Re: FreeBSD security auditing project.

[Peter Jeremy]

On 1999-Nov-24 06:35:16 +1100, Kris Kennaway wrote:
>> o unsafe use of the str*(3) functions; strcat/strcpy/sprintf &c.
>
>I wonder how many instances of the potentially unsafe functions there are
>in the source tree? :)

A 'grep | wc' equivalent over the source tree gives:

gets        110
strcat     2860
strcpy     4717
strncat     167
strncpy    1514
sprintf    6839
vsprintf    133

Note that (particularly in the case of gets()), this includes the
definition(s) in libraries and declarations in various headers as well
as occurrences in comments, strings and structure/union members.
There are also occurrences in dead or unused code (eg
gnu/usr.bin/as/config/tc-vax.c calls gets() 10 times as well as
referring to it in a comment).

These counts are based on tokens, not strings, so (eg) fgets doesn't
get counted as gets.

A string search for (roughly) "scanf.*%s" also picks up 74 cases of
un-bounded string scans.

And these are the easy ones...

Peter


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message