[krbdev.mit.edu #6200] Eliminate use of "unsafe" functions
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Mon Oct 20 14:16:42 EDT 2008
Audit tools such as lint and Coverity's SECURE_CODING checker flag all
uses of functions which are often used unsafely. For Coverity, these
include strcpy, strcat, sprintf, all *scanf variants, random, lrand48,
and rand.
Although these functions are used safely within the krb5 code base to
the best of our knowledge, their use is undesirable because ensuring
their safety requires manual investigation each time the code base is
audited (by us or by others). This ticket will track the process of
eliminating these uses.
More information about the krb5-bugs
mailing list