File: pscan.1

package info (click to toggle)
pscan 1.2-4
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 96 kB
  • ctags: 42
  • sloc: ansic: 317; lex: 138; makefile: 50; sh: 1
file content (51 lines) | stat: -rw-r--r-- 1,226 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
.\" pscan man page
.\" 
.\" 
.\" .de Id
.\" .ds Dt \\$4
.\" ..
.\" .Id 1.0
.\" .ds = \-\^\-
.\" .de Sp
.\" .if t .sp .3
.\" .if n .sp
.\" ..
.\" .ta 3n
.TH "pscan" "1" "\*(Dt" "GNU" ""
.SH "NAME"
pscan \- Format string security checker for C source code
.SH "SYNOPSIS"
.B pscan
.RI [ options ]
.Sp 
.B pscan
is a source code analysis tool which is designed to highlight potentially dangerous uses of variadic functions such as "printf", "syslog", etc.



.SH "DETAILS"
.Sp
  The scan works by looking for a one of a list of problem functions, and applying the following rule:
.Sp
  IF the last parameter of the function is the format string,
  AND the format string is NOT a static string,
  THEN complain.
.Sp

.SH "LIMITATIONS"
.Sp
  The code will not report on some potention buffer overflows, because that is not its goal.  For example the following code is potential dangerous:
.Sp
  sprintf( static_buffer, "%s/.foorc", getenv("HOME") );
.Sp
  This code could cause an issue as there is no immediately obvious bounds checking.  However this is a safe usages with regards to format strings.


.SH "RETURN VALUES"
.Sp
  If there are any errors found, pscan exits with status 1. 


.SH "AUTHOR Alan DeKok <aland@ox.org>"