 |
 |
| Category: Overflow | Difficulty: An introductory course |
What You Should Not Do |
|
You need to print a string, so you call printf(mystring). This can lead to problems if the string can be constructed by an attacker. By crafting the string using formatting characters that expect additional parameters to printf(), the program can inappropriately read data off the stack, and even write over values on the stack!
int main(int argc, char **argv)
{
if(argc <= 1)
printf("error, no arguments (other than program name)!");
else
{
printf(argv[1]);
}
}
If argv[1] contains any special format string characters, then printf() will look for additional arguments to fill in the formatting characters. A carefully crafted attack could exploit this. It also affects other *printf() functions including sprintf(), snprintf(), fprintf, etc. |
|
What You Should Do |
|
When using one of the *printf() functions, always use a format string, such as printf("%s",mystring). This way formatting characters cannot be arbitrarily injected into printf.
int main(int argc, char **argv)
{
if(argc <= 1)
error, no arguments (other than program name)!
else
{
printf("%s",argv[1]);
} }By statically specifying the format string, no one else can put arbitrary formatting characters in. |
|
Concept Map |
|
|
This example refers to the point N (When using format string functions, make sure that the format string can be authenticated/trusted).This maps to 8 (When performing input validation take into account how programs invoked with those arguments could interpret them). This further maps to "Input Validation", in the concept map. |
|
This program is sponsored by NSF award #1303211