| Title | MPS VC9 build failure C4996: getenv considered insecure |
| Status | closed |
| Priority | essential |
| Assigned user | Richard Kistruck |
| Organization | Ravenbrook |
| Description | MPS VC9 build failure C4996: getenv considered insecure MPS build fails with Microsoft Visual C++ 2008 (version 9, aka VC9), because of three C runtime library routines facilities used by the example ANSI plinth and by testlib.c. (Note: these are not in the MPS library itself). Reported by VC9 as: warning C4996: '<name>': This function or variable may be unsafe. Consider using <other-name> instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online heklp for details. |
| Analysis | RHSK 2008-09-29 Problems in: mpsliban.c (getenv); mpsioan.c (fopen et al); testlib.c (sscanf); eventcnv.c (fopen ,sscanf, strncpy) Fix is #pragma warning ( disable : 4996 ). RHSK 2008-10-17 Are these particular warning cases really a security risk to production code using MPS? No. In detail: mps_lib_telemetry_control() in mpsliban.c is only called in telemetry-log-event varieties, which is not normally used in a production environment. Also, it's hardly risky code. Indeed, even reading CERT Secure Coding note ENV-00 about this, it's hard to see what the risk is: < https://www.securecoding.cert.org/conf...ointer+to+the+string+returned+by+getenv()>mpsioan.c is only used in telemetry-log-event varieties. And what's wrong with fopen() exactly? testlib.c is only used in MPS tests, of course, so no risk. eventcnv.c is not used in production environment. Could this warning show up some other genuine problem? Possibly, yes. So should this warning be disabled globally? No. Locally? Yes, we can do that: in mpsliban.c the getenv is in the final function. Add a note to make it clear. The #pragma should be ifdef'd for MPS_BUILD_MV. (VC6 accepts it, therefore no need to ifdef'd for MSVC version). Note that MPS_BUILD_MV is set by mpstd.h (target detection), which all affected .c files include. RHSK 2009-02-16 Same for sscanf in newly-written zcoll.c (test file). |
| How found | unknown |
| Observed in | 1.108.0 |
| Created by | Richard Kistruck |
| Created on | 2008-09-29 17:27:39 |
| Last modified by | Richard Kistruck |
| Last modified on | 2009-02-16 15:12:24 |
| History | 2008-09-29 RHSK Created. 2008-10-17 RHSK How to disable the warning in the right way & place 2008-10-20 RHSK eventnv.c also fails; full warning text 2008-11-03 RHSK (tweak) say C4996 in job title 2009-02-16 RHSK Same for sscanf in newly-written zcoll.c (test file). |
| Change | Effect | Date | User | Description |
|---|---|---|---|---|
| 167379 | closed | 2009-02-16 14:57:54 | Richard Kistruck | MPS br/timing zcoll.c: (fix compiler warning for w3i3m9) VC9 warns that sscanf is unsafe; disable this warning for zcoll.c. See also job001934. |
| 166497 | closed | 2008-10-20 15:12:15 | Richard Kistruck | MPS br/vc9: under ifdef MPS_BUILDER_MV, disable warning 4996 where necessary for VC9 builds. |