PScan is a C source code security scanner, which looks for misuse of

libc functions which use varargs and printf-style formatting
operators. In many situations these can cause security vulnerabilities
in the application if it runs with privileges (setugid, or listening
to a network socket, etc).

An example of the kind of situation pscan looks for is the following:

  variable = "%s";                   /* or malicious user input */
  sprintf(buffer, variable);         /* BAD! */

WWW: http://www.striker.ottawa.on.ca/~aland/pscan/

5 files changed, 59 insertions, 0 deletions

diff --git a/security/pscan/DESCR b/security/pscan/DESCR
new file mode 100644
index 00000000000..3b180bc5d44
--- /dev/null
+++ b/security/pscan/DESCR
@@ -0,0 +1,12 @@
+PScan is a C source code security scanner, which looks for misuse of
+libc functions which use varargs and printf-style formatting
+operators. In many situations these can cause security vulnerabilities
+in the application if it runs with privileges (setugid, or listening
+to a network socket, etc).
+
+An example of the kind of situation pscan looks for is the following:
+
+  variable = "%s";                   /* or malicious user input */
+  sprintf(buffer, variable);         /* BAD! */
+
+WWW: http://www.striker.ottawa.on.ca/~aland/pscan/
diff --git a/security/pscan/Makefile b/security/pscan/Makefile
new file mode 100644
index 00000000000..63705547f6e
--- /dev/null
+++ b/security/pscan/Makefile
@@ -0,0 +1,19 @@
+# $NetBSD: Makefile,v 1.1.1.1 2002/08/06 01:36:59 cjs Exp $
+# FreeBSD Id: ports/security/pscan/Makefile,v 1.4 2001/08/23 09:07:29 kris Exp
+
+DISTNAME=	pscan
+PKGNAME=	pscan-1.3
+CATEGORIES=	security devel
+MASTER_SITES=	http://www.striker.ottawa.on.ca/~aland/pscan/
+
+MAINTAINER=	packages@netbsd.org
+HOMEPAGE=	http://www.striker.ottawa.on.ca/~aland/pscan/
+COMMENT=	Security C code scanner for misuse of format strings
+
+ALL_TARGET=	pscan
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/pscan ${PREFIX}/bin
+	${INSTALL_SCRIPT} ${WRKSRC}/find_formats.sh ${PREFIX}/bin/find_formats
+
+.include "../../mk/bsd.pkg.mk"
diff --git a/security/pscan/PLIST b/security/pscan/PLIST
new file mode 100644
index 00000000000..12f13e253ea
--- /dev/null
+++ b/security/pscan/PLIST
@@ -0,0 +1,3 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2002/08/06 01:36:59 cjs Exp $
+bin/pscan
+bin/find_formats
diff --git a/security/pscan/distinfo b/security/pscan/distinfo
new file mode 100644
index 00000000000..28c66ef5086
--- /dev/null
+++ b/security/pscan/distinfo
@@ -0,0 +1,5 @@
+$NetBSD: distinfo,v 1.1.1.1 2002/08/06 01:36:59 cjs Exp $
+
+SHA1 (pscan.tar.gz) = 7844cabcc1fa014d5d2d192d94565133d60cd51b
+Size (pscan.tar.gz) = 14555 bytes
+SHA1 (patch-aa) = f9b62f12372392bbe65dd97e441037eceb02c622
diff --git a/security/pscan/patches/patch-aa b/security/pscan/patches/patch-aa
new file mode 100644
index 00000000000..7d8e9f7a01c
--- /dev/null
+++ b/security/pscan/patches/patch-aa
@@ -0,0 +1,20 @@
+$NetBSD: patch-aa,v 1.1.1.1 2002/08/06 01:36:59 cjs Exp $
+
+--- Makefile.orig	Sat Sep  2 17:47:37 2000
++++ Makefile	Sat Sep  2 17:48:38 2000
+@@ -13,11 +13,14 @@
+ #CC=gcc -Wall -g
+ #LEX=flex
+ 
++CC ?= gcc
++CFLAGS ?= -O
++
+ pscan: scanner.yy.o pscan.o
+ 	$(CC) scanner.yy.o pscan.o -o pscan
+ 
+ scanner.yy.o: scanner.yy.c
+-	$(CC) -c scanner.yy.c -o scanner.yy.o
++	$(CC) $(CFLAGS) -c scanner.yy.c -o scanner.yy.o
+ 
+ scanner.yy.c: scanner.l
+ 	$(LEX) -t scanner.l > scanner.yy.c