|
||
|
Title: Potential Problem in function Post by johny_cage on Oct 24th, 2007, 6:21am The following is a simple c program, in which there is a function called Error to display errors. Can you see a potential problem with the way Error is defined? #include <stdlib.h> #include <stdio.h> void Error(char* s) { printf(s); return; } int main() { int *p; p = malloc(sizeof(int)); if(p == NULL) { Error("Could not allocate the memory\n"); Error("Quitting....\n"); exit(1); } else { /*some stuff to use p*/ } return 0; } |
||
|
Title: Re: Potential Problem in function Post by SMQ on Oct 24th, 2007, 6:29am [hide]In Error, it should be printf("%s", s);, or better yet, fputs(s, stderr);, otherwise an error string with % in it could cause the printf to expect more parameters than were passed, and potentially crash without ever displaying the error.[/hide] --SMQ |
||
|
Title: Re: Potential Problem in function Post by gowrikumar on Oct 24th, 2007, 10:30am These sort of errors are called format string vulnerabilities. Long back, I had prepared a slide-set explaining them. They are available here: http://www.devhood.com/tools/tool_details.aspx?tool_id=877 The example programs and the links may not work, but it may help in understanding the problem with the function Error. Regards, Gowri Kumar |
||
|
Title: Re: Potential Problem in function Post by johny_cage on Oct 24th, 2007, 3:17pm @gowrikumar nice one... |
||
|
Powered by YaBB 1 Gold - SP 1.4! Forum software copyright © 2000-2004 Yet another Bulletin Board |