fopen_s
in [Visual C]
|
From: mike7411 on 27 Jun 2006 16:13 How is fopen_s safer than fopen? Thanks.
From: Eugene Gershnik on 28 Jun 2006 01:15 mike7411(a)gmail.com wrote: > How is fopen_s safer than fopen? Googling for fopen_s brings http://msdn2.microsoft.com/en-us/library/z5hh6ee9.aspx which directs us to go to http://msdn2.microsoft.com/en-us/library/8ef0s5kh.aspx to find about "Security Enhancements in the CRT ". This page has the following <quote> Enhanced error reporting. The secure functions return error codes with more error information than was available with the preexisting functions. The secure functions and many of the preexisting functions now set errno and often return an errno code type as well, to provide better error reporting. </quote> How returning errno helps with error reporting and what this has to do with security as such is beyond my imagination. Presumably somebody at Microsoft has trouble understanding and using an API that doesn't uniformly return error codes in COM manner. -- Eugene http://www.gershnik.com
From: Tim Roberts on 28 Jun 2006 02:54 mike7411(a)gmail.com wrote: > >How is fopen_s safer than fopen? That's a very good question. I'd like to hear the official story. As near as I can tell, the primary change is that it returns an errno_t directly, instead of requiring one to rely on a shared errno variable that might be overwritten elsewhere. If so, that's a usage consideration, not a security consideration. -- - Tim Roberts, timr(a)probo.com Providenza & Boekelheide, Inc.
From: David Webber on 28 Jun 2006 08:09 "Eugene Gershnik" <gershnik(a)hotmail.com> wrote in message news:O$6HiHnmGHA.464(a)TK2MSFTNGP05.phx.gbl... > How returning errno helps with error reporting and what this has to do > with security as such is beyond my imagination. Presumably somebody at > Microsoft has trouble understanding and using an API that doesn't > uniformly return error codes in COM manner. I think we're in danger of taking this too literally in too isolated a case. The new ...._s APIs which fill buffers (like strcpy_s) do improve security - IIRC the debug version asserts if you try and overfill the buffer. Maybe fopen_s is not really needed for security but is just there to complete the set? (Personally I find the new ones - and all the warnings you get if you don't use them - a pain.) Dave -- David Webber Author MOZART the music processor for Windows - http://www.mozart.co.uk For discussion/support see http://www.mozart.co.uk/mzusers/mailinglist.htm
From: mzdude on 28 Jun 2006 09:49 Tim Roberts wrote: > mike7411(a)gmail.com wrote: > > > >How is fopen_s safer than fopen? > [snip] > If so, that's a usage consideration, not a security consideration. > -- > - Tim Roberts, timr(a)probo.com > Providenza & Boekelheide, Inc. Perhaps thread safety issue? Thread 1 opens the file and fails. Switched out. Thread 2 runs, overwrites errno. Thread 1 then resumes and checks errno? Just guessing on my part.
|
Next
|
Last
Pages: 1 2 Prev: enum problem - getting C4482 Next: GetUserNameEx() refuses to work for me. |