On 1999-Nov-24 06:35:16 +1100, Kris Kennaway wrote: >> o unsafe use of the str*(3) functions; strcat/strcpy/sprintf &c. > >I wonder how many instances of the potentially unsafe functions there are >in the source tree? :) A 'grep | wc' equivalent over the source tree gives: gets 110 strcat 2860 strcpy 4717 strncat 167 strncpy 1514 sprintf 6839 vsprintf 133 Note that (particularly in the case of gets()), this includes the definition(s) in libraries and declarations in various headers as well as occurrences in comments, strings and structure/union members. There are also occurrences in dead or unused code (eg gnu/usr.bin/as/config/tc-vax.c calls gets() 10 times as well as referring to it in a comment). These counts are based on tokens, not strings, so (eg) fgets doesn't get counted as gets. A string search for (roughly) "scanf.*%s" also picks up 74 cases of un-bounded string scans. And these are the easy ones... Peter To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
- Re: FreeBSD security auditing project. David O'Brien
- Re: FreeBSD security auditing project. Kelly Yancey
- Re: FreeBSD security auditing project. David O'Brien
- Re: FreeBSD security auditing project. Rodney W. Grimes
- Re: FreeBSD security auditing project. Alexey Zelkin
- Re: FreeBSD security auditing project. Warner Losh
- Re: FreeBSD security auditing project. Dan Moschuk
- Re: FreeBSD security auditing project. Warner Losh
- Re: FreeBSD security auditing project. Christopher Nielsen
- Re: FreeBSD security auditing project. Kris Kennaway
- Re: FreeBSD security auditing project. Peter Jeremy
- Re: FreeBSD security auditing project. Kris Kennaway
- Re: FreeBSD security auditing proje... David O'Brien
- Re: FreeBSD security auditing p... Kris Kennaway
- Re: FreeBSD security auditing p... Peter Jeremy
- Re: FreeBSD security auditing p... Jordan K. Hubbard
- Re: FreeBSD security audit... Peter Jeremy
- Re: FreeBSD security audit... David O'Brien
- Re: FreeBSD security auditing p... Warner Losh
- Re: FreeBSD security auditing project. Brian Fundakowski Feldman
- Re: FreeBSD security auditing proje... Peter Jeremy