Date: Thu, 07 Sep 2000 20:23:11 -0700 From: Mike Smith <msmith@freebsd.org> To: "John Doh!" <johndoh_@hotmail.com> Cc: hackers@FreeBSD.ORG Subject: Re: How to stop problems from printf Message-ID: <200009080323.UAA00511@mass.osd.bsdi.com> In-Reply-To: Your message of "Thu, 07 Sep 2000 18:27:57 %2B0700." <F159yCTr9rf3yXvEbjk00001dc1@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hello to you am I C coder who to wish write programs we cannot exploit via > code such as below. > > > > > main(int argc, char **argv) > > { > > if(argc > 1) { > > printf(gettext("usage: %s filename\n"),argv[0]); > > exit(0); > > } > > printf("normal execution proceeds...\n"); > > } > > Issue is must be getting format string from "untrusted" place, but want to > limit substitution of %... to the substitution of say in example the > argv[0], but to not do others so that say given "usage: %s filename %p" %p > not interpret but to be print instead as literally so we get output of > (saying to be argv[0] as test just for example) usage: test filename %p If you don't trust gettext, you need to write a validation wrapper for it that compares the format specifiers in the source and destination strings. There's no way to "fix" printf to do this. Personally, I'd fix the security on your gettext database and deal with it at that level. -- ... every activity meets with opposition, everyone who acts has his rivals and unfortunately opponents also. But not because people want to be opponents, rather because the tasks and relationships force people to take different points of view. [Dr. Fritz Todt] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009080323.UAA00511>