Date: prev next · Thread: first prev next last
2011 Archives by date, by thread · List index


Hey,

Oh I just love this code, but are we actually planning on using
the size-bounded string functions like strlcpy(3)?
Because then you have to consider that these are not part of glibc
so we will have to ship our own version which is not a big deal at all
It would be a huge effort to switch all of the code to use these functions,
but I think it would worth it.

On (2011-06-20 09:51), Marc-André Laverdičre wrote:
Hello list.

As you all know, there are a bunch of old C APIs that make security
vulnerabilities trivial to implement. And doing a git grep tells me
that we use those a plenty.

Now, not all of it may create vulnerabilities, but it is good
practice to migrate away from those as much as possible.

Microsoft has compiled a useful list:
http://msdn.microsoft.com/en-us/library/bb288454.aspx

And they have made a header (I'm attaching here) that works on their
compiler.

Now, I think we should make it multi-platform, so that the whole
code base can benefit from it. The transition must be gradual, for
sure, but I think we'd benefit a lot from it in the long run.

What are the compilers that we must handle?
 - Gcc TODO
 - Microsoft's DONE
 - Sun's cc family ???
 - Intel's ???

Regards,

-- 
Marc-André Laverdičre
Software Security Scientist
Innovation Labs, Tata Consultancy Services
Hyderabad, India

/***
* banned.h - list of Microsoft Security Development Lifecycle (SDL) banned APIs
*
* Purpose:
*       This include file contains a list of banned APIs which should not be used in new code and 
*       removed from legacy code over time.
*
* History
* 01-Jan-2006 - mikehow - Initial Version
* 22-Apr-2008 - mikehow       - Updated to SDL 4.1, commented out recommendations and added memcpy
* 26-Jan-2009 - mikehow - Updated to SDL 5.0, made the list sane, added SDL compliance levels
* 10-Feb-2009 - mikehow - Updated based on feedback from MS Office
* 12-May-2009 - jpardue - Added wmemcpy
* 08-Jul-2009 - mikehow - Fixed header #ifndef/#endif logic, made the SDL recommended compliance 
level name more obvious
* 05-Nov-2009 - mikehow       - Added vsnprintf (ANSI version of _vsnprintf)
* 01-Jan-2010 - mikehow - Added better strsafe integration, now the following works:
*                                                     #include "strsafe.h"
*                                                     #include "banned.h"
* 04-Jun-2010 - mikehow - Small "#if" bug fix
*                                                
*
***/

#ifndef _INC_BANNED
#     define _INC_BANNED

#     if defined(_MSC_VER)
#             pragma once

              // SDL 5.0 and later Requirements
#             if defined(_STRSAFE_H_INCLUDED_) && !defined(STRSAFE_NO_DEPRECATE)

                      // Only deprecate what's not already deprecated by StrSafe
#                     pragma deprecated (_mbscpy, _mbccpy)
#                     pragma deprecated (strcatA, strcatW, _mbscat, StrCatBuff, StrCatBuffA, 
StrCatBuffW, StrCatChainW, _tccat, _mbccat)
#                     pragma deprecated (strncpy, wcsncpy, _tcsncpy, _mbsncpy, _mbsnbcpy, 
StrCpyN, StrCpyNA, StrCpyNW, StrNCpy, strcpynA, StrNCpyA, StrNCpyW, lstrcpyn, lstrcpynA, 
lstrcpynW)
#                     pragma deprecated (strncat, wcsncat, _tcsncat, _mbsncat, _mbsnbcat, 
lstrncat, lstrcatnA, lstrcatnW, lstrcatn)
#                     pragma deprecated (IsBadWritePtr, IsBadHugeWritePtr, IsBadReadPtr, 
IsBadHugeReadPtr, IsBadCodePtr, IsBadStringPtr)
#                     pragma deprecated (memcpy, RtlCopyMemory, CopyMemory, wmemcpy)

#             else
                      // StrSafe not loaded, so deprecate everything!
#                     pragma deprecated (strcpy, strcpyA, strcpyW, wcscpy, _tcscpy, _mbscpy, 
StrCpy, StrCpyA, StrCpyW, lstrcpy, lstrcpyA, lstrcpyW, _tccpy, _mbccpy, _ftcscpy)
#                     pragma deprecated (strcat, strcatA, strcatW, wcscat, _tcscat, _mbscat, 
StrCat, StrCatA, StrCatW, lstrcat, lstrcatA, lstrcatW, StrCatBuff, StrCatBuffA, StrCatBuffW, 
StrCatChainW, _tccat, _mbccat, _ftcscat)
#                     pragma deprecated (sprintfW, sprintfA, wsprintf, wsprintfW, wsprintfA, 
sprintf, swprintf, _stprintf)
#                     pragma deprecated (wvsprintf, wvsprintfA, wvsprintfW, vsprintf, _vstprintf, 
vswprintf)
#                     pragma deprecated (strncpy, wcsncpy, _tcsncpy, _mbsncpy, _mbsnbcpy, 
StrCpyN, StrCpyNA, StrCpyNW, StrNCpy, strcpynA, StrNCpyA, StrNCpyW, lstrcpyn, lstrcpynA, 
lstrcpynW)
#                     pragma deprecated (strncat, wcsncat, _tcsncat, _mbsncat, _mbsnbcat, 
StrCatN, StrCatNA, StrCatNW, StrNCat, StrNCatA, StrNCatW, lstrncat, lstrcatnA, lstrcatnW, 
lstrcatn)
#                     pragma deprecated (gets, _getts, _gettws)
#                     pragma deprecated (IsBadWritePtr, IsBadHugeWritePtr, IsBadReadPtr, 
IsBadHugeReadPtr, IsBadCodePtr, IsBadStringPtr)
#                     pragma deprecated (memcpy, RtlCopyMemory, CopyMemory, wmemcpy)
#             endif //defined(_STRSAFE_H_INCLUDED_) && !defined(STRSAFE_NO_DEPRECATE)

// SDL 5.0 and later Recommendations
#             if defined(_SDL_BANNED_RECOMMENDED)
#                     if defined(_STRSAFE_H_INCLUDED_) && !defined(STRSAFE_NO_DEPRECATE)
                              // Only deprecate what's not already deprecated by StrSafe
#                             pragma deprecated (wnsprintf, wnsprintfA, wnsprintfW)
#                             pragma deprecated (vsnprintf, wvnsprintf, wvnsprintfA, wvnsprintfW)
#                             pragma deprecated (strtok, _tcstok, wcstok, _mbstok)
#                             pragma deprecated (makepath, _tmakepath,  _makepath, _wmakepath)
#                             pragma deprecated (_splitpath, _tsplitpath, _wsplitpath)
#                             pragma deprecated (scanf, wscanf, _tscanf, sscanf, swscanf, 
_stscanf, snscanf, snwscanf, _sntscanf)
#                             pragma deprecated (_itoa, _itow, _i64toa, _i64tow, _ui64toa, 
_ui64tot, _ui64tow, _ultoa, _ultot, _ultow)
#                             pragma deprecated (CharToOem, CharToOemA, CharToOemW, OemToChar, 
OemToCharA, OemToCharW, CharToOemBuffA, CharToOemBuffW)
#                             pragma deprecated (alloca, _alloca)
#                             pragma deprecated (strlen, wcslen, _mbslen, _mbstrlen, StrLen, 
lstrlen)
#                             pragma deprecated (ChangeWindowMessageFilter)
#                     else
                              // StrSafe not loaded, so deprecate everything!
#                             pragma deprecated (wnsprintf, wnsprintfA, wnsprintfW, , _snwprintf, 
_snprintf, _sntprintf)
#                             pragma deprecated (_vsnprintf, vsnprintf, _vsnwprintf, _vsntprintf, 
wvnsprintf, wvnsprintfA, wvnsprintfW)
#                             pragma deprecated (strtok, _tcstok, wcstok, _mbstok)
#                             pragma deprecated (makepath, _tmakepath,  _makepath, _wmakepath)
#                             pragma deprecated (_splitpath, _tsplitpath, _wsplitpath)
#                             pragma deprecated (scanf, wscanf, _tscanf, sscanf, swscanf, 
_stscanf, snscanf, snwscanf, _sntscanf)
#                             pragma deprecated (_itoa, _itow, _i64toa, _i64tow, _ui64toa, 
_ui64tot, _ui64tow, _ultoa, _ultot, _ultow)
#                             pragma deprecated (CharToOem, CharToOemA, CharToOemW, OemToChar, 
OemToCharA, OemToCharW, CharToOemBuffA, CharToOemBuffW)
#                             pragma deprecated (alloca, _alloca)
#                             pragma deprecated (strlen, wcslen, _mbslen, _mbstrlen, StrLen, 
lstrlen)
#                             pragma deprecated (ChangeWindowMessageFilter)
#                     endif // StrSafe
#             endif // SDL recommended

#     endif // _MSC_VER_

#endif  // _INC_BANNED 



_______________________________________________
LibreOffice mailing list
LibreOffice@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice


Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.