Hello, 

these _s functions are not so much safer than the standard ones. Using
them makes just MSVC happy. 

Regards,
Libor 

On 2019-11-26 12:07, Raja ashok wrote:

> Hi All, 
> 
> We are using OpenSSL in our projects and we found some of the C standard 
> functions (like memcpy, strcpy) used in OpenSSL may induce security 
> vulnerablities like buffer overflow. Currently we have not found any 
> instances which causes such issues. 
> 
> But we feel better to change these calls to C11 standard's secure functions 
> like memcpy_s, strcpy_s etc. By defining a secure calls method (list of func 
> pointers) and allowing application to register the method. I understand that 
> this affects performance because of return value check added for xxxx_s 
> calls, but this will make sure it removes buffer overflow kind of issues 
> completely from code. And also currently using secure c calls is a general 
> industry practice. 
> 
> Please share your opinion on it, and if any discussion happened in OpenSSL 
> coummunity to do this change in future. 
> 
> Thanks in advance. 
> 
> Raja Ashok

Reply via email to