Add a new `SECURITY CONSIDERATIONS' section. Sample code similar to
the first revision of strcpy(3)'s section is included, but should be removed as the Security Architecture document is committed and completed. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
This commit is contained in:
chris
parent
fe1ce55be7
commit
49c162fb20
@ -83,6 +83,65 @@ and
|
||||
functions
|
||||
return the pointer
|
||||
.Fa s .
|
||||
.Sh SECURITY CONSIDERATIONS
|
||||
The
|
||||
.Fn strcat
|
||||
function is easily misused in a manner
|
||||
which enables malicious users to arbitrarily change
|
||||
a running program's functionality through a buffer overflow attack.
|
||||
(See
|
||||
the FSA.)
|
||||
.Pp
|
||||
Avoid using
|
||||
.Fn strcat .
|
||||
Instead, use
|
||||
.Fn strncat
|
||||
or
|
||||
.Fn strlcat
|
||||
and ensure that no more characters are copied to the destination buffer
|
||||
than it can hold.
|
||||
.Pp
|
||||
Note that
|
||||
.Fn strncat
|
||||
can also be problematic.
|
||||
It may be a security concern for a string to be truncated at all.
|
||||
Since the truncated string will not be as long as the original,
|
||||
it may refer to a completely different resource
|
||||
and usage of the truncated resource
|
||||
could result in very incorrect behavior.
|
||||
Example:
|
||||
.Bd -literal
|
||||
void
|
||||
foo(const char *arbitrary_string)
|
||||
{
|
||||
char onstack[8];
|
||||
|
||||
#if defined(BAD)
|
||||
/*
|
||||
* This first strcat is bad behavior. Do not use strcat!
|
||||
*/
|
||||
(void)strcat(onstack, arbitrary_string); /* BAD! */
|
||||
#elif defined(BETTER)
|
||||
/*
|
||||
* The following two lines demonstrate better use of
|
||||
* strncat().
|
||||
*/
|
||||
(void)strncat(onstack, arbitrary_string,
|
||||
sizeof(onstack) - strlen(onstack) - 1);
|
||||
#elif defined(BEST)
|
||||
/*
|
||||
* These lines are even more robust due to testing for
|
||||
* truncation.
|
||||
*/
|
||||
if (strlen(arbitrary_string) + 1 >
|
||||
sizeof(onstack) - strlen(onstack))
|
||||
err(1, "onstack would be truncated");
|
||||
(void)strncat(onstack, arbitrary_string,
|
||||
sizeof(onstack) - strlen(onstack) - 1);
|
||||
#endif
|
||||
}
|
||||
|
||||
.Ed
|
||||
.Sh SEE ALSO
|
||||
.Xr bcopy 3 ,
|
||||
.Xr memccpy 3 ,
|
||||
@ -91,6 +150,10 @@ return the pointer
|
||||
.Xr strcpy 3 ,
|
||||
.Xr strlcat 3 ,
|
||||
.Xr strlcpy 3
|
||||
.Rs
|
||||
.%T "The FreeBSD Security Architecture"
|
||||
.%J "/usr/share/doc/{to be decided}"
|
||||
.Re
|
||||
.Sh STANDARDS
|
||||
The
|
||||
.Fn strcat
|
||||
|
||||
Loading…
Reference in New Issue
Block a user