Date: Thu, 07 Sep 2000 18:37:34 AKDT From: "John Doh!" <johndoh_@hotmail.com> To: bright@wintelcom.net Cc: security@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: How to stop problems from printf Message-ID: <F151naq0r89ZfpbPL3N00004da7@hotmail.com>
next in thread | raw e-mail | index | archive | help
>From: Alfred Perlstein <bright@wintelcom.net>
>To: John Doh! <johndoh_@hotmail.com>
>CC: security@FreeBSD.ORG, hackers@FreeBSD.ORG
>Subject: Re: How to stop problems from printf
>Date: Thu, 7 Sep 2000 19:33:14 -0700
>
>* John Doh! <johndoh_@hotmail.com> [000907 19:28] wrote:
> > Hello to you am I C coder who to wish write programs we cannot exploit
>via
> > code such as below.
> >
> > >
> > > main(int argc, char **argv)
> > > {
> > > if(argc > 1) {
> > > printf(gettext("usage: %s filename\n"),argv[0]);
> > > exit(0);
> > > }
> > > printf("normal execution proceeds...\n");
> > > }
> >
> > Issue is must be getting format string from "untrusted" place, but want
>to
> > limit substitution of %... to the substitution of say in example the
> > argv[0], but to not do others so that say given "usage: %s filename %p"
>%p
> > not interpret but to be print instead as literally so we get output of
> > (saying to be argv[0] as test just for example) usage: test filename %p
> >
> > any hints you have I am very greatful for.
>
>try "%%p"
>
>-Alfred
That is what I would do if I could always control string, but point is input
string is not trusted...how to either validate or else to have printf limit
to its arguments. Any ideas?
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F151naq0r89ZfpbPL3N00004da7>