46 lines
991 B
Plaintext
46 lines
991 B
Plaintext
It is a security vulnerability to call ``++printf++`` with a unique string argument which is not a string literal. Indeed, if this argument comes from a user input, this user can :
|
|
|
|
* make the program crash, by executing code equivalent to: ``++printf("%s%s%s%s%s%s%s%s")++``
|
|
* view the stack or a memory at any location, by executing code equivalent to: ``++printf("%08x %08x %08x %08x %08x\n")++``
|
|
|
|
|
|
== Noncompliant Code Example
|
|
|
|
[source,cpp]
|
|
----
|
|
void f(char* userInput) {
|
|
printf(userInput); // Noncompliant
|
|
}
|
|
----
|
|
|
|
|
|
== Compliant Solution
|
|
|
|
[source,cpp]
|
|
----
|
|
void f(char* userInput) {
|
|
printf("%s", userInput); // Compliant
|
|
}
|
|
----
|
|
|
|
|
|
== See
|
|
|
|
* https://owasp.org/www-community/attacks/Format_string_attack[Owasp: format string attack]
|
|
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|