« Avsim Flight simulation site deleted by hacker, no backups.... | Main | IIS6.0 WebDav Unicode Remote Auth Bypass »

Microsoft bans Memcpy() in their SDL program

"Memcpy() and brethren, your days are numbered. At least in development shops that aspire to secure coding.

Microsoft plans to formally banish the popular programming function that's been responsible for an untold number of security vulnerabilities over the years, not just in Windows but in countless other applications based on the C language. Effective later this year, Microsoft will add memcpy(), CopyMemory(), and RtlCopyMemory() to its list of function calls banned under its secure development lifecycle."

...

"Developers who want to be SDL compliant will instead have to replace memcpy() functions with memcpy_s, a newer command that takes an additional parameter delineating the size of the destination buffer."

I'm actually a big fan of the concept of banned functions and preventing usage by the majority of people as long as alternatives are clearly outlined.

Read more: http://www.theregister.co.uk/2009/05/15/microsoft_banishes_memcpy/

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.


All Comments are Moderated and will be delayed!


Post a comment







Remember personal info?