Date: Fri, 08 Sep 2000 00:02:29 -0400 From: Jan Knepper <jan@smartsoft.cc> To: "John Doh!" <johndoh_@hotmail.com> Cc: bright@wintelcom.net, security@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: How to stop problems from printf Message-ID: <39B864D5.5BCC24E7@smartsoft.cc> References: <F151naq0r89ZfpbPL3N00004da7@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I don't know what you are doing with the 'gettext' in the call to 'printf'.
However for printf usage I would always limit the size of a string being
displayed with "%s", thus as "%-.80s" for instance.
I would *never* do:
printf ( argv [ 0 ] );
Since argv [ 0 ] indeed is untrusted.
However:
printf ( "%s", argv [ 0 ] );
already is a lot safer. You should not have to worry about any content of argv [
0 ] other than the length if that ever would be an issue. The content of argv [
0 ] in this case is not being parsed as a C-format string.
However for just displaying strings I would use puts or fputs. I mean why call a
heavy duty function as printf when the job can be very easily done with a
puts/fputs.
HTH
Jan
"John Doh!" wrote:
> >From: Alfred Perlstein <bright@wintelcom.net>
> >To: John Doh! <johndoh_@hotmail.com>
> >CC: security@FreeBSD.ORG, hackers@FreeBSD.ORG
> >Subject: Re: How to stop problems from printf
> >Date: Thu, 7 Sep 2000 19:33:14 -0700
> >
> >* John Doh! <johndoh_@hotmail.com> [000907 19:28] wrote:
> > > Hello to you am I C coder who to wish write programs we cannot exploit
> >via
> > > code such as below.
> > >
> > > >
> > > > main(int argc, char **argv)
> > > > {
> > > > if(argc > 1) {
> > > > printf(gettext("usage: %s filename\n"),argv[0]);
> > > > exit(0);
> > > > }
> > > > printf("normal execution proceeds...\n");
> > > > }
> > >
> > > Issue is must be getting format string from "untrusted" place, but want
> >to
> > > limit substitution of %... to the substitution of say in example the
> > > argv[0], but to not do others so that say given "usage: %s filename %p"
> >%p
> > > not interpret but to be print instead as literally so we get output of
> > > (saying to be argv[0] as test just for example) usage: test filename %p
> > >
> > > any hints you have I am very greatful for.
> >
> >try "%%p"
> >
> >-Alfred
> That is what I would do if I could always control string, but point is input
> string is not trusted...how to either validate or else to have printf limit
> to its arguments. Any ideas?
>
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> Share information about yourself, create your own public profile at
> http://profiles.msn.com.
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
--
Jan Knepper
Smartsoft, LLC
88 Petersburg Road
Petersburg, NJ 08270
U.S.A.
http://www.smartsoft.cc/
http://www.mp3.com/pianoprincess
Phone : 609-628-4260
FAX : 609-628-1267
FAX : 303-845-6415 http://www.fax4free.com/
Phone : 020-873-3837 http://www.xoip.nl/ (Dutch)
FAX : 020-873-3837 http://www.xoip.nl/ (Dutch)
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39B864D5.5BCC24E7>