1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
.TH PSCAN 1
.SH "NAME"
pscan \- Format string security checker for C source code
.SH "SYNOPSIS"
.B pscan
.RI [ options ]
.SH DESCRIPTION
.B pscan
is a source code analysis tool which is designed to highlight potentially
dangerous uses of variadic functions such as "printf", "syslog", etc.
The scan works by looking for a one of a list of problem functions, and
applying the following rule:
.PP
IF the last parameter of the function is the format string,
AND the format string is NOT a static string,
THEN complain.
.SH LIMITATIONS
The code will not report on some potention buffer overflows, because that
is not its goal. For example the following code is potential dangerous:
.PP
.B " sprintf(static_buffer, "%s/.foorc", getenv("HOME"));"
.PP
This code could cause an issue as there is no immediately obvious bounds
checking. However this is a safe usages with regards to format strings.
.SH "RETURN VALUES"
If there are any errors found,
.B pscan
exits with status 1.
.SH AUTHOR
Alan DeKok <aland@ox.org>
|
