[Libreoffice] Making our Own Banned.h
Marc-André Laverdière
marc-andre at atc.tcs.com
Mon Jun 20 03:00:47 PDT 2011
Hello,
That's a good question. I'm in the "don't code it if you don't have to"
school of thought, so I'm not too hot in implementing those...
Is there a way to detect if our platform has it and use it. And if our
platform doesn't have it, define some macro that would have a
functionally identical code? I'm guessing the performance would be a
little lower in those cases, but there is no point reinventing the
wheel, no?
If we feel like implementing something, I'm suggesting ISO/IEC TR 24731.
This looked like the best API for avoiding buffer overflows.
It is implemented by Microsoft, but sadly it seems like we don't have it
in glibc
Marc-André Laverdière
Software Security Scientist
Innovation Labs, Tata Consultancy Services
Hyderabad, India
On 06/20/2011 11:57 AM, Robert Nagy wrote:
> Hey,
>
> Oh I just love this code, but are we actually planning on using
> the size-bounded string functions like strlcpy(3)?
> Because then you have to consider that these are not part of glibc
> so we will have to ship our own version which is not a big deal at all
> It would be a huge effort to switch all of the code to use these functions,
> but I think it would worth it.
>
> On (2011-06-20 09:51), Marc-André Laverdičre wrote:
>> Hello list.
>>
>> As you all know, there are a bunch of old C APIs that make security
>> vulnerabilities trivial to implement. And doing a git grep tells me
>> that we use those a plenty.
>>
>> Now, not all of it may create vulnerabilities, but it is good
>> practice to migrate away from those as much as possible.
>>
>> Microsoft has compiled a useful list:
>> http://msdn.microsoft.com/en-us/library/bb288454.aspx
>>
>> And they have made a header (I'm attaching here) that works on their
>> compiler.
>>
>> Now, I think we should make it multi-platform, so that the whole
>> code base can benefit from it. The transition must be gradual, for
>> sure, but I think we'd benefit a lot from it in the long run.
>>
>> What are the compilers that we must handle?
>> - Gcc TODO
>> - Microsoft's DONE
>> - Sun's cc family ???
>> - Intel's ???
>>
>> Regards,
>>
>> --
>> Marc-André Laverdičre
>> Software Security Scientist
>> Innovation Labs, Tata Consultancy Services
>> Hyderabad, India
>
>> /***
>> * banned.h - list of Microsoft Security Development Lifecycle (SDL) banned APIs
>> *
>> * Purpose:
>> * This include file contains a list of banned APIs which should not be used in new code and
>> * removed from legacy code over time.
>> *
>> * History
>> * 01-Jan-2006 - mikehow - Initial Version
>> * 22-Apr-2008 - mikehow - Updated to SDL 4.1, commented out recommendations and added memcpy
>> * 26-Jan-2009 - mikehow - Updated to SDL 5.0, made the list sane, added SDL compliance levels
>> * 10-Feb-2009 - mikehow - Updated based on feedback from MS Office
>> * 12-May-2009 - jpardue - Added wmemcpy
>> * 08-Jul-2009 - mikehow - Fixed header #ifndef/#endif logic, made the SDL recommended compliance level name more obvious
>> * 05-Nov-2009 - mikehow - Added vsnprintf (ANSI version of _vsnprintf)
>> * 01-Jan-2010 - mikehow - Added better strsafe integration, now the following works:
>> * #include "strsafe.h"
>> * #include "banned.h"
>> * 04-Jun-2010 - mikehow - Small "#if" bug fix
>> *
>> *
>> ***/
>>
>> #ifndef _INC_BANNED
>> # define _INC_BANNED
>>
>> # if defined(_MSC_VER)
>> # pragma once
>>
>> // SDL 5.0 and later Requirements
>> # if defined(_STRSAFE_H_INCLUDED_)&& !defined(STRSAFE_NO_DEPRECATE)
>>
>> // Only deprecate what's not already deprecated by StrSafe
>> # pragma deprecated (_mbscpy, _mbccpy)
>> # pragma deprecated (strcatA, strcatW, _mbscat, StrCatBuff, StrCatBuffA, StrCatBuffW, StrCatChainW, _tccat, _mbccat)
>> # pragma deprecated (strncpy, wcsncpy, _tcsncpy, _mbsncpy, _mbsnbcpy, StrCpyN, StrCpyNA, StrCpyNW, StrNCpy, strcpynA, StrNCpyA, StrNCpyW, lstrcpyn, lstrcpynA, lstrcpynW)
>> # pragma deprecated (strncat, wcsncat, _tcsncat, _mbsncat, _mbsnbcat, lstrncat, lstrcatnA, lstrcatnW, lstrcatn)
>> # pragma deprecated (IsBadWritePtr, IsBadHugeWritePtr, IsBadReadPtr, IsBadHugeReadPtr, IsBadCodePtr, IsBadStringPtr)
>> # pragma deprecated (memcpy, RtlCopyMemory, CopyMemory, wmemcpy)
>>
>> # else
>> // StrSafe not loaded, so deprecate everything!
>> # pragma deprecated (strcpy, strcpyA, strcpyW, wcscpy, _tcscpy, _mbscpy, StrCpy, StrCpyA, StrCpyW, lstrcpy, lstrcpyA, lstrcpyW, _tccpy, _mbccpy, _ftcscpy)
>> # pragma deprecated (strcat, strcatA, strcatW, wcscat, _tcscat, _mbscat, StrCat, StrCatA, StrCatW, lstrcat, lstrcatA, lstrcatW, StrCatBuff, StrCatBuffA, StrCatBuffW, StrCatChainW, _tccat, _mbccat, _ftcscat)
>> # pragma deprecated (sprintfW, sprintfA, wsprintf, wsprintfW, wsprintfA, sprintf, swprintf, _stprintf)
>> # pragma deprecated (wvsprintf, wvsprintfA, wvsprintfW, vsprintf, _vstprintf, vswprintf)
>> # pragma deprecated (strncpy, wcsncpy, _tcsncpy, _mbsncpy, _mbsnbcpy, StrCpyN, StrCpyNA, StrCpyNW, StrNCpy, strcpynA, StrNCpyA, StrNCpyW, lstrcpyn, lstrcpynA, lstrcpynW)
>> # pragma deprecated (strncat, wcsncat, _tcsncat, _mbsncat, _mbsnbcat, StrCatN, StrCatNA, StrCatNW, StrNCat, StrNCatA, StrNCatW, lstrncat, lstrcatnA, lstrcatnW, lstrcatn)
>> # pragma deprecated (gets, _getts, _gettws)
>> # pragma deprecated (IsBadWritePtr, IsBadHugeWritePtr, IsBadReadPtr, IsBadHugeReadPtr, IsBadCodePtr, IsBadStringPtr)
>> # pragma deprecated (memcpy, RtlCopyMemory, CopyMemory, wmemcpy)
>> # endif //defined(_STRSAFE_H_INCLUDED_)&& !defined(STRSAFE_NO_DEPRECATE)
>>
>> // SDL 5.0 and later Recommendations
>> # if defined(_SDL_BANNED_RECOMMENDED)
>> # if defined(_STRSAFE_H_INCLUDED_)&& !defined(STRSAFE_NO_DEPRECATE)
>> // Only deprecate what's not already deprecated by StrSafe
>> # pragma deprecated (wnsprintf, wnsprintfA, wnsprintfW)
>> # pragma deprecated (vsnprintf, wvnsprintf, wvnsprintfA, wvnsprintfW)
>> # pragma deprecated (strtok, _tcstok, wcstok, _mbstok)
>> # pragma deprecated (makepath, _tmakepath, _makepath, _wmakepath)
>> # pragma deprecated (_splitpath, _tsplitpath, _wsplitpath)
>> # pragma deprecated (scanf, wscanf, _tscanf, sscanf, swscanf, _stscanf, snscanf, snwscanf, _sntscanf)
>> # pragma deprecated (_itoa, _itow, _i64toa, _i64tow, _ui64toa, _ui64tot, _ui64tow, _ultoa, _ultot, _ultow)
>> # pragma deprecated (CharToOem, CharToOemA, CharToOemW, OemToChar, OemToCharA, OemToCharW, CharToOemBuffA, CharToOemBuffW)
>> # pragma deprecated (alloca, _alloca)
>> # pragma deprecated (strlen, wcslen, _mbslen, _mbstrlen, StrLen, lstrlen)
>> # pragma deprecated (ChangeWindowMessageFilter)
>> # else
>> // StrSafe not loaded, so deprecate everything!
>> # pragma deprecated (wnsprintf, wnsprintfA, wnsprintfW, , _snwprintf, _snprintf, _sntprintf)
>> # pragma deprecated (_vsnprintf, vsnprintf, _vsnwprintf, _vsntprintf, wvnsprintf, wvnsprintfA, wvnsprintfW)
>> # pragma deprecated (strtok, _tcstok, wcstok, _mbstok)
>> # pragma deprecated (makepath, _tmakepath, _makepath, _wmakepath)
>> # pragma deprecated (_splitpath, _tsplitpath, _wsplitpath)
>> # pragma deprecated (scanf, wscanf, _tscanf, sscanf, swscanf, _stscanf, snscanf, snwscanf, _sntscanf)
>> # pragma deprecated (_itoa, _itow, _i64toa, _i64tow, _ui64toa, _ui64tot, _ui64tow, _ultoa, _ultot, _ultow)
>> # pragma deprecated (CharToOem, CharToOemA, CharToOemW, OemToChar, OemToCharA, OemToCharW, CharToOemBuffA, CharToOemBuffW)
>> # pragma deprecated (alloca, _alloca)
>> # pragma deprecated (strlen, wcslen, _mbslen, _mbstrlen, StrLen, lstrlen)
>> # pragma deprecated (ChangeWindowMessageFilter)
>> # endif // StrSafe
>> # endif // SDL recommended
>>
>> # endif // _MSC_VER_
>>
>> #endif // _INC_BANNED
>>
>>
>
>> _______________________________________________
>> LibreOffice mailing list
>> LibreOffice at lists.freedesktop.org
>> http://lists.freedesktop.org/mailman/listinfo/libreoffice
More information about the LibreOffice
mailing list