Content deleted Content added
m Signing comment by 202.99.4.3 - "→ff: new section" |
m Reverted edit by 2409:40C1:31D3:5C80:8000:0:0:0 (talk) to last version by Qwerfjkl (bot) |
||
| (9 intermediate revisions by 8 users not shown) | |||
Line 1:
{{WikiProject banner shell|class=Start|
{{WikiProject Computer Security|importance=Low}}
}}
== Broken links ==
I removed four broken links to format string papers and sites. If anyone has links to valid ones again, especially from trusted referenceable sources please add them.
== C doesn't pop ==
C doesn't pop the arguments. Neither the assembly written library funktions, nor user written C funktions pop the arguments. User written assembly funktions doing this are possible, but it's safe to assume anybody who knows assembly is aware of the danger of messing with the stack. Instead C acesses the arguments with a pointer.
A standard C call looks like this :
; Caller
...
push last argument
...
push first argument
call funktion
add sp,argument size
...
; Funktion
funktion proc near
push bp
mov bp,sp ; arguments can now be acessed by [bp+adress]
...
pop bp
ret
funktion endp
In partikular, you cannot cause trouble by passing a wrong number of arguments (what would be devastating in BASIC or Pascal). Interestingly, the Windows API, what normally uses Pascal-calls uses C-calls for Vararg funktions, for exaclty that reason.
Most printf related bugs print mearly garbage. By passing many %X or %s you get a dump of the stack or strings, that is only rarely a hazard. You might get acess to sensitive data, but this requires a lot of knowledge about the programm, and apropriate data structures. The most damaging possible is, to overwrite the code at the return adress with %n, what crashes the programm, but is probably insuficient to jump to malware. --[[Special:Contributions/79.200.87.213|79.200.87.213]] ([[User talk:79.200.87.213|talk]]) 23:48, 6 February 2015 (UTC)
| |||