From owner-freebsd-hackers Thu Sep 7 19:33:17 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 8DACE37B424; Thu, 7 Sep 2000 19:33:14 -0700 (PDT) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id e882XEv16204; Thu, 7 Sep 2000 19:33:14 -0700 (PDT) Date: Thu, 7 Sep 2000 19:33:14 -0700 From: Alfred Perlstein To: John Doh! Cc: security@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: How to stop problems from printf Message-ID: <20000907193314.B12231@fw.wintelcom.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: ; from johndoh_@hotmail.com on Thu, Sep 07, 2000 at 06:27:57PM +0000 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG * John Doh! [000907 19:28] wrote: > Hello to you am I C coder who to wish write programs we cannot exploit via > code such as below. > > > > > main(int argc, char **argv) > > { > > if(argc > 1) { > > printf(gettext("usage: %s filename\n"),argv[0]); > > exit(0); > > } > > printf("normal execution proceeds...\n"); > > } > > Issue is must be getting format string from "untrusted" place, but want to > limit substitution of %... to the substitution of say in example the > argv[0], but to not do others so that say given "usage: %s filename %p" %p > not interpret but to be print instead as literally so we get output of > (saying to be argv[0] as test just for example) usage: test filename %p > > any hints you have I am very greatful for. try "%%p" -Alfred To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message