Opened 4 years ago

Closed 4 years ago

#2208 closed Patch (fixed)

use secure CRT functions

Reported by: xhmikosr Owned by:
Priority: normal Milestone: 1.6.2
Component: General Version: nightly, specify
Severity: major Keywords:
Cc: Underground78 Evaluation:

Description

Using r4437. Attached is a patch to use the newer secure CRT functions. The patch doesn't replace all of them, only those which are a simple replace.

Attachments (4)

#2208_use_safe_functions.patch (20.7 KB) - added by xhmikosr 4 years ago.
#2208_use_safe_functions2.patch (13.6 KB) - added by xhmikosr 4 years ago.
#2208_use_safe_functions4.patch (29.2 KB) - added by xhmikosr 4 years ago.
CRT_SECURE.log (9.7 KB) - added by xhmikosr 4 years ago.

Download all attachments as: .zip

Change History (17)

comment:1 Changed 4 years ago by xhmikosr

BTW, those warnings for our code are disabled in DSUtil/SharedInclude.h and _CRT_SECURE_NO_WARNINGS in common.props for Release builds. See C4995 and C4996. Probably there are more which can be used without the need to change the code. The rest are for someone else. :P

comment:2 Changed 4 years ago by underground78

Patch commited with minor modification at r4443.

comment:3 Changed 4 years ago by underground78

@XhmikosR: Why have you reverted everything? You found other potential problems?

comment:4 Changed 4 years ago by xhmikosr

Unfortunately, yes. It seems we missed more functions which can't be simply replaced. So I reverted everything until we go through them again.

comment:5 Changed 4 years ago by clsid2

Why revert if the changes were good? No need to do everything at once. Small steps are progress too.

Also, post list of function names here that need replacing. Should be helpful for anyone wanting to work on it.

comment:6 Changed 4 years ago by underground78

There were crashes after those changes, XhmikosR will probably recommit them after we double check everything.

comment:7 Changed 4 years ago by xhmikosr

Here is the revised patch. Feel free to work on it and improve it and post the new one here for testing and review.

Changed 4 years ago by xhmikosr

comment:8 Changed 4 years ago by underground78

Commited as r4478. I hope everything will be fine this time.

comment:9 Changed 4 years ago by xhmikosr

Added a new patch which carefully changes the sscan function only when no size is needed to be specified.

Changed 4 years ago by xhmikosr

comment:10 Changed 4 years ago by xhmikosr

Updated patch with more functions.

Changed 4 years ago by xhmikosr

comment:11 Changed 4 years ago by xhmikosr

These should be the remaining insecure functions based on ~ r4674.

Changed 4 years ago by xhmikosr

comment:12 Changed 4 years ago by xhmikosr

  • Component changed from New to Solved
  • Milestone changed from next release placeholder to next release

Most of those should be fixed now after r4728+.

comment:13 Changed 4 years ago by xhmikosr

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.