pkgsrc

kpriv/pkgsrc

Fork 0

Commit graph

Author	SHA1	Message	Date
cjs	2bc3282372	PScan is a C source code security scanner, which looks for misuse of libc functions which use varargs and printf-style formatting operators. In many situations these can cause security vulnerabilities in the application if it runs with privileges (setugid, or listening to a network socket, etc). An example of the kind of situation pscan looks for is the following: variable = "%s"; /* or malicious user input / sprintf(buffer, variable); / BAD! */ WWW: http://www.striker.ottawa.on.ca/~aland/pscan/	2002-08-06 01:36:59 +00:00

Author

SHA1

Message

Date

cjs

2bc3282372

PScan is a C source code security scanner, which looks for misuse of

libc functions which use varargs and printf-style formatting
operators. In many situations these can cause security vulnerabilities
in the application if it runs with privileges (setugid, or listening
to a network socket, etc).

An example of the kind of situation pscan looks for is the following:

  variable = "%s";                   /* or malicious user input */
  sprintf(buffer, variable);         /* BAD! */

WWW: http://www.striker.ottawa.on.ca/~aland/pscan/

2002-08-06 01:36:59 +00:00

1 commit