Use of insecure C functions/API(s)
33 views
Skip to first unread message
Nilesh Gajwani
Jun 2, 2021, 5:31:26 AM6/2/21
to grpc.io
Hi,
We had a penetration testing done for our iOS app, which uses gRPC-Core pod.
We received comments specifying that unsafe C functions (example: memcpy, malloc, etc) are being used in the binary.
On searching in the project directory for a example function (memcpy), I can see the gRPC-Core files using this function.
Can you give an confirmation if these functions are handled safely everywhere, or is the removal of these in the roadmap?
Please check for the example API call, memcpy for now, I can provide list of all functions if needed
Thanks and regards,
Nilesh
We had a penetration testing done for our iOS app, which uses gRPC-Core pod.
We received comments specifying that unsafe C functions (example: memcpy, malloc, etc) are being used in the binary.
On searching in the project directory for a example function (memcpy), I can see the gRPC-Core files using this function.
Can you give an confirmation if these functions are handled safely everywhere, or is the removal of these in the roadmap?
Please check for the example API call, memcpy for now, I can provide list of all functions if needed
Thanks and regards,
Nilesh
yas...@google.com
Jun 16, 2021, 1:36:57 PM6/16/21
to grpc.io
There is no roadmap to remove them that I am aware of. As for whether these functions are handled safely everywhere, that seems like an alternate way of asking if gRPC has bugs related to this. What I CAN tell you is that the code is continuously tested, and I would imagine that if there was a bug related to the usage, it would get fixed when found.
Reply all
Reply to author
Forward
0 new messages