From owner-freebsd-hackers Thu Sep 7 19:28: 5 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from hotmail.com (f159.pav1.hotmail.com [64.4.31.159]) by hub.freebsd.org (Postfix) with ESMTP id 6126337B424; Thu, 7 Sep 2000 19:27:58 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 7 Sep 2000 19:27:57 -0700 Received: from 165.247.24.83 by pv1fd.pav1.hotmail.msn.com with HTTP; Fri, 08 Sep 2000 02:27:57 GMT X-Originating-IP: [165.247.24.83] From: "John Doh!" To: security@freebsd.org, hackers@freebsd.org Subject: How to stop problems from printf Date: Thu, 07 Sep 2000 18:27:57 AKDT Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 08 Sep 2000 02:27:57.0802 (UTC) FILETIME=[66B194A0:01C0193C] Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello to you am I C coder who to wish write programs we cannot exploit via code such as below. > > main(int argc, char **argv) > { > if(argc > 1) { > printf(gettext("usage: %s filename\n"),argv[0]); > exit(0); > } > printf("normal execution proceeds...\n"); > } Issue is must be getting format string from "untrusted" place, but want to limit substitution of %... to the substitution of say in example the argv[0], but to not do others so that say given "usage: %s filename %p" %p not interpret but to be print instead as literally so we get output of (saying to be argv[0] as test just for example) usage: test filename %p any hints you have I am very greatful for. _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message