proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-15 07:21:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

doc: document strcpy & sprintf ban

Browse Source 
Signed-off-by: David Lamparter <equinox@diac24.net>
This commit is contained in:
David Lamparter 2020-04-20 23:33:21 +02:00
parent d35c30ca9d
commit 08cffeb5d9
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
doc/developer/workflow.rst
View File

@ -515,6 +515,28 @@ your new claim at the end of the list.
* ...
*/
Defensive coding requirements
-----------------------------
In general, code submitted into FRR will be rejected if it uses unsafe
programming practices. While there is no enforced overall ruleset, the
following requirements have achieved consensus:
- ``strcpy``, ``strcat`` and ``sprintf`` are inacceptable without exception.
Use ``strlcpy``, ``strlcat`` and ``snprintf`` instead. (Rationale: even if
you know the operation cannot overflow the buffer, a future code change may
inadvertedly introduce an overflow.)
- buffer size arguments, particularly to ``strlcpy`` and ``snprintf``, must
use ``sizeof()`` whereever possible. Particularly, do not use a size
constant in these cases. (Rationale: changing a buffer to another size
constant may leave the write operations on a now-incorrect size limit.)
Other than these specific rules, coding practices from the Linux kernel as
well as CERT or MISRA C guidelines may provide useful input on safe C code.
However, these rules are not applied as-is; some of them expressly collide
with established practice.
Code Formatting
---------------