[Paraview-developers] [EXTERNAL] Re: strcpy and other bad actors
Moreland, Kenneth
kmorel at sandia.gov
Mon Apr 10 12:30:11 EDT 2017
Nice!
From: David E DeMarle [mailto:dave.demarle at kitware.com]
Sent: Monday, April 10, 2017 9:54 AM
To: Moreland, Kenneth <kmorel at sandia.gov>
Cc: Boeckel, Ben (External Contacts) <ben.boeckel at kitware.com>; Scott, W Alan <wascott at sandia.gov>; paraview-developers at paraview.org
Subject: [EXTERNAL] Re: [Paraview-developers] strcpy and other bad actors
In related news...
https://gitlab.kitware.com/vtk/vtk/merge_requests/2675
David E DeMarle
Kitware, Inc.
R&D Engineer
21 Corporate Drive
Clifton Park, NY 12065-8662
Phone: 518-881-4909
On Mon, Apr 10, 2017 at 11:36 AM, Moreland, Kenneth <kmorel at sandia.gov<mailto:kmorel at sandia.gov>> wrote:
If you are worried about malicious code, I would be even more worried about the use of sprintf. Like strcpy there is no check that the target buffer is not overrun, and it is much harder to predict how large of a buffer you will need to begin with. Plus, there are multiple points in the ParaView interface that allow users to pass format descriptors to sprintf from the GUI or a script. This could definitely be a target for malicious code. We could (and probably should) protected these by using snprintf, but in the cases where users pass in their own format descriptors they could do all sorts of weird stuff like read data off the stack.
-Ken
-----Original Message-----
From: Paraview-developers [mailto:paraview-developers-bounces at paraview.org<mailto:paraview-developers-bounces at paraview.org>] On Behalf Of Ben Boeckel
Sent: Monday, April 10, 2017 7:48 AM
To: Scott, W Alan <wascott at sandia.gov<mailto:wascott at sandia.gov>>
Cc: paraview-developers at paraview.org<mailto:paraview-developers at paraview.org>
Subject: [EXTERNAL] Re: [Paraview-developers] strcpy and other bad actors
On Fri, Apr 07, 2017 at 20:41:52 +0000, Scott, W Alan wrote:
> It made me start to wonder - do we care about ParaView (which of
> course runs in user space). I just looked, and there are about 1800
> uses of strcpy in ParaView. Is that an issue?
As with many thing, it depends :) . I wouldn't object to moving to at least `strncpy`, but I suspect that just switching over to `std::string` would just be easier in the long run (since even `strncpy` has buffer calculations which can be done improperly). That may require some reworking around each change though, so is not likely scriptable.
--Ben
_______________________________________________
Powered by www.kitware.com<http://www.kitware.com>
Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html
Search the list archives at: http://markmail.org/search/?q=Paraview-developers
Follow this link to subscribe/unsubscribe:
http://public.kitware.com/mailman/listinfo/paraview-developers
_______________________________________________
Powered by www.kitware.com<http://www.kitware.com>
Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html
Search the list archives at: http://markmail.org/search/?q=Paraview-developers
Follow this link to subscribe/unsubscribe:
http://public.kitware.com/mailman/listinfo/paraview-developers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://public.kitware.com/pipermail/paraview-developers/attachments/20170410/c5360d8d/attachment.html>
More information about the Paraview-developers
mailing list