[Insight-developers] Policy regarding insecure APIs like strcpy() and sprintf()? Phase out?

Sean McBride sean at rogue-research.com
Wed May 20 19:17:43 EDT 2009


Hi all,

Is there a policy regarding insecure APIs like strcpy() and sprintf()?

For those unfamiliar with why these functions are evil, see the
following for a nice write-up:
<http://developer.apple.com/documentation/security/conceptual/
SecureCodingGuide/Articles/BufferOverflows.html#//apple_ref/doc/uid/
TP40002577-SW10>

Long ago I tried to cleanse VTK and ITK of some of these functions but
gave up at the scope of the problem.

I've recently discovered that gcc has a neat feature that can be used to
catch the use of functions you don't want to ever use:

#pragma GCC poison strcpy sprintf

I tried to enable this in my own application but discovered that some of
these functions are used in some of ITK's public headers.  For example
DICOMAppHelper.h uses strcpy() and in fact propagates its insecurity:

 void GetPatientName(char* name)
   {
   strcpy(name, m_PatientName);
   }

How does the implementation know that the passed 'name' buffer is big
enough?  How does the caller know how big a buffer to pass?

So anyway, assuming the community agrees that these functions should be
phased out, I thought a first step could be phasing them out of public
headers, so that client apps like mine can at least use 'gcc poison' to
cleanse our own code.

Any thoughts?

Cheers,

-- 
____________________________________________________________
Sean McBride, B. Eng                 sean at rogue-research.com
Rogue Research                        www.rogue-research.com 
Mac Software Developer              Montréal, Québec, Canada




More information about the Insight-developers mailing list