- First do the exercises in the slides todo
- Take a look at the list of banned C functions in the git project.
- For at least three of the functions, determine why they are banned and develop (small snippets of) example C code that illustrates the problem.
- Find secure/better alternatives for the functions you chose; illustrate them and explain why they are better
- Determine what rules of the CERT CC and/or which CWEs are violated by using these functions
STRCPY:
strcpy() in C does not perform bounds checking 12. This means that it doesn’t verify if the destination buffer is large enough to hold the source string, which can lead to a buffer overflow if the source string is larger than the destination buffer 12.
strcpy_s is considered safer than strcpy primarily because it helps prevent buffer overflows. Here’s why:
- Buffer Overflow Protection:
strcpy_srequires you to explicitly specify the size of the destination buffer. This allows the function to avoid writing beyond the buffer’s boundaries, preventing potential overflows 1.strcpydoes not perform this check, making it vulnerable to writing past the allocated memory if the source string is larger than the destination buffer 23.
localtime
localtime is not thread-safe because it uses a static buffer shared between threads. There is no proper cross platform alternative. posix has an alternative that doest work everywhere, and windows has its own thing that is potentially correct. (maybe? this one fucking sucks)
sprintf
sprintf has potential for buffer overflows because of bad bound checking like in STRCPY above 12:
- Buffer Overflow: The main issue with
sprintfis that it doesn’t perform bounds checking. If the formatted string exceeds the buffer size, it can lead to a buffer overflow, potentially overwriting adjacent memory and causing crashes or security exploits 2.