[ntpsec commit] Add some banned functions.
Eric S. Raymond
esr at ntpsec.org
Tue Oct 6 04:13:12 UTC 2015
Module: ntpsec
Branch: master
Commit: c73676401fa4b70d6ebed1f4dfb26bd273a06321
Changeset: http://git.ntpsec.org/ntpsec/commit/?id=c73676401fa4b70d6ebed1f4dfb26bd273a06321
Author: Eric S. Raymond <esr at thyrsus.com>
Date: Mon Oct 5 13:59:31 2015 -0400
Add some banned functions.
---
devel-docs/hacking.txt | 2 ++
1 file changed, 2 insertions(+)
diff --git a/devel-docs/hacking.txt b/devel-docs/hacking.txt
index cd3dd40..a797f89 100644
--- a/devel-docs/hacking.txt
+++ b/devel-docs/hacking.txt
@@ -47,10 +47,12 @@ cause buffer overruns and (all too often) exploitable security holes:
* strcpy, strncpy, strcat: Use strlcpy and strlcat instead.
* sprintf, vsprintf: use snprintf and vsnprintf instead.
+* In scanf and friends, the %s format without length limit is banned.
* strtok: use strtok_r() or unroll this into the obvious loop.
* gets: Use fgets instead.
* gmtime(), localtime(), asctime(), ctime(): use the reentrant *_r variants.
* tmpnam() - use mkstemp() or tmpfile() instead.
+* dirname() - the Linux version is re-entrant but this property is not portable.
In general, avoid functions that are non-reentrant. When in doubt, see
http://www.unix.org/whitepapers/reentrant.html[Thread-safety and POSIX.1]
More information about the vc
mailing list