.NET Framework 2.0 Security Inspection Questions - Potentially Dangerous Unmanaged APIs

From Guidance Share

Jump to: navigation, search

- J.D. Meier, Alex Mackman, Blaine Wastell, Prashant Bansode, Jason Taylor, Rudolph Araujo

Unmanaged API Vulnerabilities and Implications



A potentially dangerous unmanaged API is called improperly

An attacker could exploit the weakness in the potentially dangerous API to gain access to arbitrary memory locations or run arbitrary code.

In addition to the checks performed for unsafe code, you should review unmanaged code for the use of potentially dangerous APIs such as strcpy and strcat. Be sure to review any interop calls, as well as the unmanaged code itself, to make sure that bad assumptions are not made as execution control passes from managed to unmanaged code.

Does the code call potentially dangerous unmanaged APIs?

Potentially dangerous unmanaged functions can be categorized as follows:

  • Unbound Functions (UF). These functions do not expect an explicit bound parameter for the number of bytes that might be modified for one of their parameters. These are typically the most dangerous functions and should never be used.
  • NULL Terminated Functions (NTF). These functions require a NULL terminated string. If they are provided a string without NULL termination, they could overwrite memory. If the code uses NULL terminated functions, make sure that the loop does not have an additional placeholder for NULL; for example, for(i = 0; i <= 512; i++) should be < 512 not <= 512.
  • Non-NULL Terminated Functions (NNTF). The output of most string functions is NULL terminated; however, the output of a few is not. These require special treatment to avoid programming defects. If the code uses non-NULL terminated functions, make sure that the loop does have an additional placeholder for NULL.
  • Format Functions (FF). Format string functions allow a programmer to format their input and output. If the format is not provided, data can be manipulated and can lead to programming defects.

The following table shows a range of potentially dangerous unmanaged APIs and the associated categories into which they fall.

Potentially Dangerous Unmanaged APIs

Functions Category
Strcpy UF, NTF
Strcat UF, NTF
Strcat NTF
Strlen NTF
Strncpy NNTF
Strncat NNTF
Strcmp NTF
Strcmp NTF
Mbcstows NNTF
_strdup NTF
_strrev NTF
Strstr NTF
Strstr NTF
Sprintf FF, NTF
_snprintf FF, NTF
Printf FF, NTF
Fprintf FF, NTF
Gets UF
Scanf FF, NTF
Fscanf FF, NTF
Sscanf FF, NTF
Strcspn NTF
MultiByteToWideChar NNTF
WideCharToMultiByte NNTF
GetShortPathNameW NTF
GetLongPathNameW NTF
WinExec NTF
CreateProcessW NTF
GetEnvironmentVariableW NTF
SetEnvironmentVariableW NTF
SetEnvironmentVariableW NTF
ExpandEnvironmentStringsW NTF
SearchPathW NTF
SearchPathW NTF
SearchPathW NTF
Lstrcpy UF, NTF
Wcscpy UF, NTF
_mbscpy UF, NTF
lstrcatA UF, NTF
lstrcatW UF, NTF
Wcscat UF, NTF
_mbscat UF, NTF
Wcslen NTF
_mbslen NTF
_mbstrlen NTF
lstrlenA NTF
lstrlenW NTF
Wcsncpy NNTF
_mbsncpy NNTF
lstrcpynW NTF
lstrcatnA NTF
lstrcatnW NTF
Wcsncat NTF
_mbsncat NTF
_mbsnbcat NTF
lstrcmpA NTF
lstrcmpW NTF
StrCmp NTF
Wcscmp NTF
_mbscmp NTF
Strcoll NTF
Wcscoll NTF
_mbscoll NTF
_stricmp NTF
lstrcmpiA NTF
lstrcmpiW NTF
_wcsicmp NTF
_mbsicmp NTF
StrCmp NTF
_stricoll NTF
_wcsicoll NTF
_mbsicoll NTF
StrColl NTF
_wcsdup NTF
_mbsdup NTF
StrDup NTF
_wcsrev NTF
_mbsrev NTF
_strlwr NTF
_mbslwr NTF
_wcslwr NTF
_strupr NTF
_mbsupr NTF
_wcsupr NTF
Wcsstr NTF
_mbsstr NTF
Strspn NTF
Wcsspn NTF
_mbsspn NTF
Strpbrk NTF
Wcspbrk NTF
_mbspbrk NTF
Wcsxfrm NTF
Wcscspn NTF
_mbcscpn NTF
Swprintf FF
wsprintfA FF
wsprintfW FF
Vsprintf FF
Vswprintf FF
_snwprintf FF
_vsnprintf FF
_vsnwprintf FF
Vprintf FF
Vwprintf FF
Vfprintf FF
Vwfprintf FF
_getws UF
Fwscanf FF
Wscanf FF
Swscanf FF
OemToCharA UF, NTF
OemToCharW UF, NTF
CharToOemA UF, NTF
CharToOemW UF, NTF
CharUpperA NTF
CharUpperW NTF
CharUpperBuffW NTF
CharLowerA NTF
CharLowerW NTF
CharLowerBuffW NTF
Personal tools