the secure functions do not prevent or correct security errors; rather, they catch errors when they occur. They perform additional checks for error conditions, and in the case of an error, they invoke an error handler (see Parameter Validation).

For example, the strcpy function has no way of telling if the string that it's copying is too big for its destination buffer. However, its secure counterpart, strcpy_s, takes the size of the buffer as a parameter, so it can determine if a buffer overrun will occur. If you use strcpy_s to copy eleven characters into a ten-character buffer, that is an error on your part; strcpy_s cannot correct your mistake, but it can detect your error and inform you by invoking the invalid parameter handler.

一下是使用strcpy_s与strcpy的安全性比较

 char szBuf[2] = {0};

 strcpy_s(szBuf, 2, "12131");  //新的CRT函数
 strcpy(szBuf,  "12131");    //老的CRT函数

上述代码,明显有缓冲区溢出的问题。 使用strcpy_s函数则会抛出一个异常。而使用strcpy函数的结果则未定,因为它错误地改变了程序中其他部分的内存的数据,可能不会抛出异常但导致程序数据错误,也可能由于非法内存访问抛出异常。

使用新的增强安全的CRT函数有什么好处呢?简单地说,新的函数加强了对参数合法性的检查以及缓冲区边界的检查,如果发现错误,会返回errno或抛出异常。老版本的这些CRT函数则没有那么严格的检查与校验,如果错误地传输了参数或者缓冲区溢出,那么错误并不能被立刻发现,对于定位程序错误也带来更大困难。

以下是MSDN关于CRT安全增强的说明。

-------------------------------------------------------------------------------------------------------------

【MSDN】:

Some of the security enhancements are:

  • Parameter Validation. Parameters passed to CRT functions are validated, in both secure functions and in many preexisting versions of functions. These validations include:

    • Checking for NULL values passed to the functions,

    • Checking enumerated values for validity,

    • Checking that integral values are in valid ranges.

  • For more information, see Parameter Validation.

  • There is also a handler for invalid parameters which is accessible to the developer. When an invalid parameter is encountered, instead of asserting and exiting the application, the CRT provides a way to check these problems with the _set_invalid_parameter_handler function.

  • Sized Buffers. The secure functions require that the buffer size be passed to any function that writes to a buffer. The secure versions validate that the buffer is large enough before writing to it, helping to avoid dangerous buffer overrun errors which could allow malicious code to execute. These functions will usually return an errno type of error code and invoke the invalid parameter handler if the size of the buffer is too small. Functions which read from input buffers, such as gets, have secure versions that require you to specify a maximum size.

  • Null termination. Some functions which left potentially non terminated strings have secure versions which ensure that strings are properly null terminated.

  • Enhanced error reporting. The secure functions return error codes with more error information than was available with the preexisting functions. The secure functions and many of the preexisting functions now set errno and often return an errno code type as well, to provide better error reporting.

  • Filesystem security. Secure file I/O APIs support secure file access in the default case.

  • Windows security. Secure process APIs enforce security policies and allow ACLs to be specified.

  • Format string syntax checking. Invalid strings are now detected, for example using incorrect type field characters in printf format strings.

  • Additional security enhancements are described in the documentation for each function.