File: README

package info (click to toggle)
pscan 1.2-9
  • links: PTS
  • area: main
  • in suites: buster, jessie, jessie-kfreebsd, lenny, sid, squeeze, stretch, wheezy
  • size: 116 kB
  • ctags: 43
  • sloc: ansic: 310; lex: 141; makefile: 17; sh: 1
file content (101 lines) | stat: -rw-r--r-- 3,109 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
Copyright (C) 2000 Alan DeKok <aland@ox.org>

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or (at
your option) any later version.

This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
USA

----------------------------------------------------------------------

  'pscan' is a program which attempts to scan C source files for
common function abuses, which often lead to buffer overflows.  See the
included file 'test.c' for examples of good, and bad programming
practice.  For the latest version, see:

	http://www.striker.ottawa.on.ca/~aland/pscan/


  The scan works by looking for a one of a list of problem functions,
and applying the following rule:

  IF the last parameter of the function is the format string,
  AND the format string is NOT a static string,
  THEN complain.

  See 'test.c' for examples.  

  Once pscan has found the problems, it's up to you to examine the
source code, and correct the (possible) security breach.

  You can build pscan by typing:

	make

  If you don't have lex or yacc installed, it probably won't work.
You'll have to figure out how to build it yourself, as I'm too lazy to
write an autoconf for a ~100 line C program.


  Once pscan is built, you can test it by typing:

	./pscan test.c

  You should see it complain about a number of errors, giving the
source file, line number, and problematic function name.

  If there are any errors found, pscan exits with status 1.  Typing:

	echo $?

should get you a '1'.

  Now try:

	./pscan ./pscan.c

  You shouldn't see any errors, and the exit code will be 0 (zero).

  You can scan multiple C source files with one run of pscan, by
specifying multiple filenames on the command line:

	./pscan ./*.c

  If ANY problems are found, they are printed out, and pscan exits
with status 1.

  If you don't trust it, pscan has a verbose option: -v.

	./pscan -vv ./test.c

  The output should make itself clear.

  You can supply additional definitions of problem functions through
the '-p' command line option.  See wu-ftpd.pscan for details.

  As of version 1.2, pscan now also prints out warnings when
non-constant strings are used as format parameters.  This behaviour
can be enabled by using the '-w' command line parameter.


  In addition to the problem C library functions, many programs
define their own functions with similar security problems.  The
included shell script:

	find_formats.sh

tries to discover C function prototypes for the problem functions.
It won't find them all, but it will find many of the most common ones.


  Alan DeKok <aland@ox.org>
  July 21, 2000.