PScan 1.0

PScan scans C source files for problematic uses of printf style functions, such as "sprintf(buffer, variable);" instead of "sprintf(b

Developer:	Alan DeKok more software by author →
Price:	0.00
License:	GPL (GNU General Public License)
File size:	0K
Language:
OS:
Rating:	0 /5 (0 votes)
Your vote:
enlarge screenshot

PScan scans C source files for problematic uses of printf style functions, such as "sprintf(buffer, variable);" instead of "sprintf(buffer, "", variable);". These sort of problems have been the source of many security holes. PSCan looks for them, and nothing else. It does not make your program safe, but it can help to make it safer.

See the Format bugs post to BUGTRAQ for a good explanation of the security problems associated with sprintf(buffer, variable);. These security issues also currently involve being able to bypass stack protection mechanisms like StackGuard. I have submitted a paper to BUGTRAQ describing the issue.

All of these security problems can also occur with any printf-style function. It is simple to fall into the trap of misusing printf and friends, thus, the need for PScan.

What PScan can't do:

Scan for traditional buffer over-flows.
You should use a bounds-checking compiler for that.

Scan for any other mis-use of function parameters.

The functionality given by PScan is limited. Yet it may be useful. I'm not going to claim it's the be-all and end-all of security scanners, but it does one thing, and it does it simply, and reasonable well.

Analyzing and correcting the security breaches is up to the programmer.
tags

sprintf buffer buffer variable these security scan for security problems variable these printf style the security

Download PScan 1.0

http://www.striker.ottawa.on.ca/~aland/pscan/pscan.c

Authors software

PScan 1.0 (by Alan DeKok)
PScan scans C source files for problematic uses of printf style functions, such as "sprintf(buffer, variable);" instead of "sprintf(b

Similar software

PScan 1.0 (by Alan DeKok)
PScan scans C source files for problematic uses of printf style functions, such as "sprintf(buffer, variable);" instead of "sprintf(b

Template::Tutorial 2.15 (by Andy Wardley)
Template::Tutorial are template toolkit tutorials.

This section includes tutorials on using the Template Toolkit

Cspot 0.0.5 (by Petr Susil)
Cspot is a semantic annotator designed only for the C programming language

Splint 3.1.1 (by David Evans)
Splint is a tool for statically checking C programs for security vulnerabilities and programming mistakes.

Splint does many of th

Network Security Analysis Tool 1.5 (by mixter)
Network Security Analysis Tool is a fast, stable bulk security scanner designed to audit remote network services and check for versio

PHP ClamAV Lib 0.12a (by Geffrey Velasquez)
PHP ClamaAV Lib is a PHP extension that allows you to incorporate virus scanning features in your PHP scripts.

It uses the Clam An

XML::Filter::Sort::Buffer 1.01 (by Grant McLean)
XML::Filter::Sort::Buffer is an implementation class used by XML::Filter::Sort.

The documentation is targetted at developers wishi

LibExploit 0.2 (by Simon Roses Femerling)
LibExploit is a generic exploit creation library.

LibExploit helps the security community when writing exploits to test a vulnerab

Openwall Linux kernel patch 2.4.33-ow1 (by Solar Designer)
Openwall Linux kernel patch is a collection of security-related features for the Linux kernel, all configurable via the new 'Sec

Perl x86 Disassembler 0.16 (by mammon_)
The libdisasm library provides basic disassembly of Intel x86 instructions from a binary stream

Other software in this category

Nmap 4.20 (by Fyodor)
Nmap is a utility for network exploration or security auditing

iptables 1.3.7 (by Harald Welte)
iptables and netfilter are building blocks of a framework inside the Linux 2.4.x and 2.6.x kernel

Linux Bandwidth Arbitrator 9.62 (by astormchaser)
Linux Bandwidth Arbitrator allows beginning-to-advanced network administrators to control bandwidth

Ettercap 0.7.3 (by ALoR NaGA)
Ettercap is a network sniffer/interceptor/logger for ethernet LANs

rdesktop 1.5.0 (by matthewc)
rdesktop is an open source client for Windows NT Terminal Server and Windows 2000/2003 Terminal Services, capable of natively speakin