[cfe-commits] [PATCH] review request - strcmp/strcasecmp security checker
Lenny Maiorani
lenny at Colorado.EDU
Wed Apr 6 20:13:25 PDT 2011
On Apr 6, 2011, at 6:58 PM, Joerg Sonnenberger wrote:
> On Thu, Apr 07, 2011 at 01:13:16AM +0200, pageexec at freemail.hu wrote:
>> On 7 Apr 2011 at 0:59, Joerg Sonnenberger wrote:
>>
>>> On Wed, Apr 06, 2011 at 04:25:21PM -0600, Lenny Maiorani wrote:
>>>> Add security syntax checker for strcmp() and strcasecmp() which causes
>>>> the Static Analyzer to generate a warning any time the strcmp()
>>>> function is used with a note suggesting to use a function which
>>>> provides bounded buffers such as strncmp() or strncasecmp(). CWE-119.
>>>
>>> Sorry, but this sounds completely wrong.
>>
>> i raised the issue already last week but got no response....
>> http://lists.cs.uiuc.edu/pipermail/cfe-commits/Week-of-Mon-20110328/040517.html
>
> There is one important difference here -- strcpy requires NUL
> termination of the input + size restriction of the output to work
> properly. strcmp() only requires both input arguments to be properly NUL
> terminated.
>
> A useful analyzer check for string operations would try to ensure that
> property and complain about cases where it can't be deducted with
> reasonable precision. This can be tricky, e.g. the following is
> perfectly safe:
>
> int f(const char *s);
> char buf[4];
> size_t l = strlen(s);
> if (l < 4) return -1;
> memcpy(buf, s + l - 3, 4);
> return strcmp(s, buf);
> }
Yes, I agree. After thinking about this a bit, perhaps this patch is over-zealous.
-Lenny
More information about the cfe-commits
mailing list