List of Banned APIs now available

We have just published the list of SDL-banned APIs, and their replacements.

https://msdn2.microsoft.com/en-us/library/bb288454.aspx

Comments

  • Anonymous
    March 08, 2007
    In "Security Development Lifecycle (SDL) Banned Function Calls" you reference your book "19 Deadly Sins of Software Development"; are you sure it's not "19 Deadly Sins of Software Security"?  ...or did you guys write another book that Amazon doesn't know about?

  • Anonymous
    March 08, 2007
    PingBack from http://winblogs.security-feed.com/2007/03/08/list-of-banned-apis-now-available/

  • Anonymous
    March 08, 2007
    Geek! What's wrong with this example? HRESULT Function(char *s1, char *s2) {    char temp[32];    HRESULT hr = StringCchCopy(temp,sizeof(temp),s1);    if (FAILED(hr)) return hr;    return StringCchCat(temp,sizeof(temp),s2); }

  • Anonymous
    March 08, 2007
    yeah, it's dumb - the function returns with no use of temp!! but at least it's secure :)

  • Anonymous
    March 08, 2007
    Thanks for a very informative article. I think there's a small typo in one of the examples mentioned in the article- errno_t Function(char *s1, char *s2) {    char temp[32];    errno_t err = strcpy_s(temp,sizeof(temp),s1);    if (!err) return err;      //shouldn't it be- "if (err) return err;"    return strcat_s(temp,sizeof(temp),s2); } Thanks again.

  • Anonymous
    March 08, 2007
    Michael, no, it uses StringCchCopy and passes in the size of the buffer for the 2nd parameter.  in other words, the example of how to fix your code contains a security bug.

  • Anonymous
    March 08, 2007
    Today, Michael Howard posted a link to updated documentation that contains the new list of banned APIs

  • Anonymous
    March 08, 2007
    To be clearer: the code as written is correct, but only because sizeof(char)==1. A far better choice would have been to use the StringCbCopy and StringCbCat functions, that would work regardless of the type of the temp variable.

  • Anonymous
    March 08, 2007
    Thanks for a very informative article. It was indeed required. But I think there was a typo in one of the examples given in that article- errno_t Function(char *s1, char *s2) {    char temp[32];    errno_t err = strcpy_s(temp,sizeof(temp),s1);    if (!err) return err;    // shouldn't it be- "if (err) return err;"???    return strcat_s(temp,sizeof(temp),s2); } thanks.

  • Anonymous
    March 09, 2007
    In meinen Vorträgen zu SDL habe ich oft von den "Banned APIs" gesprochen. Also die APIs, die wir aus

  • Anonymous
    March 09, 2007
    In meinen Vorträgen zu SDL habe ich oft von den "Banned APIs" gesprochen. Also die APIs, die

  • Anonymous
    March 26, 2007
    Are the suggested replacement functions fully and freely specified? I.e. is it possible and legal to write an second implementation that will run on other OSes? C++'s std::string class is of course already implemented on many other OSes.

  • Anonymous
    March 27, 2007
    Michiel, the C functions (strcpy_s etc) are going thru the standard process right now :)

  • Anonymous
    April 10, 2007
    Evaluation Center Experience the New MSDN Evaluation Center The new central location to register to download