Bugtraq mailing list archives
Re: StackGuard with ... Re: [Paper] Format bugs.
From: brett () LARIAT ORG (Brett Glass)
Date: Fri, 21 Jul 2000 22:48:57 -0600
Which brings up a more interesting question: Don't these errors really reflect more fundamental problems in the development tools? It seems to me that the bugs arose because: 1) Format strings in the C libraries use a sort of "in-band signalling" -- that is, they can mix text with format designators. This means that passing the text you want to print as the format string produces results that appear to be correct. 2) The C language itself has no way of specifying a MINIMUM number of arguments for a function call. Had the compiler noted that setproctitle() and similar functions need at least two arguments, the mistakes would have been caught from the get-go. The latter problem can be solved by insisting upon the use of macros that mandate a minimum number of arguments and produce a warning or error message otherwise. The former requires changing the conventions used by the standard C libraries, which is probably infeasible. --Brett Glass At 03:52 PM 7/21/2000, Theo de Raadt wrote:
There is no substitute, however, for a careful line-by-line audit of code.In my mind, there never was. When this came up, we (Todd Miller, Todd Fries, and I) did an audit on our source tree for the following cases *printf() err*() warn*() syslog() setproctitle() hand-made log()-style functions which end up calling v*() functions
Current thread:
- Re: CheckPoint FW1 BUG, (continued)
- Re: CheckPoint FW1 BUG Brian Krahmer (Jul 17)
- Re: CheckPoint FW1 BUG Nicolas FISCHBACH (Jul 18)
- [Paper] Format bugs. Pascal Bouchareine (Jul 18)
- (New ?) Macro security hole in Word 97 Bongard, Dominique (Jul 21)
- Re: (New ?) Macro security hole in Word 97 Bronek Kozicki (Jul 22)
- Jakarta-tomcat.../admin Scott Morris (Jul 21)
- StackGuard with ... Re: [Paper] Format bugs. Alan DeKok (Jul 21)
- [RHSA-2000:044-02] Updated PAM packages are available. bugzilla () REDHAT COM (Jul 21)
- Re: StackGuard with ... Re: [Paper] Format bugs. Theo de Raadt (Jul 21)
- Roxen security alert: Problems with URLs containing null characters. Peter Bortas (Jul 21)
- Re: StackGuard with ... Re: [Paper] Format bugs. Brett Glass (Jul 21)
- Re: StackGuard with ... Re: [Paper] Format bugs. Greg A. Woods (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Brett Glass (Jul 25)
- Re: CheckPoint FW1 BUG Brian Krahmer (Jul 17)
- Re: StackGuard with ... Re: [Paper] Format bugs. mixter (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Linus Akesson (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Dan Harkless (Jul 25)
- Re: StackGuard with ... Re: [Paper] Format bugs. Valentin Nechayev (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Greg A. Woods (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Dick St.Peters (Jul 25)
- Re: StackGuard with ... Re: [Paper] Format bugs. Hannah Schröter (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Stephen J. Friedl (Jul 24)