curl-library
[PATCH] banning "unsafe" functions
From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 6 Mar 2013 13:34:25 +0100 (CET)
Received on 2013-03-06
Date: Wed, 6 Mar 2013 13:34:25 +0100 (CET)
Hi,
As a result of the last security vulnerability we had, I'm adding new code to
checksrc that will alert us on uses of (v)sprintf, strcat and gets in the code
base.
This is meant to be an additional tool to help us detect unsafe code easier,
since all those functions are too easily use without careful considerations of
all possible side-effects.
I also had to clean up some code so that this wouldn't immediately start
complaining! =)
Comments or improvements?
-- / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
- TEXT/x-diff attachment: 0001-checksrc-ban-unsafe-functions.patch