1

I used to make fopen safer with this code

fin = fopen(ifp, "r");
fout = fopen(ofp, "w");
if ((fin == NULL)||(fout == NULL))
    printf ("Error opening files");
else {} //action

Now I moved to Microsoft Visual Studio 2013. It asks me to use fopen_s instead of fopen. Is there any solution other than using _CRT_SECURE_NO_WARNINGS? I mean, is the fact of filepath input (scanf) compatible with fopen_s? Or just forget it and disable security warnings?

P. S. I know that filepath input can be unsafe but I just have to do it this way, because it is stated so in my task.

mekkanizer
  • 722
  • 2
  • 9
  • 28
  • Mostly they're safer in the sense they (better) validate their inputs. To use them you don't need to change how file path is entered (so if you used `scanf` you can go on with that or you may switch to its _safe_ version `_cscanf_s`). How to use them? Keep checking return value (in case of `NULL` check `errno`) and be ready to catch (structured) exceptions. – Adriano Repetti Mar 20 '14 at 12:42
  • I may not stated it clear enough. I need to know is it possible to use fopen_s while I have to input the filepath, not to know is it safe enough or not.@gi-joe I checked errno. It's a type for error-handling, how does it help to use an entered file path as a constant string? @Adriano actually, I'm forced to use scanf_s, I mentioned basic scanf only as an example of what I've been used to. How can I check return value of anything that doesn't even accept arguments that I try to give it? (It doesnt accept char, it asks for const char) – mekkanizer Mar 20 '14 at 12:46
  • Yes, you don't need to change how you read path. They both accept `char*` as file path... – Adriano Repetti Mar 20 '14 at 12:47
  • Requiring you to use `fopen_s` is complete Visual Studio stupidity. It's basically identical to `fopen`, it's no more secure at all. It just returns EINVAL if you pass in a NULL pointer rather than segfaulting - but you shouldn't pass in a NULL pointer anyway. See http://stackoverflow.com/questions/906599/why-cant-i-use-fopen – Nicholas Wilson Mar 20 '14 at 13:01

1 Answers1

1

I don't think this makes it safer. This is just good handling of conditions and what you should be doing. Probably should check errno too.

That being said, if you have the ability to use fopen_s, then I would use it. From MSDN on the "security enhancements":

  • Parameter Validation . Parameters passed to CRT functions are validated, in both secure functions and in many preexisting versions of functions. These validations include:

    • Checking for NULL values passed to the functions.

    • Checking enumerated values for validity.

    • Checking that integral values are in valid ranges.

    For more information, see Parameter Validation.

  • A handler for invalid parameters is also accessible to the developer. When an encountering an invalid parameter, instead of asserting and exiting the application, the CRT provides a way to check these problems with the _set_invalid_parameter_handler function.

  • Sized Buffers . The secure functions require that the buffer size be passed to any function that writes to a buffer. The secure versions validate that the buffer is large enough before writing to it, helping to avoid dangerous buffer overrun errors that could allow malicious code to execute. These functions usually return an errno type of error code and invoke the invalid parameter handler if the size of the buffer is too small. Functions that read from input buffers, such as gets, have secure versions that require you to specify a maximum size.

  • Null termination . Some functions that left potentially non-terminated strings have secure versions which ensure that strings are properly null terminated.

  • Enhanced error reporting . The secure functions return error codes with more error information than was available with the preexisting functions. The secure functions and many of the preexisting functions now set errno and often return an errno code type as well, to provide better error reporting.

  • Filesystem security . Secure file I/O APIs support secure file access in the default case.

  • Windows security . Secure process APIs enforce security policies and allow ACLs to be specified.

  • Format string syntax checking . Invalid strings are detected, for example, using incorrect type field characters in printf format strings.

Engineer2021
  • 3,288
  • 6
  • 29
  • 51