[cfe-commits] [PATCH] review request - strcmp/strcasecmp security checker
lenny at Colorado.EDU
Wed Apr 6 20:13:25 PDT 2011
On Apr 6, 2011, at 6:58 PM, Joerg Sonnenberger wrote:
> On Thu, Apr 07, 2011 at 01:13:16AM +0200, pageexec at freemail.hu wrote:
>> On 7 Apr 2011 at 0:59, Joerg Sonnenberger wrote:
>>> On Wed, Apr 06, 2011 at 04:25:21PM -0600, Lenny Maiorani wrote:
>>>> Add security syntax checker for strcmp() and strcasecmp() which causes
>>>> the Static Analyzer to generate a warning any time the strcmp()
>>>> function is used with a note suggesting to use a function which
>>>> provides bounded buffers such as strncmp() or strncasecmp(). CWE-119.
>>> Sorry, but this sounds completely wrong.
>> i raised the issue already last week but got no response....
> There is one important difference here -- strcpy requires NUL
> termination of the input + size restriction of the output to work
> properly. strcmp() only requires both input arguments to be properly NUL
> A useful analyzer check for string operations would try to ensure that
> property and complain about cases where it can't be deducted with
> reasonable precision. This can be tricky, e.g. the following is
> perfectly safe:
> int f(const char *s);
> char buf;
> size_t l = strlen(s);
> if (l < 4) return -1;
> memcpy(buf, s + l - 3, 4);
> return strcmp(s, buf);
Yes, I agree. After thinking about this a bit, perhaps this patch is over-zealous.
More information about the cfe-commits