Microsoft's Banning Memcpy() Functions in the Name of Security

Microsoft's officially banning the Memcpy(), CopyMemory() and RtlCopyMemory() functions, meaning that if apps want to align with Microsoft's Secure Development Lifecycle, they need to strip these out.

Memcpy() and similar functions take a chunk of memory and copy it to another part of memory. This is fine when used correctly, but when used maliciously, form the basis of buffer overflow attacks that can screw up your computer.

Advertisement

The new solution is memcpy_s(), which requires you to specify how large the destination buffer is. This will hopefully cut down on these types of intrusions. [Register via Slashdot]

DISCUSSION

taodude-old
taodude

Ohhkaay, and I'll counter by passing a fake, overly generous buffer-size value, which satisfies memcpy_s() and allows me to stomp the buffer anyway.

Unless there's an extra detail that I'm missing, I don't see how this will help anything. It sounds like MS is just creating a deliberate compatibility headache for non-MS developers.