The _mbs
family of functions is susceptible to buffer overflow when manipulating malformed multibyte strings.
Windows provides the _mbs
family of functions to perform various operations on multibyte strings. When these functions are passed a malformed multibyte string, such as a string containing a valid leading byte followed by a single null byte, they can read or write past the end of the string buffer causing a buffer overflow. The following functions all pose a risk of buffer overflow:
_mbsinc
_mbsdec
_mbsncat
_mbsncpy
_mbsnextc
_mbsnset
_mbsrev
_mbsset
_mbsstr
_mbstok
_mbccpy
_mbslen
[1] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A5 Buffer Overflow
[2] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP3590.1 CAT I
[3] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 176, CWE ID 251
[4] MBCS Programming Tips Microsoft
[5] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 - (PCI 1.2) Requirement 6.3.1.1
[6] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 - (PCI 2.0) Requirement 6.5.2
[7] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 - (PCI 1.1) Requirement 6.5.5
[8] M. Howard, D. LeBlanc Writing Secure Code, Second Edition Microsoft Press