diff options
| author | Jay Berkenbilt <ejb@ql.org> | 2017-08-22 19:23:49 +0200 |
|---|---|---|
| committer | Jay Berkenbilt <ejb@ql.org> | 2017-08-22 20:13:10 +0200 |
| commit | 2a8cd4acdc48f050a0be66405cfbe9ba1c6ce9da (patch) | |
| tree | 9966c674089076eefe896bb894a464a272ead194 /README-hardening.md | |
| parent | 6219111ed7d6b50f68ebcab5b65517f8b3572ad8 (diff) | |
| download | qpdf-2a8cd4acdc48f050a0be66405cfbe9ba1c6ce9da.tar.zst | |
Convert README files to markdown
Diffstat (limited to 'README-hardening.md')
| -rw-r--r-- | README-hardening.md | 33 |
1 files changed, 15 insertions, 18 deletions
diff --git a/README-hardening.md b/README-hardening.md index a2389af3..7625b085 100644 --- a/README-hardening.md +++ b/README-hardening.md @@ -1,49 +1,46 @@ -Avoiding operator[] -=================== +# Avoiding `operator[]` -During a security review by Red Hat security team (specifically -Florian Weimer), it was discovered that qpdf used std::string and -std::vector's operator[], which has no bounds checking by design. -Instead, using those objects' at() method is preferable since it does -bounds checking. Florian has a tool that can detect all uses of these -methods and report them. I have a short perl script that -automatically corrects any such uses. The perl script is not intended -to be general, but it could be reasonably general. The only known -shortcut is that it might not work very well with some cases of nested -[]'s like a[b[c]] or with cases where there are line breaks inside the -brackets. For qpdf's coding style, it worked on all cases reported. +During a security review by Red Hat security team (specifically Florian Weimer), it was discovered that qpdf used `std::string` and `std::vector`'s `operator[]`, which has no bounds checking by design. Instead, using those objects' `at()` method is preferable since it does bounds checking. Florian has a tool that can detect all uses of these methods and report them. I have a short perl script that automatically corrects any such uses. The perl script is not intended to be general, but it could be reasonably general. The only known shortcut is that it might not work very well with some cases of nested `[]`'s like `a[b[c]]` or with cases where there are line breaks inside the brackets. For qpdf's coding style, it worked on all cases reported. -To use this, obtain htcondor-analyzer, run it, and respond to the -report. Here's what I did. +To use this, obtain htcondor-analyzer, run it, and respond to the report. Here's what I did. +``` sudo aptitude install libclang-dev llvm llvm-dev clang cd /tmp git clone https://github.com/fweimer/htcondor-analyzer # HEAD = 5fa06fc68a9b0677e9de162279185d58ba1e8477 at this writing cd htcondor-analyzer make +``` -in qpdf +In qpdf: +``` ./autogen.sh /tmp/htcondor-analyzer/create-db CC=/tmp/htcondor-analyzer/cc CXX=/tmp/htcondor-analyzer/cxx ./configure --disable-shared --disable-werror # to remove conftest.c \rm htcondor-analyzer.sqlite /tmp/htcondor-analyzer/create-db +``` Repeat until no more errors: +``` /tmp/fix-at.pl is shown below. +``` +``` make /tmp/htcondor-analyzer/report | grep std:: | grep qpdf >| /tmp/r perl /tmp/fix-at.pl /tmp/r # move all *.new over the original file. patmv is my script. Can # also use a for loop. patmv -f s/.new// **/*.new +``` ----------- /tmp/fix-at.pl ---------- +/tmp/fix-at.pl: +```perl #!/usr/bin/env perl require 5.008; use warnings; @@ -90,4 +87,4 @@ foreach my $file (sort keys %to_fix) } close(F) or die; } --------------------- +``` |