Home page logo

bugtraq logo Bugtraq mailing list archives

Std C Lib Functions that do not .....
From: hack () LINUX SILKROAD COM (Tim Bass)
Date: Wed, 19 Feb 1997 21:52:18 -0500

Maybe someone has already done this....

I'm thinking about writing perl scripts that check both
C source and disassembled code for potential situations where
buffer overflows in the stack are possible.

Has anyone compiled a list by OS & Architecture of Standard
C Library calls, for example _strcpy, that do not check
the sizes of the arrays and are potentially offensive
if the C programmer misses it?

I believe tools like this would be helpful to both code developers
and system administrators.  Knowledge of any prior work, lists
of lib calls, or existing tools appreciated.


Tim Bass

PS: To be honest, i've always avoided the program lint and just
    go straight to gcc (cc) and gbd.  Did/does lint to this?

mailto:bass () silkroad com          voice (703) 222-4243
http://www.silkroad.com/            fax (703) 222-7320

  By Date           By Thread  

Current thread:
  • Std C Lib Functions that do not ..... Tim Bass (Feb 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]