Microsoft has rather quietly announced on the Microsoft Software Developer’s Network blog (link here) that the memcpy(), CopyMemory() and RtlCopyMemory() commands will be retired soon in an effort to eliminate the threat of memory overwrites.
The blog piece said, “I am ‘proud’ to announce that we intend to add memcpy() to the SDL C and C++ banned API list later this year as we make further revisions to the SDL.”
The command, available in Microsoft and many C-related languages, has been responsible for the problems that led to a number of Microsoft Security updates including:
• MS03-030 (DirectX)
• MS03-043 (Messenger Service)
• MS03-044 (Help and Support)
• MS05-039 (PnP)
• MS04-011 (PCT)
• MS05-030 (Outlook Express)
• CVE-2007-3999 (MIT Kerberos v5)
• CVE-2007-4000 (MIT Kerberos v5)
Developers can easily update code by replacing calls to memcpy() with a safer call to memcpy_s(), which requires an extra parameter: the size of the destination buffer.
Sunbelt Software Vice President Michael St. Neitzel said: “That’s what I’ve been doing for years. When you’re dealing with buffers, you really have to make sure you don’t overwrite them. A string that is not null terminated can easily override string buffers, since in Windows they typically have a defined size such as the fixed path length.
“A bad programmer will manage to do this insecurely. It’s like giving a powerful sports car to an amateur. The anti-lock brakes, electronic stabilization program and automatic speed reducing aren’t going to protect him from having an accident. But an experienced driver can disable all of those things and not scratch the car. Driver, developer – both may make mistakes.”
Tom Kelchner