http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46513
Summary: Request: Warning for use of unsafe string handling
functions
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: enhancement
Priority: P3
Component: c++
AssignedTo: unassig...@gcc.gnu.org
ReportedBy: noloa...@gmail.com
Hi All,
The security minded folks of Linux [1,2], Apple [3], Microsoft [4], and
C/C++[5] agree that the original string handling functions are lacking or
deficient (i.e., "unsafe). Most surprising is that a diverse and disparate
group can unanimously agree on anything.
I often review internal code, GNU/FSF code, and open source code which
regularly uses unsafe functions. As one commenter stated on
{BugTraq|FunSec|FullDisclosure} (can't find the reference at the moment).
"there is no reason to be using strcpy in 2010".
The comment on the mailing list might indicate a larger problem: some folks are
not aware that some of these functions are unsafe and/or dangerous, and should
not be used. Consider: how many times have you seen copy/paste code that uses
an unsafe function *AND* offers a security statement or warning about it use?
A warning switch - perhaps part of "-Wextra" - would be very useful for the
following functions (with the Linux/Unix suggested replacement) since
replacements are readily available on all platforms.
strcat -> strlcat
strcpy -> strlcpy
strncat -> strlcat
strncpy -> strlcpy
sprintf -> snprintf
vsprintf -> vsnprint
Jeffrey Walton
Baltimore, MD, US
[1] Graff and van Wyk. Secure Coding: Principles & Practices,
http://www.securecoding.org/
[2] Wheeler. Secure Programming for Linux and Unix HOWTO - Creating Secure
Software, http://www.dwheeler.com/secure-programs/
[3] Apple, Inc. Secure Coding Guide,
http://developer.apple.com/library/mac/#documentation/Security/Conceptual/SecureCodingGuide/Introduction.html
[4] Howard and LeBlanc. Writing Secure Code,
http://www.microsoft.com/learning/en/us/book.aspx?ID=5957
[5] Seacord. Secure Coding in C and C++,
http://www.cert.org/books/secure-coding/
