PScan 1.0 reviewDownload
PScan scans C source files for problematic uses of printf style functions, such as "sprintf(buffer, variable);" instead of "sprintf(b
PScan scans C source files for problematic uses of printf style functions, such as "sprintf(buffer, variable);" instead of "sprintf(buffer, "", variable);". These sort of problems have been the source of many security holes. PSCan looks for them, and nothing else. It does not make your program safe, but it can help to make it safer.
See the Format bugs post to BUGTRAQ for a good explanation of the security problems associated with sprintf(buffer, variable);. These security issues also currently involve being able to bypass stack protection mechanisms like StackGuard. I have submitted a paper to BUGTRAQ describing the issue.
All of these security problems can also occur with any printf-style function. It is simple to fall into the trap of misusing printf and friends, thus, the need for PScan.
What PScan can't do:
Scan for traditional buffer over-flows.
You should use a bounds-checking compiler for that.
Scan for any other mis-use of function parameters.
The functionality given by PScan is limited. Yet it may be useful. I'm not going to claim it's the be-all and end-all of security scanners, but it does one thing, and it does it simply, and reasonable well.
Analyzing and correcting the security breaches is up to the programmer.
PScan 1.0 search tags