1Version 1.3 2 3 'pscan' is a program which attempts to scan C source files for 4common function abuses, which often lead to buffer overflows. See the 5included file 'test.c' for examples of good, and bad programming 6practice. For the latest version, see: 7 8 http://deployingradius.com/pscan/ 9 10 11 The scan works by looking for a one of a list of problem functions, 12and applying the following rule: 13 14 IF the last parameter of the function is the format string, 15 AND the format string is NOT a static string, 16 THEN complain. 17 18 See 'test.c' for examples. 19 20 Once pscan has found the problems, it's up to you to examine the 21source code, and correct the (possible) security breach. 22 23 You can build pscan by typing: 24 25 make 26 27 If you don't have lex or yacc installed, it probably won't work. 28You'll have to figure out how to build it yourself, as I'm too lazy to 29write an autoconf for a ~100 line C program. 30 31 32 Once pscan is built, you can test it by typing: 33 34 ./pscan test.c 35 36 You should see it complain about a number of errors, giving the 37source file, line number, and problematic function name. 38 39 If there are any errors found, pscan exits with status 1. Typing: 40 41 echo $? 42 43should get you a '1'. 44 45 Now try: 46 47 ./pscan ./pscan.c 48 49 You shouldn't see any errors, and the exit code will be 0 (zero). 50 51 You can scan multiple C source files with one run of pscan, by 52specifying multiple filenames on the command line: 53 54 ./pscan ./*.c 55 56 If ANY problems are found, they are printed out, and pscan exits 57with status 1. 58 59 If you don't trust it, pscan has a verbose option: -v. 60 61 ./pscan -vv ./test.c 62 63 The output should make itself clear. 64 65 You can supply additional definitions of problem functions through 66the '-p' command line option. See wu-ftpd.pscan for details. 67 68 As of version 1.2, pscan now also prints out warnings when 69non-constant strings are used as format parameters. This behaviour 70can be enabled by using the '-w' command line parameter. 71 72 73 In addition to the problem C library functions, many programs 74define their own functions with similar security problems. The 75included shell script: 76 77 find_formats.sh 78 79tries to discover C function prototypes for the problem functions. 80It won't find them all, but it will find many of the most common ones. 81 82 Alan DeKok <aland@deployingradius.com> 83 January 4, 2007. 84 85---------------------------------------------------------------------- 86Copyright (C) 2000,2007 Alan DeKok <aland@deployingradius.com> 87 88This program is free software; you can redistribute it and/or modify 89it under the terms of the GNU General Public License as published by 90the Free Software Foundation; either version 2 of the License, or (at 91your option) any later version. 92 93This program is distributed in the hope that it will be useful, but 94WITHOUT ANY WARRANTY; without even the implied warranty of 95MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 96General Public License for more details. 97 98You should have received a copy of the GNU General Public License 99along with this program; if not, write to the Free Software 100Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 101USA 102 103---------------------------------------------------------------------- 104