Usage of Secure C (memcpy_s, strcpy_s etc) functions on OpenSSL

[Michael Wojcik]

The Appendix K functions (memcpy_s, etc) do NOT "remove buffer overflow kind of issues completely", and anyone who thinks they do is making a serious error. The Appendix K functions impose an additional check. That's all they do. It is possible, and in some use cases quite easy, for the developer to pass the wrong value for the destsz parameter and invalidate that check.

Some C experts have argued that the length-checking versions of the library functions, either the C90 ones such as strncat or the Appendix K ones, are essentially pointless anyway; that the caller needs to handle truncation and so ought to know whether truncation (or overflow) would occur before attempting the operation.

On some platforms there are issues with using the Appendix K functions, either because the major C implementations for that platform do not implement them (they predate C99, or didn't implement Appendix K which was optional in C99), or because they have limitations. For example, with at least some versions of the Solaris C runtime they can't be safely used in multithreaded applications because the Runtime Constraint Handler is not thread-safe.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20191126/222fa15d/attachment.html>