securitycrt 上传文件_CRT 中的安全功能

CRT 中的安全功能Security Features in the CRT

09/29/2020

本文内容

许多旧 CRT 函数具有更新、更安全的版本。Many old CRT functions have newer, more secure versions. 如果存在安全函数，则较旧的、安全性更低的版本将标记为已弃用，并且新版本具有 _s(“安全”)后缀。If a secure function exists, the older, less secure version is marked as deprecated and the new version has the _s ("secure") suffix.

在此上下文中，"已弃用" 表示不建议使用函数。In this context, "deprecated" means using the function's isn't recommended. 这并不意味着计划从 CRT 中删除该函数。It doesn't mean the function is scheduled to be removed from the CRT.

安全函数不会阻止或更正安全错误。The secure functions don't prevent or correct security errors. 相反，它们会在出现错误时捕获它们。Instead, they catch errors when they occur. 它们对错误条件进行额外检查。They do additional checks for error conditions. 如果出现错误，它们将调用错误处理程序， (参见 参数验证) 。If there is an error, they invoke an error handler (see Parameter Validation).

例如， strcpy 函数无法判断它所复制的字符串对于目标缓冲区是否太大。For example, the strcpy function can't tell if the string it's copying is too large for the destination buffer. 它的安全对应 strcpy_s 项将缓冲区的大小作为参数使用。Its secure counterpart, strcpy_s, takes the size of the buffer as a parameter. 因此，它可以确定是否将发生缓冲区溢出。So it can determine if a buffer overrun will occur. 如果你使用将 strcpy_s 11 个字符复制到10个字符的缓冲区中，这就是一个错误， strcpy_s 无法更正你的错误。If you use strcpy_s to copy 11 characters into a 10 character buffer, that is an error on your part; strcpy_s can't correct your mistake. 但是，它可以检测错误，并通过调用无效参数处理程序来通知您。But it can detect your error and inform you by invoking the invalid parameter handler.

消除弃用警告Eliminating deprecation warnings

可通过多种方式消除针对较旧的、安全性更低的函数的弃用警告。There are several ways to eliminate deprecation warnings for the older, less secure functions. 最简单的方法是定义 _CRT_SECURE_NO_WARNINGS 或使用警告杂注。The simplest is simply to define _CRT_SECURE_NO_WARNINGS or use the warning pragma. 将禁用弃用警告，但导致出现警告的安全问题仍存在。Either will disable deprecation warnings, but the security issues that caused the warnings still exist. 最好将弃用警告保持启用状态并利用新的 CRT 安全功能。It's better to leave deprecation warnings enabled and take advantage of the new CRT security features.

在 c + + 中，执行此操作的最简单方法是使用 安全模板重载。In C++, the easiest way to do that is to use Secure Template Overloads. 在许多情况下，这会通过将对不推荐使用的函数的调用替换为对这些函数的安全版本的调用来消除弃用警告。This will eliminate deprecation warnings, in many cases, by replacing calls to deprecated functions with calls to secure versions of those functions. 例如，考虑此对 strcpy 的已弃用调用：For example, consider this deprecated call to strcpy:

char szBuf[10];

strcpy(szBuf, "test"); // warning: deprecated

将 _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES 定义为 1 可通过将 strcpy 调用更改为 strcpy_s(这将阻止缓冲区溢出)来消除警告。Defining _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES as 1 eliminates the warning by changing the strcpy call to strcpy_s, which prevents buffer overruns. 有关详细信息，请参阅安全模板重载。For more information, see Secure Template Overloads.

对于那些不带安全模板重载的已弃用的函数，你应考虑手动更新代码以使用安全版本。For those deprecated functions without secure template overloads, you should definitely consider manually updating your code to use the secure versions.

弃用警告的另一个源(与安全性无关)为 POSIX 函数。Another source of deprecation warnings, unrelated to security, is the POSIX functions. 将 POSIX 函数名称替换为它们的标准等效项(例如，将 access 更改为 _access)，或通过定义 _CRT_NONSTDC_NO_WARNINGS 来禁用与 POSIX 相关的弃用警告。Replace POSIX function names with their standard equivalents (for example, change access to _access), or disable POSIX-related deprecation warnings by defining _CRT_NONSTDC_NO_WARNINGS. 有关详细信息，请参阅兼容性。For more information, see Compatibility.

其他安全功能Additional Security Features

一些安全功能包括：Some of the security features include:

Parameter Validation.Parameter Validation. 安全函数及其很多不安全的功能，验证参数。Secure functions, and many of their unsecure counterparts, validate parameters. 验证可能包括：Validation may include:

检查是否为 NULL 值。Checking for NULL values.

检查枚举值的有效性。Checking enumerated values for validity.

检查整数值是否在有效范围内。Checking that integral values are in valid ranges.

有关详细信息，请参阅参数验证。For more information, see Parameter Validation.

开发人员也可访问无效参数的处理程序。A handler for invalid parameters is also accessible to the developer. When a function encounters an invalid parameter, instead of asserting and exiting the application, the CRT allows you to check these problems via _set_invalid_parameter_handler, _set_thread_local_invalid_parameter_handler.

Sized Buffers.Sized Buffers. 必须将缓冲区大小传递到任何写入缓冲区的安全函数。You must pass the buffer size to any secure function that writes to a buffer. 安全版本会在写入缓冲区之前验证缓冲区是否足够大。The secure versions validate that the buffer is large enough before writing to it. 这有助于避免可能允许恶意代码执行的危险缓冲区溢出错误。Which helps avoid dangerous buffer overrun errors that could allow malicious code to execute. errno如果缓冲区的大小太小，这些函数通常会返回错误代码并调用无效参数处理程序。These functions usually return an errno error code and invoke the invalid parameter handler if the size of the buffer is too small. 从输入缓冲区读取的函数(如 gets)具有需要您指定最大大小的安全版本。Functions that read from input buffers, such as gets, have secure versions that require you to specify a maximum size.

Null termination.Null termination. 某些可能包含非终止字符串的函数具有安全版本，这可确保字符串正确地以 null 结尾。Some functions that left potentially non-terminated strings have secure versions, which ensure that strings are properly null-terminated.

Enhanced error reporting.Enhanced error reporting. 安全函数返回的错误代码包含的错误信息超出了预先存在的函数。The secure functions return error codes with more error information than was available with the pre-existing functions. 现在，安全函数和许多预先存在的函数会设置 errno 并经常返回 errno 代码类型，以便提供更好的错误报告。The secure functions and many of the pre-existing functions now set errno and often return an errno code type as well, to provide better error reporting.

Filesystem security.Filesystem security. 默认情况下，安全文件 I/O API 支持安全文件访问。Secure file I/O APIs support secure file access in the default case.

Windows security.Windows security. 安全进程 API 强制安全策略并允许指定 ACL。Secure process APIs enforce security policies and allow ACLs to be specified.

Format string syntax checking.Format string syntax checking. 检测到无效字符串，例如，在 printf 格式字符串中使用了不正确的类型字段字符。Invalid strings are detected, for example, using incorrect type field characters in printf format strings.

另请参阅See also