[4073] in bugtraq
Std C Lib Functions that do not .....
daemon@ATHENA.MIT.EDU (Tim Bass)
Thu Feb 20 02:42:25 1997
Date: Wed, 19 Feb 1997 21:52:18 -0500
Reply-To: Tim Bass <hack@LINUX.SILKROAD.COM>
From: Tim Bass <hack@LINUX.SILKROAD.COM>
To: BUGTRAQ@netspace.org
Maybe someone has already done this....
I'm thinking about writing perl scripts that check both
C source and disassembled code for potential situations where
buffer overflows in the stack are possible.
Has anyone compiled a list by OS & Architecture of Standard
C Library calls, for example _strcpy, that do not check
the sizes of the arrays and are potentially offensive
if the C programmer misses it?
I believe tools like this would be helpful to both code developers
and system administrators. Knowledge of any prior work, lists
of lib calls, or existing tools appreciated.
Thanks,
Tim Bass
PS: To be honest, i've always avoided the program lint and just
go straight to gcc (cc) and gbd. Did/does lint to this?
----
mailto:bass@silkroad.com voice (703) 222-4243
http://www.silkroad.com/ fax (703) 222-7320
