Bugtraq mailing list archives
Std C Lib Functions that do not .....
From: hack () LINUX SILKROAD COM (Tim Bass)
Date: Wed, 19 Feb 1997 21:52:18 -0500
Maybe someone has already done this.... I'm thinking about writing perl scripts that check both C source and disassembled code for potential situations where buffer overflows in the stack are possible. Has anyone compiled a list by OS & Architecture of Standard C Library calls, for example _strcpy, that do not check the sizes of the arrays and are potentially offensive if the C programmer misses it? I believe tools like this would be helpful to both code developers and system administrators. Knowledge of any prior work, lists of lib calls, or existing tools appreciated. Thanks, Tim Bass PS: To be honest, i've always avoided the program lint and just go straight to gcc (cc) and gbd. Did/does lint to this? ---- mailto:bass () silkroad com voice (703) 222-4243 http://www.silkroad.com/ fax (703) 222-7320
Current thread:
- Std C Lib Functions that do not ..... Tim Bass (Feb 19)