blob: 3b180bc5d44f4628db1ab812f2254538d2a10d95 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
|
PScan is a C source code security scanner, which looks for misuse of
libc functions which use varargs and printf-style formatting
operators. In many situations these can cause security vulnerabilities
in the application if it runs with privileges (setugid, or listening
to a network socket, etc).
An example of the kind of situation pscan looks for is the following:
variable = "%s"; /* or malicious user input */
sprintf(buffer, variable); /* BAD! */
WWW: http://www.striker.ottawa.on.ca/~aland/pscan/
|
