Re: [Libreoffice] Making our Own Banned.h

Mon, 20 Jun 2011 03:03:38 -0700 

Hello,
That's a good question. I'm in the "don't code it if you don't have to" school of thought, so I'm not too hot in implementing those... Is there a way to detect if our platform has it and use it. And if our platform doesn't have it, define some macro that would have a functionally identical code? I'm guessing the performance would be a little lower in those cases, but there is no point reinventing the wheel, no? 


If we feel like implementing something, I'm suggesting ISO/IEC TR 24731. 
This looked like the best API for avoiding buffer overflows.



It is implemented by Microsoft, but sadly it seems like we don't have it 
in glibc



Marc-André Laverdière
Software Security Scientist
Innovation Labs, Tata Consultancy Services
Hyderabad, India

On 06/20/2011 11:57 AM, Robert Nagy wrote:

Hey,

Oh I just love this code, but are we actually planning on using
the size-bounded string functions like strlcpy(3)?
Because then you have to consider that these are not part of glibc
so we will have to ship our own version which is not a big deal at all
It would be a huge effort to switch all of the code to use these functions,
but I think it would worth it.

On (2011-06-20 09:51), Marc-André Laverdičre wrote:

Hello list.

As you all know, there are a bunch of old C APIs that make security
vulnerabilities trivial to implement. And doing a git grep tells me
that we use those a plenty.

Now, not all of it may create vulnerabilities, but it is good
practice to migrate away from those as much as possible.

Microsoft has compiled a useful list:
http://msdn.microsoft.com/en-us/library/bb288454.aspx

And they have made a header (I'm attaching here) that works on their
compiler.

Now, I think we should make it multi-platform, so that the whole
code base can benefit from it. The transition must be gradual, for
sure, but I think we'd benefit a lot from it in the long run.

What are the compilers that we must handle?
  - Gcc TODO
  - Microsoft's DONE
  - Sun's cc family ???
  - Intel's ???

Regards,

--
Marc-André Laverdičre
Software Security Scientist
Innovation Labs, Tata Consultancy Services
Hyderabad, India



/***
* banned.h - list of Microsoft Security Development Lifecycle (SDL) banned APIs
*
* Purpose:
*       This include file contains a list of banned APIs which should not be 
used in new code and
*       removed from legacy code over time.
*
* History
* 01-Jan-2006 - mikehow - Initial Version
* 22-Apr-2008 - mikehow - Updated to SDL 4.1, commented out recommendations and 
added memcpy
* 26-Jan-2009 - mikehow - Updated to SDL 5.0, made the list sane, added SDL 
compliance levels
* 10-Feb-2009 - mikehow - Updated based on feedback from MS Office
* 12-May-2009 - jpardue - Added wmemcpy
* 08-Jul-2009 - mikehow - Fixed header #ifndef/#endif logic, made the SDL 
recommended compliance level name more obvious
* 05-Nov-2009 - mikehow - Added vsnprintf (ANSI version of _vsnprintf)
* 01-Jan-2010 - mikehow - Added better strsafe integration, now the following 
works:
*                                                       #include "strsafe.h"
*                                                       #include "banned.h"
* 04-Jun-2010 - mikehow - Small "#if" bug fix
*                                               
*
***/

#ifndef _INC_BANNED
#       define _INC_BANNED

#       if defined(_MSC_VER)
#               pragma once

                // SDL 5.0 and later Requirements
#               if defined(_STRSAFE_H_INCLUDED_)&&  
!defined(STRSAFE_NO_DEPRECATE)

                        // Only deprecate what's not already deprecated by 
StrSafe
#                       pragma deprecated (_mbscpy, _mbccpy)
#                       pragma deprecated (strcatA, strcatW, _mbscat, 
StrCatBuff, StrCatBuffA, StrCatBuffW, StrCatChainW, _tccat, _mbccat)
#                       pragma deprecated (strncpy, wcsncpy, _tcsncpy, 
_mbsncpy, _mbsnbcpy, StrCpyN, StrCpyNA, StrCpyNW, StrNCpy, strcpynA, StrNCpyA, 
StrNCpyW, lstrcpyn, lstrcpynA, lstrcpynW)
#                       pragma deprecated (strncat, wcsncat, _tcsncat, 
_mbsncat, _mbsnbcat, lstrncat, lstrcatnA, lstrcatnW, lstrcatn)
#                       pragma deprecated (IsBadWritePtr, IsBadHugeWritePtr, 
IsBadReadPtr, IsBadHugeReadPtr, IsBadCodePtr, IsBadStringPtr)
#                       pragma deprecated (memcpy, RtlCopyMemory, CopyMemory, 
wmemcpy)

#               else
                        // StrSafe not loaded, so deprecate everything!
#                       pragma deprecated (strcpy, strcpyA, strcpyW, wcscpy, 
_tcscpy, _mbscpy, StrCpy, StrCpyA, StrCpyW, lstrcpy, lstrcpyA, lstrcpyW, 
_tccpy, _mbccpy, _ftcscpy)
#                       pragma deprecated (strcat, strcatA, strcatW, wcscat, 
_tcscat, _mbscat, StrCat, StrCatA, StrCatW, lstrcat, lstrcatA, lstrcatW, 
StrCatBuff, StrCatBuffA, StrCatBuffW, StrCatChainW, _tccat, _mbccat, _ftcscat)
#                       pragma deprecated (sprintfW, sprintfA, wsprintf, 
wsprintfW, wsprintfA, sprintf, swprintf, _stprintf)
#                       pragma deprecated (wvsprintf, wvsprintfA, wvsprintfW, 
vsprintf, _vstprintf, vswprintf)
#                       pragma deprecated (strncpy, wcsncpy, _tcsncpy, 
_mbsncpy, _mbsnbcpy, StrCpyN, StrCpyNA, StrCpyNW, StrNCpy, strcpynA, StrNCpyA, 
StrNCpyW, lstrcpyn, lstrcpynA, lstrcpynW)
#                       pragma deprecated (strncat, wcsncat, _tcsncat, 
_mbsncat, _mbsnbcat, StrCatN, StrCatNA, StrCatNW, StrNCat, StrNCatA, StrNCatW, 
lstrncat, lstrcatnA, lstrcatnW, lstrcatn)
#                       pragma deprecated (gets, _getts, _gettws)
#                       pragma deprecated (IsBadWritePtr, IsBadHugeWritePtr, 
IsBadReadPtr, IsBadHugeReadPtr, IsBadCodePtr, IsBadStringPtr)
#                       pragma deprecated (memcpy, RtlCopyMemory, CopyMemory, 
wmemcpy)
#               endif //defined(_STRSAFE_H_INCLUDED_)&&  
!defined(STRSAFE_NO_DEPRECATE)

// SDL 5.0 and later Recommendations
#               if defined(_SDL_BANNED_RECOMMENDED)
#                       if defined(_STRSAFE_H_INCLUDED_)&&  
!defined(STRSAFE_NO_DEPRECATE)
                                // Only deprecate what's not already deprecated 
by StrSafe
#                               pragma deprecated (wnsprintf, wnsprintfA, 
wnsprintfW)
#                               pragma deprecated (vsnprintf, wvnsprintf, 
wvnsprintfA, wvnsprintfW)
#                               pragma deprecated (strtok, _tcstok, wcstok, 
_mbstok)
#                               pragma deprecated (makepath, _tmakepath,  
_makepath, _wmakepath)
#                               pragma deprecated (_splitpath, _tsplitpath, 
_wsplitpath)
#                               pragma deprecated (scanf, wscanf, _tscanf, 
sscanf, swscanf, _stscanf, snscanf, snwscanf, _sntscanf)
#                               pragma deprecated (_itoa, _itow, _i64toa, 
_i64tow, _ui64toa, _ui64tot, _ui64tow, _ultoa, _ultot, _ultow)
#                               pragma deprecated (CharToOem, CharToOemA, 
CharToOemW, OemToChar, OemToCharA, OemToCharW, CharToOemBuffA, CharToOemBuffW)
#                               pragma deprecated (alloca, _alloca)
#                               pragma deprecated (strlen, wcslen, _mbslen, 
_mbstrlen, StrLen, lstrlen)
#                               pragma deprecated (ChangeWindowMessageFilter)
#                       else
                                // StrSafe not loaded, so deprecate everything!
#                               pragma deprecated (wnsprintf, wnsprintfA, 
wnsprintfW, , _snwprintf, _snprintf, _sntprintf)
#                               pragma deprecated (_vsnprintf, vsnprintf, 
_vsnwprintf, _vsntprintf, wvnsprintf, wvnsprintfA, wvnsprintfW)
#                               pragma deprecated (strtok, _tcstok, wcstok, 
_mbstok)
#                               pragma deprecated (makepath, _tmakepath,  
_makepath, _wmakepath)
#                               pragma deprecated (_splitpath, _tsplitpath, 
_wsplitpath)
#                               pragma deprecated (scanf, wscanf, _tscanf, 
sscanf, swscanf, _stscanf, snscanf, snwscanf, _sntscanf)
#                               pragma deprecated (_itoa, _itow, _i64toa, 
_i64tow, _ui64toa, _ui64tot, _ui64tow, _ultoa, _ultot, _ultow)
#                               pragma deprecated (CharToOem, CharToOemA, 
CharToOemW, OemToChar, OemToCharA, OemToCharW, CharToOemBuffA, CharToOemBuffW)
#                               pragma deprecated (alloca, _alloca)
#                               pragma deprecated (strlen, wcslen, _mbslen, 
_mbstrlen, StrLen, lstrlen)
#                               pragma deprecated (ChangeWindowMessageFilter)
#                       endif // StrSafe
#               endif // SDL recommended

#       endif // _MSC_VER_

#endif  // _INC_BANNED





_______________________________________________
LibreOffice mailing list
LibreOffice@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice

_______________________________________________
LibreOffice mailing list
LibreOffice@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice






















					Reply via email to