Hey, Oh I just love this code, but are we actually planning on using the size-bounded string functions like strlcpy(3)? Because then you have to consider that these are not part of glibc so we will have to ship our own version which is not a big deal at all It would be a huge effort to switch all of the code to use these functions, but I think it would worth it.
On (2011-06-20 09:51), Marc-André Laverdičre wrote: > Hello list. > > As you all know, there are a bunch of old C APIs that make security > vulnerabilities trivial to implement. And doing a git grep tells me > that we use those a plenty. > > Now, not all of it may create vulnerabilities, but it is good > practice to migrate away from those as much as possible. > > Microsoft has compiled a useful list: > http://msdn.microsoft.com/en-us/library/bb288454.aspx > > And they have made a header (I'm attaching here) that works on their > compiler. > > Now, I think we should make it multi-platform, so that the whole > code base can benefit from it. The transition must be gradual, for > sure, but I think we'd benefit a lot from it in the long run. > > What are the compilers that we must handle? > - Gcc TODO > - Microsoft's DONE > - Sun's cc family ??? > - Intel's ??? > > Regards, > > -- > Marc-André Laverdičre > Software Security Scientist > Innovation Labs, Tata Consultancy Services > Hyderabad, India > /*** > * banned.h - list of Microsoft Security Development Lifecycle (SDL) banned > APIs > * > * Purpose: > * This include file contains a list of banned APIs which should not be > used in new code and > * removed from legacy code over time. > * > * History > * 01-Jan-2006 - mikehow - Initial Version > * 22-Apr-2008 - mikehow - Updated to SDL 4.1, commented out > recommendations and added memcpy > * 26-Jan-2009 - mikehow - Updated to SDL 5.0, made the list sane, added SDL > compliance levels > * 10-Feb-2009 - mikehow - Updated based on feedback from MS Office > * 12-May-2009 - jpardue - Added wmemcpy > * 08-Jul-2009 - mikehow - Fixed header #ifndef/#endif logic, made the SDL > recommended compliance level name more obvious > * 05-Nov-2009 - mikehow - Added vsnprintf (ANSI version of _vsnprintf) > * 01-Jan-2010 - mikehow - Added better strsafe integration, now the following > works: > * #include "strsafe.h" > * #include "banned.h" > * 04-Jun-2010 - mikehow - Small "#if" bug fix > * > * > ***/ > > #ifndef _INC_BANNED > # define _INC_BANNED > > # if defined(_MSC_VER) > # pragma once > > // SDL 5.0 and later Requirements > # if defined(_STRSAFE_H_INCLUDED_) && > !defined(STRSAFE_NO_DEPRECATE) > > // Only deprecate what's not already deprecated by > StrSafe > # pragma deprecated (_mbscpy, _mbccpy) > # pragma deprecated (strcatA, strcatW, _mbscat, > StrCatBuff, StrCatBuffA, StrCatBuffW, StrCatChainW, _tccat, _mbccat) > # pragma deprecated (strncpy, wcsncpy, _tcsncpy, > _mbsncpy, _mbsnbcpy, StrCpyN, StrCpyNA, StrCpyNW, StrNCpy, strcpynA, > StrNCpyA, StrNCpyW, lstrcpyn, lstrcpynA, lstrcpynW) > # pragma deprecated (strncat, wcsncat, _tcsncat, > _mbsncat, _mbsnbcat, lstrncat, lstrcatnA, lstrcatnW, lstrcatn) > # pragma deprecated (IsBadWritePtr, IsBadHugeWritePtr, > IsBadReadPtr, IsBadHugeReadPtr, IsBadCodePtr, IsBadStringPtr) > # pragma deprecated (memcpy, RtlCopyMemory, CopyMemory, > wmemcpy) > > # else > // StrSafe not loaded, so deprecate everything! > # pragma deprecated (strcpy, strcpyA, strcpyW, wcscpy, > _tcscpy, _mbscpy, StrCpy, StrCpyA, StrCpyW, lstrcpy, lstrcpyA, lstrcpyW, > _tccpy, _mbccpy, _ftcscpy) > # pragma deprecated (strcat, strcatA, strcatW, wcscat, > _tcscat, _mbscat, StrCat, StrCatA, StrCatW, lstrcat, lstrcatA, lstrcatW, > StrCatBuff, StrCatBuffA, StrCatBuffW, StrCatChainW, _tccat, _mbccat, _ftcscat) > # pragma deprecated (sprintfW, sprintfA, wsprintf, > wsprintfW, wsprintfA, sprintf, swprintf, _stprintf) > # pragma deprecated (wvsprintf, wvsprintfA, wvsprintfW, > vsprintf, _vstprintf, vswprintf) > # pragma deprecated (strncpy, wcsncpy, _tcsncpy, > _mbsncpy, _mbsnbcpy, StrCpyN, StrCpyNA, StrCpyNW, StrNCpy, strcpynA, > StrNCpyA, StrNCpyW, lstrcpyn, lstrcpynA, lstrcpynW) > # pragma deprecated (strncat, wcsncat, _tcsncat, > _mbsncat, _mbsnbcat, StrCatN, StrCatNA, StrCatNW, StrNCat, StrNCatA, > StrNCatW, lstrncat, lstrcatnA, lstrcatnW, lstrcatn) > # pragma deprecated (gets, _getts, _gettws) > # pragma deprecated (IsBadWritePtr, IsBadHugeWritePtr, > IsBadReadPtr, IsBadHugeReadPtr, IsBadCodePtr, IsBadStringPtr) > # pragma deprecated (memcpy, RtlCopyMemory, CopyMemory, > wmemcpy) > # endif //defined(_STRSAFE_H_INCLUDED_) && > !defined(STRSAFE_NO_DEPRECATE) > > // SDL 5.0 and later Recommendations > # if defined(_SDL_BANNED_RECOMMENDED) > # if defined(_STRSAFE_H_INCLUDED_) && > !defined(STRSAFE_NO_DEPRECATE) > // Only deprecate what's not already deprecated > by StrSafe > # pragma deprecated (wnsprintf, wnsprintfA, > wnsprintfW) > # pragma deprecated (vsnprintf, wvnsprintf, > wvnsprintfA, wvnsprintfW) > # pragma deprecated (strtok, _tcstok, wcstok, > _mbstok) > # pragma deprecated (makepath, _tmakepath, > _makepath, _wmakepath) > # pragma deprecated (_splitpath, _tsplitpath, > _wsplitpath) > # pragma deprecated (scanf, wscanf, _tscanf, > sscanf, swscanf, _stscanf, snscanf, snwscanf, _sntscanf) > # pragma deprecated (_itoa, _itow, _i64toa, > _i64tow, _ui64toa, _ui64tot, _ui64tow, _ultoa, _ultot, _ultow) > # pragma deprecated (CharToOem, CharToOemA, > CharToOemW, OemToChar, OemToCharA, OemToCharW, CharToOemBuffA, CharToOemBuffW) > # pragma deprecated (alloca, _alloca) > # pragma deprecated (strlen, wcslen, _mbslen, > _mbstrlen, StrLen, lstrlen) > # pragma deprecated (ChangeWindowMessageFilter) > # else > // StrSafe not loaded, so deprecate everything! > # pragma deprecated (wnsprintf, wnsprintfA, > wnsprintfW, , _snwprintf, _snprintf, _sntprintf) > # pragma deprecated (_vsnprintf, vsnprintf, > _vsnwprintf, _vsntprintf, wvnsprintf, wvnsprintfA, wvnsprintfW) > # pragma deprecated (strtok, _tcstok, wcstok, > _mbstok) > # pragma deprecated (makepath, _tmakepath, > _makepath, _wmakepath) > # pragma deprecated (_splitpath, _tsplitpath, > _wsplitpath) > # pragma deprecated (scanf, wscanf, _tscanf, > sscanf, swscanf, _stscanf, snscanf, snwscanf, _sntscanf) > # pragma deprecated (_itoa, _itow, _i64toa, > _i64tow, _ui64toa, _ui64tot, _ui64tow, _ultoa, _ultot, _ultow) > # pragma deprecated (CharToOem, CharToOemA, > CharToOemW, OemToChar, OemToCharA, OemToCharW, CharToOemBuffA, CharToOemBuffW) > # pragma deprecated (alloca, _alloca) > # pragma deprecated (strlen, wcslen, _mbslen, > _mbstrlen, StrLen, lstrlen) > # pragma deprecated (ChangeWindowMessageFilter) > # endif // StrSafe > # endif // SDL recommended > > # endif // _MSC_VER_ > > #endif // _INC_BANNED > > > _______________________________________________ > LibreOffice mailing list > LibreOffice@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/libreoffice _______________________________________________ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice