btw., on openbsd you already get warnings if you use unsafe functions, like: (ws robert 45001)$ gcc `pkg-config --cflags --libs glib-2.0` -lkvm proc.c /usr/local/lib/libglib-2.0.so.2800.0: warning: vsprintf() is often misused, please use vsnprintf() /usr/local/lib/libglib-2.0.so.2800.0: warning: strcpy() is almost always misused, please use strlcpy()
On (2011-06-20 12:09), Robert Nagy wrote: > Hello, > > Well you don't have it any other supported platforms either. > You can't just use macros to use those whenever they are supported, > we would have to walk through the code and convert each by hand. > If we don't do this there is no real point in listing strcpy and friends > in banned.h. > > On (2011-06-20 15:30), Marc-André Laverdi??re wrote: > > Hello, > > > > That's a good question. I'm in the "don't code it if you don't have > > to" school of thought, so I'm not too hot in implementing those... > > Is there a way to detect if our platform has it and use it. And if > > our platform doesn't have it, define some macro that would have a > > functionally identical code? I'm guessing the performance would be a > > little lower in those cases, but there is no point reinventing the > > wheel, no? > > > > If we feel like implementing something, I'm suggesting ISO/IEC TR > > 24731. This looked like the best API for avoiding buffer overflows. > > > > It is implemented by Microsoft, but sadly it seems like we don't > > have it in glibc > > > > > > Marc-André Laverdi??re > > Software Security Scientist > > Innovation Labs, Tata Consultancy Services > > Hyderabad, India > > > > On 06/20/2011 11:57 AM, Robert Nagy wrote: > > >Hey, > > > > > >Oh I just love this code, but are we actually planning on using > > >the size-bounded string functions like strlcpy(3)? > > >Because then you have to consider that these are not part of glibc > > >so we will have to ship our own version which is not a big deal at all > > >It would be a huge effort to switch all of the code to use these functions, > > >but I think it would worth it. > > > > > >On (2011-06-20 09:51), Marc-André Laverdičre wrote: > > >>Hello list. > > >> > > >>As you all know, there are a bunch of old C APIs that make security > > >>vulnerabilities trivial to implement. And doing a git grep tells me > > >>that we use those a plenty. > > >> > > >>Now, not all of it may create vulnerabilities, but it is good > > >>practice to migrate away from those as much as possible. > > >> > > >>Microsoft has compiled a useful list: > > >>http://msdn.microsoft.com/en-us/library/bb288454.aspx > > >> > > >>And they have made a header (I'm attaching here) that works on their > > >>compiler. > > >> > > >>Now, I think we should make it multi-platform, so that the whole > > >>code base can benefit from it. The transition must be gradual, for > > >>sure, but I think we'd benefit a lot from it in the long run. > > >> > > >>What are the compilers that we must handle? > > >> - Gcc TODO > > >> - Microsoft's DONE > > >> - Sun's cc family ??? > > >> - Intel's ??? > > >> > > >>Regards, > > >> > > >>-- > > >>Marc-André Laverdičre > > >>Software Security Scientist > > >>Innovation Labs, Tata Consultancy Services > > >>Hyderabad, India > > > > > >>/*** > > >>* banned.h - list of Microsoft Security Development Lifecycle (SDL) > > >>banned APIs > > >>* > > >>* Purpose: > > >>* This include file contains a list of banned APIs which should not > > >>be used in new code and > > >>* removed from legacy code over time. > > >>* > > >>* History > > >>* 01-Jan-2006 - mikehow - Initial Version > > >>* 22-Apr-2008 - mikehow - Updated to SDL 4.1, commented out > > >>recommendations and added memcpy > > >>* 26-Jan-2009 - mikehow - Updated to SDL 5.0, made the list sane, added > > >>SDL compliance levels > > >>* 10-Feb-2009 - mikehow - Updated based on feedback from MS Office > > >>* 12-May-2009 - jpardue - Added wmemcpy > > >>* 08-Jul-2009 - mikehow - Fixed header #ifndef/#endif logic, made the SDL > > >>recommended compliance level name more obvious > > >>* 05-Nov-2009 - mikehow - Added vsnprintf (ANSI version of _vsnprintf) > > >>* 01-Jan-2010 - mikehow - Added better strsafe integration, now the > > >>following works: > > >>* #include "strsafe.h" > > >>* #include "banned.h" > > >>* 04-Jun-2010 - mikehow - Small "#if" bug fix > > >>* > > >>* > > >>***/ > > >> > > >>#ifndef _INC_BANNED > > >># define _INC_BANNED > > >> > > >># if defined(_MSC_VER) > > >># pragma once > > >> > > >> // SDL 5.0 and later Requirements > > >># if defined(_STRSAFE_H_INCLUDED_)&& > > >>!defined(STRSAFE_NO_DEPRECATE) > > >> > > >> // Only deprecate what's not already deprecated by > > >> StrSafe > > >># pragma deprecated (_mbscpy, _mbccpy) > > >># pragma deprecated (strcatA, strcatW, _mbscat, > > >>StrCatBuff, StrCatBuffA, StrCatBuffW, StrCatChainW, _tccat, _mbccat) > > >># pragma deprecated (strncpy, wcsncpy, _tcsncpy, > > >>_mbsncpy, _mbsnbcpy, StrCpyN, StrCpyNA, StrCpyNW, StrNCpy, strcpynA, > > >>StrNCpyA, StrNCpyW, lstrcpyn, lstrcpynA, lstrcpynW) > > >># pragma deprecated (strncat, wcsncat, _tcsncat, > > >>_mbsncat, _mbsnbcat, lstrncat, lstrcatnA, lstrcatnW, lstrcatn) > > >># pragma deprecated (IsBadWritePtr, IsBadHugeWritePtr, > > >>IsBadReadPtr, IsBadHugeReadPtr, IsBadCodePtr, IsBadStringPtr) > > >># pragma deprecated (memcpy, RtlCopyMemory, CopyMemory, > > >>wmemcpy) > > >> > > >># else > > >> // StrSafe not loaded, so deprecate everything! > > >># pragma deprecated (strcpy, strcpyA, strcpyW, wcscpy, > > >>_tcscpy, _mbscpy, StrCpy, StrCpyA, StrCpyW, lstrcpy, lstrcpyA, lstrcpyW, > > >>_tccpy, _mbccpy, _ftcscpy) > > >># pragma deprecated (strcat, strcatA, strcatW, wcscat, > > >>_tcscat, _mbscat, StrCat, StrCatA, StrCatW, lstrcat, lstrcatA, lstrcatW, > > >>StrCatBuff, StrCatBuffA, StrCatBuffW, StrCatChainW, _tccat, _mbccat, > > >>_ftcscat) > > >># pragma deprecated (sprintfW, sprintfA, wsprintf, > > >>wsprintfW, wsprintfA, sprintf, swprintf, _stprintf) > > >># pragma deprecated (wvsprintf, wvsprintfA, wvsprintfW, > > >>vsprintf, _vstprintf, vswprintf) > > >># pragma deprecated (strncpy, wcsncpy, _tcsncpy, > > >>_mbsncpy, _mbsnbcpy, StrCpyN, StrCpyNA, StrCpyNW, StrNCpy, strcpynA, > > >>StrNCpyA, StrNCpyW, lstrcpyn, lstrcpynA, lstrcpynW) > > >># pragma deprecated (strncat, wcsncat, _tcsncat, > > >>_mbsncat, _mbsnbcat, StrCatN, StrCatNA, StrCatNW, StrNCat, StrNCatA, > > >>StrNCatW, lstrncat, lstrcatnA, lstrcatnW, lstrcatn) > > >># pragma deprecated (gets, _getts, _gettws) > > >># pragma deprecated (IsBadWritePtr, IsBadHugeWritePtr, > > >>IsBadReadPtr, IsBadHugeReadPtr, IsBadCodePtr, IsBadStringPtr) > > >># pragma deprecated (memcpy, RtlCopyMemory, CopyMemory, > > >>wmemcpy) > > >># endif //defined(_STRSAFE_H_INCLUDED_)&& > > >>!defined(STRSAFE_NO_DEPRECATE) > > >> > > >>// SDL 5.0 and later Recommendations > > >># if defined(_SDL_BANNED_RECOMMENDED) > > >># if defined(_STRSAFE_H_INCLUDED_)&& > > >>!defined(STRSAFE_NO_DEPRECATE) > > >> // Only deprecate what's not already deprecated > > >> by StrSafe > > >># pragma deprecated (wnsprintf, wnsprintfA, > > >>wnsprintfW) > > >># pragma deprecated (vsnprintf, wvnsprintf, > > >>wvnsprintfA, wvnsprintfW) > > >># pragma deprecated (strtok, _tcstok, wcstok, > > >>_mbstok) > > >># pragma deprecated (makepath, _tmakepath, > > >>_makepath, _wmakepath) > > >># pragma deprecated (_splitpath, _tsplitpath, > > >>_wsplitpath) > > >># pragma deprecated (scanf, wscanf, _tscanf, > > >>sscanf, swscanf, _stscanf, snscanf, snwscanf, _sntscanf) > > >># pragma deprecated (_itoa, _itow, _i64toa, > > >>_i64tow, _ui64toa, _ui64tot, _ui64tow, _ultoa, _ultot, _ultow) > > >># pragma deprecated (CharToOem, CharToOemA, > > >>CharToOemW, OemToChar, OemToCharA, OemToCharW, CharToOemBuffA, > > >>CharToOemBuffW) > > >># pragma deprecated (alloca, _alloca) > > >># pragma deprecated (strlen, wcslen, _mbslen, > > >>_mbstrlen, StrLen, lstrlen) > > >># pragma deprecated (ChangeWindowMessageFilter) > > >># else > > >> // StrSafe not loaded, so deprecate everything! > > >># pragma deprecated (wnsprintf, wnsprintfA, > > >>wnsprintfW, , _snwprintf, _snprintf, _sntprintf) > > >># pragma deprecated (_vsnprintf, vsnprintf, > > >>_vsnwprintf, _vsntprintf, wvnsprintf, wvnsprintfA, wvnsprintfW) > > >># pragma deprecated (strtok, _tcstok, wcstok, > > >>_mbstok) > > >># pragma deprecated (makepath, _tmakepath, > > >>_makepath, _wmakepath) > > >># pragma deprecated (_splitpath, _tsplitpath, > > >>_wsplitpath) > > >># pragma deprecated (scanf, wscanf, _tscanf, > > >>sscanf, swscanf, _stscanf, snscanf, snwscanf, _sntscanf) > > >># pragma deprecated (_itoa, _itow, _i64toa, > > >>_i64tow, _ui64toa, _ui64tot, _ui64tow, _ultoa, _ultot, _ultow) > > >># pragma deprecated (CharToOem, CharToOemA, > > >>CharToOemW, OemToChar, OemToCharA, OemToCharW, CharToOemBuffA, > > >>CharToOemBuffW) > > >># pragma deprecated (alloca, _alloca) > > >># pragma deprecated (strlen, wcslen, _mbslen, > > >>_mbstrlen, StrLen, lstrlen) > > >># pragma deprecated (ChangeWindowMessageFilter) > > >># endif // StrSafe > > >># endif // SDL recommended > > >> > > >># endif // _MSC_VER_ > > >> > > >>#endif // _INC_BANNED > > >> > > >> > > > > > >>_______________________________________________ > > >>LibreOffice mailing list > > >>LibreOffice@lists.freedesktop.org > > >>http://lists.freedesktop.org/mailman/listinfo/libreoffice > > _______________________________________________ > > LibreOffice mailing list > > LibreOffice@lists.freedesktop.org > > http://lists.freedesktop.org/mailman/listinfo/libreoffice > > > _______________________________________________ > LibreOffice mailing list > LibreOffice@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/libreoffice > _______________________________________________ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice