X
  • Work
    November 10, 2006

Lint and security

Guest Author

I'd not previously noticed that lint had the option -errsecurity for checking the program for the use of insecure functions, or functions where a more secure alternative exists. There's a short example of it in action:

% more sec_test.c
#include <strings.h>
char\* t(char\* source,char \* dest)
{
return strcpy(dest,source);
}
% lint -errsecurity sec_test.c
(5) warning: variable argument to strcpy(); make sure it's safe
name defined but never used
t

sec_test.c(3)

lint warns about the call to strcpy, since this call relies on the source string being null-terminated. Hence the call could be susceptible to buffer overflow problems.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.