Repository: leafsr/gcc-poison Branch: master Commit: fb90b9f3cd52 Files: 2 Total size: 3.0 KB Directory structure: gitextract_82lwdkmv/ ├── README.md └── poison.h ================================================ FILE CONTENTS ================================================ ================================================ FILE: README.md ================================================ gcc-poison ========== gcc-poison is a simple header file for developers to ban unsafe C/C++ functions from applications. It uses the #pragma GCC poison directive to define a number of identifiers (function names) as unsafe. Compilation will fail if these are present in your code. Please see [http://blog.leafsr.com/2013/12/gcc-poison.html](http://blog.leafsr.com/2013/12/gcc-poison.html) for more information http://leafsr.com Example usage ============= #include #include #include "gcc-poison.h" int main(int argc, char *argv[]) { char buf[10]; strcpy(buf, argv[1]); return 0; } $ gcc -o 2 2.c 1.c: In function ‘main’: 1.c:8:2: error: attempt to use poisoned "strcpy" Excluding specific functions from poisoning =========================================== As pointed out in the GCC documentation (http://gcc.gnu.org/onlinedocs/cpp/Pragmas.html), "If a poisoned identifier appears as part of the expansion of a macro which was defined before the identifier was poisoned, it will not cause an error. This lets you poison an identifier without worrying about system headers defining macros that use it." Here is an example of how to use gcc-poison.h but continue to allow the usage of the 'strcat' function, via a macro: #define _unsafe_strcat strcat #include "gcc-poison.h" int main(void) { char x[512]; /* this will raise an error */ strcat((char *)&x, "lol"); /* ... while this will NOT raise an error */ _unsafe_strcat((char *)&x, "lol"); } Note that you must define any such macros BEFORE you include gcc-poison.h. This can be a handy way to allow developers to continue to use certain functions for which libc has no safe alternative, while forcing them to acknowledge that they are doing so unsafely. ================================================ FILE: poison.h ================================================ /* Copyright 2013 - Leaf Security Research http://leafsr.com poison.h - A C header file for poisoning unsafe C/C++ functions. This is far from complete, you will need to add your own in-house deprecated and insecure APIs for it to be very effective */ #ifdef __GNUC__ /* String handling functions */ # pragma GCC poison strcpy wcscpy stpcpy wcpcpy # pragma GCC poison scanf sscanf vscanf fwscanf swscanf wscanf # pragma GCC poison gets puts # pragma GCC poison strcat wcscat # pragma GCC poison wcrtomb wctob # pragma GCC poison sprintf vsprintf vfprintf # pragma GCC poison asprintf vasprintf # pragma GCC poison strncpy wcsncpy # pragma GCC poison strtok wcstok # pragma GCC poison strdupa strndupa /* Signal related */ # pragma GCC poison longjmp siglongjmp # pragma GCC poison setjmp sigsetjmp /* Memory allocation */ # pragma GCC poison alloca # pragma GCC poison mallopt /* File API's */ # pragma GCC poison remove # pragma GCC poison mktemp tmpnam tempnam # pragma GCC poison getwd /* Misc */ # pragma GCC poison getlogin getpass cuserid # pragma GCC poison rexec rexec_af /* Your custom insecure APIs here */ //# pragma GCC poison iEatLargeStrings #endif