I was going through the TALPA code base and found that we are heavily using strcpy, sprintf, and strcat APIs. I was wondering on not using strncpy, snprintf, and strncat which are better replacements for the former one.
Wanted to learn your perspective about securing and hardening kernel modules. How can we do better here?
Hello,
I was going through the TALPA code base and found that we are heavily using strcpy, sprintf, and strcat APIs. I was wondering on not using strncpy, snprintf, and strncat which are better replacements for the former one. Wanted to learn your perspective about securing and hardening kernel modules. How can we do better here?
Thanks, Nilesh
src/components/core/cache_impl/cache.c error: memcpy: 145 src/components/core/cache_impl/cache.c error: sprintf: 170,853,944 src/components/core/cache_impl/cache.c error: strcpy: 492,558,876,888 src/components/core/intercept_filters_impl/allow_syslog/allow_syslog.c error: memcpy: 102 src/components/core/intercept_filters_impl/allow_syslog/allow_syslog.c error: strcpy: 247,260 src/components/core/intercept_filters_impl/allow_syslog/allow_syslog.c error: strncpy: 107 src/components/core/intercept_filters_impl/cache/cache_allow.c error: memcpy: 72 src/components/core/intercept_filters_impl/cache/cache_deny.c error: memcpy: 71 src/components/core/intercept_filters_impl/cache/cache_eval.c error: memcpy: 71 src/components/core/intercept_filters_impl/degraded_mode/degraded_mode.c error: memcpy: 121 src/components/core/intercept_filters_impl/degraded_mode/degraded_mode.c error: strcpy: 155,173,215,226 src/components/core/intercept_filters_impl/deny_syslog/deny_syslog.c error: memcpy: 102 src/components/core/intercept_filters_impl/deny_syslog/deny_syslog.c error: strcpy: 248,261 src/components/core/intercept_filters_impl/deny_syslog/deny_syslog.c error: strncpy: 107 src/components/core/intercept_filters_impl/fsobj_excl/filesystem_exclusion_processor.c error: memcpy: 138 src/components/core/intercept_filters_impl/fsobj_excl/filesystem_exclusion_processor.c error: strcat: 452,456,458 src/components/core/intercept_filters_impl/fsobj_excl/filesystem_exclusion_processor.c error: strcpy: 425,524,679,690 src/components/core/intercept_filters_impl/fsobj_incl/filesystem_inclusion_processor.c error: memcpy: 108 src/components/core/intercept_filters_impl/fsobj_incl/filesystem_inclusion_processor.c error: strcpy: 242,253,267,269 src/components/core/intercept_filters_impl/operation_excl/operation_excl.c error: memcpy: 106 src/components/core/intercept_filters_impl/operation_excl/operation_excl.c error: strcpy: 210,221,232,238 src/components/core/intercept_filters_impl/proc_excl/process_exclusion.c error: memcpy: 120 src/components/core/intercept_filters_impl/proc_excl/process_exclusion.c error: strcpy: 315,328 src/components/core/intercept_filters_impl/syslog/syslog_filter.c error: memcpy: 109 src/components/core/intercept_filters_impl/syslog/syslog_filter.c error: strcpy: 197,210 src/components/core/intercept_filters_impl/syslog/syslog_filter.c error: strncpy: 114 src/components/core/intercept_filters_impl/vetting_ctrl/vetting_ctrl.c error: memcpy: 239,2001 src/components/core/intercept_filters_impl/vetting_ctrl/vetting_ctrl.c error: sprintf: 1266,1269,2571,2586 src/components/core/intercept_filters_impl/vetting_ctrl/vetting_ctrl.c error: strcat: 2441,2445,2447 src/components/core/intercept_filters_impl/vetting_ctrl/vetting_ctrl.c error: strcpy:726,735,741,746,748,751,1085,1093,1101,1188,1258,1262,2388,2399,2654,2659,2671,2676,2688,2693 src/components/core/intercept_processing_impl/evaluation_report_impl.c error: memcpy: 81,179 src/components/core/intercept_processing_impl/std_intercept_processor.c error: memcpy: 124 src/components/filter-iface/process-exclusion/device_driver_pe_impl/device_driver_process_exclusion.c error: sprintf: 166 src/components/filter-iface/process-exclusion/device_driver_pe_impl/device_driver_process_exclusion.c error: strncpy: 592 src/components/filter-iface/vetting-clients/device_driver_vc_impl/device_driver_vetting_client.c error: sprintf: 164 src/components/intercepts/lsm_impl/lsm_interceptor.c error: strcat: 1101,1105,1107 src/components/intercepts/lsm_impl/lsm_interceptor.c error: strcpy: 1049,1185,1204 src/components/intercepts/syscall_impl/syscall_interceptor.c error: strcat: 580,584,586 src/components/intercepts/syscall_impl/syscall_interceptor.c error: strcpy: 174,664,683 src/components/intercepts/vfshook_impl/findRegular_iterate_dir.c error: strcat: 80 src/components/intercepts/vfshook_impl/findRegular_iterate_dir.c error: strncat: 90 src/components/intercepts/vfshook_impl/findRegular_iterate_dir.c error: strncpy: 220 src/components/intercepts/vfshook_impl/findRegular_vfs_readdir.c error: memcpy: 192 src/components/intercepts/vfshook_impl/findRegular_vfs_readdir.c error: strcat: 125 src/components/intercepts/vfshook_impl/findRegular_vfs_readdir.c error: strcpy: 122,340,435 src/components/intercepts/vfshook_impl/findRegular_vfs_readdir.c error: strncat: 127 src/components/intercepts/vfshook_impl/vfshook_interceptor.c error: memcpy: 2585 src/components/intercepts/vfshook_impl/vfshook_interceptor.c error: sprintf: 3592,3596 src/components/intercepts/vfshook_impl/vfshook_interceptor.c error: strcat: 3715,3719,3721 src/components/intercepts/vfshook_impl/vfshook_interceptor.c error: strcpy: 3372,3439,3509,3801,3819 src/components/services/linux_filesystem_impl/linux_file.c error: memcpy: 122,152 src/components/services/linux_filesystem_impl/linux_fileinfo.c error: memcpy: 138,219,299,363,434 src/components/services/linux_filesystem_impl/linux_fileinfo.c error: strcpy: 550,576 src/components/services/linux_filesystem_impl/linux_filesysteminfo.c error: memcpy: 144,169 src/components/services/linux_filesystem_impl/linux_filesysteminfo.c error: strcpy: 125 src/components/services/linux_filesystem_impl/linux_systemroot.c error: memcpy: 85 src/components/services/linux_personality_impl/linux_personality.c error: memcpy: 77 src/components/services/linux_processandthread_impl/linux_threadinfo.c error: memcpy: 105 src/components/services/linux_processandthread_impl/linux_threadinfo.c error: strcpy: 280 src/ifaces/platforms/linux/glue.h error: sprintf: 99 src/platforms/linux/glue.c error: memcpy: 84,118,132 support/stacker/stacker.c error: memcpy: 307,309 clients/talpa.c error: strcat: 80,119 clients/talpa.c error: strcpy: 79,118 clients/vc-lib.c error: memcpy: 118,168,292 src/components/core/cache_impl/cache.c error: memcpy: 145 src/components/core/cache_impl/cache.c error: sprintf: 170,853,944 src/components/core/cache_impl/cache.c error: strcpy: 492,558,876,888 src/components/core/intercept_filters_impl/allow_syslog/allow_syslog.c error: memcpy: 102 src/components/core/intercept_filters_impl/allow_syslog/allow_syslog.c error: strcpy: 247,260 src/components/core/intercept_filters_impl/allow_syslog/allow_syslog.c error: strncpy: 107 src/components/core/intercept_filters_impl/cache/cache_allow.c error: memcpy: 72 src/components/core/intercept_filters_impl/cache/cache_deny.c error: memcpy: 71 src/components/core/intercept_filters_impl/cache/cache_eval.c error: memcpy: 71 src/components/core/intercept_filters_impl/degraded_mode/degraded_mode.c error: memcpy: 121 src/components/core/intercept_filters_impl/degraded_mode/degraded_mode.c error: strcpy: 155,173,215,226 src/components/core/intercept_filters_impl/deny_syslog/deny_syslog.c error: memcpy: 102 src/components/core/intercept_filters_impl/deny_syslog/deny_syslog.c error: strcpy: 248,261 src/components/core/intercept_filters_impl/deny_syslog/deny_syslog.c error: strncpy: 107 src/components/core/intercept_filters_impl/fsobj_excl/filesystem_exclusion_processor.c error: memcpy: 138 src/components/core/intercept_filters_impl/fsobj_excl/filesystem_exclusion_processor.c error: strcat: 452,456,458 src/components/core/intercept_filters_impl/fsobj_excl/filesystem_exclusion_processor.c error: strcpy: 425,524,679,690 src/components/core/intercept_filters_impl/fsobj_incl/filesystem_inclusion_processor.c error: memcpy: 108 src/components/core/intercept_filters_impl/fsobj_incl/filesystem_inclusion_processor.c error: strcpy: 242,253,267,269 src/components/core/intercept_filters_impl/operation_excl/operation_excl.c error: memcpy: 106 src/components/core/intercept_filters_impl/operation_excl/operation_excl.c error: strcpy: 210,221,232,238 src/components/core/intercept_filters_impl/proc_excl/process_exclusion.c error: memcpy: 120 src/components/core/intercept_filters_impl/proc_excl/process_exclusion.c error: strcpy: 315,328 src/components/core/intercept_filters_impl/syslog/syslog_filter.c error: memcpy: 109 src/components/core/intercept_filters_impl/syslog/syslog_filter.c error: strcpy: 197,210 src/components/core/intercept_filters_impl/syslog/syslog_filter.c error: strncpy: 114 src/components/core/intercept_filters_impl/vetting_ctrl/vetting_ctrl.c error: memcpy: 239,2001 src/components/core/intercept_filters_impl/vetting_ctrl/vetting_ctrl.c error: sprintf: 1266,1269,2571,2586 src/components/core/intercept_filters_impl/vetting_ctrl/vetting_ctrl.c error: strcat: 2441,2445,2447 src/components/core/intercept_filters_impl/vetting_ctrl/vetting_ctrl.c error: strcpy: 726,735,741,746,748,751,1085,1093,1101,1188,1258,1262,2388,2399,2654,2659,2671,2676,2688,2693
src/components/core/intercept_processing_impl/evaluation_report_impl.c error: memcpy: 81,179 src/components/core/intercept_processing_impl/std_intercept_processor.c error: memcpy: 124 src/components/filter-iface/process-exclusion/device_driver_pe_impl/device_driver_process_exclusion.c error: sprintf: 166 src/components/filter-iface/process-exclusion/device_driver_pe_impl/device_driver_process_exclusion.c error: strncpy: 592 src/components/filter-iface/vetting-clients/device_driver_vc_impl/device_driver_vetting_client.c error: sprintf: 164 src/components/intercepts/lsm_impl/lsm_interceptor.c error: strcat: 1101,1105,1107 src/components/intercepts/lsm_impl/lsm_interceptor.c error: strcpy: 1049,1185,1204 src/components/intercepts/syscall_impl/syscall_interceptor.c error: strcat: 580,584,586 src/components/intercepts/syscall_impl/syscall_interceptor.c error: strcpy: 174,664,683 src/components/intercepts/vfshook_impl/findRegular_iterate_dir.c error: strcat: 80 src/components/intercepts/vfshook_impl/findRegular_iterate_dir.c error: strncat: 90 src/components/intercepts/vfshook_impl/findRegular_iterate_dir.c error: strncpy: 220 src/components/intercepts/vfshook_impl/findRegular_vfs_readdir.c error: memcpy: 192 src/components/intercepts/vfshook_impl/findRegular_vfs_readdir.c error: strcat: 125 src/components/intercepts/vfshook_impl/findRegular_vfs_readdir.c error: strcpy: 122,340,435 src/components/intercepts/vfshook_impl/findRegular_vfs_readdir.c error: strncat: 127 src/components/intercepts/vfshook_impl/vfshook_interceptor.c error: memcpy: 2585 src/components/intercepts/vfshook_impl/vfshook_interceptor.c error: sprintf: 3592,3596 src/components/intercepts/vfshook_impl/vfshook_interceptor.c error: strcat: 3715,3719,3721 src/components/intercepts/vfshook_impl/vfshook_interceptor.c error: strcpy: 3372,3439,3509,3801,3819 src/components/services/linux_filesystem_impl/linux_file.c error: memcpy: 122,152 src/components/services/linux_filesystem_impl/linux_fileinfo.c error: memcpy: 138,219,299,363,434 src/components/services/linux_filesystem_impl/linux_fileinfo.c error: strcpy: 550,576 src/components/services/linux_filesystem_impl/linux_filesysteminfo.c error: memcpy: 144,169 src/components/services/linux_filesystem_impl/linux_filesysteminfo.c error: strcpy: 125 src/components/services/linux_filesystem_impl/linux_systemroot.c error: memcpy: 85 src/components/services/linux_personality_impl/linux_personality.c error: memcpy: 77 src/components/services/linux_processandthread_impl/linux_threadinfo.c error: memcpy: 105 src/components/services/linux_processandthread_impl/linux_threadinfo.c error: strcpy: 280 src/ifaces/platforms/linux/glue.h error: sprintf: 99 src/platforms/linux/glue.c error: memcpy: 84,118,132 support/stacker/stacker.c error: memcpy: 307,309