Avoid certain functions in C/C++
Kelly O'Hair
kelly.ohair at oracle.com
Wed Apr 6 15:50:18 UTC 2011
Just an FYI...
Anyone working with C/C++ should be well aware of the functions we should be avoiding:
http://hub.opensolaris.org/bin/view/Community+Group+security/funclist
Microsoft has used the term "banned" and has a much more extensive list:
http://msdn.microsoft.com/en-us/library/bb288454.aspx
Unfortunately, we often cannot use the recommended replacements unless we know that the
replacement is available on all platforms, however, some are fairly obvious, like using snprintf
instead of sprintf.
Functions like sprintf, vsprintf, strcat, strcpy, access, chmod, chown, lchown, chdir, ...
all have know issues or have caused too many common mistakes over the years, we need to
avoid the use of these functions.
-kto
More information about the build-dev
mailing list