Hello list.
As you all know, there are a bunch of old C APIs that make security
vulnerabilities trivial to implement. And doing a git grep tells me that
we use those a plenty.
Now, not all of it may create vulnerabilities, but it is good practice
to migrate away from those as much as possible.
Microsoft has compiled a useful list:
http://msdn.microsoft.com/en-us/library/bb288454.aspx
And they have made a header (I'm attaching here) that works on their
compiler.
Now, I think we should make it multi-platform, so that the whole code
base can benefit from it. The transition must be gradual, for sure, but
I think we'd benefit a lot from it in the long run.
What are the compilers that we must handle?
- Gcc TODO
- Microsoft's DONE
- Sun's cc family ???
- Intel's ???
Regards,
--
Marc-André Laverdière
Software Security Scientist
Innovation Labs, Tata Consultancy Services
Hyderabad, India
/***
* banned.h - list of Microsoft Security Development Lifecycle (SDL) banned APIs
*
* Purpose:
* This include file contains a list of banned APIs which should not be
used in new code and
* removed from legacy code over time.
*
* History
* 01-Jan-2006 - mikehow - Initial Version
* 22-Apr-2008 - mikehow - Updated to SDL 4.1, commented out recommendations and
added memcpy
* 26-Jan-2009 - mikehow - Updated to SDL 5.0, made the list sane, added SDL
compliance levels
* 10-Feb-2009 - mikehow - Updated based on feedback from MS Office
* 12-May-2009 - jpardue - Added wmemcpy
* 08-Jul-2009 - mikehow - Fixed header #ifndef/#endif logic, made the SDL
recommended compliance level name more obvious
* 05-Nov-2009 - mikehow - Added vsnprintf (ANSI version of _vsnprintf)
* 01-Jan-2010 - mikehow - Added better strsafe integration, now the following
works:
* #include "strsafe.h"
* #include "banned.h"
* 04-Jun-2010 - mikehow - Small "#if" bug fix
*
*
***/
#ifndef _INC_BANNED
# define _INC_BANNED
# if defined(_MSC_VER)
# pragma once
// SDL 5.0 and later Requirements
# if defined(_STRSAFE_H_INCLUDED_) &&
!defined(STRSAFE_NO_DEPRECATE)
// Only deprecate what's not already deprecated by
StrSafe
# pragma deprecated (_mbscpy, _mbccpy)
# pragma deprecated (strcatA, strcatW, _mbscat,
StrCatBuff, StrCatBuffA, StrCatBuffW, StrCatChainW, _tccat, _mbccat)
# pragma deprecated (strncpy, wcsncpy, _tcsncpy,
_mbsncpy, _mbsnbcpy, StrCpyN, StrCpyNA, StrCpyNW, StrNCpy, strcpynA, StrNCpyA,
StrNCpyW, lstrcpyn, lstrcpynA, lstrcpynW)
# pragma deprecated (strncat, wcsncat, _tcsncat,
_mbsncat, _mbsnbcat, lstrncat, lstrcatnA, lstrcatnW, lstrcatn)
# pragma deprecated (IsBadWritePtr, IsBadHugeWritePtr,
IsBadReadPtr, IsBadHugeReadPtr, IsBadCodePtr, IsBadStringPtr)
# pragma deprecated (memcpy, RtlCopyMemory, CopyMemory,
wmemcpy)
# else
// StrSafe not loaded, so deprecate everything!
# pragma deprecated (strcpy, strcpyA, strcpyW, wcscpy,
_tcscpy, _mbscpy, StrCpy, StrCpyA, StrCpyW, lstrcpy, lstrcpyA, lstrcpyW,
_tccpy, _mbccpy, _ftcscpy)
# pragma deprecated (strcat, strcatA, strcatW, wcscat,
_tcscat, _mbscat, StrCat, StrCatA, StrCatW, lstrcat, lstrcatA, lstrcatW,
StrCatBuff, StrCatBuffA, StrCatBuffW, StrCatChainW, _tccat, _mbccat, _ftcscat)
# pragma deprecated (sprintfW, sprintfA, wsprintf,
wsprintfW, wsprintfA, sprintf, swprintf, _stprintf)
# pragma deprecated (wvsprintf, wvsprintfA, wvsprintfW,
vsprintf, _vstprintf, vswprintf)
# pragma deprecated (strncpy, wcsncpy, _tcsncpy,
_mbsncpy, _mbsnbcpy, StrCpyN, StrCpyNA, StrCpyNW, StrNCpy, strcpynA, StrNCpyA,
StrNCpyW, lstrcpyn, lstrcpynA, lstrcpynW)
# pragma deprecated (strncat, wcsncat, _tcsncat,
_mbsncat, _mbsnbcat, StrCatN, StrCatNA, StrCatNW, StrNCat, StrNCatA, StrNCatW,
lstrncat, lstrcatnA, lstrcatnW, lstrcatn)
# pragma deprecated (gets, _getts, _gettws)
# pragma deprecated (IsBadWritePtr, IsBadHugeWritePtr,
IsBadReadPtr, IsBadHugeReadPtr, IsBadCodePtr, IsBadStringPtr)
# pragma deprecated (memcpy, RtlCopyMemory, CopyMemory,
wmemcpy)
# endif //defined(_STRSAFE_H_INCLUDED_) &&
!defined(STRSAFE_NO_DEPRECATE)
// SDL 5.0 and later Recommendations
# if defined(_SDL_BANNED_RECOMMENDED)
# if defined(_STRSAFE_H_INCLUDED_) &&
!defined(STRSAFE_NO_DEPRECATE)
// Only deprecate what's not already deprecated
by StrSafe
# pragma deprecated (wnsprintf, wnsprintfA,
wnsprintfW)
# pragma deprecated (vsnprintf, wvnsprintf,
wvnsprintfA, wvnsprintfW)
# pragma deprecated (strtok, _tcstok, wcstok,
_mbstok)
# pragma deprecated (makepath, _tmakepath,
_makepath, _wmakepath)
# pragma deprecated (_splitpath, _tsplitpath,
_wsplitpath)
# pragma deprecated (scanf, wscanf, _tscanf,
sscanf, swscanf, _stscanf, snscanf, snwscanf, _sntscanf)
# pragma deprecated (_itoa, _itow, _i64toa,
_i64tow, _ui64toa, _ui64tot, _ui64tow, _ultoa, _ultot, _ultow)
# pragma deprecated (CharToOem, CharToOemA,
CharToOemW, OemToChar, OemToCharA, OemToCharW, CharToOemBuffA, CharToOemBuffW)
# pragma deprecated (alloca, _alloca)
# pragma deprecated (strlen, wcslen, _mbslen,
_mbstrlen, StrLen, lstrlen)
# pragma deprecated (ChangeWindowMessageFilter)
# else
// StrSafe not loaded, so deprecate everything!
# pragma deprecated (wnsprintf, wnsprintfA,
wnsprintfW, , _snwprintf, _snprintf, _sntprintf)
# pragma deprecated (_vsnprintf, vsnprintf,
_vsnwprintf, _vsntprintf, wvnsprintf, wvnsprintfA, wvnsprintfW)
# pragma deprecated (strtok, _tcstok, wcstok,
_mbstok)
# pragma deprecated (makepath, _tmakepath,
_makepath, _wmakepath)
# pragma deprecated (_splitpath, _tsplitpath,
_wsplitpath)
# pragma deprecated (scanf, wscanf, _tscanf,
sscanf, swscanf, _stscanf, snscanf, snwscanf, _sntscanf)
# pragma deprecated (_itoa, _itow, _i64toa,
_i64tow, _ui64toa, _ui64tot, _ui64tow, _ultoa, _ultot, _ultow)
# pragma deprecated (CharToOem, CharToOemA,
CharToOemW, OemToChar, OemToCharA, OemToCharW, CharToOemBuffA, CharToOemBuffW)
# pragma deprecated (alloca, _alloca)
# pragma deprecated (strlen, wcslen, _mbslen,
_mbstrlen, StrLen, lstrlen)
# pragma deprecated (ChangeWindowMessageFilter)
# endif // StrSafe
# endif // SDL recommended
# endif // _MSC_VER_
#endif // _INC_BANNED
_______________________________________________
LibreOffice mailing list
LibreOffice@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice
