Wikipedia

Uncontrolled format string: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
+syslog
Wetbags (talk | contribs)
2 edits
More information, and an example
Line 1:
Format string attacks are a new class of [[Exploit_(computer_science)|vulnerabilities]] discovered in June of 2000 previously thought harmless. Format string attacks can be used to [[Crash_(computing)|crash]] a program or to execute harmful code. The problem existsstems infrom the %nuse of unfiltered user input as the format tokenstring parameter in forcertain [[C_programming_language|C]]'s functions that perform formatting, such as <code>[[Printf|printf()]]</code>. A malicious user may use the %s and %x format stringstokens, thatamong others, to print data from the stack or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using the %n format token, which commands <code>printf()</code> and similar functions to write back the number of bytes formatted to the same argument to <code>printf()</code>, assuming that the corresponding [[Argument|argument]] exists, and is of [[Datatype|type]] int * . [[Software]] that allows unfiltered user input as the first argument to <code>printf()</code> is vulnerable to format string attacks.
 
This is a common vulnerability due to the fact that format bugs were previously thought harmless and resulted in vulnerabilites in many common tools. [http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=format+string MITRE's CVE project] list roughly 150 vulnerable programs.
 
Format string bugs most commonly appear when a programmer wishes to print a string containing user supplied data. The programmer may mistakenly write <code>printf(buffer)</code> instead of <code>printf("%s", buffer)</code>. The first version interprets <code>buffer</code> as a format string, and parses any formatting instructions it may contain. The second version simply prints a string to the screen, as the programmer intended.
 
Format bugs arise because C's argument passing conventions are type-unsafe. In particular, the <code>varargs</code> mechanism allows [[Subprogram|functions]] to accept any number of arguments (e.g. <code>printf</code>) by "popping" as many [[Argument|arguments]] off the call [[Stack_(computing)|stack]] as they wish, trusting the early arguments to indicate how many additional arguments are to be popped, and of what types.
Retrieved from "https://en.wikipedia.org/wiki/Uncontrolled_format_string"