微软SDL和memcpy德precation [英] Microsoft SDL and memcpy deprecation

问题描述

由于有些人可能都知道，<一个href=\"http://blogs.msdn.com/sdl/archive/2009/05/14/please-join-me-in-welcoming-memcpy-to-the-sdl-rogues-gallery.aspx\">Microsoft禁止的memcpy（）从他们的安全开发生命周期，用替换它memcpy_s（）。

As some of you may know, Microsoft banned memcpy() from their Security Development Lifecycle, replacing it with memcpy_s().

void *memcpy(void *dest, const void *src, size_t n);

/* simplified signature */
errno_t memcpy_s(void *dst, size_t dstsize, const void *src, size_t n);

所以，如果你的code使用的是：

So if your code used to be:

if (in_len > dst_len) {
    /* error */
}
memcpy(dst, src, in_len);

就变成：

if (memcpy_s(dst, dst_len, src, src_len)) {
    /* error */
}

或者，用截断，

memcpy(dst, src, min(in_len, dst_len));

VS

(void)memcpy_s(dst, dst_len, src, src_len);

问题：如何一个额外的长度参数使code任何更安全？要使用的memcpy（），我应该已经有已知的所有四个参数，并通过适当的长度为第三个参数。是什么阻止我从做错估目标缓冲区大小的同样的错误，并通过 dst_size 错误的衣被合计？我不明白为什么它是从有什么不同的memcpy（）和为什么它是德precated。有什么常见的情况，我不能看？ 什么我在这里丢失？

The question: how does an extra length parameter make code any more secure? To use memcpy(), I should already have all four parameters known and pass appropriate length as a third argument. What's stopping me from making the same mistake of miscalculating destination buffer size and passing the wrong valus of dst_size? I can't see why it's any different from memcpy() and why it's being deprecated. Is there any common use case that I can't see? What am I missing here?

推荐答案

没有什么阻止你获得的参数错误，在安全的版本无论是。微软似乎认为你会永远使用这样的：

Nothing stops you from getting the parameters wrong in the "secure" version either. Microsoft seems to think that you'll always use something like:

errno_t e = memcpy_s (&dstbuff, sizeof(dstbuff), &srcbuff, sizeof(srcbuff));

和检查错误。

但是，这不仅有利于人谁不知道他们正在使用的语言做什么。在我看来，这一群人要么不应该使用的语言还是应该了解它是如何工作正常。

But this only helps people who don't know what they're doing with the language. In my opinion, that group of people either shouldn't be using the language or they should learn how it works properly.

这有点拐杖并不做他们任何好处的，因为他们的code，长此以往会不会移植。

This sort of crutch doesn't do them any favors in the long run since their code won't be portable.

现在它可能是微软做了一些分析，发现有引起人们滥用了很多问题的memcpy（），他们认为这会解决它。但是，如果是这样的话，我怀疑一个更好的解决办法是教育发展，而不是强迫他们使用非标准的特性，这将是在标准编译器无法使用。

Now it may be that Microsoft did some analysis and found that there were a lot of problems caused by people misusing memcpy() and they thought this would fix it. But, if that were the case, I suspect a better solution would be to educate the developers rather than forcing them to use non-standard features which will be unavailable in standard compilers.

这篇关于微软SDL和memcpy德precation的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！