pscan-1.2 is a security scanner for misuse of format strings in sprintf-like

functions
svn path=/head/; revision=32217
2025-01-22 08:58:47 +00:00 · 2000-09-03 00:57:53 +00:00 · 2000-09-03 00:57:53 +00:00 · cd725dae6a · 2021-03-31 03:12:20 +00:00
commit cd725dae6a
parent 5be1a47e10
7 changed files with 56 additions and 0 deletions
--- a/security/Makefile
+++ b/security/Makefile
@ -79,6 +79,7 @@
    SUBDIR += pktsuckers
    SUBDIR += portscanner
    SUBDIR += portsentry
+    SUBDIR += pscan
    SUBDIR += racoon
    SUBDIR += radiusniff
    SUBDIR += rid
--- a/security/pscan/Makefile
+++ b/security/pscan/Makefile
@ -0,0 +1,22 @@
+# New ports collection makefile for:	pscan
+# Date created:				02 September 2000
+# Whom:					Kris Kennaway <kris@FreeBSD.org>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	pscan
+PORTVERSION=	1.2
+CATEGORIES=	security
+MASTER_SITES=	http://www.striker.ottawa.on.ca/~aland/pscan/
+DISTNAME=	${PORTNAME}
+
+MAINTAINER=	kris@FreeBSD.org
+
+WRKSRC=		${WRKDIR}/${PORTNAME}-${PORTVERSION}
+ALL_TARGET=	#empty
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/pscan ${PREFIX}/bin
+
+.include <bsd.port.mk>
--- a/security/pscan/distinfo
+++ b/security/pscan/distinfo
@ -0,0 +1 @@
+MD5 (pscan.tar.gz) = 61b0395da5a3e9de952c896465f19f8b
--- a/security/pscan/files/patch-aa
+++ b/security/pscan/files/patch-aa
@ -0,0 +1,18 @@
+--- Makefile.orig	Sat Sep  2 17:47:37 2000
+++ Makefile	Sat Sep  2 17:48:38 2000
+@@ -13,11 +13,14 @@
+ #CC=gcc -Wall -g
+ #LEX=flex
+ 
+CC ?= gcc
+CFLAGS ?= -O -pipe
+
+ pscan: scanner.yy.o pscan.o
+ 	$(CC) scanner.yy.o pscan.o -o pscan
+ 
+ scanner.yy.o: scanner.yy.c
+-	$(CC) -c scanner.yy.c -o scanner.yy.o
+	$(CC) $(CFLAGS) -c scanner.yy.c -o scanner.yy.o
+ 
+ scanner.yy.c: scanner.l
+ 	$(LEX) -t scanner.l > scanner.yy.c
--- a/security/pscan/pkg-comment
+++ b/security/pscan/pkg-comment
@ -0,0 +1 @@
+Security C code scanner for misuse of format strings
--- a/security/pscan/pkg-descr
+++ b/security/pscan/pkg-descr
@ -0,0 +1,12 @@
+PScan is a C source code security scanner, which looks for misuse of
+libc functions which use varargs and printf-style formatting
+operators. In many situations these can cause security vulnerabilities
+in the application if it runs with privileges (setugid, or listening
+to a network socket, etc).
+
+An example of the kind of situation pscan looks for is the following:
+
+  variable = "%s";                   /* or malicious user input */
+  sprintf(buffer, variable);         /* BAD! */
+
+WWW: http://www.striker.ottawa.on.ca/~aland/pscan/
--- a/security/pscan/pkg-plist
+++ b/security/pscan/pkg-plist
@ -0,0 +1 @@
+bin/pscan
				`@ -0,0 +1 @@`
				`MD5 (pscan.tar.gz) = 61b0395da5a3e9de952c896465f19f8b`
				`@ -0,0 +1 @@`
				`Security C code scanner for misuse of format strings`