Content deleted Content added
→Details: added <ref name="team_teso">http://julianor.tripod.com/bc/formatstring-1.2.pdf</ref> |
name="bugtrag_perl |
||
Line 10:
Format bugs arise because C's argument passing conventions are not [[Type safety|type-safe]]. In particular, the <code>[[stdarg.h|varargs]]</code> mechanism allows [[Subprogram|functions]] to accept any number of arguments (e.g. <code>printf</code>) by "popping" as many [[argument]]s off the [[call stack]] as they wish, trusting the early arguments to indicate how many additional arguments are to be popped, and of what types.
Format string bugs can occur in other programming languages besides C, although they appear with less frequency and usually cannot be exploited to execute code of the attacker's choice.<ref name="bugtrag_perl">[http://seclists.org/bugtraq/2005/Dec/0030.html Bugtraq: Format String Vulnerabilities in Perl Programs]</ref>
Format bugs were first noted in 1989 by the [[fuzz testing]] work done at the University of Wisconsin, which discovered an "interaction effect" in the [[C shell]] (csh) between its [[command history]] mechanism and an error routine that assumed safe string input.<ref>{{cite journal |url=ftp://ftp.cs.wisc.edu/paradyn/technical_papers/fuzz.pdf |title=An Empirical Study of the Reliability of UNIX Utilities |first1=Barton P. |last1=Miller |first2=Lars |last2=Fredriksen |first3=Bryan |last3=So |journal=[[Communications of the ACM]] |volume=33 |number=12 |date=December 1990 <!--NB: paper copyright is 1989 --> |doi=10.1145/96267.96279 |pages=32–44}}</ref>
| |||