Date: Wed, 24 Nov 1999 08:03:52 +1100 From: Peter Jeremy <jeremyp@gsmx07.alcatel.com.au> To: Kris Kennaway <kris@hub.freebsd.org> Cc: current@FreeBSD.ORG Subject: Re: FreeBSD security auditing project. Message-ID: <99Nov24.075703est.40331@border.alcanet.com.au> In-Reply-To: <Pine.BSF.4.21.9911231123090.38330-100000@hub.freebsd.org> References: <199911231905.VAA80949@gratis.grondar.za> <Pine.BSF.4.21.9911231123090.38330-100000@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1999-Nov-24 06:35:16 +1100, Kris Kennaway wrote: >> o unsafe use of the str*(3) functions; strcat/strcpy/sprintf &c. > >I wonder how many instances of the potentially unsafe functions there are >in the source tree? :) A 'grep | wc' equivalent over the source tree gives: gets 110 strcat 2860 strcpy 4717 strncat 167 strncpy 1514 sprintf 6839 vsprintf 133 Note that (particularly in the case of gets()), this includes the definition(s) in libraries and declarations in various headers as well as occurrences in comments, strings and structure/union members. There are also occurrences in dead or unused code (eg gnu/usr.bin/as/config/tc-vax.c calls gets() 10 times as well as referring to it in a comment). These counts are based on tokens, not strings, so (eg) fgets doesn't get counted as gets. A string search for (roughly) "scanf.*%s" also picks up 74 cases of un-bounded string scans. And these are the easy ones... Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?99Nov24.075703est.40331>