Ensure unsafe functions are properly guarded

markushi commented 5 months ago

Description

We recently received a security report about unsafe usages. Whilst there's not always a safe alternative available (especially cross-platform) we can still have a check and ensure we have best-effort implementations for:

input validation
buffer management
return values are in proper format (e.g. null terminated strings)

Detailed report:

Format String Vulnerabilities

libsentry-android.so
  snprintf: 00001c92
libsentry.so
  fprintf: 000d4d98
  snprintf: 00074252
  vfprintf: 000d102a
  vprintf: 0008c4da
  vsnprintf: 0007914a

Buffer Overflow Vulnerabilities

libsentry.so
  strncpy: 000d34ea
  memcpy: 000d40b0

Buffer Overflow Danger Functions

libsentry.so
  realpath: 0007cd4e

markushi commented 5 months ago

We should also consider integrating CodeQL into CI to highlight potential issues earlier.

JoshuaMoelans commented 2 months ago

Tracking progress on this Notion page (+ subpages)

JoshuaMoelans commented 1 month ago

Investigation led to 2 minor fixes (https://github.com/getsentry/sentry-native/pull/1046 and https://github.com/getsentry/sentry-native/pull/1047). All other occurrences of 'unsafe' functions were already properly guarded, or handled static data that made their uses safe.

getsentry / sentry-native

Ensure unsafe functions are properly guarded #1012

Format String Vulnerabilities

Buffer Overflow Vulnerabilities

Buffer Overflow Danger Functions