Content deleted Content added
Citation bot (talk | contribs) Alter: template type. Add: s2cid. | You can use this bot yourself. Report bugs here. | Suggested by AManWithNoPlan | All pages linked from cached copy of User:AManWithNoPlan/sandbox3 | via #UCB_webform_linked |
Artoria2e5 (talk | contribs) No edit summary Tags: Mobile edit Mobile web edit Advanced mobile edit |
||
Line 23:
Most of these are only useful for detecting bad format strings that are known at compile-time. If the format string may come from the user or from a source external to the application, the application must validate the format string before using it. Care must also be taken if the application generates or selects format strings on the fly. If the GNU C library is used, the <code>-D_FORTIFY_SOURCE=2</code> parameter can be used to detect certain types of attacks occurring at run-time. The <code>-Wformat-nonliteral</code> check is more stringent.
== Detection
Contrary to many other security issues, the root cause of format string vulnerabilities is relatively easy to detect in x86-compiled executables: For <code>printf</code>-family functions, proper use implies a separate argument for the format string and the arguments to be formatted. Faulty uses of such functions can be spotted by simply counting the number of arguments passed to the function; an 'argument deficiency'<ref name="team_teso"/> is then a strong indicator that the function was misused.
=== Detection in x86-compiled binaries === Counting the number of arguments is often made easy on x86 due to a calling convention where the caller removes the arguments that were pushed onto the stack by adding to the stack pointer after the call, so a simple examination of the stack correction yields the number of arguments passed to the <code>printf</code>-family function. ==See also==
| |||