Discouraged or forbidden C functions

From Libreswan
Revision as of 16:47, 14 July 2014 by Paul Wouters (talk | contribs) (Created page with " Most of the libreswan code is written in C. The standard C libraries come with many functions people use. Some of these functions are dangerous to use or for other reasons sh...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Most of the libreswan code is written in C. The standard C libraries come with many functions people use. Some of these functions are dangerous to use or for other reasons should not be used with libreswan. Some of these functions are never allowed, some are strongly discouraged.

malloc() and friends

Libreswan supports a builtin memory leak detection system that can be activated by starting pluto with the --leak-detective option. To facilitate this, the standard memory (re)allocation functions are wrapped in our own functions, such as alloc_bytes(), clone_bytes(), alloc_thing() and pfree() and pfreeany(). Using a free() on memory allocated with alloc_bytes() will lead to a crash.

TODO: there is no man page for the allocation functions

Therefor, alloc(), realloc() and free() MUST NEVER be used directly.

See lib/libswan/alloc.c for details.

strcmp() and strncmp()

These functions are commonly mis-used when delaing with strings that are not NULL terminated. Use our own streq(), strneq() or strcaseeq()

TODO: there is no man page for streq() or strneq()

See lib/libswan/constants.c for details.

strcpy() and strncpy()

These functions are often abused to jam big strings into a smaller allocated space. People intend to put a NULL termination in but often do it wrong. Use our own jam_str() instead.

TODO: there is no man page for jam_str()

See lib/libswan/constants.c for details.

strcat() and strncat()

These are often abused to add two strings together but often causes mistakes due to NULL termination handling. Use our own add_str() instead. This is similar to OpenBSD's strlcat()

See lib/libswan/constants.c for details.

thread related functions

pluto is written to handle events based on timers or packets one by one serially. threads really interfere with this model. The only threads allowed currently are within the authentication code, the crypto helper code, and the DNS helper code. Unless you have talked to the developers and they agree, additional threading code will be rejected. See [some page about pluto]