_mbs 家族函數在處理不符合標準的多字節字符串時,很容易產生 buffer overflow。
Windows 提供了函數的 _mbs 家族來執行不同的多字節字符串操作。當這些函數傳遞一個不符合標準的多字節字符串(如包含有效首字節,后跟單一空字節的字符串)時,它們就能讀寫到字符串緩沖區末端之后的內容,引起 buffer overflow。以下函數都存在發生 buffer overflow 的風險:
_mbsinc
_mbsdec
_mbsncat
_mbsncpy
_mbsnextc
_mbsnset
_mbsrev
_mbsset
_mbsstr
_mbstok
_mbccpy
_mbslen
[1] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A5 Buffer Overflow
[2] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP3590.1 CAT I
[3] Standards Mapping - Security Technical Implementation Guide Version 3.4 - (STIG 3.4) APP3590.1 CAT I
[4] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 176, CWE ID 251
[5] MBCS Programming Tips Microsoft
[6] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 - (PCI 1.2) Requirement 6.3.1.1
[7] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 - (PCI 2.0) Requirement 6.5.2
[8] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 - (PCI 1.1) Requirement 6.5.5
[9] M. Howard, D. LeBlanc Writing Secure Code, Second Edition Microsoft Press