Reputation: 436
How is the __func__ identifier a security risk?
I saw in a comment that using __func__ is a security risk. I need to understand how is that the case?
Upvotes: 5
Views: 241
Answers (4)
Reputation: 6684
__func__ is the C99-standard predefined identifier that expands into a character array variable containing the function name when it is used inside of a function. From C99 6.4.2.2/1 describes:
The identifier
__func__is implicitly declared by the translator as if, immediately following the opening brace of each function definition, the declarationstatic const char
__func__[] = "function-name"; appeared, where function-name is the name of the lexically-enclosing function. This name is the unadorned name of the function.
Note that it is not a macro and it has no special meaning during preprocessing.
Look at this link for more information about __func__ at:
http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2004/n1642.html
If the solution relies on the expansion involved in the predefined context-sensitive constant __func__, it cannot be implemented in a function safely and provide the same convenience.
__func__ is textually expanded at the point of its invocation, hence, it could easily affect the flow of control of the invoking code by evaluating break, continue, or return statements or failing to properly terminate if statements. The effects of invoking it can be surprising and lead to subtle flaws.
Prefer inline or static functions to function-like macros or __func__.
However, in cases where defining a __func__ is unavoidable, the definition should avoid statements that change the control flow of the invoking code.And ideally, it should be a single expression.
More idea and example codes:
https://www.securecoding.cert.org/confluence/display/seccode/PRE13-C.+Avoid+changing+control+flow+in+macro+definitions
Upvotes: 0
Reputation: 95355
If your application's security relies on its function names remaining a secret then it is a security risk to use __func__, as the compiler will need to store the function name somewhere in the compiled binary.
Upvotes: 0
Reputation: 108830
It makes reverse engineering easier. So if you want to keep the way your application works secret, then it makes an attacker's life easier.
That's relevant for DRM features, or if you want to make it harder to imitate your algorithms in competing applications.
But it does not affect security, since an application where reversing shows vulnerabilities was insecure in the first place.
Upvotes: 0
Reputation: 137382
Using __func__ reveals the function name in the binary, which ease the work of an attacker that has an access to the binary.
Upvotes: 4
Related Questions
- Treating __func__ as a string literal instead of a predefined identifier
- Why does C language allow users to create Macros whose name are the same as a pre-existing library function?
- Why define a macro to a function with the same name?
- What makes a C standard library function dangerous, and what is the alternative?
- How can (GNU/BSD) libc macros be safe?
- why is it legal to declare an inbuilt library function as an identifier name?
- Explanation of C++ FAQ's unsafe macro?
- Why are reserved names (starting with _) used in macros?
- Is this function macro safe?
- Can I substitute __func__ into an identifier name in a C macro?