Cpp Coding Standards/SECURITY/UnsafeFunc

From Apache OpenOffice Wiki
< Cpp Coding Standards‎ | SECURITY
Revision as of 17:13, 14 December 2009 by B michaelsen (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Don't use functions that are known to have security issues:

  • strcpy(), strcat(), gets(), sprintf(), and the scanf() family format string problems ([v][f]printf(), [v]snprintf(), and syslog())
  • race conditions (such as access(), chown(), chgrp(), chmod(), tmpfile(), tmpnam(), tempnam(), and mktemp()
  • potential shell metacharacter dangers (most of the exec() family, system(), popen())
  • poor random number acquisition, such as with random()
  • when using alloca, limit the amount of memory requested, as it is bound by the stack size.

See also David Wheeler's excellent Secure Programming for Linux and Unix HOWTO.

Retrieved from "https://wiki.openoffice.org/w/index.php?title=Cpp_Coding_Standards/SECURITY/UnsafeFunc&oldid=152637"
Personal tools