Date: prev next · Thread: first prev next last
2011 Archives by date, by thread · List index 

Hello,

Well you don't have it any other supported platforms either.
You can't just use macros to use those whenever they are supported,
we would have to walk through the code and convert each by hand.
If we don't do this there is no real point in listing strcpy and friends
in banned.h.

On (2011-06-20 15:30), Marc-André Laverdi??re wrote:

Hello,

That's a good question. I'm in the "don't code it if you don't have
to" school of thought, so I'm not too hot in implementing those...
Is there a way to detect if our platform has it and use it. And if
our platform doesn't have it, define some macro that would have a
functionally identical code? I'm guessing the performance would be a
little lower in those cases, but there is no point reinventing the
wheel, no?

If we feel like implementing something, I'm suggesting ISO/IEC TR
24731. This looked like the best API for avoiding buffer overflows.

It is implemented by Microsoft, but sadly it seems like we don't
have it in glibc


Marc-André Laverdi??re
Software Security Scientist
Innovation Labs, Tata Consultancy Services
Hyderabad, India

On 06/20/2011 11:57 AM, Robert Nagy wrote:

Hey,

Oh I just love this code, but are we actually planning on using
the size-bounded string functions like strlcpy(3)?
Because then you have to consider that these are not part of glibc
so we will have to ship our own version which is not a big deal at all
It would be a huge effort to switch all of the code to use these functions,
but I think it would worth it.

On (2011-06-20 09:51), Marc-André Laverdičre wrote:

Hello list.

As you all know, there are a bunch of old C APIs that make security
vulnerabilities trivial to implement. And doing a git grep tells me
that we use those a plenty.

Now, not all of it may create vulnerabilities, but it is good
practice to migrate away from those as much as possible.

Microsoft has compiled a useful list:
http://msdn.microsoft.com/en-us/library/bb288454.aspx

And they have made a header (I'm attaching here) that works on their
compiler.

Now, I think we should make it multi-platform, so that the whole
code base can benefit from it. The transition must be gradual, for
sure, but I think we'd benefit a lot from it in the long run.

What are the compilers that we must handle?
 - Gcc TODO
 - Microsoft's DONE
 - Sun's cc family ???
 - Intel's ???

Regards,

--
Marc-André Laverdičre
Software Security Scientist
Innovation Labs, Tata Consultancy Services
Hyderabad, India



/***
* banned.h - list of Microsoft Security Development Lifecycle (SDL) banned APIs
*
* Purpose:
*       This include file contains a list of banned APIs which should not be used in new code 
and
*       removed from legacy code over time.
*
* History
* 01-Jan-2006 - mikehow - Initial Version
* 22-Apr-2008 - mikehow     - Updated to SDL 4.1, commented out recommendations and added memcpy
* 26-Jan-2009 - mikehow - Updated to SDL 5.0, made the list sane, added SDL compliance levels
* 10-Feb-2009 - mikehow - Updated based on feedback from MS Office
* 12-May-2009 - jpardue - Added wmemcpy
* 08-Jul-2009 - mikehow - Fixed header #ifndef/#endif logic, made the SDL recommended 
compliance level name more obvious
* 05-Nov-2009 - mikehow     - Added vsnprintf (ANSI version of _vsnprintf)
* 01-Jan-2010 - mikehow - Added better strsafe integration, now the following works:
*                                                   #include "strsafe.h"
*                                                   #include "banned.h"
* 04-Jun-2010 - mikehow - Small "#if" bug fix
*                                           
*
***/

#ifndef _INC_BANNED
#   define _INC_BANNED

#   if defined(_MSC_VER)
#           pragma once

           // SDL 5.0 and later Requirements
#           if defined(_STRSAFE_H_INCLUDED_)&&  !defined(STRSAFE_NO_DEPRECATE)

                   // Only deprecate what's not already deprecated by StrSafe
#                   pragma deprecated (_mbscpy, _mbccpy)
#                   pragma deprecated (strcatA, strcatW, _mbscat, StrCatBuff, StrCatBuffA, 
StrCatBuffW, StrCatChainW, _tccat, _mbccat)
#                   pragma deprecated (strncpy, wcsncpy, _tcsncpy, _mbsncpy, _mbsnbcpy, 
StrCpyN, StrCpyNA, StrCpyNW, StrNCpy, strcpynA, StrNCpyA, StrNCpyW, lstrcpyn, lstrcpynA, 
lstrcpynW)
#                   pragma deprecated (strncat, wcsncat, _tcsncat, _mbsncat, _mbsnbcat, 
lstrncat, lstrcatnA, lstrcatnW, lstrcatn)
#                   pragma deprecated (IsBadWritePtr, IsBadHugeWritePtr, IsBadReadPtr, 
IsBadHugeReadPtr, IsBadCodePtr, IsBadStringPtr)
#                   pragma deprecated (memcpy, RtlCopyMemory, CopyMemory, wmemcpy)

#           else
                   // StrSafe not loaded, so deprecate everything!
#                   pragma deprecated (strcpy, strcpyA, strcpyW, wcscpy, _tcscpy, _mbscpy, 
StrCpy, StrCpyA, StrCpyW, lstrcpy, lstrcpyA, lstrcpyW, _tccpy, _mbccpy, _ftcscpy)
#                   pragma deprecated (strcat, strcatA, strcatW, wcscat, _tcscat, _mbscat, 
StrCat, StrCatA, StrCatW, lstrcat, lstrcatA, lstrcatW, StrCatBuff, StrCatBuffA, StrCatBuffW, 
StrCatChainW, _tccat, _mbccat, _ftcscat)
#                   pragma deprecated (sprintfW, sprintfA, wsprintf, wsprintfW, wsprintfA, 
sprintf, swprintf, _stprintf)
#                   pragma deprecated (wvsprintf, wvsprintfA, wvsprintfW, vsprintf, _vstprintf, 
vswprintf)
#                   pragma deprecated (strncpy, wcsncpy, _tcsncpy, _mbsncpy, _mbsnbcpy, 
StrCpyN, StrCpyNA, StrCpyNW, StrNCpy, strcpynA, StrNCpyA, StrNCpyW, lstrcpyn, lstrcpynA, 
lstrcpynW)
#                   pragma deprecated (strncat, wcsncat, _tcsncat, _mbsncat, _mbsnbcat, 
StrCatN, StrCatNA, StrCatNW, StrNCat, StrNCatA, StrNCatW, lstrncat, lstrcatnA, lstrcatnW, 
lstrcatn)
#                   pragma deprecated (gets, _getts, _gettws)
#                   pragma deprecated (IsBadWritePtr, IsBadHugeWritePtr, IsBadReadPtr, 
IsBadHugeReadPtr, IsBadCodePtr, IsBadStringPtr)
#                   pragma deprecated (memcpy, RtlCopyMemory, CopyMemory, wmemcpy)
#           endif //defined(_STRSAFE_H_INCLUDED_)&&  !defined(STRSAFE_NO_DEPRECATE)

// SDL 5.0 and later Recommendations
#           if defined(_SDL_BANNED_RECOMMENDED)
#                   if defined(_STRSAFE_H_INCLUDED_)&&  !defined(STRSAFE_NO_DEPRECATE)
                           // Only deprecate what's not already deprecated by StrSafe
#                           pragma deprecated (wnsprintf, wnsprintfA, wnsprintfW)
#                           pragma deprecated (vsnprintf, wvnsprintf, wvnsprintfA, wvnsprintfW)
#                           pragma deprecated (strtok, _tcstok, wcstok, _mbstok)
#                           pragma deprecated (makepath, _tmakepath,  _makepath, _wmakepath)
#                           pragma deprecated (_splitpath, _tsplitpath, _wsplitpath)
#                           pragma deprecated (scanf, wscanf, _tscanf, sscanf, swscanf, 
_stscanf, snscanf, snwscanf, _sntscanf)
#                           pragma deprecated (_itoa, _itow, _i64toa, _i64tow, _ui64toa, 
_ui64tot, _ui64tow, _ultoa, _ultot, _ultow)
#                           pragma deprecated (CharToOem, CharToOemA, CharToOemW, OemToChar, 
OemToCharA, OemToCharW, CharToOemBuffA, CharToOemBuffW)
#                           pragma deprecated (alloca, _alloca)
#                           pragma deprecated (strlen, wcslen, _mbslen, _mbstrlen, StrLen, 
lstrlen)
#                           pragma deprecated (ChangeWindowMessageFilter)
#                   else
                           // StrSafe not loaded, so deprecate everything!
#                           pragma deprecated (wnsprintf, wnsprintfA, wnsprintfW, , _snwprintf, 
_snprintf, _sntprintf)
#                           pragma deprecated (_vsnprintf, vsnprintf, _vsnwprintf, _vsntprintf, 
wvnsprintf, wvnsprintfA, wvnsprintfW)
#                           pragma deprecated (strtok, _tcstok, wcstok, _mbstok)
#                           pragma deprecated (makepath, _tmakepath,  _makepath, _wmakepath)
#                           pragma deprecated (_splitpath, _tsplitpath, _wsplitpath)
#                           pragma deprecated (scanf, wscanf, _tscanf, sscanf, swscanf, 
_stscanf, snscanf, snwscanf, _sntscanf)
#                           pragma deprecated (_itoa, _itow, _i64toa, _i64tow, _ui64toa, 
_ui64tot, _ui64tow, _ultoa, _ultot, _ultow)
#                           pragma deprecated (CharToOem, CharToOemA, CharToOemW, OemToChar, 
OemToCharA, OemToCharW, CharToOemBuffA, CharToOemBuffW)
#                           pragma deprecated (alloca, _alloca)
#                           pragma deprecated (strlen, wcslen, _mbslen, _mbstrlen, StrLen, 
lstrlen)
#                           pragma deprecated (ChangeWindowMessageFilter)
#                   endif // StrSafe
#           endif // SDL recommended

#   endif // _MSC_VER_

#endif  // _INC_BANNED





_______________________________________________
LibreOffice mailing list
LibreOffice@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice

_______________________________________________
LibreOffice mailing list
LibreOffice@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice

Context

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.