Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 07 Sep 2000 18:27:57 AKDT
From:      "John Doh!" <johndoh_@hotmail.com>
To:        security@freebsd.org, hackers@freebsd.org
Subject:   How to stop problems from printf
Message-ID:  <F159yCTr9rf3yXvEbjk00001dc1@hotmail.com>

next in thread | raw e-mail | index | archive | help
Hello to you am I C coder who to wish write programs we cannot exploit via 
code such as below.

>
>   main(int argc, char **argv)
>   {
>     if(argc > 1) {
>       printf(gettext("usage: %s filename\n"),argv[0]);
>       exit(0);
>    }
>    printf("normal execution proceeds...\n");
>   }

Issue is must be getting format string from "untrusted" place, but want to 
limit substitution of %... to the substitution of say in example the 
argv[0], but to not do others so that say given "usage: %s filename %p" %p 
not interpret but to be print instead as literally so we get output of 
(saying to be argv[0] as test just for example) usage: test filename %p

any hints you have I am very greatful for.
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at 
http://profiles.msn.com.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F159yCTr9rf3yXvEbjk00001dc1>