Cpp Coding Standards/SECURITY/UnsafeFunc
From Apache OpenOffice Wiki
< Cpp Coding Standards | SECURITY(Redirected from Cpp Coding Standards/Security/UnsafeFunc)
Don't use functions that are known to have security issues:
- strcpy(), strcat(), gets(), sprintf(), and the scanf() family format string problems ([v][f]printf(), [v]snprintf(), and syslog())
- race conditions (such as access(), chown(), chgrp(), chmod(), tmpfile(), tmpnam(), tempnam(), and mktemp()
- potential shell metacharacter dangers (most of the exec() family, system(), popen())
- poor random number acquisition, such as with random()
- when using alloca, limit the amount of memory requested, as it is bound by the stack size.
See also David Wheeler's excellent Secure Programming for Linux and Unix HOWTO.