Home page logo
/

bugtraq logo Bugtraq mailing list archives

Std C Lib Functions that do not .....
From: hack () LINUX SILKROAD COM (Tim Bass)
Date: Wed, 19 Feb 1997 21:52:18 -0500


Maybe someone has already done this....

I'm thinking about writing perl scripts that check both
C source and disassembled code for potential situations where
buffer overflows in the stack are possible.

Has anyone compiled a list by OS & Architecture of Standard
C Library calls, for example _strcpy, that do not check
the sizes of the arrays and are potentially offensive
if the C programmer misses it?

I believe tools like this would be helpful to both code developers
and system administrators.  Knowledge of any prior work, lists
of lib calls, or existing tools appreciated.

Thanks,

Tim Bass

PS: To be honest, i've always avoided the program lint and just
    go straight to gcc (cc) and gbd.  Did/does lint to this?


----
mailto:bass () silkroad com          voice (703) 222-4243
http://www.silkroad.com/            fax (703) 222-7320



  By Date           By Thread  

Current thread:
  • Std C Lib Functions that do not ..... Tim Bass (Feb 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]