./security/pscan, Security C code scanner for misuse of format strings

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.3, Package name: pscan-1.3, Maintainer: pkgsrc-users

PScan is a C source code security scanner, which looks for misuse of
libc functions which use varargs and printf-style formatting
operators. In many situations these can cause security vulnerabilities
in the application if it runs with privileges (setugid, or listening
to a network socket, etc).

An example of the kind of situation pscan looks for is the following:

variable = "%s"; /* or malicious user input */
sprintf(buffer, variable); /* BAD! */


Master sites:

SHA1: 7844cabcc1fa014d5d2d192d94565133d60cd51b
RMD160: 7c92b2b8c8e2f65dc4a37da37de47170ae24809c
Filesize: 14.214 KB

Version history: (Expand)


CVS history: (Expand)


   2015-11-04 02:18:12 by Alistair G. Crooks | Files touched by this commit (434)
Log message:
Add SHA512 digests for distfiles for security category

Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2012-10-23 20:17:02 by Aleksej Saushev | Files touched by this commit (368)
Log message:
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
   2011-03-18 21:29:11 by Zafer Aydogan | Files touched by this commit (1)
Log message:
service suspended. prevent timeout. fetch from backup.
   2008-06-12 04:14:58 by Joerg Sonnenberger | Files touched by this commit (1134)
Log message:
Add DESTDIR support.
   2007-12-02 09:32:25 by Roland Illig | Files touched by this commit (13)
Log message:
Some more packages need lex and yacc. Patch by Aleksey Cheusov on
pkgsrc-users.
   2006-03-04 22:31:14 by Johnny C. Lam | Files touched by this commit (2257)
Log message:
Point MAINTAINER to pkgsrc-users@NetBSD.org in the case where no
developer is officially maintaining the package.

The rationale for changing this from "tech-pkg" to \ 
"pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list).  Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't
developers.
   2005-06-17 05:50:45 by Johnny C. Lam | Files touched by this commit (387)
Log message:
Create directories before installing files into them.
   2005-03-24 22:13:04 by Thomas Klausner | Files touched by this commit (241)
Log message:
Remove FreeBSD RCS Ids. pkgsrc has diverged too much for syncing to be
useful.