[cfe-commits] [PATCH] review request - strcmp/strcasecmp security checker
Joerg Sonnenberger
joerg at britannica.bec.de
Wed Apr 6 17:58:25 PDT 2011
On Thu, Apr 07, 2011 at 01:13:16AM +0200, pageexec at freemail.hu wrote:
> On 7 Apr 2011 at 0:59, Joerg Sonnenberger wrote:
>
> > On Wed, Apr 06, 2011 at 04:25:21PM -0600, Lenny Maiorani wrote:
> > > Add security syntax checker for strcmp() and strcasecmp() which causes
> > > the Static Analyzer to generate a warning any time the strcmp()
> > > function is used with a note suggesting to use a function which
> > > provides bounded buffers such as strncmp() or strncasecmp(). CWE-119.
> >
> > Sorry, but this sounds completely wrong.
>
> i raised the issue already last week but got no response....
> http://lists.cs.uiuc.edu/pipermail/cfe-commits/Week-of-Mon-20110328/040517.html
There is one important difference here -- strcpy requires NUL
termination of the input + size restriction of the output to work
properly. strcmp() only requires both input arguments to be properly NUL
terminated.
A useful analyzer check for string operations would try to ensure that
property and complain about cases where it can't be deducted with
reasonable precision. This can be tricky, e.g. the following is
perfectly safe:
int f(const char *s);
char buf[4];
size_t l = strlen(s);
if (l < 4) return -1;
memcpy(buf, s + l - 3, 4);
return strcmp(s, buf);
}
Joerg
More information about the cfe-commits
mailing list