Std C Lib Functions that do not .....

[hack () LINUX SILKROAD COM (Tim Bass)]

Maybe someone has already done this....

I'm thinking about writing perl scripts that check both
C source and disassembled code for potential situations where
buffer overflows in the stack are possible.

Has anyone compiled a list by OS & Architecture of Standard
C Library calls, for example _strcpy, that do not check
the sizes of the arrays and are potentially offensive
if the C programmer misses it?

I believe tools like this would be helpful to both code developers
and system administrators.  Knowledge of any prior work, lists
of lib calls, or existing tools appreciated.

Thanks,

Tim Bass

PS: To be honest, i've always avoided the program lint and just
    go straight to gcc (cc) and gbd.  Did/does lint to this?


----
mailto:bass () silkroad com          voice (703) 222-4243
http://www.silkroad.com/            fax (703) 222-7320