Vulnerability Development mailing list archives
Re: stackguard-like embedded protection
From: Michael Wojcik <Michael.Wojcik () MERANT COM>
Date: Wed, 6 Sep 2000 11:54:47 -0700
-----Original Message----- From: H D Moore [mailto:hdm () SECUREAUSTIN COM] Sent: Tuesday, September 05, 2000 10:35 PM
I know I am going to sound like a moron, but why do these bugs exist in the first place?
Because lazy programmers pass unknown strings as the format-string argument to the printf/scanf function family, rather than use a format-string of "%s". This is incorrect practice by pretty much any measure (the format string conceptually specifies data layout and captioning, not the primary data itself), but unfortunately not uncommon.
Why cant the *printf functions take an argc parameter and refuse to expand format strings after that number has been reached?
Because the printf/scanf functions were defined a long time ago, and are very widely used, and that's not how they work. And, more importantly, it's unnecessary. Every instance of printf(user_data); can become printf("%s", user_data); and the problem is gone. No new argument-count parameter is required.
I know this would break most apps instantly, but its such a small change it wouldn't be hard to fix. Is POSIX compliance responsible for this or am I missing some crucial detail?
It's possible to fix broken applications without changing the API - and so without breaking the ones that work. Michael Wojcik michael.wojcik () merant com MERANT Department of English, Miami University
Current thread:
- Re: stackguard-like embedded protection, (continued)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 06)
- Re: stackguard-like embedded protection Slawek (Sep 07)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 05)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 08)
- Re: stackguard-like embedded protection antirez (Sep 08)
- Message not available
- Re: stackguard-like embedded protection antirez (Sep 12)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 12)
- Re: stackguard-like embedded protection antirez (Sep 12)
- Re: stackguard-like embedded protection antirez (Sep 12)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 12)
- Re: stackguard-like embedded protection antirez (Sep 08)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 07)
- Re: stackguard-like embedded protection typo (Sep 07)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 08)
- Re: stackguard-like embedded protection antirez (Sep 13)
- Re: stackguard-like embedded protection antirez (Sep 13)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 13)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 13)
- Re: stackguard-like embedded protection antirez (Sep 13)