Usage of Secure C (memcpy_s, strcpy_s etc) functions on OpenSSL

Michael Wojcik Michael.Wojcik at microfocus.com
Tue Nov 26 15:41:18 UTC 2019


The Appendix K functions (memcpy_s, etc) do NOT "remove buffer overflow kind of issues completely", and anyone who thinks they do is making a serious error. The Appendix K functions impose an additional check. That's all they do. It is possible, and in some use cases quite easy, for the developer to pass the wrong value for the destsz parameter and invalidate that check.

Some C experts have argued that the length-checking versions of the library functions, either the C90 ones such as strncat or the Appendix K ones, are essentially pointless anyway; that the caller needs to handle truncation and so ought to know whether truncation (or overflow) would occur before attempting the operation.

On some platforms there are issues with using the Appendix K functions, either because the major C implementations for that platform do not implement them (they predate C99, or didn't implement Appendix K which was optional in C99), or because they have limitations. For example, with at least some versions of the Solaris C runtime they can't be safely used in multithreaded applications because the Runtime Constraint Handler is not thread-safe.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20191126/222fa15d/attachment.html>


More information about the openssl-users mailing list