Comparison of strcpy_s and strcpy Security

Added some CRT functions with higher security in VC2005 CRT, such as strcpy_s and strncat_s.

(MSDN: <Security Enhancements in the CRT>

Significant enhancements have been made to make the CRT more secure. using CRT functions now have more secure versions. if a new secure function exists, the older, less secure version is marked as deprecated and the new version has_ S("Secure") suffix.

It shoshould be noted that in this context, "deprecated" just means that a function's use is not recommended; it does not indicate that the function is scheduled to be removed from the CRT.

It shoshould also be noted that the secure functions do not prevent or correct security errors; rather, they catch errors when they occur. they perform additional checks for error conditions, and in the case of an error, they invoke an error handler (see Parameter Validation ).

For example,StrcpyFunction has no way of telling if the string that it's copying is too big for its destination buffer. However, its secure counterpart,Strcpy_s, Takes the size of the buffer as a parameter, so it can determine if a buffer overrun will occur. If you useStrcpy_sTo copy eleven characters into a ten-character buffer, that is an error on your part;Strcpy_sCannot correct your mistake, but it can detect your error and inform you by invoking the invalid parameter handler.

)

The following is a security comparison between strcpy_s and strcpy.

Char szBuf [2] = {0 };

Strcpy_s (szBuf, 2, "12131"); // new CRT Function
Strcpy (szBuf, "12131"); // old CRT Function

The above code obviously has a buffer overflow problem. If you use the strcpy_s function, an exception is thrown. The result of using the strcpy function is not fixed because it mistakenly changes the memory data of other parts of the program and may not throw an exception but cause a program data error, an exception may also be thrown due to invalid memory access.

What are the benefits of using new enhanced security CRT functions? Simply put, the new function enhances the checks on the parameter validity and the buffer boundary. If an error is found, errno is returned or an exception is thrown. In earlier versions, these CRT functions are not strictly checked and verified. If a parameter or buffer overflow is transmitted incorrectly, the error cannot be immediately detected, it also brings more difficulties in locating program errors.

The following is an MSDN description of CRT security enhancement.

Bytes -------------------------------------------------------------------------------------------------------------

[MSDN ]:

Some of the security enhancements are:

• Parameter Validation. Parameters passed to CRT functions are validated, in both secure functions and in your preexisting versions of functions. These validations include:

  • CheckingNULLValues passed to the functions,

  • Checking enumerated values for validity,

  • Checking that integral values are in valid ranges.

• For more information, see Parameter Validation.

• There is also a handler for invalid parameters which is accessible to the developer. when an invalid parameter is encountered, instead of asserting and exiting the application, the CRT provides a way to check these problems with the _ set_invalid_parameter_handler function.

• Sized Buffers. The secure functions require that the buffer size be passed to any function that writes to a buffer. the secure versions validate that the buffer is large enough before writing to it, helping to avoid dangerous buffer overrun errors which cocould allow malicious code to execute. these functions will usually returnErrnoType of error code and invoke the invalid parameter handler if the size of the buffer is too small. Functions which read from input buffers, suchGets, Have secure versions that require you to specify a maximum size.

• Null termination. Some functions which left potentially non terminated strings have secure versions which ensure that strings are properly null terminated.

• Enhanced error reporting.The secure functions return error codes with more error information than was available with the preexisting functions. The secure functions and descriptions of the preexisting functions now setErrnoAnd often returnErrnoCode type as well, to provide better error reporting.

• Filesystem security.Secure file I/O APIs support secure file access in the default case.

• Windows security.Secure process APIs enforce security policies and allow ACLs to be specified.

• Format string syntax checking.Invalid strings are now detected, for example using incorrect type field characters inPrintfFormat strings.

• Additional security enhancements are described in the documentation for each function.

Added some CRT functions with higher security in VC2005 CRT, such as strcpy_s and strncat_s.

(MSDN: <Security Enhancements in the CRT>

Significant enhancements have been made to make the CRT more secure. using CRT functions now have more secure versions. if a new secure function exists, the older, less secure version is marked as deprecated and the new version has_ S("Secure") suffix.

It shoshould be noted that in this context, "deprecated" just means that a function's use is not recommended; it does not indicate that the function is scheduled to be removed from the CRT.

It shoshould also be noted that the secure functions do not prevent or correct security errors; rather, they catch errors when they occur. they perform additional checks for error conditions, and in the case of an error, they invoke an error handler (see Parameter Validation ).

For example,StrcpyFunction has no way of telling if the string that it's copying is too big for its destination buffer. However, its secure counterpart,Strcpy_s, Takes the size of the buffer as a parameter, so it can determine if a buffer overrun will occur. If you useStrcpy_sTo copy eleven characters into a ten-character buffer, that is an error on your part;Strcpy_sCannot correct your mistake, but it can detect your error and inform you by invoking the invalid parameter handler.

)

The following is a security comparison between strcpy_s and strcpy.

Char szBuf [2] = {0 };

Strcpy_s (szBuf, 2, "12131"); // new CRT Function
Strcpy (szBuf, "12131"); // old CRT Function

The above code obviously has a buffer overflow problem. If you use the strcpy_s function, an exception is thrown. The result of using the strcpy function is not fixed because it mistakenly changes the memory data of other parts of the program and may not throw an exception but cause a program data error, an exception may also be thrown due to invalid memory access.

What are the benefits of using new enhanced security CRT functions? Simply put, the new function enhances the checks on the parameter validity and the buffer boundary. If an error is found, errno is returned or an exception is thrown. In earlier versions, these CRT functions are not strictly checked and verified. If a parameter or buffer overflow is transmitted incorrectly, the error cannot be immediately detected, it also brings more difficulties in locating program errors.

The following is an MSDN description of CRT security enhancement.

Bytes -------------------------------------------------------------------------------------------------------------

[MSDN ]:

Some of the security enhancements are:

• Parameter Validation. Parameters passed to CRT functions are validated, in both secure functions and in your preexisting versions of functions. These validations include:

  • CheckingNULLValues passed to the functions,

  • Checking enumerated values for validity,

  • Checking that integral values are in valid ranges.

• For more information, see Parameter Validation.

• There is also a handler for invalid parameters which is accessible to the developer. when an invalid parameter is encountered, instead of asserting and exiting the application, the CRT provides a way to check these problems with the _ set_invalid_parameter_handler function.

• Sized Buffers. The secure functions require that the buffer size be passed to any function that writes to a buffer. the secure versions validate that the buffer is large enough before writing to it, helping to avoid dangerous buffer overrun errors which cocould allow malicious code to execute. these functions will usually returnErrnoType of error code and invoke the invalid parameter handler if the size of the buffer is too small. Functions which read from input buffers, suchGets, Have secure versions that require you to specify a maximum size.

• Null termination. Some functions which left potentially non terminated strings have secure versions which ensure that strings are properly null terminated.

• Enhanced error reporting.The secure functions return error codes with more error information than was available with the preexisting functions. The secure functions and descriptions of the preexisting functions now setErrnoAnd often returnErrnoCode type as well, to provide better error reporting.

• Filesystem security.Secure file I/O APIs support secure file access in the default case.

• Windows security.Secure process APIs enforce security policies and allow ACLs to be specified.

• Format string syntax checking.Invalid strings are now detected, for example using incorrect type field characters inPrintfFormat strings.

• Additional security enhancements are described in the documentation for each function.