[Libreoffice] Making our Own Banned.h

Robert Nagy robert at openbsd.org
Mon Jun 20 03:09:35 PDT 2011 

Hello,

Well you don't have it any other supported platforms either.
You can't just use macros to use those whenever they are supported,
we would have to walk through the code and convert each by hand.
If we don't do this there is no real point in listing strcpy and friends
in banned.h.

On (2011-06-20 15:30), Marc-André Laverdi??re wrote:
> Hello,
> 
> That's a good question. I'm in the "don't code it if you don't have
> to" school of thought, so I'm not too hot in implementing those...
> Is there a way to detect if our platform has it and use it. And if
> our platform doesn't have it, define some macro that would have a
> functionally identical code? I'm guessing the performance would be a
> little lower in those cases, but there is no point reinventing the
> wheel, no?
> 
> If we feel like implementing something, I'm suggesting ISO/IEC TR
> 24731. This looked like the best API for avoiding buffer overflows.
> 
> It is implemented by Microsoft, but sadly it seems like we don't
> have it in glibc
> 
> 
> Marc-André Laverdi??re
> Software Security Scientist
> Innovation Labs, Tata Consultancy Services
> Hyderabad, India
> 
> On 06/20/2011 11:57 AM, Robert Nagy wrote:
> >Hey,
> >
> >Oh I just love this code, but are we actually planning on using
> >the size-bounded string functions like strlcpy(3)?
> >Because then you have to consider that these are not part of glibc
> >so we will have to ship our own version which is not a big deal at all
> >It would be a huge effort to switch all of the code to use these functions,
> >but I think it would worth it.
> >
> >On (2011-06-20 09:51), Marc-André Laverdičre wrote:
> >>Hello list.
> >>
> >>As you all know, there are a bunch of old C APIs that make security
> >>vulnerabilities trivial to implement. And doing a git grep tells me
> >>that we use those a plenty.
> >>
> >>Now, not all of it may create vulnerabilities, but it is good
> >>practice to migrate away from those as much as possible.
> >>
> >>Microsoft has compiled a useful list:
> >>http://msdn.microsoft.com/en-us/library/bb288454.aspx
> >>
> >>And they have made a header (I'm attaching here) that works on their
> >>compiler.
> >>
> >>Now, I think we should make it multi-platform, so that the whole
> >>code base can benefit from it. The transition must be gradual, for
> >>sure, but I think we'd benefit a lot from it in the long run.
> >>
> >>What are the compilers that we must handle?
> >>  - Gcc TODO
> >>  - Microsoft's DONE
> >>  - Sun's cc family ???
> >>  - Intel's ???
> >>
> >>Regards,
> >>
> >>--
> >>Marc-André Laverdičre
> >>Software Security Scientist
> >>Innovation Labs, Tata Consultancy Services
> >>Hyderabad, India
> >
> >>/***
> >>* banned.h - list of Microsoft Security Development Lifecycle (SDL) banned APIs
> >>*
> >>* Purpose:
> >>*       This include file contains a list of banned APIs which should not be used in new code and
> >>*       removed from legacy code over time.
> >>*
> >>* History
> >>* 01-Jan-2006 - mikehow - Initial Version
> >>* 22-Apr-2008 - mikehow	- Updated to SDL 4.1, commented out recommendations and added memcpy
> >>* 26-Jan-2009 - mikehow - Updated to SDL 5.0, made the list sane, added SDL compliance levels
> >>* 10-Feb-2009 - mikehow - Updated based on feedback from MS Office
> >>* 12-May-2009 - jpardue - Added wmemcpy
> >>* 08-Jul-2009 - mikehow - Fixed header #ifndef/#endif logic, made the SDL recommended compliance level name more obvious
> >>* 05-Nov-2009 - mikehow	- Added vsnprintf (ANSI version of _vsnprintf)
> >>* 01-Jan-2010 - mikehow - Added better strsafe integration, now the following works:
> >>*							#include "strsafe.h"
> >>*							#include "banned.h"
> >>* 04-Jun-2010 - mikehow - Small "#if" bug fix
> >>*						
> >>*
> >>***/
> >>
> >>#ifndef _INC_BANNED
> >>#	define _INC_BANNED
> >>
> >>#	if defined(_MSC_VER)
> >>#		pragma once
> >>
> >>		// SDL 5.0 and later Requirements
> >>#		if defined(_STRSAFE_H_INCLUDED_)&&  !defined(STRSAFE_NO_DEPRECATE)
> >>
> >>			// Only deprecate what's not already deprecated by StrSafe
> >>#			pragma deprecated (_mbscpy, _mbccpy)
> >>#			pragma deprecated (strcatA, strcatW, _mbscat, StrCatBuff, StrCatBuffA, StrCatBuffW, StrCatChainW, _tccat, _mbccat)
> >>#			pragma deprecated (strncpy, wcsncpy, _tcsncpy, _mbsncpy, _mbsnbcpy, StrCpyN, StrCpyNA, StrCpyNW, StrNCpy, strcpynA, StrNCpyA, StrNCpyW, lstrcpyn, lstrcpynA, lstrcpynW)
> >>#			pragma deprecated (strncat, wcsncat, _tcsncat, _mbsncat, _mbsnbcat, lstrncat, lstrcatnA, lstrcatnW, lstrcatn)
> >>#			pragma deprecated (IsBadWritePtr, IsBadHugeWritePtr, IsBadReadPtr, IsBadHugeReadPtr, IsBadCodePtr, IsBadStringPtr)
> >>#			pragma deprecated (memcpy, RtlCopyMemory, CopyMemory, wmemcpy)
> >>
> >>#		else
> >>			// StrSafe not loaded, so deprecate everything!
> >>#			pragma deprecated (strcpy, strcpyA, strcpyW, wcscpy, _tcscpy, _mbscpy, StrCpy, StrCpyA, StrCpyW, lstrcpy, lstrcpyA, lstrcpyW, _tccpy, _mbccpy, _ftcscpy)
> >>#			pragma deprecated (strcat, strcatA, strcatW, wcscat, _tcscat, _mbscat, StrCat, StrCatA, StrCatW, lstrcat, lstrcatA, lstrcatW, StrCatBuff, StrCatBuffA, StrCatBuffW, StrCatChainW, _tccat, _mbccat, _ftcscat)
> >>#			pragma deprecated (sprintfW, sprintfA, wsprintf, wsprintfW, wsprintfA, sprintf, swprintf, _stprintf)
> >>#			pragma deprecated (wvsprintf, wvsprintfA, wvsprintfW, vsprintf, _vstprintf, vswprintf)
> >>#			pragma deprecated (strncpy, wcsncpy, _tcsncpy, _mbsncpy, _mbsnbcpy, StrCpyN, StrCpyNA, StrCpyNW, StrNCpy, strcpynA, StrNCpyA, StrNCpyW, lstrcpyn, lstrcpynA, lstrcpynW)
> >>#			pragma deprecated (strncat, wcsncat, _tcsncat, _mbsncat, _mbsnbcat, StrCatN, StrCatNA, StrCatNW, StrNCat, StrNCatA, StrNCatW, lstrncat, lstrcatnA, lstrcatnW, lstrcatn)
> >>#			pragma deprecated (gets, _getts, _gettws)
> >>#			pragma deprecated (IsBadWritePtr, IsBadHugeWritePtr, IsBadReadPtr, IsBadHugeReadPtr, IsBadCodePtr, IsBadStringPtr)
> >>#			pragma deprecated (memcpy, RtlCopyMemory, CopyMemory, wmemcpy)
> >>#		endif //defined(_STRSAFE_H_INCLUDED_)&&  !defined(STRSAFE_NO_DEPRECATE)
> >>
> >>// SDL 5.0 and later Recommendations
> >>#		if defined(_SDL_BANNED_RECOMMENDED)
> >>#			if defined(_STRSAFE_H_INCLUDED_)&&  !defined(STRSAFE_NO_DEPRECATE)
> >>				// Only deprecate what's not already deprecated by StrSafe
> >>#				pragma deprecated (wnsprintf, wnsprintfA, wnsprintfW)
> >>#				pragma deprecated (vsnprintf, wvnsprintf, wvnsprintfA, wvnsprintfW)
> >>#				pragma deprecated (strtok, _tcstok, wcstok, _mbstok)
> >>#				pragma deprecated (makepath, _tmakepath,  _makepath, _wmakepath)
> >>#				pragma deprecated (_splitpath, _tsplitpath, _wsplitpath)
> >>#				pragma deprecated (scanf, wscanf, _tscanf, sscanf, swscanf, _stscanf, snscanf, snwscanf, _sntscanf)
> >>#				pragma deprecated (_itoa, _itow, _i64toa, _i64tow, _ui64toa, _ui64tot, _ui64tow, _ultoa, _ultot, _ultow)
> >>#				pragma deprecated (CharToOem, CharToOemA, CharToOemW, OemToChar, OemToCharA, OemToCharW, CharToOemBuffA, CharToOemBuffW)
> >>#				pragma deprecated (alloca, _alloca)
> >>#				pragma deprecated (strlen, wcslen, _mbslen, _mbstrlen, StrLen, lstrlen)
> >>#				pragma deprecated (ChangeWindowMessageFilter)
> >>#			else
> >>				// StrSafe not loaded, so deprecate everything!
> >>#				pragma deprecated (wnsprintf, wnsprintfA, wnsprintfW, , _snwprintf, _snprintf, _sntprintf)
> >>#				pragma deprecated (_vsnprintf, vsnprintf, _vsnwprintf, _vsntprintf, wvnsprintf, wvnsprintfA, wvnsprintfW)
> >>#				pragma deprecated (strtok, _tcstok, wcstok, _mbstok)
> >>#				pragma deprecated (makepath, _tmakepath,  _makepath, _wmakepath)
> >>#				pragma deprecated (_splitpath, _tsplitpath, _wsplitpath)
> >>#				pragma deprecated (scanf, wscanf, _tscanf, sscanf, swscanf, _stscanf, snscanf, snwscanf, _sntscanf)
> >>#				pragma deprecated (_itoa, _itow, _i64toa, _i64tow, _ui64toa, _ui64tot, _ui64tow, _ultoa, _ultot, _ultow)
> >>#				pragma deprecated (CharToOem, CharToOemA, CharToOemW, OemToChar, OemToCharA, OemToCharW, CharToOemBuffA, CharToOemBuffW)
> >>#				pragma deprecated (alloca, _alloca)
> >>#				pragma deprecated (strlen, wcslen, _mbslen, _mbstrlen, StrLen, lstrlen)
> >>#				pragma deprecated (ChangeWindowMessageFilter)
> >>#			endif // StrSafe
> >>#		endif // SDL recommended
> >>
> >>#	endif // _MSC_VER_
> >>
> >>#endif  // _INC_BANNED
> >>
> >>
> >
> >>_______________________________________________
> >>LibreOffice mailing list
> >>LibreOffice at lists.freedesktop.org
> >>http://lists.freedesktop.org/mailman/listinfo/libreoffice
> _______________________________________________
> LibreOffice mailing list
> LibreOffice at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/libreoffice
>

More information about the LibreOffice mailing list