Security Code Review

From reSIProcate
Revision as of 11:26, 11 December 2006 by Jmatthewsr (talk | contribs) (→‎Tasks)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


This document is intended to outline procedures for reviewing the resiprocate code base for security related bugs.


  • null raw, smart pointers checks
  • check for null, change to smart pointer if possible
  • convert Dialog and DialogSet to resip::Handled objects?
  • this will require users to change handling of these objects from raw pointers.
  • STL iterators
  • example: front(), container must not be empty to call front
  • regex search: "front|at|" , todo there is a lot here
  • buffer overruns
  • C string & memory routines (strcpy,etc, implement microsoft *_s functions for windows?)
  • regex: "strcpy|memcpy" , todo add here
  • run code analysis tools
  • todo: add tools here
  • turn on/fix compiler warnings
  • g++ -Wall, Level 3(or 4) warnings in Visual C++