C++ Compiler with a -Wwarn-use-of-strcpy or similar option??

Discussion in 'C++' started by Paul Sheer, Sep 8, 2004.

  1. Paul Sheer

    Paul Sheer Guest

    I need to automatically search and replace all fixed size
    buffer strcpy's with strncpy's (or better yet, strlcpy's)
    as a security and stability audit. The code base is large
    and it is not feasable to manually perform these changes.

    I would like perhaps a C++ parser that can automatically
    detect use of a strcpy to a buffer of fixed size. For instance,

    struct x {
    char member[128];
    }
    ...
    struct x X;
    ...
    strcpy (X.member, p); /* <-- should generate a warning here */

    but

    struct x {
    char *member;
    }
    ...
    struct x X;
    ...
    strcpy (X.member, p); /* <-- should NOT generate a warning */

    (The second case is too complex to fix at this point.)



    Is there any way of doing this? Our code is C++ (not C) and I
    have, for example, looked at

    http://codeworker.free.fr/ScriptsRepository.html

    but this does not seem to provide an easy solution.

    I am anticipating writing a script that can search and replace
    "strcpy (x.member, p);" with "strlcpy (x.member, p, sizeof(x.member));"
    provided the script can be guaranteed that the replacement is valid
    (and I suppose only a full C++ parser would know if it is valid).

    Can GCC be modified to give such a warning?

    thanks

    -paul
    Paul Sheer, Sep 8, 2004
    #1
    1. Advertising

  2. "Paul Sheer" <> wrote:
    > I need to automatically search and replace all fixed size
    > buffer strcpy's with strncpy's (or better yet, strlcpy's)
    > as a security and stability audit. The code base is large
    > and it is not feasable to manually perform these changes.


    1. Replacing strcpy with strncpy is a very bad idea. Where strcpy
    overwrites memory, strncpy will create char arrays that are not C
    strings.

    2. If you perform these changes automatically using some tool then
    security will go _down_. Of course, if your intention is only to make
    management happy and have a check on a checklist, fine. If you want your
    software to be secure and stable, do it by hand.

    My recommendation: Take the whole source code. Give it to two separate
    programmers. Let them discuss very carefully between them how to make
    changes. Then each one goes ahead and makes the necessary changes. When
    they are done, you compare the results and clean up any differences.

    This is the fastest and safest method to actually get a safer and more
    stable program.
    Christian Bau, Sep 8, 2004
    #2
    1. Advertising

  3. Paul Sheer

    Louis Krupp Guest

    Paul Sheer wrote:
    > I need to automatically search and replace all fixed size
    > buffer strcpy's with strncpy's (or better yet, strlcpy's)
    > as a security and stability audit. The code base is large
    > and it is not feasable to manually perform these changes.
    >
    > I would like perhaps a C++ parser that can automatically
    > detect use of a strcpy to a buffer of fixed size. For instance,
    >
    > struct x {
    > char member[128];
    > }
    > ...
    > struct x X;
    > ...
    > strcpy (X.member, p); /* <-- should generate a warning here */
    >
    > but
    >
    > struct x {
    > char *member;
    > }
    > ...
    > struct x X;
    > ...
    > strcpy (X.member, p); /* <-- should NOT generate a warning */
    >
    > (The second case is too complex to fix at this point.)
    >
    >
    >
    > Is there any way of doing this? Our code is C++ (not C) and I
    > have, for example, looked at
    >
    > http://codeworker.free.fr/ScriptsRepository.html
    >
    > but this does not seem to provide an easy solution.
    >
    > I am anticipating writing a script that can search and replace
    > "strcpy (x.member, p);" with "strlcpy (x.member, p, sizeof(x.member));"
    > provided the script can be guaranteed that the replacement is valid
    > (and I suppose only a full C++ parser would know if it is valid).


    No guarantees, and not as impressive as your patch to gcc, but here are
    some ideas for a script (possibly in Perl) to fix one-line calls to strcpy:

    Pass 1:

    Substitute "char member[" with "char __member[" (or some other
    distinctive decoration of "member").

    When you find "strcpy(__member ...", replace that pattern with
    "strlcpy(member ..." and ");" with ", sizeof(member));". If the line
    doesn't contain the second pattern, it's a multiline call; you may want
    to fix those by hand, or write a smarter script.

    Pass 2:

    Substitute all remaining occurrences of "__member" with "member".

    As an alternative (since this is C++), you *might* consider writing a
    character array class which knows its own length, overwriting assignment
    to call strlcpy, and replacing "strcpy(__member ..." by "member = " and
    (on the same line) ");" by ";".

    Louis Krupp
    Louis Krupp, Sep 9, 2004
    #3
  4. Paul Sheer

    Ken Rose Guest

    Paul Sheer wrote:
    > I need to automatically search and replace all fixed size
    > buffer strcpy's with strncpy's (or better yet, strlcpy's)
    > as a security and stability audit. The code base is large
    > and it is not feasable to manually perform these changes.


    > Can GCC be modified to give such a warning?


    GCC has a way to "poison" an identifier. I'm not finding it in a
    quick perusal of the info pages, but I remember encountering it when
    upgrading a port from gcc2 to gcc3.

    It produces an error, not a warning, when the code attempts to use the
    poisoned identifier.

    Ahhh. Here it is (grepping the source)

    #pragma GCC poison <ident>

    Actually, it looks like it's just in g++.

    Good luck - sorry about the incoherent post.

    - ken
    Ken Rose, Sep 13, 2004
    #4
  5. Paul Sheer

    Paul Sheer Guest

    > 1. Replacing strcpy with strncpy is a very bad idea. Where strcpy
    > overwrites memory, strncpy will create char arrays that are not C
    > strings.


    Well, strncpy with a terminating assignment afterward. or of course
    strlcpy

    > 2. If you perform these changes automatically using some tool then
    > security will go _down_.


    Only if the tool is not intelligent enough to only do replacements in
    cases where the array size is fixed.

    > My recommendation: Take the whole source code. Give it to two
    > separate programmers. Let them discuss very carefully between them
    > how to make


    This Is Exactly What I Don'T Want

    Either the tool must be intelligent to make the changes without
    errors, or there is no point.

    See this thread on comp.lang.c++ .....

    -paul
    Paul Sheer, Sep 14, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Paul Sheer
    Replies:
    7
    Views:
    492
    Paul Sheer
    Sep 10, 2004
  2. Julien ROUZIERES

    g++ -pg option and -shared option

    Julien ROUZIERES, Dec 21, 2004, in forum: C++
    Replies:
    1
    Views:
    716
    GianGuz
    Dec 21, 2004
  3. Cas
    Replies:
    5
    Views:
    790
    Kevin Jones
    Aug 28, 2006
  4. Kevin Blount

    page.aspx?option - how to detect "option"

    Kevin Blount, Nov 28, 2006, in forum: ASP .Net
    Replies:
    6
    Views:
    606
    =?Utf-8?B?RWVyYWo=?=
    Nov 28, 2006
  5. John

    Regex for <option> ... </option>

    John, Jan 23, 2009, in forum: Perl Misc
    Replies:
    10
    Views:
    236
    Eric Pozharski
    Jan 29, 2009
Loading...

Share This Page