From owner-freebsd-current  Tue Nov 23 14:15:54 1999
Delivered-To: freebsd-current@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
	id 02FFF14C1F; Tue, 23 Nov 1999 14:15:52 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
	by hub.freebsd.org (Postfix) with ESMTP
	id E72191CD7BC; Tue, 23 Nov 1999 14:15:52 -0800 (PST)
	(envelope-from kris@hub.freebsd.org)
Date: Tue, 23 Nov 1999 14:15:52 -0800 (PST)
From: Kris Kennaway <kris@hub.freebsd.org>
To: peter.jeremy@alcatel.com.au
Cc: current@FreeBSD.ORG
Subject: Re: FreeBSD security auditing project.
In-Reply-To: <99Nov24.075703est.40331@border.alcanet.com.au>
Message-ID: <Pine.BSF.4.21.9911231412030.46173-100000@hub.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, 24 Nov 1999, Peter Jeremy wrote:

> >> o unsafe use of the str*(3) functions; strcat/strcpy/sprintf &c.
> >
> >I wonder how many instances of the potentially unsafe functions there are
> >in the source tree? :)
> 
> A 'grep | wc' equivalent over the source tree gives:
> 
> gets        110
> strcat     2860
> strcpy     4717
> strncat     167
> strncpy    1514
> sprintf    6839
> vsprintf    133

*ouch* :-)

> And these are the easy ones...

Indeed :-(

Kris

----
Cthulhu for President! For when you're tired of choosing the _lesser_ of
two evils..



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message