[Libreoffice] Making our Own Banned.h

Robert Nagy robert at openbsd.org
Sun Jun 19 23:27:54 PDT 2011


Hey,

Oh I just love this code, but are we actually planning on using
the size-bounded string functions like strlcpy(3)?
Because then you have to consider that these are not part of glibc
so we will have to ship our own version which is not a big deal at all
It would be a huge effort to switch all of the code to use these functions,
but I think it would worth it.

On (2011-06-20 09:51), Marc-André Laverdičre wrote:
> Hello list.
> 
> As you all know, there are a bunch of old C APIs that make security
> vulnerabilities trivial to implement. And doing a git grep tells me
> that we use those a plenty.
> 
> Now, not all of it may create vulnerabilities, but it is good
> practice to migrate away from those as much as possible.
> 
> Microsoft has compiled a useful list:
> http://msdn.microsoft.com/en-us/library/bb288454.aspx
> 
> And they have made a header (I'm attaching here) that works on their
> compiler.
> 
> Now, I think we should make it multi-platform, so that the whole
> code base can benefit from it. The transition must be gradual, for
> sure, but I think we'd benefit a lot from it in the long run.
> 
> What are the compilers that we must handle?
>  - Gcc TODO
>  - Microsoft's DONE
>  - Sun's cc family ???
>  - Intel's ???
> 
> Regards,
> 
> -- 
> Marc-André Laverdičre
> Software Security Scientist
> Innovation Labs, Tata Consultancy Services
> Hyderabad, India

> /***
> * banned.h - list of Microsoft Security Development Lifecycle (SDL) banned APIs
> *
> * Purpose:
> *       This include file contains a list of banned APIs which should not be used in new code and 
> *       removed from legacy code over time.
> *
> * History
> * 01-Jan-2006 - mikehow - Initial Version
> * 22-Apr-2008 - mikehow	- Updated to SDL 4.1, commented out recommendations and added memcpy
> * 26-Jan-2009 - mikehow - Updated to SDL 5.0, made the list sane, added SDL compliance levels
> * 10-Feb-2009 - mikehow - Updated based on feedback from MS Office
> * 12-May-2009 - jpardue - Added wmemcpy
> * 08-Jul-2009 - mikehow - Fixed header #ifndef/#endif logic, made the SDL recommended compliance level name more obvious
> * 05-Nov-2009 - mikehow	- Added vsnprintf (ANSI version of _vsnprintf)
> * 01-Jan-2010 - mikehow - Added better strsafe integration, now the following works:
> *							#include "strsafe.h"
> *							#include "banned.h"
> * 04-Jun-2010 - mikehow - Small "#if" bug fix
> *						   
> *
> ***/
> 
> #ifndef _INC_BANNED
> #	define _INC_BANNED
> 
> #	if defined(_MSC_VER)
> #		pragma once
> 
> 		// SDL 5.0 and later Requirements
> #		if defined(_STRSAFE_H_INCLUDED_) && !defined(STRSAFE_NO_DEPRECATE)
> 
> 			// Only deprecate what's not already deprecated by StrSafe
> #			pragma deprecated (_mbscpy, _mbccpy)
> #			pragma deprecated (strcatA, strcatW, _mbscat, StrCatBuff, StrCatBuffA, StrCatBuffW, StrCatChainW, _tccat, _mbccat)
> #			pragma deprecated (strncpy, wcsncpy, _tcsncpy, _mbsncpy, _mbsnbcpy, StrCpyN, StrCpyNA, StrCpyNW, StrNCpy, strcpynA, StrNCpyA, StrNCpyW, lstrcpyn, lstrcpynA, lstrcpynW)
> #			pragma deprecated (strncat, wcsncat, _tcsncat, _mbsncat, _mbsnbcat, lstrncat, lstrcatnA, lstrcatnW, lstrcatn)
> #			pragma deprecated (IsBadWritePtr, IsBadHugeWritePtr, IsBadReadPtr, IsBadHugeReadPtr, IsBadCodePtr, IsBadStringPtr)
> #			pragma deprecated (memcpy, RtlCopyMemory, CopyMemory, wmemcpy)
> 
> #		else
> 			// StrSafe not loaded, so deprecate everything!
> #			pragma deprecated (strcpy, strcpyA, strcpyW, wcscpy, _tcscpy, _mbscpy, StrCpy, StrCpyA, StrCpyW, lstrcpy, lstrcpyA, lstrcpyW, _tccpy, _mbccpy, _ftcscpy)
> #			pragma deprecated (strcat, strcatA, strcatW, wcscat, _tcscat, _mbscat, StrCat, StrCatA, StrCatW, lstrcat, lstrcatA, lstrcatW, StrCatBuff, StrCatBuffA, StrCatBuffW, StrCatChainW, _tccat, _mbccat, _ftcscat)
> #			pragma deprecated (sprintfW, sprintfA, wsprintf, wsprintfW, wsprintfA, sprintf, swprintf, _stprintf)
> #			pragma deprecated (wvsprintf, wvsprintfA, wvsprintfW, vsprintf, _vstprintf, vswprintf)
> #			pragma deprecated (strncpy, wcsncpy, _tcsncpy, _mbsncpy, _mbsnbcpy, StrCpyN, StrCpyNA, StrCpyNW, StrNCpy, strcpynA, StrNCpyA, StrNCpyW, lstrcpyn, lstrcpynA, lstrcpynW)
> #			pragma deprecated (strncat, wcsncat, _tcsncat, _mbsncat, _mbsnbcat, StrCatN, StrCatNA, StrCatNW, StrNCat, StrNCatA, StrNCatW, lstrncat, lstrcatnA, lstrcatnW, lstrcatn)
> #			pragma deprecated (gets, _getts, _gettws)
> #			pragma deprecated (IsBadWritePtr, IsBadHugeWritePtr, IsBadReadPtr, IsBadHugeReadPtr, IsBadCodePtr, IsBadStringPtr)
> #			pragma deprecated (memcpy, RtlCopyMemory, CopyMemory, wmemcpy)
> #		endif //defined(_STRSAFE_H_INCLUDED_) && !defined(STRSAFE_NO_DEPRECATE)
> 
> // SDL 5.0 and later Recommendations
> #		if defined(_SDL_BANNED_RECOMMENDED)
> #			if defined(_STRSAFE_H_INCLUDED_) && !defined(STRSAFE_NO_DEPRECATE)
> 				// Only deprecate what's not already deprecated by StrSafe
> #				pragma deprecated (wnsprintf, wnsprintfA, wnsprintfW)
> #				pragma deprecated (vsnprintf, wvnsprintf, wvnsprintfA, wvnsprintfW)
> #				pragma deprecated (strtok, _tcstok, wcstok, _mbstok)
> #				pragma deprecated (makepath, _tmakepath,  _makepath, _wmakepath)
> #				pragma deprecated (_splitpath, _tsplitpath, _wsplitpath)
> #				pragma deprecated (scanf, wscanf, _tscanf, sscanf, swscanf, _stscanf, snscanf, snwscanf, _sntscanf)
> #				pragma deprecated (_itoa, _itow, _i64toa, _i64tow, _ui64toa, _ui64tot, _ui64tow, _ultoa, _ultot, _ultow)
> #				pragma deprecated (CharToOem, CharToOemA, CharToOemW, OemToChar, OemToCharA, OemToCharW, CharToOemBuffA, CharToOemBuffW)
> #				pragma deprecated (alloca, _alloca)
> #				pragma deprecated (strlen, wcslen, _mbslen, _mbstrlen, StrLen, lstrlen)
> #				pragma deprecated (ChangeWindowMessageFilter)
> #			else
> 				// StrSafe not loaded, so deprecate everything!
> #				pragma deprecated (wnsprintf, wnsprintfA, wnsprintfW, , _snwprintf, _snprintf, _sntprintf)
> #				pragma deprecated (_vsnprintf, vsnprintf, _vsnwprintf, _vsntprintf, wvnsprintf, wvnsprintfA, wvnsprintfW)
> #				pragma deprecated (strtok, _tcstok, wcstok, _mbstok)
> #				pragma deprecated (makepath, _tmakepath,  _makepath, _wmakepath)
> #				pragma deprecated (_splitpath, _tsplitpath, _wsplitpath)
> #				pragma deprecated (scanf, wscanf, _tscanf, sscanf, swscanf, _stscanf, snscanf, snwscanf, _sntscanf)
> #				pragma deprecated (_itoa, _itow, _i64toa, _i64tow, _ui64toa, _ui64tot, _ui64tow, _ultoa, _ultot, _ultow)
> #				pragma deprecated (CharToOem, CharToOemA, CharToOemW, OemToChar, OemToCharA, OemToCharW, CharToOemBuffA, CharToOemBuffW)
> #				pragma deprecated (alloca, _alloca)
> #				pragma deprecated (strlen, wcslen, _mbslen, _mbstrlen, StrLen, lstrlen)
> #				pragma deprecated (ChangeWindowMessageFilter)
> #			endif // StrSafe
> #		endif // SDL recommended
> 
> #	endif // _MSC_VER_
> 
> #endif  // _INC_BANNED 
> 
> 

> _______________________________________________
> LibreOffice mailing list
> LibreOffice at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/libreoffice



More information about the LibreOffice mailing list