• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: unsafe printing
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: unsafe printing

  • Subject: Re: unsafe printing
  • From: Jens Alfke <email@hidden>
  • Date: Sat, 11 Jul 2015 11:48:01 -0700

—Jens

> On Jul 11, 2015, at 3:45 AM, Jan E. Schotsman <email@hidden> wrote:
>
>
>> On Jul 10, 2015, at 10:07 PM, Steve Mills wrote:
>> Better yet, don't do that, *because it's potentially insecure*.
> It isn't because I make the string myself.

If it's possible for the string you create to contain a "%", then you've at least got a (quite likely crashing) bug in your code.

If it's not, then can you guarantee that your code will never evolve such that the string might contain a "%"? For instance, if part of the string comes from a parameter to this function, you now have to enforce that the function is never called with a string containing "%". Which is easy to forget a year from now, or if someone else ever has to extend your code.

And if anyone ever writes code that reads data from a file or network and part of that data gets passed to your function, then they've created a security hole without knowing it. This is how these real world exploits come to be. It's especially hard to track down if there are several layers of code between the file/network I/O and the function with the vulnerability.

A key part of being a good programmer is writing code that's maintainable and understandable. It's the difference between engineering and hacking. Please don't take this personally, but if this came up in a job interview, I would not hire someone who argued what you said above.

> All the discussions online are about using scanf and the like.

Printf-like functions are just as vulnerable if you know how to craft the evil input. There's one obscure format character that writes back to the stack. Read the article.

>> Just do this instead:
>> printf("%s", myString);
> Interesting. If the solution is that simple why didn't I find that anywhere in the internet?

I don't know where you looked or what keywords you searched for...

Anyway, even the above isn't the best solution because it adds the overhead of printf interpreting the format string. If all you want to do is write a C string to stdout, just call puts(). Don't use a chainsaw where scissors will do :)

--Jens
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Re: unsafe printing (From: Steve Mills <email@hidden>)
 >Re: unsafe printing (From: "Jan E. Schotsman" <email@hidden>)

  • Prev by Date: Re: Project template
  • Next by Date: Dependency tracking with asset catalog and interface builder compilers
  • Previous by thread: Re: unsafe printing
  • Next by thread: Re: unsafe printing
  • Index(es):
    • Date
    • Thread