Home | Community | Message Board

Magic-Mushrooms-Shop.com
This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Kraken Kratom Shop: Red Vein Kratom

Jump to first unread post Pages: < Back | 1 | 2  [ show all ]
InvisibleDiploidM
Cuban


Folding@home Statistics
Registered: 01/09/03
Posts: 19,274
Loc: Rabbit Hole
Re: Format String Attack (you gotta be experienced with coding) [Re: Annapurna1]
    #8110887 - 03/06/08 12:43 PM (16 years, 2 months ago)

sprintf will still crap if the format string itself is malformed. sprintf relies on the terminating NULL to know where the end of the string is because it has no length parameter for the format string itself.

Normally, you use sprintf like this:

Code:

char *FixedSizedBuffer = (char *) malloc(20);
int Answer = 7;

sprintf(FixedSizedBuffer, "Answer = %d", Answer);




That's the right way, though you still have to make sure the whole constructed string will fit in the buffer with a multi-diget integer for Answer. The way that introduces a vulnerability goes like this:

Code:

char *FixedSizedBuffer = (char *) malloc(20);
char *FormatString = "Answer = %d";
int Answer = 7;


// See the problem here if this user
// input is longer than ~20 bytes allocated
// to FixedSizedBuffer?
gets(FormatString);


// This next will overwrite the stack if the user-input in
// FormatString has more byes than can fit in FixedSizedBuffer
// because sprintf will keep parsing through FormatString until
// it finds a NULL or overruns the end of the buffer.
sprintf(FixedSizedBuffer, FormatString, Answer);




By letting the end user provide the format string (a really bad idea), they can insert a NULL early or do some other funkyness and make sprintf crap on the stack, possibly leaving a return vector into a virus.


--------------------
Republican Values:

1) You can't get married to your spouse who is the same sex as you.
2) You can't have an abortion no matter how much you don't want a child.
3) You can't have a certain plant in your possession or you'll get locked up with a rapist and a murderer.

4) We need a smaller, less-intrusive government.

Extras: Filter Print Post Top
InvisibleAnnapurna1
liberal pussy
Female User Gallery

Registered: 05/21/02
Posts: 5,646
Loc: innsmouth..MA
Re: Format String Attack (you gotta be experienced with coding) [Re: Diploid]
    #8111466 - 03/06/08 03:07 PM (16 years, 2 months ago)

it says snprintf()..not sprintf()...snprintf() takes an extra buffer size argument to guard against overflow...

Extras: Filter Print Post Top
InvisibleDiploidM
Cuban


Folding@home Statistics
Registered: 01/09/03
Posts: 19,274
Loc: Rabbit Hole
Re: Format String Attack (you gotta be experienced with coding) [Re: Annapurna1]
    #8111962 - 03/06/08 04:46 PM (16 years, 2 months ago)

Oh duh. Nevermind. :grin:


--------------------
Republican Values:

1) You can't get married to your spouse who is the same sex as you.
2) You can't have an abortion no matter how much you don't want a child.
3) You can't have a certain plant in your possession or you'll get locked up with a rapist and a murderer.

4) We need a smaller, less-intrusive government.

Extras: Filter Print Post Top
Jump to top Pages: < Back | 1 | 2  [ show all ]

Kraken Kratom Shop: Red Vein Kratom


Similar ThreadsPosterViewsRepliesLast post
* Crack this code! It should be easy!
( 1 2 all )
gir 2,407 22 06/06/03 03:12 AM
by SHiZNO
* Unable to format Mushie_Man 2,927 5 05/20/05 04:48 PM
by BigGameHunter
* HDD formatting to remove virus? Lightningfractal 1,294 7 12/15/03 06:22 PM
by Granola
* String Theory and Quantum Physics.
( 1 2 all )
ergot 5,222 24 01/03/04 01:02 AM
by MarioNett
* Designing Codes, Possible to make undecipherable?
( 1 2 all )
HagbardCeline 4,186 20 08/31/03 07:49 PM
by Mal_Fenderson
* Electromagnetic Hard Drive Erasing?
( 1 2 all )
EffedS 5,752 35 08/01/03 07:52 PM
by Effed
* Can't format hard drive cosmicpirate 1,216 9 08/21/05 01:05 AM
by cosmicpirate
* Go to the store and name your price! with re-code.com
( 1 2 all )
Lana 4,340 39 06/03/03 10:22 AM
by Raadt

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: trendal, automan, Northerner
2,797 topic views. 0 members, 0 guests and 1 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.02 seconds spending 0.004 seconds on 12 queries.