[Paraview-developers] strcpy and other bad actors

[Moreland, Kenneth]

If you are worried about malicious code, I would be even more worried about the use of sprintf. Like strcpy there is no check that the target buffer is not overrun, and it is much harder to predict how large of a buffer you will need to begin with. Plus, there are multiple points in the ParaView interface that allow users to pass format descriptors to sprintf from the GUI or a script. This could definitely be a target for malicious code. We could (and probably should) protected these by using snprintf, but in the cases where users pass in their own format descriptors they could do all sorts of weird stuff like read data off the stack.

-Ken

-----Original Message-----
From: Paraview-developers [mailto:paraview-developers-bounces at paraview.org] On Behalf Of Ben Boeckel
Sent: Monday, April 10, 2017 7:48 AM
To: Scott, W Alan <wascott at sandia.gov>
Cc: paraview-developers at paraview.org
Subject: [EXTERNAL] Re: [Paraview-developers] strcpy and other bad actors

On Fri, Apr 07, 2017 at 20:41:52 +0000, Scott, W Alan wrote:
> It made me start to wonder - do we care about ParaView (which of 
> course runs in user space).  I just looked, and there are about 1800 
> uses of strcpy in ParaView.  Is that an issue?

As with many thing, it depends :) . I wouldn't object to moving to at least `strncpy`, but I suspect that just switching over to `std::string` would just be easier in the long run (since even `strncpy` has buffer calculations which can be done improperly). That may require some reworking around each change though, so is not likely scriptable.

--Ben
_______________________________________________
Powered by www.kitware.com

Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html

Search the list archives at: http://markmail.org/search/?q=Paraview-developers

Follow this link to subscribe/unsubscribe:
http://public.kitware.com/mailman/listinfo/paraview-developers