Docs/defensive-coding-guide
2
0
Fork 0
Code Issues 3 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Adding translations

Browse source
This commit is contained in:
Eric Christensen 2013-05-07 23:27:13 -04:00
parent a9c262c8b6
commit 2315b05d98
1393 changed files with 140644 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

35
defensive-coding/.tx/defensive-coding-guide.Author_Group/el-GR_translation Normal file
View file

@ -0,0 +1,35 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-12 04:18+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Greek <trans-el@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: el\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
#. Tag: firstname
#, no-c-format
msgid "Florian"
msgstr ""
#. Tag: surname
#, no-c-format
msgid "Weimer"
msgstr ""
#. Tag: orgname
#, no-c-format
msgid "Red Hat"
msgstr ""
#. Tag: orgdiv
#, no-c-format
msgid "Product Security Team"
msgstr ""

35
defensive-coding/.tx/defensive-coding-guide.Author_Group/en_US_translation Normal file
View file

@ -0,0 +1,35 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-12 04:18+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: None\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: en_US\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
#. Tag: firstname
#, no-c-format
msgid "Florian"
msgstr "Florian"
#. Tag: surname
#, no-c-format
msgid "Weimer"
msgstr "Weimer"
#. Tag: orgname
#, no-c-format
msgid "Red Hat"
msgstr "Red Hat"
#. Tag: orgdiv
#, no-c-format
msgid "Product Security Team"
msgstr "Product Security Team"

36
defensive-coding/.tx/defensive-coding-guide.Author_Group/es-ES_translation Normal file
View file

@ -0,0 +1,36 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
# <ehespinosa@ya.com>, 2013.
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-14 07:50+0000\n"
"Last-Translator: vareli <ehespinosa@ya.com>\n"
"Language-Team: Spanish <trans-es@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: es\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
#. Tag: firstname
#, no-c-format
msgid "Florian"
msgstr "Florian"
#. Tag: surname
#, no-c-format
msgid "Weimer"
msgstr "Weimer"
#. Tag: orgname
#, no-c-format
msgid "Red Hat"
msgstr "Red Hat"
#. Tag: orgdiv
#, no-c-format
msgid "Product Security Team"
msgstr "Equipo de Seguridad del Producto"

35
defensive-coding/.tx/defensive-coding-guide.Author_Group/fi-FI_translation Normal file
View file

@ -0,0 +1,35 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-12 04:18+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Finnish (http://www.transifex.com/projects/p/fedora/language/fi/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: fi\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
#. Tag: firstname
#, no-c-format
msgid "Florian"
msgstr ""
#. Tag: surname
#, no-c-format
msgid "Weimer"
msgstr ""
#. Tag: orgname
#, no-c-format
msgid "Red Hat"
msgstr ""
#. Tag: orgdiv
#, no-c-format
msgid "Product Security Team"
msgstr ""

36
defensive-coding/.tx/defensive-coding-guide.Author_Group/fr-FR_translation Normal file
View file

@ -0,0 +1,36 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
# Jérôme Fenal <jfenal@gmail.com>, 2013.
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-16 14:20+0000\n"
"Last-Translator: Jérôme Fenal <jfenal@gmail.com>\n"
"Language-Team: French <trans-fr@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: fr\n"
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
#. Tag: firstname
#, no-c-format
msgid "Florian"
msgstr "Florian"
#. Tag: surname
#, no-c-format
msgid "Weimer"
msgstr "Weimer"
#. Tag: orgname
#, no-c-format
msgid "Red Hat"
msgstr "Red Hat"
#. Tag: orgdiv
#, no-c-format
msgid "Product Security Team"
msgstr "Équipe Sécurité Produit"

35
defensive-coding/.tx/defensive-coding-guide.Author_Group/gl-ES_translation Normal file
View file

@ -0,0 +1,35 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-12 04:18+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Galician (http://www.transifex.com/projects/p/fedora/language/gl/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: gl\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
#. Tag: firstname
#, no-c-format
msgid "Florian"
msgstr ""
#. Tag: surname
#, no-c-format
msgid "Weimer"
msgstr ""
#. Tag: orgname
#, no-c-format
msgid "Red Hat"
msgstr ""
#. Tag: orgdiv
#, no-c-format
msgid "Product Security Team"
msgstr ""

35
defensive-coding/.tx/defensive-coding-guide.Author_Group/id-ID_translation Normal file
View file

@ -0,0 +1,35 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-12 04:18+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Indonesian <trans-id@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: id\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: firstname
#, no-c-format
msgid "Florian"
msgstr ""
#. Tag: surname
#, no-c-format
msgid "Weimer"
msgstr ""
#. Tag: orgname
#, no-c-format
msgid "Red Hat"
msgstr ""
#. Tag: orgdiv
#, no-c-format
msgid "Product Security Team"
msgstr ""

35
defensive-coding/.tx/defensive-coding-guide.Author_Group/it-IT_translation Normal file
View file

@ -0,0 +1,35 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-12 04:18+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Italian <trans-it@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: it\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
#. Tag: firstname
#, no-c-format
msgid "Florian"
msgstr ""
#. Tag: surname
#, no-c-format
msgid "Weimer"
msgstr ""
#. Tag: orgname
#, no-c-format
msgid "Red Hat"
msgstr ""
#. Tag: orgdiv
#, no-c-format
msgid "Product Security Team"
msgstr ""

35
defensive-coding/.tx/defensive-coding-guide.Author_Group/ko-KR_translation Normal file
View file

@ -0,0 +1,35 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-12 04:18+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Korean (http://www.transifex.com/projects/p/fedora/language/ko/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: ko\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: firstname
#, no-c-format
msgid "Florian"
msgstr ""
#. Tag: surname
#, no-c-format
msgid "Weimer"
msgstr ""
#. Tag: orgname
#, no-c-format
msgid "Red Hat"
msgstr ""
#. Tag: orgdiv
#, no-c-format
msgid "Product Security Team"
msgstr ""

35
defensive-coding/.tx/defensive-coding-guide.Author_Group/ru-RU_translation Normal file
View file

@ -0,0 +1,35 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-12 04:18+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Russian <trans-ru@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: ru\n"
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
#. Tag: firstname
#, no-c-format
msgid "Florian"
msgstr ""
#. Tag: surname
#, no-c-format
msgid "Weimer"
msgstr ""
#. Tag: orgname
#, no-c-format
msgid "Red Hat"
msgstr ""
#. Tag: orgdiv
#, no-c-format
msgid "Product Security Team"
msgstr ""

35
defensive-coding/.tx/defensive-coding-guide.Author_Group/sl-SI_translation Normal file
View file

@ -0,0 +1,35 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-12 04:18+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Slovenian (http://www.transifex.com/projects/p/fedora/language/sl/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: sl\n"
"Plural-Forms: nplurals=4; plural=(n%100==1 ? 0 : n%100==2 ? 1 : n%100==3 || n%100==4 ? 2 : 3);\n"
#. Tag: firstname
#, no-c-format
msgid "Florian"
msgstr ""
#. Tag: surname
#, no-c-format
msgid "Weimer"
msgstr ""
#. Tag: orgname
#, no-c-format
msgid "Red Hat"
msgstr ""
#. Tag: orgdiv
#, no-c-format
msgid "Product Security Team"
msgstr ""

38
defensive-coding/.tx/defensive-coding-guide.Book_Info/el-GR_translation Normal file
View file

@ -0,0 +1,38 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-12 04:19+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Greek <trans-el@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: el\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
#. Tag: title
#, no-c-format
msgid "Defensive Coding"
msgstr ""
#. Tag: subtitle
#, no-c-format
msgid "A Guide to Improving Software Security"
msgstr ""
#. Tag: productname
#, no-c-format
msgid "Fedora Security Team"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"This document provides guidelines for improving software security through "
"secure coding. It covers common programming languages and libraries, and "
"focuses on concrete recommendations."
msgstr ""

38
defensive-coding/.tx/defensive-coding-guide.Book_Info/en_US_translation Normal file
View file

@ -0,0 +1,38 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-12 04:19+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: None\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: en_US\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
#. Tag: title
#, no-c-format
msgid "Defensive Coding"
msgstr "Defensive Coding"
#. Tag: subtitle
#, no-c-format
msgid "A Guide to Improving Software Security"
msgstr "A Guide to Improving Software Security"
#. Tag: productname
#, no-c-format
msgid "Fedora Security Team"
msgstr "Fedora Security Team"
#. Tag: para
#, no-c-format
msgid ""
"This document provides guidelines for improving software security through "
"secure coding. It covers common programming languages and libraries, and "
"focuses on concrete recommendations."
msgstr "This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations."

38
defensive-coding/.tx/defensive-coding-guide.Book_Info/fi-FI_translation Normal file
View file

@ -0,0 +1,38 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-12 04:19+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Finnish (http://www.transifex.com/projects/p/fedora/language/fi/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: fi\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
#. Tag: title
#, no-c-format
msgid "Defensive Coding"
msgstr ""
#. Tag: subtitle
#, no-c-format
msgid "A Guide to Improving Software Security"
msgstr ""
#. Tag: productname
#, no-c-format
msgid "Fedora Security Team"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"This document provides guidelines for improving software security through "
"secure coding. It covers common programming languages and libraries, and "
"focuses on concrete recommendations."
msgstr ""

39
defensive-coding/.tx/defensive-coding-guide.Book_Info/fr-FR_translation Normal file
View file

@ -0,0 +1,39 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
# Jérôme Fenal <jfenal@gmail.com>, 2013.
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-16 14:20+0000\n"
"Last-Translator: Jérôme Fenal <jfenal@gmail.com>\n"
"Language-Team: French <trans-fr@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: fr\n"
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
#. Tag: title
#, no-c-format
msgid "Defensive Coding"
msgstr "Développement défensif"
#. Tag: subtitle
#, no-c-format
msgid "A Guide to Improving Software Security"
msgstr "Un guide visant à améliorer la sécurité des logiciels"
#. Tag: productname
#, no-c-format
msgid "Fedora Security Team"
msgstr "Équipe Sécurité Fedora"
#. Tag: para
#, no-c-format
msgid ""
"This document provides guidelines for improving software security through "
"secure coding. It covers common programming languages and libraries, and "
"focuses on concrete recommendations."
msgstr "Ce document fournit des conseils visant à améliorer la sécurité des logiciels par un développement prenant en compte la sécurité. Cela couvre les langages et bibliothèques les plus courants, et se concentre sur des recommandations concrètes."

38
defensive-coding/.tx/defensive-coding-guide.Book_Info/gl-ES_translation Normal file
View file

@ -0,0 +1,38 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-12 04:19+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Galician (http://www.transifex.com/projects/p/fedora/language/gl/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: gl\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
#. Tag: title
#, no-c-format
msgid "Defensive Coding"
msgstr ""
#. Tag: subtitle
#, no-c-format
msgid "A Guide to Improving Software Security"
msgstr ""
#. Tag: productname
#, no-c-format
msgid "Fedora Security Team"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"This document provides guidelines for improving software security through "
"secure coding. It covers common programming languages and libraries, and "
"focuses on concrete recommendations."
msgstr ""

38
defensive-coding/.tx/defensive-coding-guide.Book_Info/id-ID_translation Normal file
View file

@ -0,0 +1,38 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-12 04:19+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Indonesian <trans-id@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: id\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: title
#, no-c-format
msgid "Defensive Coding"
msgstr ""
#. Tag: subtitle
#, no-c-format
msgid "A Guide to Improving Software Security"
msgstr ""
#. Tag: productname
#, no-c-format
msgid "Fedora Security Team"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"This document provides guidelines for improving software security through "
"secure coding. It covers common programming languages and libraries, and "
"focuses on concrete recommendations."
msgstr ""

38
defensive-coding/.tx/defensive-coding-guide.Book_Info/it-IT_translation Normal file
View file

@ -0,0 +1,38 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-12 04:19+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Italian <trans-it@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: it\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
#. Tag: title
#, no-c-format
msgid "Defensive Coding"
msgstr ""
#. Tag: subtitle
#, no-c-format
msgid "A Guide to Improving Software Security"
msgstr ""
#. Tag: productname
#, no-c-format
msgid "Fedora Security Team"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"This document provides guidelines for improving software security through "
"secure coding. It covers common programming languages and libraries, and "
"focuses on concrete recommendations."
msgstr ""

38
defensive-coding/.tx/defensive-coding-guide.Book_Info/ko-KR_translation Normal file
View file

@ -0,0 +1,38 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-12 04:19+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Korean (http://www.transifex.com/projects/p/fedora/language/ko/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: ko\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: title
#, no-c-format
msgid "Defensive Coding"
msgstr ""
#. Tag: subtitle
#, no-c-format
msgid "A Guide to Improving Software Security"
msgstr ""
#. Tag: productname
#, no-c-format
msgid "Fedora Security Team"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"This document provides guidelines for improving software security through "
"secure coding. It covers common programming languages and libraries, and "
"focuses on concrete recommendations."
msgstr ""

38
defensive-coding/.tx/defensive-coding-guide.Book_Info/ru-RU_translation Normal file
View file

@ -0,0 +1,38 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-12 04:19+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Russian <trans-ru@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: ru\n"
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
#. Tag: title
#, no-c-format
msgid "Defensive Coding"
msgstr ""
#. Tag: subtitle
#, no-c-format
msgid "A Guide to Improving Software Security"
msgstr ""
#. Tag: productname
#, no-c-format
msgid "Fedora Security Team"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"This document provides guidelines for improving software security through "
"secure coding. It covers common programming languages and libraries, and "
"focuses on concrete recommendations."
msgstr ""

38
defensive-coding/.tx/defensive-coding-guide.Book_Info/sl-SI_translation Normal file
View file

@ -0,0 +1,38 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-12 04:19+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Slovenian (http://www.transifex.com/projects/p/fedora/language/sl/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: sl\n"
"Plural-Forms: nplurals=4; plural=(n%100==1 ? 0 : n%100==2 ? 1 : n%100==3 || n%100==4 ? 2 : 3);\n"
#. Tag: title
#, no-c-format
msgid "Defensive Coding"
msgstr ""
#. Tag: subtitle
#, no-c-format
msgid "A Guide to Improving Software Security"
msgstr ""
#. Tag: productname
#, no-c-format
msgid "Fedora Security Team"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"This document provides guidelines for improving software security through "
"secure coding. It covers common programming languages and libraries, and "
"focuses on concrete recommendations."
msgstr ""

35
defensive-coding/bo/Author_Group.po Normal file
View file

@ -0,0 +1,35 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-12 04:18+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: firstname
#, no-c-format
msgid "Florian"
msgstr ""
#. Tag: surname
#, no-c-format
msgid "Weimer"
msgstr ""
#. Tag: orgname
#, no-c-format
msgid "Red Hat"
msgstr ""
#. Tag: orgdiv
#, no-c-format
msgid "Product Security Team"
msgstr ""

38
defensive-coding/bo/Book_Info.po Normal file
View file

@ -0,0 +1,38 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-12 04:19+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: title
#, no-c-format
msgid "Defensive Coding"
msgstr ""
#. Tag: subtitle
#, no-c-format
msgid "A Guide to Improving Software Security"
msgstr ""
#. Tag: productname
#, no-c-format
msgid "Fedora Security Team"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"This document provides guidelines for improving software security through "
"secure coding. It covers common programming languages and libraries, and "
"focuses on concrete recommendations."
msgstr ""

265
defensive-coding/bo/C/Allocators.po Normal file
View file

@ -0,0 +1,265 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:30+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: title
#, no-c-format
msgid "Memory allocators"
msgstr ""
#. Tag: title
#, no-c-format
msgid "<function>malloc</function> and related functions"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The C library interfaces for memory allocation are provided by "
"<function>malloc</function>, <function>free</function> and "
"<function>realloc</function>, and the <function>calloc</function> function. "
"In addition to these generic functions, there are derived functions such as "
"<function>strdup</function> which perform allocation using "
"<function>malloc</function> internally, but do not return untyped heap "
"memory (which could be used for any object)."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The C compiler knows about these functions and can use their expected "
"behavior for optimizations. For instance, the compiler assumes that an "
"existing pointer (or a pointer derived from an existing pointer by "
"arithmetic) will not point into the memory area returned by "
"<function>malloc</function>."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"If the allocation fails, <function>realloc</function> does not free the old "
"pointer. Therefore, the idiom <literal>ptr = realloc(ptr, size);</literal> "
"is wrong because the memory pointed to by <literal>ptr</literal> leaks in "
"case of an error."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Use-after-free errors"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"After <function>free</function>, the pointer is invalid. Further pointer "
"dereferences are not allowed (and are usually detected by "
"<application>valgrind</application>). Less obvious is that any "
"<emphasis>use</emphasis> of the old pointer value is not allowed, either. In"
" particular, comparisons with any other pointer (or the null pointer) are "
"undefined according to the C standard."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The same rules apply to <function>realloc</function> if the memory area "
"cannot be enlarged in-place. For instance, the compiler may assume that a "
"comparison between the old and new pointer will always return false, so it "
"is impossible to detect movement this way."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Handling memory allocation errors"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Recovering from out-of-memory errors is often difficult or even impossible. "
"In these cases, <function>malloc</function> and other allocation functions "
"return a null pointer. Dereferencing this pointer lead to a crash. Such "
"dereferences can even be exploitable for code execution if the dereference "
"is combined with an array subscript."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"In general, if you cannot check all allocation calls and handle failure, you"
" should abort the program on allocation failure, and not rely on the null "
"pointer dereference to terminate the process. See <xref linkend=\"sect-"
"Defensive_Coding-Tasks-Serialization-Decoders\" /> for related memory "
"allocation concerns."
msgstr ""
#. Tag: title
#, no-c-format
msgid "<function>alloca</function> and other forms of stack-based allocation"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Allocation on the stack is risky because stack overflow checking is "
"implicit. There is a guard page at the end of the memory area reserved for "
"the stack. If the program attempts to read from or write to this guard page,"
" a <literal>SIGSEGV</literal> signal is generated and the program typically "
"terminates."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"This is sufficient for detecting typical stack overflow situations such as "
"unbounded recursion, but it fails when the stack grows in increments larger "
"than the size of the guard page. In this case, it is possible that the stack"
" pointer ends up pointing into a memory area which has been allocated for a "
"different purposes. Such misbehavior can be exploitable."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"A common source for large stack growth are calls to "
"<function>alloca</function> and related functions such as "
"<function>strdupa</function>. These functions should be avoided because of "
"the lack of error checking. (They can be used safely if the allocated size "
"is less than the page size (typically, 4096 bytes), but this case is "
"relatively rare.) Additionally, relying on <function>alloca</function> makes"
" it more difficult to reorgnize the code because it is not allowed to use "
"the pointer after the function calling <function>alloca</function> has "
"returned, even if this function has been inlined into its caller."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Similar concerns apply to <emphasis>variable-length arrays</emphasis> "
"(VLAs), a feature of the C99 standard which started as a GNU extension. For "
"large objects exceeding the page size, there is no error checking, either."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"In both cases, negative or very large sizes can trigger a stack-pointer "
"wraparound, and the stack pointer and end up pointing into caller stack "
"frames, which is fatal and can be exploitable."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"If you want to use <function>alloca</function> or VLAs for performance "
"reasons, consider using a small on-stack array (less than the page size, "
"large enough to fulfill most requests). If the requested size is small "
"enough, use the on-stack array. Otherwise, call <function>malloc</function>."
" When exiting the function, check if <function>malloc</function> had been "
"called, and free the buffer as needed."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Array allocation"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"When allocating arrays, it is important to check for overflows. The "
"<function>calloc</function> function performs such checks."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"If <function>malloc</function> or <function>realloc</function> is used, the "
"size check must be written manually. For instance, to allocate an array of "
"<literal>n</literal> elements of type <literal>T</literal>, check that the "
"requested size is not greater than <literal>n / sizeof(T)</literal>."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Custom memory allocators"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Custom memory allocates come in two forms: replacements for "
"<function>malloc</function>, and completely different interfaces for memory "
"management. Both approaches can reduce the effectiveness of "
"<application>valgrind</application> and similar tools, and the heap "
"corruption detection provided by GNU libc, so they should be avoided."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Memory allocators are difficult to write and contain many performance and "
"security pitfalls."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"When computing array sizes or rounding up allocation requests (to the next "
"allocation granularity, or for alignment purposes), checks for arithmetic "
"overflow are required."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Size computations for array allocations need overflow checking. See <xref "
"linkend=\"sect-Defensive_Coding-C-Allocators-Arrays\" />."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"It can be difficult to beat well-tuned general-purpose allocators. In micro-"
"benchmarks, pool allocators can show huge wins, and size-specific pools can "
"reduce internal fragmentation. But often, utilization of individual pools is"
" poor, and"
msgstr ""
#. Tag: title
#, no-c-format
msgid "Conservative garbage collection"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Garbage collection can be an alternative to explicit memory management using"
" <function>malloc</function> and <function>free</function>. The Boehm-"
"Dehmers-Weiser allocator can be used from C programs, with minimal type "
"annotations. Performance is competitive with <function>malloc</function> on "
"64-bit architectures, especially for multi-threaded programs. The stop-the-"
"world pauses may be problematic for some real-time applications, though."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"However, using a conservative garbage collector may reduce opertunities for "
"code reduce because once one library in a program uses garbage collection, "
"the whole process memory needs to be subject to it, so that no pointers are "
"missed. The Boehm-Dehmers-Weiser collector also reserves certain signals for"
" internal use, so it is not fully transparent to the rest of the program."
msgstr ""

20
defensive-coding/bo/C/C.po Normal file
View file

@ -0,0 +1,20 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:30+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: title
#, no-c-format
msgid "The C Programming Language"
msgstr ""

278
defensive-coding/bo/C/Libc.po Normal file
View file

@ -0,0 +1,278 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:30+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: title
#, no-c-format
msgid "The C standard library"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Parts of the C standard library (and the UNIX and GNU extensions) are "
"difficult to use, so you shoud avoid them."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Please check the applicable documentation before using the recommended "
"replacements. Many of these functions allocate buffers using "
"<function>malloc</function> which your code must deallocate explicitly using"
" <function>free</function>."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Absolutely banned interfaces"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The functions listed below must not be used because they are almost always "
"unsafe. Use the indicated replacements instead."
msgstr ""
#. Tag: para
#, no-c-format
msgid "<function>gets</function> ⟶ <function>fgets</function>"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<function>getwd</function> ⟶ <function>getcwd</function> or "
"<function>get_current_dir_name</function>"
msgstr ""
#. Tag: para
#, no-c-format
msgid "<function>readdir_r</function> ⟶ <function>readdir</function>"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<function>realpath</function> (with a non-NULL second parameter) ⟶ "
"<function>realpath</function> with NULL as the second parameter, or "
"<function>canonicalize_file_name</function>"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The constants listed below must not be used, either. Instead, code must "
"allocate memory dynamically and use interfaces with length checking."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<literal>NAME_MAX</literal> (limit not actually enforced by the kernel)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<literal>PATH_MAX</literal> (limit not actually enforced by the kernel)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<literal>_PC_NAME_MAX</literal> (This limit, returned by the "
"<function>pathconf</function> function, is not enforced by the kernel.)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<literal>_PC_PATH_MAX</literal> (This limit, returned by the "
"<function>pathconf</function> function, is not enforced by the kernel.)"
msgstr ""
#. Tag: para
#, no-c-format
msgid "The following structure members must not be used."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<literal>f_namemax</literal> in <literal>struct statvfs</literal> (limit not"
" actually enforced by the kernel, see <literal>_PC_NAME_MAX</literal> above)"
msgstr ""
#. Tag: title
#, no-c-format
msgid "Functions to avoid"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The following string manipulation functions can be used securely in "
"principle, but their use should be avoided because they are difficult to use"
" correctly. Calls to these functions can be replaced with "
"<function>asprintf</function> or <function>vasprintf</function>. (For non-"
"GNU targets, these functions are available from Gnulib.) In some cases, the "
"<function>snprintf</function> function might be a suitable replacement, see "
"<xref linkend=\"sect-Defensive_Coding-C-String-Functions-Length\" />."
msgstr ""
#. Tag: para
#, no-c-format
msgid "<function>sprintf</function>"
msgstr ""
#. Tag: para
#, no-c-format
msgid "<function>strcat</function>"
msgstr ""
#. Tag: para
#, no-c-format
msgid "<function>strcpy</function>"
msgstr ""
#. Tag: para
#, no-c-format
msgid "<function>vsprintf</function>"
msgstr ""
#. Tag: para
#, no-c-format
msgid "Use the indicated replacements for the functions below."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<function>alloca</function> ⟶ <function>malloc</function> and "
"<function>free</function> (see <xref linkend=\"sect-Defensive_Coding-C"
"-Allocators-alloca\" />)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<function>putenv</function> ⟶ explicit <varname>envp</varname> argument in "
"process creation (see <xref linkend=\"sect-Defensive_Coding-Tasks-Processes-"
"environ\" />)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<function>setenv</function> ⟶ explicit <varname>envp</varname> argument in "
"process creation (see <xref linkend=\"sect-Defensive_Coding-Tasks-Processes-"
"environ\" />)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<function>strdupa</function> ⟶ <function>strdup</function> and "
"<function>free</function> (see <xref linkend=\"sect-Defensive_Coding-C"
"-Allocators-alloca\" />)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<function>strndupa</function> ⟶ <function>strndup</function> and "
"<function>free</function> (see <xref linkend=\"sect-Defensive_Coding-C"
"-Allocators-alloca\" />)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<function>system</function> ⟶ <function>posix_spawn</function> or "
"<function>fork</function>/<function>execve</function>/ (see <xref linkend"
"=\"sect-Defensive_Coding-Tasks-Processes-execve\" />)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<function>unsetenv</function> ⟶ explicit <varname>envp</varname> argument in"
" process creation (see <xref linkend=\"sect-Defensive_Coding-Tasks-"
"Processes-environ\" />)"
msgstr ""
#. Tag: title
#, no-c-format
msgid "String Functions With Explicit Length Arguments"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The <function>snprintf</function> function provides a way to construct a "
"string in a statically-sized buffer. (If the buffer size is dynamic, use "
"<function>asprintf</function> instead.)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The second argument to the <function>snprintf</function> should always be "
"the size of the buffer in the first argument (which should be a character "
"array). Complex pointer and length arithmetic can introduce errors and "
"nullify the security benefits of <function>snprintf</function>. If you need "
"to construct a string iteratively, by repeatedly appending fragments, "
"consider constructing the string on the heap, increasing the buffer with "
"<function>realloc</function> as needed. (<function>snprintf</function> does "
"not support overlapping the result buffer with argument strings.)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"If you use <function>vsnprintf</function> (or <function>snprintf</function>)"
" with a format string which is not a constant, but a function argument, it "
"is important to annotate the function with a <literal>format</literal> "
"function attribute, so that GCC can warn about misuse of your function (see "
"<xref linkend=\"ex-Defensive_Coding-C-String-Functions-format-Attribute\" "
"/>)."
msgstr ""
#. Tag: title
#, no-c-format
msgid "The <literal>format</literal> function attribute"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"There are other functions which operator on NUL-terminated strings and take "
"a length argument which affects the number of bytes written to the "
"destination: <function>strncpy</function>, <function>strncat</function>, and"
" <function>stpncpy</function>. These functions do not ensure that the result"
" string is NUL-terminated. For <function>strncpy</function>, NUL termination"
" can be added this way:"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Some systems support <function>strlcpy</function> and "
"<function>strlcat</function> functions which behave this way, but these "
"functions are not part of GNU libc. Using <function>snprintf</function> with"
" a suitable format string is a simple (albeit slightly slower) replacement."
msgstr ""

36
defensive-coding/bo/C/snippets/Arithmetic-add.po Normal file
View file

@ -0,0 +1,36 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:30+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"void report_overflow(void);\n"
"\n"
"int\n"
"add(int a, int b)\n"
"{\n"
" int result = a + b;\n"
" if (a &lt; 0 || b &lt; 0) {\n"
" return -1;\n"
" }\n"
" // The compiler can optimize away the following if statement.\n"
" if (result &lt; 0) {\n"
" report_overflow();\n"
" }\n"
" return result;\n"
"}\n"
msgstr ""

29
defensive-coding/bo/C/snippets/Arithmetic-mult.po Normal file
View file

@ -0,0 +1,29 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:30+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"unsigned\n"
"mul(unsigned a, unsigned b)\n"
"{\n"
" if (b &amp;&amp; a &gt; ((unsigned)-1) / b) {\n"
" report_overflow();\n"
" }\n"
" return a * b;\n"
"}\n"
msgstr ""

64
defensive-coding/bo/C/snippets/Pointers-remaining.po Normal file
View file

@ -0,0 +1,64 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:30+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"ssize_t\n"
"extract_strings(const char *in, size_t inlen, char **out, size_t outlen)\n"
"{\n"
" const char *inp = in;\n"
" const char *inend = in + inlen;\n"
" char **outp = out;\n"
" char **outend = out + outlen;\n"
"\n"
" while (inp != inend) {\n"
" size_t len;\n"
" char *s;\n"
" if (outp == outend) {\n"
" errno = ENOSPC;\n"
" goto err;\n"
" }\n"
" len = (unsigned char)*inp;\n"
" ++inp;\n"
" if (len &gt; (size_t)(inend - inp)) {\n"
" errno = EINVAL;\n"
" goto err;\n"
" }\n"
" s = malloc(len + 1);\n"
" if (s == NULL) {\n"
" goto err;\n"
" }\n"
" memcpy(s, inp, len);\n"
" inp += len;\n"
" s[len] = '\\0';\n"
" *outp = s;\n"
" ++outp;\n"
" }\n"
" return outp - out;\n"
"err:\n"
" {\n"
" int errno_old = errno;\n"
" while (out != outp) {\n"
" free(*out);\n"
" ++out;\n"
" }\n"
" errno = errno_old;\n"
" }\n"
" return -1;\n"
"}\n"
msgstr ""

33
defensive-coding/bo/C/snippets/String-Functions-format.po Normal file
View file

@ -0,0 +1,33 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:30+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"void log_format(const char *format, ...) __attribute__((format(printf, 1, 2)));\n"
"\n"
"void\n"
"log_format(const char *format, ...)\n"
"{\n"
" char buf[1000];\n"
" va_list ap;\n"
" va_start(ap, format);\n"
" vsnprintf(buf, sizeof(buf), format, ap);\n"
" va_end(ap);\n"
" log_string(buf);\n"
"}\n"
msgstr ""

23
defensive-coding/bo/C/snippets/String-Functions-snprintf.po Normal file
View file

@ -0,0 +1,23 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:30+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"char fraction[30];\n"
"snprintf(fraction, sizeof(fraction), \"%d/%d\", numerator, denominator);\n"
msgstr ""

24
defensive-coding/bo/C/snippets/String-Functions-strncpy.po Normal file
View file

@ -0,0 +1,24 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:30+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"char buf[10];\n"
"strncpy(buf, data, sizeof(buf));\n"
"buf[sizeof(buf) - 1] = '\\0';\n"
msgstr ""

20
defensive-coding/bo/CXX/CXX.po Normal file
View file

@ -0,0 +1,20 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:31+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: title
#, no-c-format
msgid "The C++ Programming Language"
msgstr ""

234
defensive-coding/bo/CXX/Language.po Normal file
View file

@ -0,0 +1,234 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:18+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: title
#, no-c-format
msgid "The core language"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"C++ includes a large subset of the C language. As far as the C subset is "
"used, the recommendations in <xref linkend=\"chap-Defensive_Coding-C\" /> "
"apply."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Array allocation with <literal>operator new[]</literal>"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"For very large values of <literal>n</literal>, an expression like "
"<literal>new T[n]</literal> can return a pointer to a heap region which is "
"too small. In other words, not all array elements are actually backed with "
"heap memory reserved to the array. Current GCC versions generate code that "
"performs a computation of the form <literal>sizeof(T) * size_t(n) + "
"cookie_size</literal>, where <literal>cookie_size</literal> is currently at "
"most 8. This computation can overflow, and GCC-generated code does not "
"detect this."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The <literal>std::vector</literal> template can be used instead an explicit "
"array allocation. (The GCC implementation detects overflow internally.)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"If there is no alternative to <literal>operator new[]</literal>, code which "
"allocates arrays with a variable length must check for overflow manually. "
"For the <literal>new T[n]</literal> example, the size check could be "
"<literal>n || (n &gt; 0 &amp;&amp; n &gt; (size_t(-1) - 8) / "
"sizeof(T))</literal>. (See <xref linkend=\"sect-"
"Defensive_Coding-C-Arithmetic\" />.) If there are additional dimensions "
"(which must be constants according to the C++ standard), these should be "
"included as factors in the divisor."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"These countermeasures prevent out-of-bounds writes and potential code "
"execution. Very large memory allocations can still lead to a denial of "
"service. <xref linkend=\"sect-Defensive_Coding-Tasks-Serialization-"
"Decoders\" /> contains suggestions for mitigating this problem when "
"processing untrusted data."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"See <xref linkend=\"sect-Defensive_Coding-C-Allocators-Arrays\" /> for array"
" allocation advice for C-style memory allocation."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Overloading"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Do not overload functions with versions that have different security "
"characteristics. For instance, do not implement a function "
"<function>strcat</function> which works on <type>std::string</type> "
"arguments. Similarly, do not name methods after such functions."
msgstr ""
#. Tag: title
#, no-c-format
msgid "ABI compatibility and preparing for security updates"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"A stable binary interface (ABI) is vastly preferred for security updates. "
"Without a stable ABI, all reverse dependencies need recompiling, which can "
"be a lot of work and could even be impossible in some cases. Ideally, a "
"security update only updates a single dynamic shared object, and is picked "
"up automatically after restarting affected processes."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Outside of extremely performance-critical code, you should ensure that a "
"wide range of changes is possible without breaking ABI. Some very basic "
"guidelines are:"
msgstr ""
#. Tag: para
#, no-c-format
msgid "Avoid inline functions."
msgstr ""
#. Tag: para
#, no-c-format
msgid "Use the pointer-to-implementation idiom."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Try to avoid templates. Use them if the increased type safety provides a "
"benefit to the programmer."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Move security-critical code out of templated code, so that it can be patched"
" in a central place if necessary."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The KDE project publishes a document with more extensive guidelines on ABI-"
"preserving changes to C++ code, <ulink "
"url=\"http://techbase.kde.org/Policies/Binary_Compatibility_Issues_With_C++\">Policies/Binary"
" Compatibility Issues With C++</ulink> (<emphasis>d-pointer</emphasis> "
"refers to the pointer-to-implementation idiom)."
msgstr ""
#. Tag: title
#, no-c-format
msgid "C++0X and C++11 support"
msgstr ""
#. Tag: para
#, no-c-format
msgid "GCC offers different language compatibility modes:"
msgstr ""
#. Tag: para
#, no-c-format
msgid "<option>-std=c++98</option> for the original 1998 C++ standard"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<option>-std=c++03</option> for the 1998 standard with the changes from the "
"TR1 technical report"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<option>-std=c++11</option> for the 2011 C++ standard. This option should "
"not be used."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<option>-std=c++0x</option> for several different versions of C++11 support "
"in development, depending on the GCC version. This option should not be "
"used."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"For each of these flags, there are variants which also enable GNU extensions"
" (mostly language features also found in C99 or C11): "
"<option>-std=gnu++98</option>, <option>-std=gnu++03</option>, "
"<option>-std=gnu++11</option>. Again, <option>-std=gnu++11</option> should "
"not be used."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"If you enable C++11 support, the ABI of the standard C++ library "
"<literal>libstdc++</literal> will change in subtle ways. Currently, no C++ "
"libraries are compiled in C++11 mode, so if you compile your code in C++11 "
"mode, it will be incompatible with the rest of the system. Unfortunately, "
"this is also the case if you do not use any C++11 features. Currently, there"
" is no safe way to enable C++11 mode (except for freestanding applications)."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The meaning of C++0X mode changed from GCC release to GCC release. Earlier "
"versions were still ABI-compatible with C++98 mode, but in the most recent "
"versions, switching to C++0X mode activates C++11 support, with its "
"compatibility problems."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Some C++11 features (or approximations thereof) are available with TR1 "
"support, that is, with <option>-std=c++03</option> or "
"<option>-std=gnu++03</option> and in the <literal>&lt;tr1/*&gt;</literal> "
"header files. This includes <literal>std::tr1::shared_ptr</literal> (from "
"<literal>&lt;tr1/memory&gt;</literal>) and "
"<literal>std::tr1::function</literal> (from "
"<literal>&lt;tr1/functional&gt;</literal>). For other C++11 features, the "
"Boost C++ library contains replacements."
msgstr ""

55
defensive-coding/bo/CXX/Std.po Normal file
View file

@ -0,0 +1,55 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:30+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: title
#, no-c-format
msgid "The C++ standard library"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The C++ standard library includes most of its C counterpart by reference, "
"see <xref linkend=\"sect-Defensive_Coding-C-Libc\" />."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Containers and <literal>operator[]</literal>"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Many containers similar to <literal>std::vector</literal> provide both "
"<literal>operator[](size_type)</literal> and a member function "
"<literal>at(size_type)</literal>. This applies to "
"<literal>std::vector</literal> itself, <literal>std::array</literal>, "
"<literal>std::string</literal> and other instances of "
"<literal>std::basic_string</literal>."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<literal>operator[](size_type)</literal> is not required by the standard to "
"perform bounds checking (and the implementation in GCC does not). In "
"contrast, <literal>at(size_type)</literal> must perform such a check. "
"Therefore, in code which is not performance-critical, you should prefer "
"<literal>at(size_type)</literal> over "
"<literal>operator[](size_type)</literal>, even though it is slightly more "
"verbose."
msgstr ""

30
defensive-coding/bo/Defensive_Coding.po Normal file
View file

@ -0,0 +1,30 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:18+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: title
#, no-c-format
msgid "Programming Languages"
msgstr ""
#. Tag: title
#, no-c-format
msgid "Specific Programming Tasks"
msgstr ""
#. Tag: title
#, no-c-format
msgid "Implementing Security Features"
msgstr ""

231
defensive-coding/bo/Features/Authentication.po Normal file
View file

@ -0,0 +1,231 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:31+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: title
#, no-c-format
msgid "Authentication and Authorization"
msgstr ""
#. Tag: title
#, no-c-format
msgid "Authenticating servers"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"When connecting to a server, a client has to make sure that it is actually "
"talking to the server it expects. There are two different aspects, securing "
"the network path, and making sure that the expected user runs the process on"
" the target host. There are several ways to ensure that:"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The server uses a TLS certificate which is valid according to the web "
"browser public key infrastructure, and the client verifies the certificate "
"and the host name."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The server uses a TLS certificate which is expectedby the client (perhaps it"
" is stored in a configuration file read by the client). In this case, no "
"host name checking is required."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"On Linux, UNIX domain sockets (of the <literal>PF_UNIX</literal> protocol "
"family, sometimes called <literal>PF_LOCAL</literal>) are restricted by file"
" system permissions. If the server socket path is not world-writable, the "
"server identity cannot be spoofed by local users."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Port numbers less than 1024 (<emphasis>trusted ports</emphasis>) can only be"
" used by <literal>root</literal>, so if a UDP or TCP server is running on "
"the local host and it uses a trusted port, its identity is assured. (Not all"
" operating systems enforce the trusted ports concept, and the network might "
"not be trusted, so it is only useful on the local system.)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"TLS (<xref linkend=\"chap-Defensive_Coding-TLS\" />) is the recommended way "
"for securing connections over untrusted networks."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"If the server port number is 1024 is higher, a local user can impersonate "
"the process by binding to this socket, perhaps after crashing the real "
"server by exploiting a denial-of-service vulnerability."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Host-based authentication"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Host-based authentication uses access control lists (ACLs) to accept or deny"
" requests from clients. Thsis authentication method comes in two flavors: "
"IP-based (or, more generally, address-based) and name-based (with the name "
"coming from DNS or <filename>/etc/hosts</filename>). IP-based ACLs often use"
" prefix notation to extend access to entire subnets. Name-based ACLs "
"sometimes use wildcards for adding groups of hosts (from entire DNS "
"subtrees). (In the SSH context, host-based authentication means something "
"completely different and is not covered in this section.)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Host-based authentication trust the network and may not offer sufficient "
"granularity, so it has to be considered a weak form of authentication. On "
"the other hand, IP-based authentication can be made extremely robust and can"
" be applied very early in input processing, so it offers an opportunity for "
"significantly reducing the number of potential attackers for many services."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The names returned by <function>gethostbyaddr</function> and "
"<function>getnameinfo</function> functions cannot be trusted. (DNS PTR "
"records can be set to arbitrary values, not just names belong to the address"
" owner.) If these names are used for ACL matching, a forward lookup using "
"<function>gethostbyaddr</function> or <function>getaddrinfo</function> has "
"to be performed. The name is only valid if the original address is found "
"among the results of the forward lookup (<emphasis>double-reverse "
"lookup</emphasis>)."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"An empty ACL should deny all access (deny-by-default). If empty ACLs permits"
" all access, configuring any access list must switch to deny-by-default for "
"all unconfigured protocols, in both name-based and address-based variants."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Similarly, if an address or name is not matched by the list, it should be "
"denied. However, many implementations behave differently, so the actual "
"behavior must be documented properly."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"IPv6 addresses can embed IPv4 addresses. There is no universally correct way"
" to deal with this ambiguity. The behavior of the ACL implementation should "
"be documented."
msgstr ""
#. Tag: title
#, no-c-format
msgid "UNIX domain socket authentication"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"UNIX domain sockets (with address family <literal>AF_UNIX</literal> or "
"<literal>AF_LOCAL</literal>) are restricted to the local host and offer a "
"special authentication mechanism: credentials passing."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Nowadays, most systems support the <literal>SO_PEERCRED</literal> (Linux) or"
" <literal>LOCAL_PEERCRED</literal> (FreeBSD) socket options, or the "
"<function>getpeereid</function> (other BSDs, MacOS X). These interfaces "
"provide direct access to the (effective) user ID on the other end of a "
"domain socket connect, without cooperation from the other end."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Historically, credentials passing was implemented using ancillary data in "
"the <function>sendmsg</function> and <function>recvmsg</function> functions."
" On some systems, only credentials data that the peer has explicitly sent "
"can be received, and the kernel checks the data for correctness on the "
"sending side. This means that both peers need to deal with ancillary data. "
"Compared to that, the modern interfaces are easier to use. Both sets of "
"interfaces vary considerably among UNIX-like systems, unfortunately."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"If you want to authenticate based on supplementary groups, you should obtain"
" the user ID using one of these methods, and look up the list of "
"supplementary groups using <function>getpwuid</function> (or "
"<function>getpwuid_r</function>) and <function>getgrouplist</function>. "
"Using the PID and information from <filename>/proc/PID/status</filename> is "
"prone to race conditions and insecure."
msgstr ""
#. Tag: title
#, no-c-format
msgid "<literal>AF_NETLINK</literal> authentication of origin"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Netlink messages are used as a high-performance data transfer mechanism "
"between the kernel and the userspace. Traditionally, they are used to "
"exchange information related to the network statck, such as routing table "
"entries."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"When processing Netlink messages from the kernel, it is important to check "
"that these messages actually originate from the kernel, by checking that the"
" port ID (or PID) field <literal>nl_pid</literal> in the "
"<literal>sockaddr_nl</literal> structure is <literal>0</literal>. (This "
"structure can be obtained using <function>recvfrom</function> or "
"<function>recvmsg</function>, it is different from the "
"<literal>nlmsghdr</literal> structure.) The kernel does not prevent other "
"processes from sending unicast Netlink messages, but the "
"<literal>nl_pid</literal> field in the sender's socket address will be non-"
"zero in such cases."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Applications should not use <literal>AF_NETLINK</literal> sockets as an IPC "
"mechanism among processes, but prefer UNIX domain sockets for this tasks."
msgstr ""

1120
defensive-coding/bo/Features/TLS.po Normal file
View file

File diff suppressed because it is too large Load diff

71
defensive-coding/bo/Features/snippets/TLS-Client-GNUTLS-Connect.po Normal file
View file

@ -0,0 +1,71 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:33+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"// Create the session object.\n"
"gnutls_session_t session;\n"
"ret = gnutls_init(&amp;session, GNUTLS_CLIENT);\n"
"if (ret != GNUTLS_E_SUCCESS) {\n"
" fprintf(stderr, \"error: gnutls_init: %s\n"
"\",\n"
"\t gnutls_strerror(ret));\n"
" exit(1);\n"
"}\n"
"\n"
"// Configure the cipher preferences.\n"
"const char *errptr = NULL;\n"
"ret = gnutls_priority_set_direct(session, \"NORMAL\", &amp;errptr);\n"
"if (ret != GNUTLS_E_SUCCESS) {\n"
" fprintf(stderr, \"error: gnutls_priority_set_direct: %s\n"
"\"\n"
"\t \"error: at: \\\"%s\\\"\n"
"\", gnutls_strerror(ret), errptr);\n"
" exit(1);\n"
"}\n"
"\n"
"// Install the trusted certificates.\n"
"ret = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cred);\n"
"if (ret != GNUTLS_E_SUCCESS) {\n"
" fprintf(stderr, \"error: gnutls_credentials_set: %s\n"
"\",\n"
"\t gnutls_strerror(ret));\n"
" exit(1);\n"
"}\n"
"\n"
"// Associate the socket with the session object and set the server\n"
"// name.\n"
"gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t)(uintptr_t)sockfd);\n"
"ret = gnutls_server_name_set(session, GNUTLS_NAME_DNS,\n"
"\t\t\t host, strlen(host));\n"
"if (ret != GNUTLS_E_SUCCESS) {\n"
" fprintf(stderr, \"error: gnutls_server_name_set: %s\n"
"\",\n"
"\t gnutls_strerror(ret));\n"
" exit(1);\n"
"}\n"
"\n"
"// Establish the session.\n"
"ret = gnutls_handshake(session);\n"
"if (ret != GNUTLS_E_SUCCESS) {\n"
" fprintf(stderr, \"error: gnutls_handshake: %s\n"
"\",\n"
"\t gnutls_strerror(ret));\n"
" exit(1);\n"
"}\n"
msgstr ""

47
defensive-coding/bo/Features/snippets/TLS-Client-GNUTLS-Credentials.po Normal file
View file

@ -0,0 +1,47 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:33+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"// Load the trusted CA certificates.\n"
"gnutls_certificate_credentials_t cred = NULL;\n"
"int ret = gnutls_certificate_allocate_credentials (&amp;cred);\n"
"if (ret != GNUTLS_E_SUCCESS) {\n"
" fprintf(stderr, \"error: gnutls_certificate_allocate_credentials: %s\n"
"\",\n"
"\t gnutls_strerror(ret));\n"
" exit(1);\n"
"}\n"
"// gnutls_certificate_set_x509_system_trust needs GNUTLS version 3.0\n"
"// or newer, so we hard-code the path to the certificate store\n"
"// instead.\n"
"static const char ca_bundle[] = \"/etc/ssl/certs/ca-bundle.crt\";\n"
"ret = gnutls_certificate_set_x509_trust_file\n"
" (cred, ca_bundle, GNUTLS_X509_FMT_PEM);\n"
"if (ret == 0) {\n"
" fprintf(stderr, \"error: no certificates found in: %s\n"
"\", ca_bundle);\n"
" exit(1);\n"
"}\n"
"if (ret &lt; 0) {\n"
" fprintf(stderr, \"error: gnutls_certificate_set_x509_trust_files(%s): %s\n"
"\",\n"
"\t ca_bundle, gnutls_strerror(ret));\n"
" exit(1);\n"
"}\n"
msgstr ""

48
defensive-coding/bo/Features/snippets/TLS-Client-GNUTLS-Match.po Normal file
View file

@ -0,0 +1,48 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:32+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"// Match the peer certificate against the host name.\n"
"// We can only obtain a set of DER-encoded certificates from the\n"
"// session object, so we have to re-parse the peer certificate into\n"
"// a certificate object.\n"
"gnutls_x509_crt_t cert;\n"
"ret = gnutls_x509_crt_init(&amp;cert);\n"
"if (ret != GNUTLS_E_SUCCESS) {\n"
" fprintf(stderr, \"error: gnutls_x509_crt_init: %s\n"
"\",\n"
"\t gnutls_strerror(ret));\n"
" exit(1);\n"
"}\n"
"// The peer certificate is the first certificate in the list.\n"
"ret = gnutls_x509_crt_import(cert, certs, GNUTLS_X509_FMT_DER);\n"
"if (ret != GNUTLS_E_SUCCESS) {\n"
" fprintf(stderr, \"error: gnutls_x509_crt_import: %s\n"
"\",\n"
"\t gnutls_strerror(ret));\n"
" exit(1);\n"
"}\n"
"ret = gnutls_x509_crt_check_hostname(cert, host);\n"
"if (ret == 0 &amp;&amp; !certificate_host_name_override(certs[0], host)) {\n"
" fprintf(stderr, \"error: host name does not match certificate\n"
"\");\n"
" exit(1);\n"
"}\n"
"gnutls_x509_crt_deinit(cert);\n"
msgstr ""

61
defensive-coding/bo/Features/snippets/TLS-Client-GNUTLS-Verify.po Normal file
View file

@ -0,0 +1,61 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:33+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"// Obtain the server certificate chain. The server certificate\n"
"// itself is stored in the first element of the array.\n"
"unsigned certslen = 0;\n"
"const gnutls_datum_t *const certs =\n"
" gnutls_certificate_get_peers(session, &amp;certslen);\n"
"if (certs == NULL || certslen == 0) {\n"
" fprintf(stderr, \"error: could not obtain peer certificate\n"
"\");\n"
" exit(1);\n"
"}\n"
"\n"
"// Validate the certificate chain.\n"
"unsigned status = (unsigned)-1;\n"
"ret = gnutls_certificate_verify_peers2(session, &amp;status);\n"
"if (ret != GNUTLS_E_SUCCESS) {\n"
" fprintf(stderr, \"error: gnutls_certificate_verify_peers2: %s\n"
"\",\n"
"\t gnutls_strerror(ret));\n"
" exit(1);\n"
"}\n"
"if (status != 0 &amp;&amp; !certificate_validity_override(certs[0])) {\n"
" gnutls_datum_t msg;\n"
"#if GNUTLS_VERSION_AT_LEAST_3_1_4\n"
" int type = gnutls_certificate_type_get (session);\n"
" ret = gnutls_certificate_verification_status_print(status, type, &amp;out, 0);\n"
"#else\n"
" ret = -1;\n"
"#endif\n"
" if (ret == 0) {\n"
" fprintf(stderr, \"error: %s\n"
"\", msg.data);\n"
" gnutls_free(msg.data);\n"
" exit(1);\n"
" } else {\n"
" fprintf(stderr, \"error: certificate validation failed with code 0x%x\n"
"\",\n"
"\t status);\n"
" exit(1);\n"
" }\n"
"}\n"
msgstr ""

31
defensive-coding/bo/Features/snippets/TLS-Client-NSS-Close.po Normal file
View file

@ -0,0 +1,31 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:32+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"// Send close_notify alert.\n"
"if (PR_Shutdown(nspr, PR_SHUTDOWN_BOTH) != PR_SUCCESS) {\n"
" const PRErrorCode err = PR_GetError();\n"
" fprintf(stderr, \"error: PR_Read error %d: %s\n"
"\",\n"
"\t err, PR_ErrorToName(err));\n"
" exit(1);\n"
"}\n"
"// Closes the underlying POSIX file descriptor, too.\n"
"PR_Close(nspr);\n"
msgstr ""

132
defensive-coding/bo/Features/snippets/TLS-Client-NSS-Connect.po Normal file
View file

@ -0,0 +1,132 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:33+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"// Wrap the POSIX file descriptor. This is an internal NSPR\n"
"// function, but it is very unlikely to change.\n"
"PRFileDesc* nspr = PR_ImportTCPSocket(sockfd);\n"
"sockfd = -1; // Has been taken over by NSPR.\n"
"\n"
"// Add the SSL layer.\n"
"{\n"
" PRFileDesc *model = PR_NewTCPSocket();\n"
" PRFileDesc *newfd = SSL_ImportFD(NULL, model);\n"
" if (newfd == NULL) {\n"
" const PRErrorCode err = PR_GetError();\n"
" fprintf(stderr, \"error: NSPR error code %d: %s\n"
"\",\n"
"\t err, PR_ErrorToName(err));\n"
" exit(1);\n"
" }\n"
" model = newfd;\n"
" newfd = NULL;\n"
" if (SSL_OptionSet(model, SSL_ENABLE_SSL2, PR_FALSE) != SECSuccess) {\n"
" const PRErrorCode err = PR_GetError();\n"
" fprintf(stderr, \"error: set SSL_ENABLE_SSL2 error %d: %s\n"
"\",\n"
"\t err, PR_ErrorToName(err));\n"
" exit(1);\n"
" }\n"
" if (SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, PR_FALSE) != SECSuccess) {\n"
" const PRErrorCode err = PR_GetError();\n"
" fprintf(stderr, \"error: set SSL_V2_COMPATIBLE_HELLO error %d: %s\n"
"\",\n"
"\t err, PR_ErrorToName(err));\n"
" exit(1);\n"
" }\n"
" if (SSL_OptionSet(model, SSL_ENABLE_DEFLATE, PR_FALSE) != SECSuccess) {\n"
" const PRErrorCode err = PR_GetError();\n"
" fprintf(stderr, \"error: set SSL_ENABLE_DEFLATE error %d: %s\n"
"\",\n"
"\t err, PR_ErrorToName(err));\n"
" exit(1);\n"
" }\n"
"\n"
" // Disable all ciphers (except RC4-based ciphers, for backwards\n"
" // compatibility).\n"
" const PRUint16 *const ciphers = SSL_GetImplementedCiphers();\n"
" for (unsigned i = 0; i &lt; SSL_GetNumImplementedCiphers(); i++) {\n"
" if (ciphers[i] != SSL_RSA_WITH_RC4_128_SHA\n"
"\t &amp;&amp; ciphers[i] != SSL_RSA_WITH_RC4_128_MD5) {\n"
"\tif (SSL_CipherPrefSet(model, ciphers[i], PR_FALSE) != SECSuccess) {\n"
"\t const PRErrorCode err = PR_GetError();\n"
"\t fprintf(stderr, \"error: disable cipher %u: error %d: %s\n"
"\",\n"
"\t\t (unsigned)ciphers[i], err, PR_ErrorToName(err));\n"
"\t exit(1);\n"
"\t}\n"
" }\n"
" }\n"
"\n"
" // Enable the strong ciphers.\n"
" for (const PRUint16 *p = good_ciphers; *p != SSL_NULL_WITH_NULL_NULL;\n"
"\t ++p) {\n"
" if (SSL_CipherPrefSet(model, *p, PR_TRUE) != SECSuccess) {\n"
"\tconst PRErrorCode err = PR_GetError();\n"
"\tfprintf(stderr, \"error: enable cipher %u: error %d: %s\n"
"\",\n"
"\t\t(unsigned)*p, err, PR_ErrorToName(err));\n"
"\texit(1);\n"
" }\n"
" }\n"
"\n"
" // Allow overriding invalid certificate.\n"
" if (SSL_BadCertHook(model, bad_certificate, (char *)host) != SECSuccess) {\n"
" const PRErrorCode err = PR_GetError();\n"
" fprintf(stderr, \"error: SSL_BadCertHook error %d: %s\n"
"\",\n"
"\t err, PR_ErrorToName(err));\n"
" exit(1);\n"
" }\n"
"\n"
" newfd = SSL_ImportFD(model, nspr);\n"
" if (newfd == NULL) {\n"
" const PRErrorCode err = PR_GetError();\n"
" fprintf(stderr, \"error: SSL_ImportFD error %d: %s\n"
"\",\n"
"\t err, PR_ErrorToName(err));\n"
" exit(1);\n"
" }\n"
" nspr = newfd;\n"
" PR_Close(model);\n"
"}\n"
"\n"
"// Perform the handshake.\n"
"if (SSL_ResetHandshake(nspr, PR_FALSE) != SECSuccess) {\n"
" const PRErrorCode err = PR_GetError();\n"
" fprintf(stderr, \"error: SSL_ResetHandshake error %d: %s\n"
"\",\n"
"\t err, PR_ErrorToName(err));\n"
" exit(1);\n"
"}\n"
"if (SSL_SetURL(nspr, host) != SECSuccess) {\n"
" const PRErrorCode err = PR_GetError();\n"
" fprintf(stderr, \"error: SSL_SetURL error %d: %s\n"
"\",\n"
"\t err, PR_ErrorToName(err));\n"
" exit(1);\n"
"}\n"
"if (SSL_ForceHandshake(nspr) != SECSuccess) {\n"
" const PRErrorCode err = PR_GetError();\n"
" fprintf(stderr, \"error: SSL_ForceHandshake error %d: %s\n"
"\",\n"
"\t err, PR_ErrorToName(err));\n"
" exit(1);\n"
"}\n"
msgstr ""

41
defensive-coding/bo/Features/snippets/TLS-Client-OpenJDK-Connect.po Normal file
View file

@ -0,0 +1,41 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:32+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"// Create the socket and connect it at the TCP layer.\n"
"SSLSocket socket = (SSLSocket) ctx.getSocketFactory()\n"
" .createSocket(host, port);\n"
"\n"
"// Disable the Nagle algorithm.\n"
"socket.setTcpNoDelay(true);\n"
"\n"
"// Adjust ciphers and protocols.\n"
"socket.setSSLParameters(params);\n"
"\n"
"// Perform the handshake.\n"
"socket.startHandshake();\n"
"\n"
"// Validate the host name. The match() method throws\n"
"// CertificateException on failure.\n"
"X509Certificate peer = (X509Certificate)\n"
" socket.getSession().getPeerCertificates()[0];\n"
"// This is the only way to perform host name checking on OpenJDK 6.\n"
"HostnameChecker.getInstance(HostnameChecker.TYPE_TLS).match(\n"
" host, peer);\n"
msgstr ""

41
defensive-coding/bo/Features/snippets/TLS-Client-OpenJDK-Context.po Normal file
View file

@ -0,0 +1,41 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:32+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"// Create the context. Specify the SunJSSE provider to avoid\n"
"// picking up third-party providers. Try the TLS 1.2 provider\n"
"// first, then fall back to TLS 1.0.\n"
"SSLContext ctx;\n"
"try {\n"
" ctx = SSLContext.getInstance(\"TLSv1.2\", \"SunJSSE\");\n"
"} catch (NoSuchAlgorithmException e) {\n"
" try {\n"
" ctx = SSLContext.getInstance(\"TLSv1\", \"SunJSSE\");\n"
" } catch (NoSuchAlgorithmException e1) {\n"
" // The TLS 1.0 provider should always be available.\n"
" throw new AssertionError(e1);\n"
" } catch (NoSuchProviderException e1) {\n"
" throw new AssertionError(e1);\n"
" } \n"
"} catch (NoSuchProviderException e) {\n"
" // The SunJSSE provider should always be available.\n"
" throw new AssertionError(e);\n"
"}\n"
"ctx.init(null, null, null);\n"
msgstr ""

37
defensive-coding/bo/Features/snippets/TLS-Client-OpenJDK-Context_For_Cert.po Normal file
View file

@ -0,0 +1,37 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:33+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"SSLContext ctx;\n"
"try {\n"
" ctx = SSLContext.getInstance(\"TLSv1.2\", \"SunJSSE\");\n"
"} catch (NoSuchAlgorithmException e) {\n"
" try {\n"
" ctx = SSLContext.getInstance(\"TLSv1\", \"SunJSSE\");\n"
" } catch (NoSuchAlgorithmException e1) {\n"
" throw new AssertionError(e1);\n"
" } catch (NoSuchProviderException e1) {\n"
" throw new AssertionError(e1);\n"
" }\n"
"} catch (NoSuchProviderException e) {\n"
" throw new AssertionError(e);\n"
"}\n"
"MyTrustManager tm = new MyTrustManager(certHash);\n"
"ctx.init(null, new TrustManager[] {tm}, null);\n"
msgstr ""

22
defensive-coding/bo/Features/snippets/TLS-Client-OpenJDK-Hostname.po Normal file
View file

@ -0,0 +1,22 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:31+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"params.setEndpointIdentificationAlgorithm(\"HTTPS\");\n"
msgstr ""

33
defensive-coding/bo/Features/snippets/TLS-Client-OpenJDK-Import.po Normal file
View file

@ -0,0 +1,33 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:31+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"import java.security.NoSuchAlgorithmException;\n"
"import java.security.NoSuchProviderException;\n"
"import java.security.cert.CertificateEncodingException;\n"
"import java.security.cert.CertificateException;\n"
"import java.security.cert.X509Certificate;\n"
"import javax.net.ssl.SSLContext;\n"
"import javax.net.ssl.SSLParameters;\n"
"import javax.net.ssl.SSLSocket;\n"
"import javax.net.ssl.TrustManager;\n"
"import javax.net.ssl.X509TrustManager;\n"
"\n"
"import sun.security.util.HostnameChecker;\n"
msgstr ""

53
defensive-coding/bo/Features/snippets/TLS-Client-OpenJDK-MyTrustManager.po Normal file
View file

@ -0,0 +1,53 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:31+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"public class MyTrustManager implements X509TrustManager {\n"
" private final byte[] certHash;\n"
"\n"
" public MyTrustManager(byte[] certHash) throws Exception {\n"
" this.certHash = certHash;\n"
" }\n"
"\n"
" @Override\n"
" public void checkClientTrusted(X509Certificate[] chain, String authType)\n"
" throws CertificateException {\n"
" throw new UnsupportedOperationException();\n"
" }\n"
"\n"
" @Override\n"
" public void checkServerTrusted(X509Certificate[] chain,\n"
" String authType) throws CertificateException {\n"
" byte[] digest = getCertificateDigest(chain[0]);\n"
" String digestHex = formatHex(digest);\n"
"\n"
" if (Arrays.equals(digest, certHash)) {\n"
" System.err.println(\"info: accepting certificate: \" + digestHex);\n"
" } else {\n"
" throw new CertificateException(\"certificate rejected: \" +\n"
" digestHex);\n"
" }\n"
" }\n"
"\n"
" @Override\n"
" public X509Certificate[] getAcceptedIssuers() {\n"
" return new X509Certificate[0];\n"
" }\n"
"}\n"
msgstr ""

28
defensive-coding/bo/Features/snippets/TLS-Client-OpenJDK-Use.po Normal file
View file

@ -0,0 +1,28 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:31+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"socket.getOutputStream().write(\"GET / HTTP/1.0\\r\n"
"\\r\n"
"\"\n"
" .getBytes(Charset.forName(\"UTF-8\")));\n"
"byte[] buffer = new byte[4096];\n"
"int count = socket.getInputStream().read(buffer);\n"
"System.out.write(buffer, 0, count);\n"
msgstr ""

86
defensive-coding/bo/Features/snippets/TLS-Client-OpenSSL-CTX.po Normal file
View file

@ -0,0 +1,86 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:32+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"// Configure a client connection context. Send a hendshake for the\n"
"// highest supported TLS version, and disable compression.\n"
"const SSL_METHOD *const req_method = SSLv23_client_method();\n"
"SSL_CTX *const ctx = SSL_CTX_new(req_method);\n"
"if (ctx == NULL) {\n"
" ERR_print_errors(bio_err);\n"
" exit(1);\n"
"}\n"
"SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION);\n"
"\n"
"// Adjust the ciphers list based on a whitelist. First enable all\n"
"// ciphers of at least medium strength, to get the list which is\n"
"// compiled into OpenSSL.\n"
"if (SSL_CTX_set_cipher_list(ctx, \"HIGH:MEDIUM\") != 1) {\n"
" ERR_print_errors(bio_err);\n"
" exit(1);\n"
"}\n"
"{\n"
" // Create a dummy SSL session to obtain the cipher list.\n"
" SSL *ssl = SSL_new(ctx);\n"
" if (ssl == NULL) {\n"
" ERR_print_errors(bio_err);\n"
" exit(1);\n"
" }\n"
" STACK_OF(SSL_CIPHER) *active_ciphers = SSL_get_ciphers(ssl);\n"
" if (active_ciphers == NULL) {\n"
" ERR_print_errors(bio_err);\n"
" exit(1);\n"
" }\n"
" // Whitelist of candidate ciphers.\n"
" static const char *const candidates[] = {\n"
" \"AES128-GCM-SHA256\", \"AES128-SHA256\", \"AES256-SHA256\", // strong ciphers\n"
" \"AES128-SHA\", \"AES256-SHA\", // strong ciphers, also in older versions\n"
" \"RC4-SHA\", \"RC4-MD5\", // backwards compatibility, supposed to be weak\n"
" \"DES-CBC3-SHA\", \"DES-CBC3-MD5\", // more backwards compatibility\n"
" NULL\n"
" };\n"
" // Actually selected ciphers.\n"
" char ciphers[300];\n"
" ciphers[0] = '\\0';\n"
" for (const char *const *c = candidates; *c; ++c) {\n"
" for (int i = 0; i &lt; sk_SSL_CIPHER_num(active_ciphers); ++i) {\n"
"\tif (strcmp(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(active_ciphers, i)),\n"
"\t\t *c) == 0) {\n"
"\t if (*ciphers) {\n"
"\t strcat(ciphers, \":\");\n"
"\t }\n"
"\t strcat(ciphers, *c);\n"
"\t break;\n"
"\t}\n"
" }\n"
" }\n"
" SSL_free(ssl);\n"
" // Apply final cipher list.\n"
" if (SSL_CTX_set_cipher_list(ctx, ciphers) != 1) {\n"
" ERR_print_errors(bio_err);\n"
" exit(1);\n"
" }\n"
"}\n"
"\n"
"// Load the set of trusted root certificates.\n"
"if (!SSL_CTX_set_default_verify_paths(ctx)) {\n"
" ERR_print_errors(bio_err);\n"
" exit(1);\n"
"}\n"
msgstr ""

72
defensive-coding/bo/Features/snippets/TLS-Client-OpenSSL-Connect.po Normal file
View file

@ -0,0 +1,72 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:33+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"// Create the connection object.\n"
"SSL *ssl = SSL_new(ctx);\n"
"if (ssl == NULL) {\n"
" ERR_print_errors(bio_err);\n"
" exit(1);\n"
"}\n"
"SSL_set_fd(ssl, sockfd);\n"
"\n"
"// Enable the ServerNameIndication extension\n"
"if (!SSL_set_tlsext_host_name(ssl, host)) {\n"
" ERR_print_errors(bio_err);\n"
" exit(1);\n"
"}\n"
"\n"
"// Perform the TLS handshake with the server.\n"
"ret = SSL_connect(ssl);\n"
"if (ret != 1) {\n"
" // Error status can be 0 or negative.\n"
" ssl_print_error_and_exit(ssl, \"SSL_connect\", ret);\n"
"}\n"
"\n"
"// Obtain the server certificate.\n"
"X509 *peercert = SSL_get_peer_certificate(ssl);\n"
"if (peercert == NULL) {\n"
" fprintf(stderr, \"peer certificate missing\");\n"
" exit(1);\n"
"}\n"
"\n"
"// Check the certificate verification result. Allow an explicit\n"
"// certificate validation override in case verification fails.\n"
"int verifystatus = SSL_get_verify_result(ssl);\n"
"if (verifystatus != X509_V_OK &amp;&amp; !certificate_validity_override(peercert)) {\n"
" fprintf(stderr, \"SSL_connect: verify result: %s\n"
"\",\n"
"\t X509_verify_cert_error_string(verifystatus));\n"
" exit(1);\n"
"}\n"
"\n"
"// Check if the server certificate matches the host name used to\n"
"// establish the connection.\n"
"// FIXME: Currently needs OpenSSL 1.1.\n"
"if (X509_check_host(peercert, (const unsigned char *)host, strlen(host),\n"
"\t\t 0) != 1\n"
" &amp;&amp; !certificate_host_name_override(peercert, host)) {\n"
" fprintf(stderr, \"SSL certificate does not match host name\n"
"\");\n"
" exit(1);\n"
"}\n"
"\n"
"X509_free(peercert);\n"
"\n"
msgstr ""

32
defensive-coding/bo/Features/snippets/TLS-Client-OpenSSL-Connection-Use.po Normal file
View file

@ -0,0 +1,32 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:32+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"const char *const req = \"GET / HTTP/1.0\\r\n"
"\\r\n"
"\";\n"
"if (SSL_write(ssl, req, strlen(req)) &lt; 0) {\n"
" ssl_print_error_and_exit(ssl, \"SSL_write\", ret);\n"
"}\n"
"char buf[4096];\n"
"ret = SSL_read(ssl, buf, sizeof(buf));\n"
"if (ret &lt; 0) {\n"
" ssl_print_error_and_exit(ssl, \"SSL_read\", ret);\n"
"}\n"
msgstr ""

28
defensive-coding/bo/Features/snippets/TLS-Client-OpenSSL-Init.po Normal file
View file

@ -0,0 +1,28 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:32+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"// The following call prints an error message and calls exit() if\n"
"// the OpenSSL configuration file is unreadable.\n"
"OPENSSL_config(NULL);\n"
"// Provide human-readable error messages.\n"
"SSL_load_error_strings();\n"
"// Register ciphers.\n"
"SSL_library_init();\n"
msgstr ""

29
defensive-coding/bo/Features/snippets/TLS-Client-Python-Connect.po Normal file
View file

@ -0,0 +1,29 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:32+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"sock = ssl.wrap_socket(sock,\n"
" ciphers=\"HIGH:-aNULL:-eNULL:-PSK:RC4-SHA:RC4-MD5\",\n"
" ssl_version=ssl.PROTOCOL_TLSv1,\n"
" cert_reqs=ssl.CERT_REQUIRED,\n"
" ca_certs='/etc/ssl/certs/ca-bundle.crt')\n"
"# getpeercert() triggers the handshake as a side effect.\n"
"if not check_host_name(sock.getpeercert(), host):\n"
" raise IOError(\"peer certificate does not match host name\")\n"
msgstr ""

44
defensive-coding/bo/Features/snippets/TLS-Client-Python-check_host_name.po Normal file
View file

@ -0,0 +1,44 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:31+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"def check_host_name(peercert, name):\n"
" \"\"\"Simple certificate/host name checker. Returns True if the\n"
" certificate matches, False otherwise. Does not support\n"
" wildcards.\"\"\"\n"
" # Check that the peer has supplied a certificate.\n"
" # None/{} is not acceptable.\n"
" if not peercert:\n"
" return False\n"
" if peercert.has_key(\"subjectAltName\"):\n"
" for typ, val in peercert[\"subjectAltName\"]:\n"
" if typ == \"DNS\" and val == name:\n"
" return True\n"
" else:\n"
" # Only check the subject DN if there is no subject alternative\n"
" # name.\n"
" cn = None\n"
" for attr, val in peercert[\"subject\"]:\n"
" # Use most-specific (last) commonName attribute.\n"
" if attr == \"commonName\":\n"
" cn = val\n"
" if cn is not None:\n"
" return cn == name\n"
" return False\n"
msgstr ""

22
defensive-coding/bo/Features/snippets/TLS-GNUTLS-Credentials-Close.po Normal file
View file

@ -0,0 +1,22 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:31+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"gnutls_certificate_free_credentials(cred);\n"
msgstr ""

30
defensive-coding/bo/Features/snippets/TLS-GNUTLS-Disconnect.po Normal file
View file

@ -0,0 +1,30 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:32+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"// Initiate an orderly connection shutdown.\n"
"ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);\n"
"if (ret &lt; 0) {\n"
" fprintf(stderr, \"error: gnutls_bye: %s\n"
"\", gnutls_strerror(ret));\n"
" exit(1);\n"
"}\n"
"// Free the session object.\n"
"gnutls_deinit(session);\n"
msgstr ""

22
defensive-coding/bo/Features/snippets/TLS-GNUTLS-Init.po Normal file
View file

@ -0,0 +1,22 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:32+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"gnutls_global_init();\n"
msgstr ""

38
defensive-coding/bo/Features/snippets/TLS-GNUTLS-Use.po Normal file
View file

@ -0,0 +1,38 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:33+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"char buf[4096];\n"
"snprintf(buf, sizeof(buf), \"GET / HTTP/1.0\\r\n"
"Host: %s\\r\n"
"\\r\n"
"\", host);\n"
"ret = gnutls_record_send(session, buf, strlen(buf));\n"
"if (ret &lt; 0) {\n"
" fprintf(stderr, \"error: gnutls_record_send: %s\n"
"\", gnutls_strerror(ret));\n"
" exit(1);\n"
"}\n"
"ret = gnutls_record_recv(session, buf, sizeof(buf));\n"
"if (ret &lt; 0) {\n"
" fprintf(stderr, \"error: gnutls_record_recv: %s\n"
"\", gnutls_strerror(ret));\n"
" exit(1);\n"
"}\n"
msgstr ""

23
defensive-coding/bo/Features/snippets/TLS-NSS-Close.po Normal file
View file

@ -0,0 +1,23 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:31+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"SECMOD_DestroyModule(module);\n"
"NSS_ShutdownContext(ctx);\n"
msgstr ""

35
defensive-coding/bo/Features/snippets/TLS-NSS-Includes.po Normal file
View file

@ -0,0 +1,35 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:33+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"// NSPR include files\n"
"#include &lt;prerror.h&gt;\n"
"#include &lt;prinit.h&gt;\n"
"\n"
"// NSS include files\n"
"#include &lt;nss.h&gt;\n"
"#include &lt;pk11pub.h&gt;\n"
"#include &lt;secmod.h&gt;\n"
"#include &lt;ssl.h&gt;\n"
"#include &lt;sslproto.h&gt;\n"
"\n"
"// Private API, no other way to turn a POSIX file descriptor into an\n"
"// NSPR handle.\n"
"NSPR_API(PRFileDesc*) PR_ImportTCPSocket(int);\n"
msgstr ""

83
defensive-coding/bo/Features/snippets/TLS-NSS-Init.po Normal file
View file

@ -0,0 +1,83 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:33+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);\n"
"NSSInitContext *const ctx =\n"
" NSS_InitContext(\"sql:/etc/pki/nssdb\", \"\", \"\", \"\", NULL,\n"
"\t\t NSS_INIT_READONLY | NSS_INIT_PK11RELOAD);\n"
"if (ctx == NULL) {\n"
" const PRErrorCode err = PR_GetError();\n"
" fprintf(stderr, \"error: NSPR error code %d: %s\n"
"\",\n"
"\t err, PR_ErrorToName(err));\n"
" exit(1);\n"
"}\n"
"\n"
"// Ciphers to enable.\n"
"static const PRUint16 good_ciphers[] = {\n"
" TLS_RSA_WITH_AES_128_CBC_SHA,\n"
" TLS_RSA_WITH_AES_256_CBC_SHA,\n"
" SSL_RSA_WITH_3DES_EDE_CBC_SHA,\n"
" SSL_NULL_WITH_NULL_NULL // sentinel\n"
"};\n"
"\n"
"// Check if the current policy allows any strong ciphers. If it\n"
"// doesn't, switch to the \"domestic\" (unrestricted) policy. This is\n"
"// not thread-safe and has global impact. Consequently, we only do\n"
"// it if absolutely necessary.\n"
"int found_good_cipher = 0;\n"
"for (const PRUint16 *p = good_ciphers; *p != SSL_NULL_WITH_NULL_NULL;\n"
" ++p) {\n"
" PRInt32 policy;\n"
" if (SSL_CipherPolicyGet(*p, &amp;policy) != SECSuccess) {\n"
" const PRErrorCode err = PR_GetError();\n"
" fprintf(stderr, \"error: policy for cipher %u: error %d: %s\n"
"\",\n"
"\t (unsigned)*p, err, PR_ErrorToName(err));\n"
" exit(1);\n"
" }\n"
" if (policy == SSL_ALLOWED) {\n"
" fprintf(stderr, \"info: found cipher %x\n"
"\", (unsigned)*p);\n"
" found_good_cipher = 1;\n"
" break;\n"
" }\n"
"}\n"
"if (!found_good_cipher) {\n"
" if (NSS_SetDomesticPolicy() != SECSuccess) {\n"
" const PRErrorCode err = PR_GetError();\n"
" fprintf(stderr, \"error: NSS_SetDomesticPolicy: error %d: %s\n"
"\",\n"
"\t err, PR_ErrorToName(err));\n"
" exit(1);\n"
" }\n"
"}\n"
"\n"
"// Initialize the trusted certificate store.\n"
"char module_name[] = \"library=libnssckbi.so name=\\\"Root Certs\\\"\";\n"
"SECMODModule *module = SECMOD_LoadUserModule(module_name, NULL, PR_FALSE);\n"
"if (module == NULL || !module-&gt;loaded) {\n"
" const PRErrorCode err = PR_GetError();\n"
" fprintf(stderr, \"error: NSPR error code %d: %s\n"
"\",\n"
"\t err, PR_ErrorToName(err));\n"
" exit(1);\n"
"}\n"
msgstr ""

42
defensive-coding/bo/Features/snippets/TLS-NSS-Use.po Normal file
View file

@ -0,0 +1,42 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:32+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"char buf[4096];\n"
"snprintf(buf, sizeof(buf), \"GET / HTTP/1.0\\r\n"
"Host: %s\\r\n"
"\\r\n"
"\", host);\n"
"PRInt32 ret = PR_Write(nspr, buf, strlen(buf));\n"
"if (ret &lt; 0) {\n"
" const PRErrorCode err = PR_GetError();\n"
" fprintf(stderr, \"error: PR_Write error %d: %s\n"
"\",\n"
"\t err, PR_ErrorToName(err));\n"
" exit(1);\n"
"}\n"
"ret = PR_Read(nspr, buf, sizeof(buf));\n"
"if (ret &lt; 0) {\n"
" const PRErrorCode err = PR_GetError();\n"
" fprintf(stderr, \"error: PR_Read error %d: %s\n"
"\",\n"
"\t err, PR_ErrorToName(err));\n"
" exit(1);\n"
"}\n"
msgstr ""

27
defensive-coding/bo/Features/snippets/TLS-Nagle.po Normal file
View file

@ -0,0 +1,27 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:31+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"const int val = 1;\n"
"int ret = setsockopt(sockfd, IPPROTO_TCP, TCP_NODELAY, &amp;val, sizeof(val));\n"
"if (ret &lt; 0) {\n"
" perror(\"setsockopt(TCP_NODELAY)\");\n"
" exit(1);\n"
"}\n"
msgstr ""

42
defensive-coding/bo/Features/snippets/TLS-OpenJDK-Parameters.po Normal file
View file

@ -0,0 +1,42 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:33+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"// Prepare TLS parameters. These have to applied to every TLS\n"
"// socket before the handshake is triggered.\n"
"SSLParameters params = ctx.getDefaultSSLParameters();\n"
"// Do not send an SSL-2.0-compatible Client Hello.\n"
"ArrayList&lt;String&gt; protocols = new ArrayList&lt;String&gt;(\n"
" Arrays.asList(params.getProtocols()));\n"
"protocols.remove(\"SSLv2Hello\");\n"
"params.setProtocols(protocols.toArray(new String[protocols.size()]));\n"
"// Adjust the supported ciphers.\n"
"ArrayList&lt;String&gt; ciphers = new ArrayList&lt;String&gt;(\n"
" Arrays.asList(params.getCipherSuites()));\n"
"ciphers.retainAll(Arrays.asList(\n"
" \"TLS_RSA_WITH_AES_128_CBC_SHA256\",\n"
" \"TLS_RSA_WITH_AES_256_CBC_SHA256\",\n"
" \"TLS_RSA_WITH_AES_256_CBC_SHA\",\n"
" \"TLS_RSA_WITH_AES_128_CBC_SHA\",\n"
" \"SSL_RSA_WITH_3DES_EDE_CBC_SHA\",\n"
" \"SSL_RSA_WITH_RC4_128_SHA1\",\n"
" \"SSL_RSA_WITH_RC4_128_MD5\",\n"
" \"TLS_EMPTY_RENEGOTIATION_INFO_SCSV\"));\n"
"params.setCipherSuites(ciphers.toArray(new String[ciphers.size()]));\n"
msgstr ""

46
defensive-coding/bo/Features/snippets/TLS-OpenSSL-Connection-Close.po Normal file
View file

@ -0,0 +1,46 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:33+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"// Send the close_notify alert.\n"
"ret = SSL_shutdown(ssl);\n"
"switch (ret) {\n"
"case 1:\n"
" // A close_notify alert has already been received.\n"
" break;\n"
"case 0:\n"
" // Wait for the close_notify alert from the peer.\n"
" ret = SSL_shutdown(ssl);\n"
" switch (ret) {\n"
" case 0:\n"
" fprintf(stderr, \"info: second SSL_shutdown returned zero\n"
"\");\n"
" break;\n"
" case 1:\n"
" break;\n"
" default:\n"
" ssl_print_error_and_exit(ssl, \"SSL_shutdown 2\", ret);\n"
" }\n"
" break;\n"
"default:\n"
" ssl_print_error_and_exit(ssl, \"SSL_shutdown 1\", ret);\n"
"}\n"
"SSL_free(ssl);\n"
"close(sockfd);\n"
msgstr ""

22
defensive-coding/bo/Features/snippets/TLS-OpenSSL-Context-Close.po Normal file
View file

@ -0,0 +1,22 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:33+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"SSL_CTX_free(ctx);\n"
msgstr ""

51
defensive-coding/bo/Features/snippets/TLS-OpenSSL-Errors.po Normal file
View file

@ -0,0 +1,51 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:32+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"static void __attribute__((noreturn))\n"
"ssl_print_error_and_exit(SSL *ssl, const char *op, int ret)\n"
"{\n"
" int subcode = SSL_get_error(ssl, ret);\n"
" switch (subcode) {\n"
" case SSL_ERROR_NONE:\n"
" fprintf(stderr, \"error: %s: no error to report\n"
"\", op);\n"
" break;\n"
" case SSL_ERROR_WANT_READ:\n"
" case SSL_ERROR_WANT_WRITE:\n"
" case SSL_ERROR_WANT_X509_LOOKUP:\n"
" case SSL_ERROR_WANT_CONNECT:\n"
" case SSL_ERROR_WANT_ACCEPT:\n"
" fprintf(stderr, \"error: %s: invalid blocking state %d\n"
"\", op, subcode);\n"
" break;\n"
" case SSL_ERROR_SSL:\n"
" fprintf(stderr, \"error: %s: TLS layer problem\n"
"\", op);\n"
" case SSL_ERROR_SYSCALL:\n"
" fprintf(stderr, \"error: %s: system call failed: %s\n"
"\", op, strerror(errno));\n"
" break;\n"
" case SSL_ERROR_ZERO_RETURN:\n"
" fprintf(stderr, \"error: %s: zero return\n"
"\", op);\n"
" }\n"
" exit(1);\n"
"}\n"
msgstr ""

22
defensive-coding/bo/Features/snippets/TLS-Python-Close.po Normal file
View file

@ -0,0 +1,22 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:31+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"sock.close()\n"
msgstr ""

26
defensive-coding/bo/Features/snippets/TLS-Python-Use.po Normal file
View file

@ -0,0 +1,26 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:32+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"sock.write(\"GET / HTTP/1.1\\r\n"
"Host: \" + host + \"\\r\n"
"\\r\n"
"\")\n"
"print sock.read()\n"
msgstr ""

35
defensive-coding/bo/Revision_History.po Normal file
View file

@ -0,0 +1,35 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:18+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: title
#, no-c-format
msgid "Revision History"
msgstr ""
#. Tag: firstname
#, no-c-format
msgid "Eric"
msgstr ""
#. Tag: surname
#, no-c-format
msgid "Christensen"
msgstr ""
#. Tag: member
#, no-c-format
msgid "Initial publication."
msgstr ""

199
defensive-coding/bo/Tasks/Cryptography.po Normal file
View file

@ -0,0 +1,199 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:29+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: title
#, no-c-format
msgid "Cryptography"
msgstr ""
#. Tag: title
#, no-c-format
msgid "Primitives"
msgstr ""
#. Tag: para
#, no-c-format
msgid "Chosing from the following cryptographic primitives is recommended:"
msgstr ""
#. Tag: para
#, no-c-format
msgid "RSA with 2048 bit keys and OAEP"
msgstr ""
#. Tag: para
#, no-c-format
msgid "AES-128 in CBC mode"
msgstr ""
#. Tag: para
#, no-c-format
msgid "SHA-256"
msgstr ""
#. Tag: para
#, no-c-format
msgid "HMAC-SHA-256"
msgstr ""
#. Tag: para
#, no-c-format
msgid "HMAC-SHA-1"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Other cryptographic algorithms can be used if they are required for "
"interoperability with existing software:"
msgstr ""
#. Tag: para
#, no-c-format
msgid "RSA with key sizes larger than 1024 and legacy padding"
msgstr ""
#. Tag: para
#, no-c-format
msgid "AES-192"
msgstr ""
#. Tag: para
#, no-c-format
msgid "AES-256"
msgstr ""
#. Tag: para
#, no-c-format
msgid "3DES (triple DES, with two or three 56 bit keys)"
msgstr ""
#. Tag: para
#, no-c-format
msgid "RC4 (but very, very strongly discouraged)"
msgstr ""
#. Tag: para
#, no-c-format
msgid "SHA-1"
msgstr ""
#. Tag: para
#, no-c-format
msgid "HMAC-MD5"
msgstr ""
#. Tag: title
#, no-c-format
msgid "Important"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"These primitives are difficult to use in a secure way. Custom implementation"
" of security protocols should be avoided. For protecting confidentiality and"
" integrity of network transmissions, TLS should be used (<xref linkend"
"=\"chap-Defensive_Coding-TLS\" />)."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Randomness"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The following facilities can be used to generate unpredictable and non-"
"repeating values. When these functions are used without special safeguards, "
"each individual rnadom value should be at least 12 bytes long."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<function>PK11_GenerateRandom</function> in the NSS library (usable for high"
" data rates)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<function>RAND_bytes</function> in the OpenSSL library (usable for high data"
" rates)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<function>gnutls_rnd</function> in GNUTLS, with "
"<literal>GNUTLS_RND_RANDOM</literal> as the first argument (usable for high "
"data rates)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<type>java.security.SecureRandom</type> in Java (usable for high data rates)"
msgstr ""
#. Tag: para
#, no-c-format
msgid "<function>os.urandom</function> in Python"
msgstr ""
#. Tag: para
#, no-c-format
msgid "Reading from the <filename>/dev/urandom</filename> character device"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"All these functions should be non-blocking, and they should not wait until "
"physical randomness becomes available. (Some cryptography providers for Java"
" can cause <type>java.security.SecureRandom</type> to block, however.) Those"
" functions which do not obtain all bits directly from "
"<filename>/dev/urandom</filename> are suitable for high data rates because "
"they do not deplete the system-wide entropy pool."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Difficult to use API"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Both <function>RAND_bytes</function> and "
"<function>PK11_GenerateRandom</function> have three-state return values "
"(with conflicting meanings). Careful error checking is required. Please "
"review the documentation when using these functions."
msgstr ""
#. Tag: para
#, no-c-format
msgid "Other sources of randomness should be considered predictable."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Generating randomness for cryptographic keys in long-term use may need "
"different steps and is best left to cryptographic libraries."
msgstr ""

332
defensive-coding/bo/Tasks/Descriptors.po Normal file
View file

@ -0,0 +1,332 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:29+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: title
#, no-c-format
msgid "File Descriptor Management"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"File descriptors underlie all input/output mechanisms offered by the system."
" They are used to implementation the <literal>FILE *</literal>-based "
"functions found in <literal>&lt;stdio.h&gt;</literal>, and all the file and "
"network communication facilities provided by the Python and Java "
"environments are eventually implemented in them."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"File descriptors are small, non-negative integers in userspace, and are "
"backed on the kernel side with complicated data structures which can "
"sometimes grow very large."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Closing descriptors"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"If a descriptor is no longer used by a program and is not closed explicitly,"
" its number cannot be reused (which is problematic in itself, see <xref "
"linkend=\"sect-Defensive_Coding-Tasks-Descriptors-Limit\" />), and the "
"kernel resources are not freed. Therefore, it is important to close all "
"descriptors at the earlierst point in time possible, but not earlier."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Error handling during descriptor close"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The <function>close</function> system call is always successful in the sense"
" that the passed file descriptor is never valid after the function has been "
"called. However, <function>close</function> still can return an error, for "
"example if there was a file system failure. But this error is not very "
"useful because the absence of an error does not mean that all caches have "
"been emptied and previous writes have been made durable. Programs which need"
" such guarantees must open files with <literal>O_SYNC</literal> or use "
"<literal>fsync</literal> or <literal>fdatasync</literal>, and may also have "
"to <literal>fsync</literal> the directory containing the file."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Closing descriptors and race conditions"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Unlike process IDs, which are recycle only gradually, the kernel always "
"allocates the lowest unused file descriptor when a new descriptor is "
"created. This means that in a multi-threaded program which constantly opens "
"and closes file descriptors, descriptors are reused very quickly. Unless "
"descriptor closing and other operations on the same file descriptor are "
"synchronized (typically, using a mutex), there will be race coniditons and "
"I/O operations will be applied to the wrong file descriptor."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Sometimes, it is necessary to close a file descriptor concurrently, while "
"another thread might be about to use it in a system call. In order to "
"support this, a program needs to create a single special file descriptor, "
"one on which all I/O operations fail. One way to achieve this is to use "
"<function>socketpair</function>, close one of the descriptors, and call "
"<literal>shutdown(fd, SHUTRDWR)</literal> on the other."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"When a descriptor is closed concurrently, the program does not call "
"<function>close</function> on the descriptor. Instead it program uses "
"<function>dup2</function> to replace the descriptor to be closed with the "
"dummy descriptor created earlier. This way, the kernel will not reuse the "
"descriptor, but it will carry out all other steps associated with calling a "
"descriptor (for instance, if the descriptor refers to a stream socket, the "
"peer will be notified)."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"This is just a sketch, and many details are missing. Additional data "
"structures are needed to determine when it is safe to really close the "
"descriptor, and proper locking is required for that."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Lingering state after close"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"By default, closing a stream socket returns immediately, and the kernel will"
" try to send the data in the background. This means that it is impossible to"
" implement accurate accounting of network-related resource utilization from "
"userspace."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The <literal>SO_LINGER</literal> socket option alters the behavior of "
"<function>close</function>, so that it will return only after the lingering "
"data has been processed, either by sending it to the peer successfully, or "
"by discarding it after the configured timeout. However, there is no "
"interface which could perform this operation in the background, so a "
"separate userspace thread is needed for each <function>close</function> "
"call, causing scalability issues."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Currently, there is no application-level countermeasure which applies "
"universally. Mitigation is possible with <application>iptables</application>"
" (the <literal>connlimit</literal> match type in particular) and specialized"
" filtering devices for denial-of-service network traffic."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"These problems are not related to the <literal>TIME_WAIT</literal> state "
"commonly seen in <application>netstat</application> output. The kernel "
"automatically expires such sockets if necessary."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Preventing file descriptor leaks to child processes"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Child processes created with <function>fork</function> share the initial set"
" of file descriptors with their parent process. By default, file descriptors"
" are also preserved if a new process image is created with "
"<function>execve</function> (or any of the other functions such as "
"<function>system</function> or <function>posix_spawn</function>)."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Usually, this behavior is not desirable. There are two ways to turn it off, "
"that is, to prevent new process images from inheriting the file descriptors "
"in the parent process:"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Set the close-on-exec flag on all newly created file descriptors. "
"Traditionally, this flag is controlled by the <literal>FD_CLOEXEC</literal> "
"flag, using <literal>F_GETFD</literal> and <literal>F_SETFD</literal> "
"operations of the <function>fcntl</function> function."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"However, in a multi-threaded process, there is a race condition: a "
"subprocess could have been created between the time the descriptor was "
"created and the <literal>FD_CLOEXEC</literal> was set. Therefore, many "
"system calls which create descriptors (such as <function>open</function> and"
" <function>openat</function>) now accept the <function>O_CLOEXEC</function> "
"flag (<function>SOCK_CLOEXEC</function> for <function>socket</function> and "
"<function>socketpair</function>), which cause the "
"<literal>FD_CLOEXEC</literal> flag to be set for the file descriptor in an "
"atomic fashion. In addition, a few new systems calls were introduced, such "
"as <function>pipe2</function> and <function>dup3</function>."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The downside of this approach is that every descriptor needs to receive "
"special treatment at the time of creation, otherwise it is not completely "
"effective."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"After calling <function>fork</function>, but before creating a new process "
"image with <function>execve</function>, all file descriptors which the child"
" process will not need are closed."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Traditionally, this was implemented as a loop over file descriptors ranging "
"from <literal>3</literal> to <literal>255</literal> and later "
"<literal>1023</literal>. But this is only an approximatio because it is "
"possible to create file descriptors outside this range easily (see <xref "
"linkend=\"sect-Defensive_Coding-Tasks-Descriptors-Limit\" />). Another "
"approach reads <filename>/proc/self/fd</filename> and closes the unexpected "
"descriptors listed there, but this approach is much slower."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"At present, environments which care about file descriptor leakage implement "
"the second approach. OpenJDK 6 and 7 are among them."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Dealing with the <function>select</function> limit"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"By default, a user is allowed to open only 1024 files in a single process, "
"but the system administrator can easily change this limit (which is "
"necessary for busy network servers). However, there is another restriction "
"which is more difficult to overcome."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The <function>select</function> function only supports a maximum of "
"<literal>FD_SETSIZE</literal> file descriptors (that is, the maximum "
"permitted value for a file descriptor is <literal>FD_SETSIZE - 1</literal>, "
"usually 1023.) If a process opens many files, descriptors may exceed such "
"limits. It is impossible to query such descriptors using "
"<function>select</function>."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"If a library which creates many file descriptors is used in the same process"
" as a library which uses <function>select</function>, at least one of them "
"needs to be changed. Calls to <function>select</function> can be replaced "
"with calls to <function>poll</function> or another event handling mechanism."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Alternatively, the library with high descriptor usage can relocate "
"descriptors above the <literal>FD_SETSIZE</literal> limit using the "
"following procedure."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Create the file descriptor <literal>fd</literal> as usual, preferably with "
"the <literal>O_CLOEXEC</literal> flag."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Before doing anything else with the descriptor <literal>fd</literal>, "
"invoke:"
msgstr ""
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"\t int newfd = fcntl(fd, F_DUPFD_CLOEXEC, (long)FD_SETSIZE);\n"
"\t"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Check that <literal>newfd</literal> result is non-negative, otherwise close "
"<literal>fd</literal> and report an error, and return."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Close <literal>fd</literal> and continue to use <literal>newfd</literal>."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The new descriptor has been allocated above the "
"<literal>FD_SETSIZE</literal>. Even though this algorithm is racy in the "
"sense that the <literal>FD_SETSIZE</literal> first descriptors could fill "
"up, a very high degree of physical parallelism is required before this "
"becomes a problem."
msgstr ""

396
defensive-coding/bo/Tasks/File_System.po Normal file
View file

@ -0,0 +1,396 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:25+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: title
#, no-c-format
msgid "File system manipulation"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"In this chapter, we discuss general file system manipulation, with a focus "
"on access files and directories to which an other, potentially untrusted "
"user has write access."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Temporary files are covered in their own chapter, <xref linkend=\"chap-"
"Defensive_Coding-Tasks-Temporary_Files\" />."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Working with files and directories owned by other users"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Sometimes, it is necessary to operate on files and directories owned by "
"other (potentially untrusted) users. For example, a system administrator "
"could remove the home directory of a user, or a package manager could update"
" a file in a directory which is owned by an application-specific user. This "
"differs from accessing the file system as a specific user; see <xref linkend"
"=\"sect-Defensive_Coding-Tasks-File_System-Foreign\" />."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Accessing files across trust boundaries faces several challenges, "
"particularly if an entire directory tree is being traversed:"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Another user might add file names to a writable directory at any time. This "
"can interfere with file creation and the order of names returned by "
"<function>readdir</function>."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Merely opening and closing a file can have side effects. For instance, an "
"automounter can be triggered, or a tape device rewound. Opening a file on a "
"local file system can block indefinitely, due to mandatory file locking, "
"unless the <literal>O_NONBLOCK</literal> flag is specified."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Hard links and symbolic links can redirect the effect of file system "
"operations in unexpected ways. The <literal>O_NOFOLLOW</literal> and "
"<literal>AT_SYMLINK_NOFOLLOW</literal> variants of system calls only "
"affected final path name component."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The structure of a directory tree can change. For example, the parent "
"directory of what used to be a subdirectory within the directory tree being "
"processed could suddenly point outside that directory tree."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Files should always be created with the <literal>O_CREAT</literal> and "
"<literal>O_EXCL</literal> flags, so that creating the file will fail if it "
"already exists. This guards against the unexpected appearance of file names,"
" either due to creation of a new file, or hard-linking of an existing file. "
"In multi-threaded programs, rather than manipulating the umask, create the "
"files with mode <literal>000</literal> if possible, and adjust it afterwards"
" with <function>fchmod</function>."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"To avoid issues related to symbolic links and directory tree restructuring, "
"the “<literal>at</literal>” variants of system calls have to be used (that "
"is, functions like <function>openat</function>, "
"<function>fchownat</function>, <function>fchmodat</function>, and "
"<function>unlinkat</function>, together with <literal>O_NOFOLLOW</literal> "
"or <literal>AT_SYMLINK_NOFOLLOW</literal>). Path names passed to these "
"functions must have just a single component (that is, without a slash). When"
" descending, the descriptors of parent directories must be kept open. The "
"missing <literal>opendirat</literal> function can be emulated with "
"<literal>openat</literal> (with an <literal>O_DIRECTORY</literal> flag, to "
"avoid opening special files with side effects), followed by "
"<literal>fdopendir</literal>."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"If the “<literal>at</literal>” functions are not available, it is possible "
"to emulate them by changing the current directory. (Obviously, this only "
"works if the process is not multi-threaded.) <function>fchdir</function> has"
" to be used to change the current directory, and the descriptors of the "
"parent directories have to be kept open, just as with the "
"“<literal>at</literal>”-based approach. <literal>chdir(\"...\")</literal> is"
" unsafe because it might ascend outside the intended directory tree."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"This “<literal>at</literal>” function emulation is currently required when "
"manipulating extended attributes. In this case, the "
"<function>lsetxattr</function> function can be used, with a relative path "
"name consisting of a single component. This also applies to SELinux contexts"
" and the <function>lsetfilecon</function> function."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Currently, it is not possible to avoid opening special files "
"<emphasis>and</emphasis> changes to files with hard links if the directory "
"containing them is owned by an untrusted user. (Device nodes can be hard-"
"linked, just as regular files.) <function>fchmodat</function> and "
"<function>fchownat</function> affect files whose link count is greater than "
"one. But opening the files, checking that the link count is one with "
"<function>fstat</function>, and using <function>fchmod</function> and "
"<function>fchown</function> on the file descriptor may have unwanted side "
"effects, due to item 2 above. When creating directories, it is therefore "
"important to change the ownership and permissions only after it has been "
"fully created. Until that point, file names are stable, and no files with "
"unexpected hard links can be introduced."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Similarly, when just reading a directory owned by an untrusted user, it is "
"currently impossible to reliably avoid opening special files."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"There is no workaround against the instability of the file list returned by "
"<function>readdir</function>. Concurrent modification of the directory can "
"result in a list of files being returned which never actually existed on "
"disk."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Hard links and symbolic links can be safely deleted using "
"<function>unlinkat</function> without further checks because deletion only "
"affects the name within the directory tree being processed."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Accessing the file system as a different user"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"This section deals with access to the file system as a specific user. This "
"is different from accessing files and directories owned by a different, "
"potentially untrusted user; see <xref linkend=\"sect-Defensive_Coding-Tasks-"
"File_System-Foreign\" />."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"One approach is to spawn a child process which runs under the target user "
"and group IDs (both effective and real IDs). Note that this child process "
"can block indefinitely, even when processing regular files only. For "
"example, a special FUSE file system could cause the process to hang in "
"uninterruptible sleep inside a <function>stat</function> system call."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"An existing process could change its user and group ID using "
"<function>setfsuid</function> and <function>setfsgid</function>. (These "
"functions are preferred over <function>seteuid</function> and "
"<function>setegid</function> because they do not allow the impersonated user"
" to send signals to the process.) These functions are not thread safe. In "
"multi-threaded processes, these operations need to be performed in a single-"
"threaded child process. Unexpected blocking may occur as well."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"It is not recommended to try to reimplement the kernel permission checks in "
"user space because the required checks are complex. It is also very "
"difficult to avoid race conditions during path name resolution."
msgstr ""
#. Tag: title
#, no-c-format
msgid "File system limits"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"For historical reasons, there are preprocessor constants such as "
"<literal>PATH_MAX</literal>, <literal>NAME_MAX</literal>. However, on most "
"systems, the length of canonical path names (absolute path names with all "
"symbolic links resolved, as returned by <function>realpath</function> or "
"<function>canonicalize_file_name</function>) can exceed "
"<literal>PATH_MAX</literal> bytes, and individual file name components can "
"be longer than <literal>NAME_MAX</literal>. This is also true of the "
"<literal>_PC_PATH_MAX</literal> and <literal>_PC_NAME_MAX</literal> values "
"returned by <function>pathconf</function>, and the "
"<literal>f_namemax</literal> member of <literal>struct statvfs</literal>. "
"Therefore, these constants should not be used. This is also reason why the "
"<function>readdir_r</function> should never be used (instead, use "
"<function>readdir</function>)."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"You should not write code in a way that assumes that there is an upper limit"
" on the number of subdirectories of a directory, the number of regular files"
" in a directory, or the link count of an inode."
msgstr ""
#. Tag: title
#, no-c-format
msgid "File system features"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Not all file systems support all features. This makes it very difficult to "
"write general-purpose tools for copying files. For example, a copy operation"
" intending to preserve file permissions will generally fail when copying to "
"a FAT file system."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Some file systems are case-insensitive. Most should be case-preserving, "
"though."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Name length limits vary greatly, from eight to thousands of bytes. Path "
"length limits differ as well. Most systems impose an upper bound on path "
"names passed to the kernel, but using relative path names, it is possible to"
" create and access files whose absolute path name is essentially of "
"unbounded length."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Some file systems do not store names as fairly unrestricted byte sequences, "
"as it has been traditionally the case on GNU systems. This means that some "
"byte sequences (outside the POSIX safe character set) are not valid names. "
"Conversely, names of existing files may not be representable as byte "
"sequences, and the files are thus inaccessible on GNU systems. Some file "
"systems perform Unicode canonicalization on file names. These file systems "
"preserve case, but reading the name of a just-created file using "
"<function>readdir</function> might still result in a different byte "
"sequence."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Permissions and owners are not universally supported (and SUID/SGID bits may"
" not be available). For example, FAT file systems assign ownership based on "
"a mount option, and generally mark all files as executable. Any attempt to "
"change permissions would result in an error."
msgstr ""
#. Tag: para
#, no-c-format
msgid "Non-regular files (device nodes, FIFOs) are not generally available."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Only on some file systems, files can have holes, that is, not all of their "
"contents is backed by disk storage."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<function>ioctl</function> support (even fairly generic functionality such "
"as <literal>FIEMAP</literal> for discovering physical file layout and holes)"
" is file-system-specific."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Not all file systems support extended attributes, ACLs and SELinux metadata."
" Size and naming restriction on extended attributes vary."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Hard links may not be supported at all (FAT) or only within the same "
"directory (AFS). Symbolic links may not be available, either. Reflinks (hard"
" links with copy-on-write semantics) are still very rare. Recent systems "
"restrict creation of hard links to users which own the target file or have "
"read/write access to it, but older systems do not."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Renaming (or moving) files using <function>rename</function> can fail (even "
"when <function>stat</function> indicates that the source and target "
"directories are located on the same file system). This system call should "
"work if the old and new paths are located in the same directory, though."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Locking semantics vary among file systems. This affects advisory and "
"mandatory locks. For example, some network file systems do not allow "
"deleting files which are opened by any process."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Resolution of time stamps varies from two seconds to nanoseconds. Not all "
"time stamps are available on all file systems. File creation time "
"(<emphasis>birth time</emphasis>) is not exposed over the "
"<function>stat</function>/<function>fstat</function> interface, even if "
"stored by the file system."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Checking free space"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The <function>statvfs</function> and <function>fstatvfs</function> functions"
" allow programs to examine the number of available blocks and inodes, "
"through the members <literal>f_bfree</literal>, <literal>f_bavail</literal>,"
" <literal>f_ffree</literal>, and <literal>f_favail</literal> of "
"<literal>struct statvfs</literal>. Some file systems return fictional values"
" in the <literal>f_ffree</literal> and <literal>f_favail</literal> fields, "
"so the only reliable way to discover if the file system still has space for "
"a file is to try to create it. The <literal>f_bfree</literal> field should "
"be reasonably accurate, though."
msgstr ""

267
defensive-coding/bo/Tasks/Library_Design.po Normal file
View file

@ -0,0 +1,267 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:29+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: title
#, no-c-format
msgid "Library Design"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Throught this section, the term <emphasis>client code</emphasis> refers to "
"applications and other libraries using the library."
msgstr ""
#. Tag: title
#, no-c-format
msgid "State management"
msgstr ""
#. Tag: title
#, no-c-format
msgid "Global state"
msgstr ""
#. Tag: para
#, no-c-format
msgid "Global state should be avoided."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"If this is impossible, the global state must be protected with a lock. For "
"C/C++, you can use the <function>pthread_mutex_lock</function> and "
"<function>pthread_mutex_unlock</function> functions without linking against "
"<literal>-lpthread</literal> because the system provides stubs for non-"
"threaded processes."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"For compatibility with <function>fork</function>, these locks should be "
"acquired and released in helpers registered with "
"<function>pthread_atfork</function>. This function is not available without "
"<literal>-lpthread</literal>, so you need to use <function>dlsym</function> "
"or a weak symbol to obtain its address."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"If you need <function>fork</function> protection for other reasons, you "
"should store the process ID and compare it to the value returned by "
"<function>getpid</function> each time you access the global state. "
"(<function>getpid</function> is not implemented as a system call and is "
"fast.) If the value changes, you know that you have to re-create the state "
"object. (This needs to be combined with locking, of course.)"
msgstr ""
#. Tag: title
#, no-c-format
msgid "Handles"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Library state should be kept behind a curtain. Client code should receive "
"only a handle. In C, the handle can be a pointer to an incomplete "
"<literal>struct</literal>. In C++, the handle can be a pointer to an "
"abstract base class, or it can be hidden using the pointer-to-implementation"
" idiom."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The library should provide functions for creating and destroying handles. "
"(In C++, it is possible to use virtual destructors for the latter.) "
"Consistency between creation and destruction of handles is strongly "
"recommended: If the client code created a handle, it is the responsibility "
"of the client code to destroy it. (This is not always possible or "
"convenient, so sometimes, a transfer of ownership has to happen.)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Using handles ensures that it is possible to change the way the library "
"represents state in a way that is transparent to client code. This is "
"important to facilitate security updates and many other code changes."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"It is not always necessary to protect state behind a handle with a lock. "
"This depends on the level of thread safety the library provides."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Object orientation"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Classes should be either designed as base classes, or it should be "
"impossible to use them as base classes (like <literal>final</literal> "
"classes in Java). Classes which are not designed for inheritance and are "
"used as base classes nevertheless create potential maintenance hazards "
"because it is difficult to predict how client code will react when calls to "
"virtual methods are added, reordered or removed."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Virtual member functions can be used as callbacks. See <xref linkend=\"sect-"
"Defensive_Coding-Tasks-Library_Design-Callbacks\" /> for some of the "
"challenges involved."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Callbacks"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Higher-order code is difficult to analyze for humans and computers alike, so"
" it should be avoided. Often, an iterator-based interface (a library "
"function which is called repeatedly by client code and returns a stream of "
"events) leads to a better design which is easier to document and use."
msgstr ""
#. Tag: para
#, no-c-format
msgid "If callbacks are unavoidable, some guidelines for them follow."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"In modern C++ code, <literal>std::function</literal> objects should be used "
"for callbacks."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"In older C++ code and in C code, all callbacks must have an additional "
"closure parameter of type <literal>void *</literal>, the value of which can "
"be specified by client code. If possible, the value of the closure parameter"
" should be provided by client code at the same time a specific callback is "
"registered (or specified as a function argument). If a single closure "
"parameter is shared by multiple callbacks, flexibility is greatly reduced, "
"and conflicts between different pieces of client code using the same library"
" object could be unresolvable. In some cases, it makes sense to provide a "
"de-registration callback which can be used to destroy the closure parameter "
"when the callback is no longer used."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Callbacks can throw exceptions or call <function>longjmp</function>. If "
"possible, all library objects should remain in a valid state. (All further "
"operations on them can fail, but it should be possible to deallocate them "
"without causing resource leaks.)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The presence of callbacks raises the question if functions provided by the "
"library are <emphasis>reentrant</emphasis>. Unless a library was designed "
"for such use, bad things will happen if a callback function uses functions "
"in the same library (particularly if they are invoked on the same objects "
"and manipulate the same state). When the callback is invoked, the library "
"can be in an inconsistent state. Reentrant functions are more difficult to "
"write than thread-safe functions (by definition, simple locking would "
"immediately lead to deadlocks). It is also difficult to decide what to do "
"when destruction of an object which is currently processing a callback is "
"requested."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Process attributes"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Several attributes are global and affect all code in the process, not just "
"the library that manipulates them."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"environment variables (see <xref linkend=\"sect-Defensive_Coding-Tasks-"
"secure_getenv\" />)"
msgstr ""
#. Tag: para
#, no-c-format
msgid "umask"
msgstr ""
#. Tag: para
#, no-c-format
msgid "user IDs, group IDs and capabilities"
msgstr ""
#. Tag: para
#, no-c-format
msgid "current working directory"
msgstr ""
#. Tag: para
#, no-c-format
msgid "signal handlers, signal masks and signal delivery"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"file locks (especially <function>fcntl</function> locks behave in surprising"
" ways, not just in a multi-threaded environment)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Library code should avoid manipulating these global process attributes. It "
"should not rely on environment variables, umask, the current working "
"directory and signal masks because these attributes can be inherted from an "
"untrusted source."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"In addition, there are obvious process-wide aspects such as the virtual "
"memory layout, the set of open files and dynamic shared objects, but with "
"the exception of shared objects, these can be manipulated in a relatively "
"isolated way."
msgstr ""

597
defensive-coding/bo/Tasks/Processes.po Normal file
View file

@ -0,0 +1,597 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:29+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: title
#, no-c-format
msgid "Processes"
msgstr ""
#. Tag: title
#, no-c-format
msgid "Safe process creation"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"This section describes how to create new child processes in a safe manner. "
"In addition to the concerns addressed below, there is the possibility of "
"file descriptor leaks, see <xref linkend=\"sect-Defensive_Coding-Tasks-"
"Descriptors-Child_Processes\" />."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Obtaining the program path and the command line template"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The name and path to the program being invoked should be hard-coded or "
"controlled by a static configuration file stored at a fixed location (at an "
"file system absolute path). The same applies to the template for generating "
"the command line."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The configured program name should be an absolute path. If it is a relative "
"path, the contents of the <envar>PATH</envar> must be obtained in s secure "
"manner (see <xref linkend=\"sect-Defensive_Coding-Tasks-secure_getenv\" />)."
" If the <envar>PATH</envar> variable is not set or untrusted, the safe "
"default <literal>/bin:/usr/bin</literal> must be used."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"If too much flexibility is provided here, it may allow invocation of "
"arbitrary programs without proper authorization."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Bypassing the shell"
msgstr ""
#. Tag: para
#, no-c-format
msgid "Child processes should be created without involving the system shell."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"For C/C++, <function>system</function> should not be used. The "
"<function>posix_spawn</function> function can be used instead, or a "
"combination <function>fork</function> and <function>execve</function>. (In "
"some cases, it may be preferable to use <function>vfork</function> or the "
"Linux-specific <function>clone</function> system call instead of "
"<function>fork</function>.)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"In Python, the <literal>subprocess</literal> module bypasses the shell by "
"default (when the <literal>shell</literal> keyword argument is not set to "
"true). <function>os.system</function> should not be used."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The Java class <type>java.lang.ProcessBuilder</type> can be used to create "
"subprocesses without interference from the system shell."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Portability notice"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"On Windows, there is no argument vector, only a single argument string. Each"
" application is responsible for parsing this string into an argument vector."
" There is considerable variance among the quoting style recognized by "
"applications. Some of them expand shell wildcards, others do not. Extensive "
"application-specific testing is required to make this secure."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Note that some common applications (notably <application>ssh</application>) "
"unconditionally introduce the use of a shell, even if invoked directly "
"without a shell. It is difficult to use these applications in a secure "
"manner. In this case, untrusted data should be supplied by other means. For "
"example, standard input could be used, instead of the command line."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Specifying the process environment"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Child processes should be created with a minimal set of environment "
"variables. This is absolutely essential if there is a trust transition "
"involved, either when the parent process was created, or during the creation"
" of the child process."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"In C/C++, the environment should be constructed as an array of strings and "
"passed as the <varname>envp</varname> argument to "
"<function>posix_spawn</function> or <function>execve</function>. The "
"functions <function>setenv</function>, <function>unsetenv</function> and "
"<function>putenv</function> should not be used. They are not thread-safe and"
" suffer from memory leaks."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Python programs need to specify a <literal>dict</literal> for the the "
"<varname>env</varname> argument of the <function>subprocess.Popen</function>"
" constructor. The Java class <literal>java.lang.ProcessBuilder</literal> "
"provides a <function>environment()</function> method, which returns a map "
"that can be manipulated."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The following list provides guidelines for selecting the set of environment "
"variables passed to the child process."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<envar>PATH</envar> should be initialized to "
"<literal>/bin:/usr/bin</literal>."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<envar>USER</envar> and <envar>HOME</envar> can be inhereted from the parent"
" process environment, or they can be initialized from the "
"<literal>pwent</literal> structure for the user."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The <envar>DISPLAY</envar> and <envar>XAUTHORITY</envar> variables should be"
" passed to the subprocess if it is an X program. Note that this will "
"typically not work across trust boundaries because <envar>XAUTHORITY</envar>"
" refers to a file with <literal>0600</literal> permissions."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The location-related environment variables <envar>LANG</envar>, "
"<envar>LANGUAGE</envar>, <envar>LC_ADDRESS</envar>, <envar>LC_ALL</envar>, "
"<envar>LC_COLLATE</envar>, <envar>LC_CTYPE</envar>, "
"<envar>LC_IDENTIFICATION</envar>, <envar>LC_MEASUREMENT</envar>, "
"<envar>LC_MESSAGES</envar>, <envar>LC_MONETARY</envar>, "
"<envar>LC_NAME</envar>, <envar>LC_NUMERIC</envar>, <envar>LC_PAPER</envar>, "
"<envar>LC_TELEPHONE</envar> and <envar>LC_TIME</envar> can be passed to the "
"subprocess if present."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The called process may need application-specific environment variables, for "
"example for passing passwords. (See <xref linkend=\"sect-Defensive_Coding-"
"Tasks-Processes-Command_Line_Visibility\" />.)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"All other environment variables should be dropped. Names for new environment"
" variables should not be accepted from untrusted sources."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Robust argument list processing"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"When invoking a program, it is sometimes necessary to include data from "
"untrusted sources. Such data should be check against embedded "
"<literal>NUL</literal> characters because the system APIs will sliently "
"truncate argument strings at the first <literal>NUL</literal> character."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The following recommendations assume that the program being invoked uses "
"GNU-style option processing using <function>getopt_long</function>. This "
"convention is widely used, but it is just that, and individual programs "
"might interpret a command line in a different way."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"If the untrusted data has to go into an option, use the <literal>--option-"
"name=VALUE</literal> syntax, placing the option and its value into the same "
"command line argument. This avoids any potential confusion if the data "
"starts with <literal>-</literal>."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"For positional arguments, terminate the option list with a single "
"<option>--</option> marker after the last option, and include the data at "
"the right position. The <option>--</option> marker terminates option "
"processing, and the data will not be treated as an option even if it starts "
"with a dash."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Passing secrets to subprocesses"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The command line (the name of the program and its argument) of a running "
"process is traditionally available to all local users. The called program "
"can overwrite this information, but only after it has run for a bit of time,"
" during which the information may have been read by other processes. "
"However, on Linux, the process environment is restricted to the user who "
"runs the process. Therefore, if you need a convenient way to pass a password"
" to a child process, use an environment variable, and not a command line "
"argument. (See <xref linkend=\"sect-Defensive_Coding-Tasks-Processes-"
"environ\" />.)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"On some UNIX-like systems (notably Solaris), environment variables can be "
"read by any system user, just like command lines."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"If the environment-based approach cannot be used due to portability "
"concerns, the data can be passed on standard input. Some programs (notably "
"<application>gpg</application>) use special file descriptors whose numbers "
"are specified on the command line. Temporary files are an option as well, "
"but they might give digital forensics access to sensitive data (such as "
"passphrases) because it is difficult to safely delete them in all cases."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Handling child process termination"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"When child processes terminate, the parent process is signalled. A stub of "
"the terminated processes (a <emphasis>zombie</emphasis>, shown as "
"<literal>&lt;defunct&gt;</literal> by <application>ps</application>) is kept"
" around until the status information is collected "
"(<emphasis>reaped</emphasis>) by the parent process. Over the years, several"
" interfaces for this have been invented:"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The parent process calls <function>wait</function>, "
"<function>waitpid</function>, <function>waitid</function>, "
"<function>wait3</function> or <function>wait4</function>, without specifying"
" a process ID. This will deliver any matching process ID. This approach is "
"typically used from within event loops."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The parent process calls <function>waitpid</function>, "
"<function>waitid</function>, or <function>wait4</function>, with a specific "
"process ID. Only data for the specific process ID is returned. This is "
"typically used in code which spawns a single subprocess in a synchronous "
"manner."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The parent process installs a handler for the <literal>SIGCHLD</literal> "
"signal, using <function>sigaction</function>, and specifies to the "
"<literal>SA_NOCLDWAIT</literal> flag. This approach could be used by event "
"loops as well."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"None of these approaches can be used to wait for child process terminated in"
" a completely thread-safe manner. The parent process might execute an event "
"loop in another thread, which could pick up the termination signal. This "
"means that libraries typically cannot make free use of child processes (for "
"example, to run problematic code with reduced privileges in a separate "
"address space)."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"At the moment, the parent process should explicitly wait for termination of "
"the child process using <function>waitpid</function> or "
"<function>waitpid</function>, and hope that the status is not collected by "
"an event loop first."
msgstr ""
#. Tag: title
#, no-c-format
msgid "<literal>SUID</literal>/<literal>SGID</literal> processes"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Programs can be marked in the file system to indicate to the kernel that a "
"trust transition should happen if the program is run. The "
"<literal>SUID</literal> file permission bit indicates that an executable "
"should run with the effective user ID equal to the owner of the executable "
"file. Similarly, with the <literal>SGID</literal> bit, the effective group "
"ID is set to the group of the executable file."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Linux supports <emphasis>fscaps</emphasis>, which can grant additional "
"capabilities to a process in a finer-grained manner. Additional mechanisms "
"can be provided by loadable security modules."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"When such a trust transition has happened, the process runs in a potentially"
" hostile environment. Additional care is necessary not to rely on any "
"untrusted information. These concerns also apply to libraries which can be "
"linked into such processes."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Accessing environment variables"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The following steps are required so that a program does not accidentally "
"pick up untrusted data from environment variables."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Compile your C/C++ sources with <literal>-D_GNU_SOURCE</literal>. The "
"Autoconf macro <literal>AC_GNU_SOURCE</literal> ensures this."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Check for the presence of the <function>secure_getenv</function> and "
"<function>__secure_getenv</function> function. The Autoconf directive "
"<literal>AC_CHECK_FUNCS([__secure_getenv secure_getenv])</literal> performs "
"these checks."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Arrange for a proper definition of the <function>secure_getenv</function> "
"function. See <xref linkend=\"ex-Defensive_Coding-Tasks-secure_getenv\" />."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Use <function>secure_getenv</function> instead of "
"<function>getenv</function> to obtain the value of critical environment "
"variables. <function>secure_getenv</function> will pretend the variable has "
"not bee set if the process environment is not trusted."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Critical environment variables are debugging flags, configuration file "
"locations, plug-in and log file locations, and anything else that might be "
"used to bypass security restrictions or cause a privileged process to behave"
" in an unexpected way."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Either the <function>secure_getenv</function> function or the "
"<function>__secure_getenv</function> is available from GNU libc."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Obtaining a definition for <function>secure_getenv</function>"
msgstr ""
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"\n"
"#include &lt;stdlib.h&gt;\n"
"\n"
"#ifndef HAVE_SECURE_GETENV\n"
"# ifdef HAVE__SECURE_GETENV\n"
"# define secure_getenv __secure_getenv\n"
"# else\n"
"# error neither secure_getenv nor __secure_getenv are available\n"
"# endif\n"
"#endif\n"
"\n"
"\t"
msgstr ""
#. Tag: title
#, no-c-format
msgid "Daemons"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Background processes providing system services "
"(<emphasis>daemons</emphasis>) need to decouple themselves from the "
"controlling terminal and the parent process environment:"
msgstr ""
#. Tag: para
#, no-c-format
msgid "Fork."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"In the child process, call <function>setsid</function>. The parent process "
"can simply exit (using <function>_exit</function>, to avoid running clean-up"
" actions twice)."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"In the child process, fork again. Processing continues in the child process."
" Again, the parent process should just exit."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Replace the descriptors 0, 1, 2 with a descriptor for "
"<filename>/dev/null</filename>. Logging should be redirected to "
"<application>syslog</application>."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Older instructions for creating daemon processes recommended a call to "
"<literal>umask(0)</literal>. This is risky because it often leads to world-"
"writable files and directories, resulting in security vulnerabilities such "
"as arbitrary process termination by untrusted local users, or log file "
"truncation. If the <emphasis>umask</emphasis> needs setting, a restrictive "
"value such as <literal>027</literal> or <literal>077</literal> is "
"recommended."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Other aspects of the process environment may have to changed as well "
"(environment variables, signal handler disposition)."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"It is increasingly common that server processes do not run as background "
"processes, but as regular foreground process under a supervising master "
"process (such as <application>systemd</application>). Server processes "
"should offer a command line option which disables forking and replacement of"
" the standard output and standard error streams. Such an option is also "
"useful for debugging."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Semantics of command line arguments"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"After process creation and option processing, it is up to the child process "
"to interpret the arguments. Arguments can be file names, host names, or "
"URLs, and many other things. URLs can refer to the local network, some "
"server on the Internet, or to the local file system. Some applications even "
"accept arbitrary code in arguments (for example, "
"<application>python</application> with the <option>-c</option> option)."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Similar concerns apply to environment variables, the contents of the current"
" directory and its subdirectories."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Consequently, careful analysis is required if it is safe to pass untrusted "
"data to another program."
msgstr ""
#. Tag: title
#, no-c-format
msgid "<function>fork</function> as a primitive for parallelism"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"A call to <function>fork</function> which is not immediately followed by a "
"call to <function>execve</function> (perhaps after rearranging and closing "
"file descriptors) is typically unsafe, especially from a library which does "
"not control the state of the entire process. Such use of "
"<function>fork</function> should be replaced with proper child processes or "
"threads."
msgstr ""

513
defensive-coding/bo/Tasks/Serialization.po Normal file
View file

@ -0,0 +1,513 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:45\n"
"PO-Revision-Date: 2013-03-19 15:29+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: title
#, no-c-format
msgid "Serialization and Deserialization"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Protocol decoders and file format parsers are often the most-exposed part of"
" an application because they are exposed with little or no user interaction "
"and before any authentication and security checks are made. They are also "
"difficult to write robustly in languages which are not memory-safe."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Recommendations for manually written decoders"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"For C and C++, the advice in <xref linkend=\"sect-"
"Defensive_Coding-C-Pointers\" /> applies. In addition, avoid non-character "
"pointers directly into input buffers. Pointer misalignment causes crashes on"
" some architectures."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"When reading variable-sized objects, do not allocate large amounts of data "
"solely based on the value of a size field. If possible, grow the data "
"structure as more data is read from the source, and stop when no data is "
"available. This helps to avoid denial-of-service attacks where little "
"amounts of input data results in enormous memory allocations during "
"decoding. Alternatively, you can impose reasonable bounds on memory "
"allocations, but some protocols do not permit this."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Protocol design"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Binary formats with explicit length fields are more difficult to parse "
"robustly than those where the length of dynamically-sized elements is "
"derived from sentinel values. A protocol which does not use length fields "
"and can be written in printable ASCII characters simplifies testing and "
"debugging. However, binary protocols with length fields may be more "
"efficient to parse."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Library support for deserialization"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"For some languages, generic libraries are available which allow to serialize"
" and deserialize user-defined objects. The deserialization part comes in one"
" of two flavors, depending on the library. The first kind uses type "
"information in the data stream to control which objects are instantiated. "
"The second kind uses type definitions supplied by the programmer. The first "
"one allows arbitrary object instantiation, the second one generally does "
"not."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The following serialization frameworks are in the first category, are known "
"to be unsafe, and must not be used for untrusted data:"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Python's <package>pickle</package> and <package>cPickle</package> modules"
msgstr ""
#. Tag: para
#, no-c-format
msgid "Perl's <package>Storable</package> package"
msgstr ""
#. Tag: para
#, no-c-format
msgid "Java serialization (<type>java.io.ObjectInputStream</type>)"
msgstr ""
#. Tag: para
#, no-c-format
msgid "PHP serialization (<function>unserialize</function>)"
msgstr ""
#. Tag: para
#, no-c-format
msgid "Most implementations of YAML"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"When using a type-directed deserialization format where the types of the "
"deserialized objects are specified by the programmer, make sure that the "
"objects which can be instantiated cannot perform any destructive actions in "
"their destructors, even when the data members have been manipulated."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"JSON decoders do not suffer from this problem. But you must not use the "
"<function>eval</function> function to parse JSON objects in Javascript; even"
" with the regular expression filter from RFC 4627, there are still "
"information leaks remaining."
msgstr ""
#. Tag: title
#, no-c-format
msgid "XML serialization"
msgstr ""
#. Tag: title
#, no-c-format
msgid "External references"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"XML documents can contain external references. They can occur in various "
"places."
msgstr ""
#. Tag: para
#, no-c-format
msgid "In the DTD declaration in the header of an XML document:"
msgstr ""
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"&lt;!DOCTYPE html PUBLIC\n"
" \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n"
" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\"&gt;\n"
"\t "
msgstr ""
#. Tag: para
#, no-c-format
msgid "In a namespace declaration:"
msgstr ""
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"&lt;xsd:schema xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"&gt;\n"
"\t "
msgstr ""
#. Tag: para
#, no-c-format
msgid "In an entity defintion:"
msgstr ""
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"&lt;!ENTITY sys SYSTEM \"http://www.example.com/ent.xml\"&gt;\n"
"&lt;!ENTITY pub PUBLIC \"-//Example//Public Entity//EN\"\n"
" \"http://www.example.com/pub-ent.xml\"&gt;\n"
"\t "
msgstr ""
#. Tag: para
#, no-c-format
msgid "In a notation:"
msgstr ""
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"&lt;!NOTATION not SYSTEM \"../not.xml\"&gt;\n"
"\t "
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Originally, these external references were intended as unique identifiers, "
"but by many XML implementations, they are used for locating the data for the"
" referenced element. This causes unwanted network traffic, and may disclose "
"file system contents or otherwise unreachable network resources, so this "
"functionality should be disabled."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Depending on the XML library, external referenced might be processed not "
"just when parsing XML, but also when generating it."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Entity expansion"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"When external DTD processing is disabled, an internal DTD subset can still "
"contain entity definitions. Entity declarations can reference other "
"entities. Some XML libraries expand entities automatically, and this "
"processing cannot be switched off in some places (such as attribute values "
"or content models). Without limits on the entity nesting level, this "
"expansion results in data which can grow exponentially in length with size "
"of the input. (If there is a limit on the nesting level, the growth is still"
" polynomial, unless further limits are imposed.)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Consequently, the processing internal DTD subsets should be disabled if "
"possible, and only trusted DTDs should be processed. If a particular XML "
"application does not permit such restrictions, then application-specific "
"limits are called for."
msgstr ""
#. Tag: title
#, no-c-format
msgid "XInclude processing"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"XInclude processing can reference file and network resources and include "
"them into the document, much like external entity references. When parsing "
"untrusted XML documents, XInclude processing should be truned off."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"XInclude processing is also fairly complex and may pull in support for the "
"XPointer and XPath specifications, considerably increasing the amount of "
"code required for XML processing."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Algorithmic complexity of XML validation"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"DTD-based XML validation uses regular expressions for content models. The "
"XML specification requires that content models are deterministic, which "
"means that efficient validation is possible. However, some implementations "
"do not enforce determinism, and require exponential (or just polynomial) "
"amount of space or time for validating some DTD/document combinations."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"XML schemas and RELAX NG (via the <literal>xsd:</literal> prefix) directly "
"support textual regular expressions which are not required to be "
"deterministic."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Using Expat for XML parsing"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"By default, Expat does not try to resolve external IDs, so no steps are "
"required to block them. However, internal entity declarations are processed."
" Installing a callback which stops parsing as soon as such entities are "
"encountered disables them, see <xref linkend=\"ex-Defensive_Coding-Tasks-"
"Serialization-XML-Expat-EntityDeclHandler\" />. Expat does not perform any "
"validation, so there are no problems related to that."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Disabling XML entity processing with Expat"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"This handler must be installed when the <literal>XML_Parser</literal> object"
" is created (<xref linkend=\"ex-Defensive_Coding-Tasks-Serialization-XML-"
"Expat-Create\" />)."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Creating an Expat XML parser"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"It is also possible to reject internal DTD subsets altogeher, using a "
"suitable <literal>XML_StartDoctypeDeclHandler</literal> handler installed "
"with <function>XML_SetDoctypeDeclHandler</function>."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Using OpenJDK for XML parsing and validation"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"OpenJDK contains facilities for DOM-based, SAX-based, and StAX-based "
"document parsing. Documents can be validated against DTDs or XML schemas."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The approach taken to deal with entity expansion differs from the general "
"recommendation in <xref linkend=\"sect-Defensive_Coding-Tasks-Serialization-"
"XML-Entities\" />. We enable the the feature flag "
"<literal>javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING</literal>, which "
"enforces heuristic restrictions on the number of entity expansions. Note "
"that this flag alone does not prevent resolution of external references "
"(system IDs or public IDs), so it is slightly misnamed."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"In the following sections, we use helper classes to prevent external ID "
"resolution."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Helper class to prevent DTD external entity resolution in OpenJDK"
msgstr ""
#. Tag: title
#, no-c-format
msgid "Helper class to prevent schema resolution in OpenJDK"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<xref linkend=\"ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-"
"Imports\" /> shows the imports used by the examples."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Java imports for OpenJDK XML parsing"
msgstr ""
#. Tag: title
#, no-c-format
msgid "DOM-based XML parsing and DTD validation in OpenJDK"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"This approach produces a <literal>org.w3c.dom.Document</literal> object from"
" an input stream. <xref linkend=\"ex-Defensive_Coding-Tasks-Serialization-"
"XML-OpenJDK_Parse-DOM\" /> use the data from the "
"<literal>java.io.InputStream</literal> instance in the "
"<literal>inputStream</literal> variable."
msgstr ""
#. Tag: title
#, no-c-format
msgid "DOM-based XML parsing in OpenJDK"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"External entity references are prohibited using the "
"<literal>NoEntityResolver</literal> class in <xref linkend=\"ex-"
"Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoEntityResolver\" />. "
"Because external DTD references are prohibited, DTD validation (if enabled) "
"will only happen against the internal DTD subset embedded in the XML "
"document."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"To validate the document against an external DTD, use a "
"<literal>javax.xml.transform.Transformer</literal> class to add the DTD "
"reference to the document, and an entity resolver which whitelists this "
"external reference."
msgstr ""
#. Tag: title
#, no-c-format
msgid "XML Schema validation in OpenJDK"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<xref linkend=\"ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-"
"XMLSchema_SAX\" /> shows how to validate a document against an XML Schema, "
"using a SAX-based approach. The XML data is read from an "
"<literal>java.io.InputStream</literal> in the <literal>inputStream</literal>"
" variable."
msgstr ""
#. Tag: title
#, no-c-format
msgid "SAX-based validation against an XML schema in OpenJDK"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The <literal>NoResourceResolver</literal> class is defined in <xref linkend"
"=\"ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoResourceResolver\" "
"/>."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"If you need to validate a document against an XML schema, use the code in "
"<xref linkend=\"ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-"
"DOM\" /> to create the document, but do not enable validation at this point."
" Then use <xref linkend=\"ex-Defensive_Coding-Tasks-Serialization-XML-"
"OpenJDK_Parse-XMLSchema_DOM\" /> to perform the schema-based validation on "
"the <literal>org.w3c.dom.Document</literal> instance "
"<literal>document</literal>."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Validation of a DOM document against an XML schema in OpenJDK"
msgstr ""
#. Tag: title
#, no-c-format
msgid "Protocol Encoders"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"For protocol encoders, you should write bytes to a buffer which grows as "
"needed, using an exponential sizing policy. Explicit lengths can be patched "
"in later, once they are known. Allocating the required number of bytes "
"upfront typically requires separate code to compute the final size, which "
"must be kept in sync with the actual encoding step, or vulnerabilities may "
"result. In multi-threaded code, parts of the object being deserialized might"
" change, so that the computed size is out of date."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"You should avoid copying data directly from a received packet during "
"encoding, disregarding the format. Propagating malformed data could enable "
"attacks on other recipients of that data."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"When using C or C++ and copying whole data structures directly into the "
"output, make sure that you do not leak information in padding bytes between "
"fields or at the end of the <literal>struct</literal>."
msgstr ""

309
defensive-coding/bo/Tasks/Temporary_Files.po Normal file
View file

@ -0,0 +1,309 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:45\n"
"PO-Revision-Date: 2013-03-19 15:29+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: title
#, no-c-format
msgid "Temporary files"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"In this chapter, we describe how to create temporary files and directories, "
"how to remove them, and how to work with programs which do not create files "
"in ways that a safe with a shared directory for temporary files. General "
"file system manipulation is treated in a separate chapter, <xref linkend"
"=\"chap-Defensive_Coding-Tasks-File_System\" />."
msgstr ""
#. Tag: para
#, no-c-format
msgid "Secure creation of temporary files has four different aspects."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The location of the directory for temporary files must be obtained in a "
"secure manner (that is, untrusted environment variables must be ignored, see"
" <xref linkend=\"sect-Defensive_Coding-Tasks-secure_getenv\" />)."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"A new file must be created. Reusing an existing file must be avoided (the "
"<filename class=\"directory\">/tmp</filename> race condition). This is "
"tricky because traditionally, system-wide temporary directories shared by "
"all users are used."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The file must be created in a way that makes it impossible for other users "
"to open it."
msgstr ""
#. Tag: para
#, no-c-format
msgid "The descriptor for the temporary file should not leak to subprocesses."
msgstr ""
#. Tag: para
#, no-c-format
msgid "All functions mentioned below will take care of these aspects."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Traditionally, temporary files are often used to reduce memory usage of "
"programs. More and more systems use RAM-based file systems such as "
"<literal>tmpfs</literal> for storing temporary files, to increase "
"performance and decrease wear on Flash storage. As a result, spooling data "
"to temporary files does not result in any memory savings, and the related "
"complexity can be avoided if the data is kept in process memory."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Obtaining the location of temporary directory"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Some functions below need the location of a directory which stores temporary"
" files. For C/C++ programs, use the following steps to obtain that "
"directory:"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Use <function>secure_getenv</function> to obtain the value of the "
"<literal>TMPDIR</literal> environment variable. If it is set, convert the "
"path to a fully-resolved absolute path, using <literal>realpath(path, "
"NULL)</literal>. Check if the new path refers to a directory and is "
"writeable. In this case, use it as the temporary directory."
msgstr ""
#. Tag: para
#, no-c-format
msgid "Fall back to <filename class=\"directory\">/tmp</filename>."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"In Python, you can use the <varname>tempfile.tempdir</varname> variable."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Java does not support SUID/SGID programs, so you can use the "
"<function>java.lang.System.getenv(String)</function> method to obtain the "
"value of the <literal>TMPDIR</literal> environment variable, and follow the "
"two steps described above. (Java's default directory selection does not "
"honor <literal>TMPDIR</literal>.)"
msgstr ""
#. Tag: title
#, no-c-format
msgid "Named temporary files"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The <function>mkostemp</function> function creates a named temporary file. "
"You should specify the <literal>O_CLOEXEC</literal> flag to avoid file "
"descriptor leaks to subprocesses. (Applications which do not use multiple "
"threads can also use <function>mkstemp</function>, but libraries should use "
"<function>mkostemp</function>.) For determining the directory part of the "
"file name pattern, see <xref linkend=\"chap-Defensive_Coding-Tasks-"
"Temporary_Files-Location\" />."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The file is not removed automatically. It is not safe to rename or delete "
"the file before processing, or transform the name in any way (for example, "
"by adding a file extension). If you need multiple temporary files, call "
"<function>mkostemp</function> multiple times. Do not create additional file "
"names derived from the name provided by a previous "
"<function>mkostemp</function> call. However, it is safe to close the "
"descriptor returned by <function>mkostemp</function> and reopen the file "
"using the generated name."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The Python class <literal>tempfile.NamedTemporaryFile</literal> provides "
"similar functionality, except that the file is deleted automatically by "
"default. Note that you may have to use the <literal>file</literal> attribute"
" to obtain the actual file object because some programming interfaces cannot"
" deal with file-like objects. The C function <function>mkostemp</function> "
"is also available as <function>tempfile.mkstemp</function>."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"In Java, you can use the <function>java.io.File.createTempFile(String, "
"String, File)</function> function, using the temporary file location "
"determined according to <xref linkend=\"chap-Defensive_Coding-Tasks-"
"Temporary_Files-Location\" />. Do not use "
"<function>java.io.File.deleteOnExit()</function> to delete temporary files, "
"and do not register a shutdown hook for each temporary file you create. In "
"both cases, the deletion hint cannot be removed from the system if you "
"delete the temporary file prior to termination of the VM, causing a memory "
"leak."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Temporary files without names"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The <function>tmpfile</function> function creates a temporary file and "
"immediately deletes it, while keeping the file open. As a result, the file "
"lacks a name and its space is deallocated as soon as the file descriptor is "
"closed (including the implicit close when the process terminates). This "
"avoids cluttering the temporary directory with orphaned files."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Alternatively, if the maximum size of the temporary file is known "
"beforehand, the <function>fmemopen</function> function can be used to create"
" a <literal>FILE *</literal> object which is backed by memory."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"In Python, unnamed temporary files are provided by the "
"<literal>tempfile.TemporaryFile</literal> class, and the "
"<literal>tempfile.SpooledTemporaryFile</literal> class provides a way to "
"avoid creation of small temporary files."
msgstr ""
#. Tag: para
#, no-c-format
msgid "Java does not support unnamed temporary files."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Temporary directories"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The <function>mkdtemp</function> function can be used to create a temporary "
"directory. (For determining the directory part of the file name pattern, see"
" <xref linkend=\"chap-Defensive_Coding-Tasks-Temporary_Files-Location\" />.)"
" The directory is not automatically removed. In Python, this function is "
"available as <function>tempfile.mkdtemp</function>. In Java 7, temporary "
"directories can be created using the "
"<function>java.nio.file.Files.createTempDirectory(Path, String, "
"FileAttribute...)</function> function."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"When creating files in the temporary directory, use automatically generated "
"names, e.g., derived from a sequential counter. Files with externally "
"provided names could be picked up in unexpected contexts, and crafted names "
"could actually point outside of the tempoary directory (due to "
"<emphasis>directory traversal</emphasis>)."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Removing a directory tree in a completely safe manner is complicated. Unless"
" there are overriding performance concerns, the "
"<application>rm</application> program should be used, with the "
"<option>-rf</option> and <option>--</option> options."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Compensating for unsafe file creation"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"There are two ways to make a function or program which excepts a file name "
"safe for use with temporary files. See <xref linkend=\"sect-"
"Defensive_Coding-Tasks-Processes-Creation\" />, for details on subprocess "
"creation."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Create a temporary directory and place the file there. If possible, run the "
"program in a subprocess which uses the temporary directory as its current "
"directory, with a restricted environment. Use generated names for all files "
"in that temporary directory. (See <xref linkend=\"chap-Defensive_Coding-"
"Tasks-Temporary_Directory\" />.)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Create the temporary file and pass the generated file name to the function "
"or program. This only works if the function or program can cope with a zero-"
"length existing file. It is safe only under additional assumptions:"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The function or program must not create additional files whose name is "
"derived from the specified file name or are otherwise predictable."
msgstr ""
#. Tag: para
#, no-c-format
msgid "The function or program must not delete the file before processing it."
msgstr ""
#. Tag: para
#, no-c-format
msgid "It must not access any existing files in the same directory."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"It is often difficult to check whether these additional assumptions are "
"matched, therefore this approach is not recommended."
msgstr ""

33
defensive-coding/bo/Tasks/snippets/Serialization-XML-Expat-Create.po Normal file
View file

@ -0,0 +1,33 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:45\n"
"PO-Revision-Date: 2013-03-19 15:29+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"XML_Parser parser = XML_ParserCreate(\"UTF-8\");\n"
"if (parser == NULL) {\n"
" fprintf(stderr, \"XML_ParserCreate failed\n"
"\");\n"
" close(fd);\n"
" exit(1);\n"
"}\n"
"// EntityDeclHandler needs a reference to the parser to stop\n"
"// parsing.\n"
"XML_SetUserData(parser, parser);\n"
"// Disable entity processing, to inhibit entity expansion.\n"
"XML_SetEntityDeclHandler(parser, EntityDeclHandler);\n"
msgstr ""

31
defensive-coding/bo/Tasks/snippets/Serialization-XML-Expat-EntityDeclHandler.po Normal file
View file

@ -0,0 +1,31 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:45\n"
"PO-Revision-Date: 2013-03-19 15:30+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"// Stop the parser when an entity declaration is encountered.\n"
"static void\n"
"EntityDeclHandler(void *userData,\n"
"\t\t const XML_Char *entityName, int is_parameter_entity,\n"
"\t\t const XML_Char *value, int value_length,\n"
"\t\t const XML_Char *base, const XML_Char *systemId,\n"
"\t\t const XML_Char *publicId, const XML_Char *notationName)\n"
"{\n"
" XML_StopParser((XML_Parser)userData, XML_FALSE);\n"
"}\n"
msgstr ""

37
defensive-coding/bo/Tasks/snippets/Serialization-XML-OpenJDK-Errors.po Normal file
View file

@ -0,0 +1,37 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:45\n"
"PO-Revision-Date: 2013-03-19 15:29+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"class Errors implements ErrorHandler {\n"
" @Override\n"
" public void warning(SAXParseException exception) {\n"
" exception.printStackTrace();\n"
" }\n"
" \n"
" @Override\n"
" public void fatalError(SAXParseException exception) {\n"
" exception.printStackTrace();\n"
" }\n"
" \n"
" @Override\n"
" public void error(SAXParseException exception) {\n"
" exception.printStackTrace();\n"
" }\n"
"}\n"
msgstr ""

42
defensive-coding/bo/Tasks/snippets/Serialization-XML-OpenJDK-Imports.po Normal file
View file

@ -0,0 +1,42 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:45\n"
"PO-Revision-Date: 2013-03-19 15:30+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"import javax.xml.XMLConstants;\n"
"import javax.xml.parsers.DocumentBuilder;\n"
"import javax.xml.parsers.DocumentBuilderFactory;\n"
"import javax.xml.parsers.ParserConfigurationException;\n"
"import javax.xml.parsers.SAXParser;\n"
"import javax.xml.parsers.SAXParserFactory;\n"
"import javax.xml.transform.dom.DOMSource;\n"
"import javax.xml.transform.sax.SAXSource;\n"
"import javax.xml.validation.Schema;\n"
"import javax.xml.validation.SchemaFactory;\n"
"import javax.xml.validation.Validator;\n"
"\n"
"import org.w3c.dom.Document;\n"
"import org.w3c.dom.ls.LSInput;\n"
"import org.w3c.dom.ls.LSResourceResolver;\n"
"import org.xml.sax.EntityResolver;\n"
"import org.xml.sax.ErrorHandler;\n"
"import org.xml.sax.InputSource;\n"
"import org.xml.sax.SAXException;\n"
"import org.xml.sax.SAXParseException;\n"
"import org.xml.sax.XMLReader;\n"
msgstr ""

30
defensive-coding/bo/Tasks/snippets/Serialization-XML-OpenJDK-NoEntityResolver.po Normal file
View file

@ -0,0 +1,30 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:45\n"
"PO-Revision-Date: 2013-03-19 15:30+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"class NoEntityResolver implements EntityResolver {\n"
" @Override\n"
" public InputSource resolveEntity(String publicId, String systemId)\n"
" throws SAXException, IOException {\n"
" // Throwing an exception stops validation.\n"
" throw new IOException(String.format(\n"
" \"attempt to resolve \\\"%s\\\" \\\"%s\\\"\", publicId, systemId));\n"
" }\n"
"}\n"
msgstr ""

32
defensive-coding/bo/Tasks/snippets/Serialization-XML-OpenJDK-NoResourceResolver.po Normal file
View file

@ -0,0 +1,32 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:45\n"
"PO-Revision-Date: 2013-03-19 15:29+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"class NoResourceResolver implements LSResourceResolver {\n"
" @Override\n"
" public LSInput resolveResource(String type, String namespaceURI,\n"
" String publicId, String systemId, String baseURI) {\n"
" // Throwing an exception stops validation.\n"
" throw new RuntimeException(String.format(\n"
" \"resolution attempt: type=%s namespace=%s \" +\n"
" \"publicId=%s systemId=%s baseURI=%s\",\n"
" type, namespaceURI, publicId, systemId, baseURI));\n"
" }\n"
"}\n"
msgstr ""

34
defensive-coding/bo/Tasks/snippets/Serialization-XML-OpenJDK_Parse-DOM.po Normal file
View file

@ -0,0 +1,34 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:45\n"
"PO-Revision-Date: 2013-03-19 15:29+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();\n"
"// Impose restrictions on the complexity of the DTD.\n"
"factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);\n"
"\n"
"// Turn on validation.\n"
"// This step can be omitted if validation is not desired.\n"
"factory.setValidating(true);\n"
"\n"
"// Parse the document.\n"
"DocumentBuilder builder = factory.newDocumentBuilder();\n"
"builder.setEntityResolver(new NoEntityResolver());\n"
"builder.setErrorHandler(new Errors());\n"
"Document document = builder.parse(inputStream);\n"
msgstr ""

38
defensive-coding/bo/Tasks/snippets/Serialization-XML-OpenJDK_Parse-XMLSchema_DOM.po Normal file
View file

@ -0,0 +1,38 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:45\n"
"PO-Revision-Date: 2013-03-19 15:29+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"SchemaFactory factory = SchemaFactory.newInstance(\n"
" XMLConstants.W3C_XML_SCHEMA_NS_URI);\n"
"\n"
"// This enables restrictions on schema complexity.\n"
"factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);\n"
"\n"
"// The following line prevents resource resolution\n"
"// by the schema itself.\n"
"factory.setResourceResolver(new NoResourceResolver());\n"
"\n"
"Schema schema = factory.newSchema(schemaFile);\n"
"\n"
"Validator validator = schema.newValidator();\n"
"\n"
"// This prevents external resource resolution.\n"
"validator.setResourceResolver(new NoResourceResolver());\n"
"validator.validate(new DOMSource(document));\n"
msgstr ""

41
defensive-coding/bo/Tasks/snippets/Serialization-XML-OpenJDK_Parse-XMLSchema_SAX.po Normal file
View file

@ -0,0 +1,41 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:45\n"
"PO-Revision-Date: 2013-03-19 15:29+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: bo\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"SchemaFactory factory = SchemaFactory.newInstance(\n"
" XMLConstants.W3C_XML_SCHEMA_NS_URI);\n"
"\n"
"// This enables restrictions on the schema and document\n"
"// complexity.\n"
"factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);\n"
"\n"
"// This prevents resource resolution by the schema itself.\n"
"// If the schema is trusted and references additional files,\n"
"// this line must be omitted, otherwise loading these files\n"
"// will fail.\n"
"factory.setResourceResolver(new NoResourceResolver());\n"
"\n"
"Schema schema = factory.newSchema(schemaFile);\n"
"Validator validator = schema.newValidator();\n"
"\n"
"// This prevents external resource resolution.\n"
"validator.setResourceResolver(new NoResourceResolver());\n"
"\n"
"validator.validate(new SAXSource(new InputSource(inputStream)));\n"
msgstr ""

35
defensive-coding/cs-CZ/Author_Group.po Normal file
View file

@ -0,0 +1,35 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-12 04:18+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Czech (http://www.transifex.com/projects/p/fedora/language/cs/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: cs\n"
"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
#. Tag: firstname
#, no-c-format
msgid "Florian"
msgstr ""
#. Tag: surname
#, no-c-format
msgid "Weimer"
msgstr ""
#. Tag: orgname
#, no-c-format
msgid "Red Hat"
msgstr ""
#. Tag: orgdiv
#, no-c-format
msgid "Product Security Team"
msgstr ""

38
defensive-coding/cs-CZ/Book_Info.po Normal file
View file

@ -0,0 +1,38 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-12 04:19+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Czech (http://www.transifex.com/projects/p/fedora/language/cs/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: cs\n"
"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
#. Tag: title
#, no-c-format
msgid "Defensive Coding"
msgstr ""
#. Tag: subtitle
#, no-c-format
msgid "A Guide to Improving Software Security"
msgstr ""
#. Tag: productname
#, no-c-format
msgid "Fedora Security Team"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"This document provides guidelines for improving software security through "
"secure coding. It covers common programming languages and libraries, and "
"focuses on concrete recommendations."
msgstr ""

265
defensive-coding/cs-CZ/C/Allocators.po Normal file
View file

@ -0,0 +1,265 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:30+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Czech (http://www.transifex.com/projects/p/fedora/language/cs/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: cs\n"
"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
#. Tag: title
#, no-c-format
msgid "Memory allocators"
msgstr ""
#. Tag: title
#, no-c-format
msgid "<function>malloc</function> and related functions"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The C library interfaces for memory allocation are provided by "
"<function>malloc</function>, <function>free</function> and "
"<function>realloc</function>, and the <function>calloc</function> function. "
"In addition to these generic functions, there are derived functions such as "
"<function>strdup</function> which perform allocation using "
"<function>malloc</function> internally, but do not return untyped heap "
"memory (which could be used for any object)."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The C compiler knows about these functions and can use their expected "
"behavior for optimizations. For instance, the compiler assumes that an "
"existing pointer (or a pointer derived from an existing pointer by "
"arithmetic) will not point into the memory area returned by "
"<function>malloc</function>."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"If the allocation fails, <function>realloc</function> does not free the old "
"pointer. Therefore, the idiom <literal>ptr = realloc(ptr, size);</literal> "
"is wrong because the memory pointed to by <literal>ptr</literal> leaks in "
"case of an error."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Use-after-free errors"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"After <function>free</function>, the pointer is invalid. Further pointer "
"dereferences are not allowed (and are usually detected by "
"<application>valgrind</application>). Less obvious is that any "
"<emphasis>use</emphasis> of the old pointer value is not allowed, either. In"
" particular, comparisons with any other pointer (or the null pointer) are "
"undefined according to the C standard."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The same rules apply to <function>realloc</function> if the memory area "
"cannot be enlarged in-place. For instance, the compiler may assume that a "
"comparison between the old and new pointer will always return false, so it "
"is impossible to detect movement this way."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Handling memory allocation errors"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Recovering from out-of-memory errors is often difficult or even impossible. "
"In these cases, <function>malloc</function> and other allocation functions "
"return a null pointer. Dereferencing this pointer lead to a crash. Such "
"dereferences can even be exploitable for code execution if the dereference "
"is combined with an array subscript."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"In general, if you cannot check all allocation calls and handle failure, you"
" should abort the program on allocation failure, and not rely on the null "
"pointer dereference to terminate the process. See <xref linkend=\"sect-"
"Defensive_Coding-Tasks-Serialization-Decoders\" /> for related memory "
"allocation concerns."
msgstr ""
#. Tag: title
#, no-c-format
msgid "<function>alloca</function> and other forms of stack-based allocation"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Allocation on the stack is risky because stack overflow checking is "
"implicit. There is a guard page at the end of the memory area reserved for "
"the stack. If the program attempts to read from or write to this guard page,"
" a <literal>SIGSEGV</literal> signal is generated and the program typically "
"terminates."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"This is sufficient for detecting typical stack overflow situations such as "
"unbounded recursion, but it fails when the stack grows in increments larger "
"than the size of the guard page. In this case, it is possible that the stack"
" pointer ends up pointing into a memory area which has been allocated for a "
"different purposes. Such misbehavior can be exploitable."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"A common source for large stack growth are calls to "
"<function>alloca</function> and related functions such as "
"<function>strdupa</function>. These functions should be avoided because of "
"the lack of error checking. (They can be used safely if the allocated size "
"is less than the page size (typically, 4096 bytes), but this case is "
"relatively rare.) Additionally, relying on <function>alloca</function> makes"
" it more difficult to reorgnize the code because it is not allowed to use "
"the pointer after the function calling <function>alloca</function> has "
"returned, even if this function has been inlined into its caller."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Similar concerns apply to <emphasis>variable-length arrays</emphasis> "
"(VLAs), a feature of the C99 standard which started as a GNU extension. For "
"large objects exceeding the page size, there is no error checking, either."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"In both cases, negative or very large sizes can trigger a stack-pointer "
"wraparound, and the stack pointer and end up pointing into caller stack "
"frames, which is fatal and can be exploitable."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"If you want to use <function>alloca</function> or VLAs for performance "
"reasons, consider using a small on-stack array (less than the page size, "
"large enough to fulfill most requests). If the requested size is small "
"enough, use the on-stack array. Otherwise, call <function>malloc</function>."
" When exiting the function, check if <function>malloc</function> had been "
"called, and free the buffer as needed."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Array allocation"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"When allocating arrays, it is important to check for overflows. The "
"<function>calloc</function> function performs such checks."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"If <function>malloc</function> or <function>realloc</function> is used, the "
"size check must be written manually. For instance, to allocate an array of "
"<literal>n</literal> elements of type <literal>T</literal>, check that the "
"requested size is not greater than <literal>n / sizeof(T)</literal>."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Custom memory allocators"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Custom memory allocates come in two forms: replacements for "
"<function>malloc</function>, and completely different interfaces for memory "
"management. Both approaches can reduce the effectiveness of "
"<application>valgrind</application> and similar tools, and the heap "
"corruption detection provided by GNU libc, so they should be avoided."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Memory allocators are difficult to write and contain many performance and "
"security pitfalls."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"When computing array sizes or rounding up allocation requests (to the next "
"allocation granularity, or for alignment purposes), checks for arithmetic "
"overflow are required."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Size computations for array allocations need overflow checking. See <xref "
"linkend=\"sect-Defensive_Coding-C-Allocators-Arrays\" />."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"It can be difficult to beat well-tuned general-purpose allocators. In micro-"
"benchmarks, pool allocators can show huge wins, and size-specific pools can "
"reduce internal fragmentation. But often, utilization of individual pools is"
" poor, and"
msgstr ""
#. Tag: title
#, no-c-format
msgid "Conservative garbage collection"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Garbage collection can be an alternative to explicit memory management using"
" <function>malloc</function> and <function>free</function>. The Boehm-"
"Dehmers-Weiser allocator can be used from C programs, with minimal type "
"annotations. Performance is competitive with <function>malloc</function> on "
"64-bit architectures, especially for multi-threaded programs. The stop-the-"
"world pauses may be problematic for some real-time applications, though."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"However, using a conservative garbage collector may reduce opertunities for "
"code reduce because once one library in a program uses garbage collection, "
"the whole process memory needs to be subject to it, so that no pointers are "
"missed. The Boehm-Dehmers-Weiser collector also reserves certain signals for"
" internal use, so it is not fully transparent to the rest of the program."
msgstr ""

20
defensive-coding/cs-CZ/C/C.po Normal file
View file

@ -0,0 +1,20 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:30+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Czech (http://www.transifex.com/projects/p/fedora/language/cs/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: cs\n"
"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
#. Tag: title
#, no-c-format
msgid "The C Programming Language"
msgstr ""

278
defensive-coding/cs-CZ/C/Libc.po Normal file
View file

@ -0,0 +1,278 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:30+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Czech (http://www.transifex.com/projects/p/fedora/language/cs/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: cs\n"
"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
#. Tag: title
#, no-c-format
msgid "The C standard library"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Parts of the C standard library (and the UNIX and GNU extensions) are "
"difficult to use, so you shoud avoid them."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Please check the applicable documentation before using the recommended "
"replacements. Many of these functions allocate buffers using "
"<function>malloc</function> which your code must deallocate explicitly using"
" <function>free</function>."
msgstr ""
#. Tag: title
#, no-c-format
msgid "Absolutely banned interfaces"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The functions listed below must not be used because they are almost always "
"unsafe. Use the indicated replacements instead."
msgstr ""
#. Tag: para
#, no-c-format
msgid "<function>gets</function> ⟶ <function>fgets</function>"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<function>getwd</function> ⟶ <function>getcwd</function> or "
"<function>get_current_dir_name</function>"
msgstr ""
#. Tag: para
#, no-c-format
msgid "<function>readdir_r</function> ⟶ <function>readdir</function>"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<function>realpath</function> (with a non-NULL second parameter) ⟶ "
"<function>realpath</function> with NULL as the second parameter, or "
"<function>canonicalize_file_name</function>"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The constants listed below must not be used, either. Instead, code must "
"allocate memory dynamically and use interfaces with length checking."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<literal>NAME_MAX</literal> (limit not actually enforced by the kernel)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<literal>PATH_MAX</literal> (limit not actually enforced by the kernel)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<literal>_PC_NAME_MAX</literal> (This limit, returned by the "
"<function>pathconf</function> function, is not enforced by the kernel.)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<literal>_PC_PATH_MAX</literal> (This limit, returned by the "
"<function>pathconf</function> function, is not enforced by the kernel.)"
msgstr ""
#. Tag: para
#, no-c-format
msgid "The following structure members must not be used."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<literal>f_namemax</literal> in <literal>struct statvfs</literal> (limit not"
" actually enforced by the kernel, see <literal>_PC_NAME_MAX</literal> above)"
msgstr ""
#. Tag: title
#, no-c-format
msgid "Functions to avoid"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The following string manipulation functions can be used securely in "
"principle, but their use should be avoided because they are difficult to use"
" correctly. Calls to these functions can be replaced with "
"<function>asprintf</function> or <function>vasprintf</function>. (For non-"
"GNU targets, these functions are available from Gnulib.) In some cases, the "
"<function>snprintf</function> function might be a suitable replacement, see "
"<xref linkend=\"sect-Defensive_Coding-C-String-Functions-Length\" />."
msgstr ""
#. Tag: para
#, no-c-format
msgid "<function>sprintf</function>"
msgstr ""
#. Tag: para
#, no-c-format
msgid "<function>strcat</function>"
msgstr ""
#. Tag: para
#, no-c-format
msgid "<function>strcpy</function>"
msgstr ""
#. Tag: para
#, no-c-format
msgid "<function>vsprintf</function>"
msgstr ""
#. Tag: para
#, no-c-format
msgid "Use the indicated replacements for the functions below."
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<function>alloca</function> ⟶ <function>malloc</function> and "
"<function>free</function> (see <xref linkend=\"sect-Defensive_Coding-C"
"-Allocators-alloca\" />)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<function>putenv</function> ⟶ explicit <varname>envp</varname> argument in "
"process creation (see <xref linkend=\"sect-Defensive_Coding-Tasks-Processes-"
"environ\" />)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<function>setenv</function> ⟶ explicit <varname>envp</varname> argument in "
"process creation (see <xref linkend=\"sect-Defensive_Coding-Tasks-Processes-"
"environ\" />)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<function>strdupa</function> ⟶ <function>strdup</function> and "
"<function>free</function> (see <xref linkend=\"sect-Defensive_Coding-C"
"-Allocators-alloca\" />)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<function>strndupa</function> ⟶ <function>strndup</function> and "
"<function>free</function> (see <xref linkend=\"sect-Defensive_Coding-C"
"-Allocators-alloca\" />)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<function>system</function> ⟶ <function>posix_spawn</function> or "
"<function>fork</function>/<function>execve</function>/ (see <xref linkend"
"=\"sect-Defensive_Coding-Tasks-Processes-execve\" />)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"<function>unsetenv</function> ⟶ explicit <varname>envp</varname> argument in"
" process creation (see <xref linkend=\"sect-Defensive_Coding-Tasks-"
"Processes-environ\" />)"
msgstr ""
#. Tag: title
#, no-c-format
msgid "String Functions With Explicit Length Arguments"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The <function>snprintf</function> function provides a way to construct a "
"string in a statically-sized buffer. (If the buffer size is dynamic, use "
"<function>asprintf</function> instead.)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"The second argument to the <function>snprintf</function> should always be "
"the size of the buffer in the first argument (which should be a character "
"array). Complex pointer and length arithmetic can introduce errors and "
"nullify the security benefits of <function>snprintf</function>. If you need "
"to construct a string iteratively, by repeatedly appending fragments, "
"consider constructing the string on the heap, increasing the buffer with "
"<function>realloc</function> as needed. (<function>snprintf</function> does "
"not support overlapping the result buffer with argument strings.)"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"If you use <function>vsnprintf</function> (or <function>snprintf</function>)"
" with a format string which is not a constant, but a function argument, it "
"is important to annotate the function with a <literal>format</literal> "
"function attribute, so that GCC can warn about misuse of your function (see "
"<xref linkend=\"ex-Defensive_Coding-C-String-Functions-format-Attribute\" "
"/>)."
msgstr ""
#. Tag: title
#, no-c-format
msgid "The <literal>format</literal> function attribute"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"There are other functions which operator on NUL-terminated strings and take "
"a length argument which affects the number of bytes written to the "
"destination: <function>strncpy</function>, <function>strncat</function>, and"
" <function>stpncpy</function>. These functions do not ensure that the result"
" string is NUL-terminated. For <function>strncpy</function>, NUL termination"
" can be added this way:"
msgstr ""
#. Tag: para
#, no-c-format
msgid ""
"Some systems support <function>strlcpy</function> and "
"<function>strlcat</function> functions which behave this way, but these "
"functions are not part of GNU libc. Using <function>snprintf</function> with"
" a suitable format string is a simple (albeit slightly slower) replacement."
msgstr ""

36
defensive-coding/cs-CZ/C/snippets/Arithmetic-add.po Normal file
View file

@ -0,0 +1,36 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:30+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Czech (http://www.transifex.com/projects/p/fedora/language/cs/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: cs\n"
"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"void report_overflow(void);\n"
"\n"
"int\n"
"add(int a, int b)\n"
"{\n"
" int result = a + b;\n"
" if (a &lt; 0 || b &lt; 0) {\n"
" return -1;\n"
" }\n"
" // The compiler can optimize away the following if statement.\n"
" if (result &lt; 0) {\n"
" report_overflow();\n"
" }\n"
" return result;\n"
"}\n"
msgstr ""

29
defensive-coding/cs-CZ/C/snippets/Arithmetic-mult.po Normal file
View file

@ -0,0 +1,29 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:30+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Czech (http://www.transifex.com/projects/p/fedora/language/cs/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: cs\n"
"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"unsigned\n"
"mul(unsigned a, unsigned b)\n"
"{\n"
" if (b &amp;&amp; a &gt; ((unsigned)-1) / b) {\n"
" report_overflow();\n"
" }\n"
" return a * b;\n"
"}\n"
msgstr ""

64
defensive-coding/cs-CZ/C/snippets/Pointers-remaining.po Normal file
View file

@ -0,0 +1,64 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:30+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Czech (http://www.transifex.com/projects/p/fedora/language/cs/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: cs\n"
"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"ssize_t\n"
"extract_strings(const char *in, size_t inlen, char **out, size_t outlen)\n"
"{\n"
" const char *inp = in;\n"
" const char *inend = in + inlen;\n"
" char **outp = out;\n"
" char **outend = out + outlen;\n"
"\n"
" while (inp != inend) {\n"
" size_t len;\n"
" char *s;\n"
" if (outp == outend) {\n"
" errno = ENOSPC;\n"
" goto err;\n"
" }\n"
" len = (unsigned char)*inp;\n"
" ++inp;\n"
" if (len &gt; (size_t)(inend - inp)) {\n"
" errno = EINVAL;\n"
" goto err;\n"
" }\n"
" s = malloc(len + 1);\n"
" if (s == NULL) {\n"
" goto err;\n"
" }\n"
" memcpy(s, inp, len);\n"
" inp += len;\n"
" s[len] = '\\0';\n"
" *outp = s;\n"
" ++outp;\n"
" }\n"
" return outp - out;\n"
"err:\n"
" {\n"
" int errno_old = errno;\n"
" while (out != outp) {\n"
" free(*out);\n"
" ++out;\n"
" }\n"
" errno = errno_old;\n"
" }\n"
" return -1;\n"
"}\n"
msgstr ""

33
defensive-coding/cs-CZ/C/snippets/String-Functions-format.po Normal file
View file

@ -0,0 +1,33 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:30+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Czech (http://www.transifex.com/projects/p/fedora/language/cs/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: cs\n"
"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"void log_format(const char *format, ...) __attribute__((format(printf, 1, 2)));\n"
"\n"
"void\n"
"log_format(const char *format, ...)\n"
"{\n"
" char buf[1000];\n"
" va_list ap;\n"
" va_start(ap, format);\n"
" vsnprintf(buf, sizeof(buf), format, ap);\n"
" va_end(ap);\n"
" log_string(buf);\n"
"}\n"
msgstr ""

23
defensive-coding/cs-CZ/C/snippets/String-Functions-snprintf.po Normal file
View file

@ -0,0 +1,23 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:30+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Czech (http://www.transifex.com/projects/p/fedora/language/cs/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: cs\n"
"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"char fraction[30];\n"
"snprintf(fraction, sizeof(fraction), \"%d/%d\", numerator, denominator);\n"
msgstr ""

24
defensive-coding/cs-CZ/C/snippets/String-Functions-strncpy.po Normal file
View file

@ -0,0 +1,24 @@
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
# Translators:
msgid ""
msgstr ""
"Project-Id-Version: Defensive Coding Guide\n"
"POT-Creation-Date: 2013-03-12T03:19:44\n"
"PO-Revision-Date: 2013-03-19 15:30+0000\n"
"Last-Translator: Automatically generated\n"
"Language-Team: Czech (http://www.transifex.com/projects/p/fedora/language/cs/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: cs\n"
"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
#. Tag: programlisting
#, no-c-format
msgid ""
"\n"
"char buf[10];\n"
"strncpy(buf, data, sizeof(buf));\n"
"buf[sizeof(buf) - 1] = '\\0';\n"
msgstr ""

Some files were not shown because too many files have changed in this diff Show more