Difference between revisions of "Cpp Coding Standards/SECURITY/UnsafeFunc"

From Apache OpenOffice Wiki
Jump to: navigation, search
m
(No difference)

Revision as of 18:33, 22 May 2007

Don't use functions that are known to have security issues:

  • strcpy(), strcat(), gets(), sprintf(), and the scanf() family format string problems ([v][f]printf(), [v]snprintf(), and syslog())
  • race conditions (such as access(), chown(), chgrp(), chmod(), tmpfile(), tmpnam(), tempnam(), and mktemp()
  • potential shell metacharacter dangers (most of the exec() family, system(), popen())
  • poor random number acquisition, such as with random()
  • when using alloca, limit the amount of memory requested, as it is bound by the stack size.

See also David Wheeler's excellent Secure Programming for Linux and Unix HOWTO.

Retrieved from "https://wiki.openoffice.org/w/index.php?title=Cpp_Coding_Standards/SECURITY/UnsafeFunc&oldid=32984"
Personal tools