safety and C

RoSsIaCrIiLoIA wrote:

I'm reading a book on safety.
Do you know that?
printf("Use:> %s prog\n", argv[0] );
or
printf("Use:> %s prog\n", str_in_input);
is danger.
If str_in_input=" %x " this would print the return address of printf.
It will print "Use:> %x prog\n"
If str_in_input=" %x%x%x%x%x%x%x%x%x%x%x%x%x " it could see the stack.
It will print "Use:> %x%x%x%x%x%x%x%x%x%x%x%x%x prog\n"
and what If in the stack there is a pointer to a string password?

Nope it cannot, above is perfectly safe.

-- Thomas.

RoSsIaCrIiLoIA wrote:

I'm reading a book on safety.
Do you know that?
printf("Use:> %s prog\n", argv[0] );
or
printf("Use:> %s prog\n", str_in_input);
is danger.
If str_in_input=" %x " this would print the return address of printf.
If str_in_input=" %x%x%x%x%x%x%x%x%x%x%x%x%x " it could see the stack.
and what If in the stack there is a pointer to a string password?

Where are you getting this crap? See the program below and its output:

#include <stdio.h>
int main(void)
{
char *str_in_input;
printf("[output]\n");
str_in_input = " %x ";
printf("Use:> %s prog\n", str_in_input);
str_in_input = " %x%x%x%x%x%x%x%x%x%x%x%x%x ";
printf("Use:> %s prog\n", str_in_input);
return 0;
}

[output]
Use:> %x prog
Use:> %x%x%x%x%x%x%x%x%x%x%x%x%x prog

On Wed, 14 Apr 2004 08:57:21 +0100, Thomas stegen
<ts*****@cis.strath.ac.uk> wrote:

RoSsIaCrIiLoIA wrote:

I'm reading a book on safety.
Do you know that?
printf("Use:> %s prog\n", argv[0] );
or
printf("Use:> %s prog\n", str_in_input);
is danger.
If str_in_input=" %x " this would print the return address of printf.

It will print "Use:> %x prog\n"

Yes but this print
Inserisci una stringa> %x %hx %hx %hx %hx %hx %hx %hx %hx
40b034 f000 7825 7868 7868 7868 7868 7868 7868
Is it possible to exit from s?

#include <stdio.h>

int main(void)
{char s[50] = {0};
int d = 0;
while( 1 )
{
printf("Inserisci una stringa> "); fflush(stdout);
fgets(s, sizeof s, stdin);
printf(s);
if(*s=='1') break;
}
return 0;
}

RoSsIaCrIiLoIA wrote:

On Wed, 14 Apr 2004 08:57:21 +0100, Thomas stegen

It will print "Use:> %x prog\n"

Yes but this print

Of course it does.
Inserisci una stringa> %x %hx %hx %hx %hx %hx %hx %hx %hx
40b034 f000 7825 7868 7868 7868 7868 7868 7868
Is it possible to exit from s?
s is a string, there is no entrance or exit...
printf("Inserisci una stringa> "); fflush(stdout);
fgets(s, sizeof s, stdin);
printf(s);

I trust you see the difference between the above
and printf("%s", s) ?

Or just use puts.

--
Thomas.

RoSsIaCrIiLoIA a écrit :

On Wed, 14 Apr 2004 08:57:21 +0100, Thomas stegen
<ts*****@cis.strath.ac.uk> wrote:

RoSsIaCrIiLoIA wrote:

I'm reading a book on safety.
Do you know that?
printf("Use:> %s prog\n", argv[0] );
or
printf("Use:> %s prog\n", str_in_input);
is danger.
If str_in_input=" %x " this would print the return address of printf.

It will print "Use:> %x prog\n"

Yes but this print
Inserisci una stringa> %x %hx %hx %hx %hx %hx %hx %hx %hx
40b034 f000 7825 7868 7868 7868 7868 7868 7868
Is it possible to exit from s?

#include <stdio.h>

int main(void)
{char s[50] = {0};
int d = 0;
while( 1 )
{
printf("Inserisci una stringa> "); fflush(stdout);
fgets(s, sizeof s, stdin);
printf(s);
if(*s=='1') break;
}
return 0;
}

Indeed printf(s); may be unsafe if s can be entered by a malevolent
person. However printf("%s", s); or the similar versions in your first
message are not.

--
Richard

In <c5************@ID-228872.news.uni-berlin.de> Thomas stegen <ts*****@cis.strath.ac.uk> writes:

RoSsIaCrIiLoIA wrote:

On Wed, 14 Apr 2004 08:57:21 +0100, Thomas stegen

It will print "Use:> %x prog\n"

Yes but this print

Of course it does.

Inserisci una stringa> %x %hx %hx %hx %hx %hx %hx %hx %hx
40b034 f000 7825 7868 7868 7868 7868 7868 7868
Is it possible to exit from s?

s is a string, there is no entrance or exit...

printf("Inserisci una stringa> "); fflush(stdout);
fgets(s, sizeof s, stdin);
printf(s);

I trust you see the difference between the above
and printf("%s", s) ?

If he did, he wouldn't have posted the original bullshit in the first
place...

Dan
--
Dan Pop
DESY Zeuthen, RZ group
Email: Da*****@ifh.de

RoSsIaCrIiLoIA <n@esiste.ee> writes:

I'm reading a book on safety.
Do you know that?
printf("Use:> %s prog\n", argv[0] );
or
printf("Use:> %s prog\n", str_in_input);
is danger.
If str_in_input=" %x " this would print the return address of printf.
If str_in_input=" %x%x%x%x%x%x%x%x%x%x%x%x%x " it could see the stack.
and what If in the stack there is a pointer to a string password?

Either your book is incorrect, or you've misunderstood it. There is
an issue here, but your examples don't demonstrate it.

Here's a simple program that prints its first command-line argument,
if any, followed by a newline:

#include <stdio.h>
int main(int argc, char **argv)
{
if (argc >= 2) {
printf("%s", argv[1]);
}
else {
printf("(no arguments)");
}
printf("\n");
return 0;
}

This is perfectly safe (at least for our current purposes).

Here's another version of the same program:

#include <stdio.h>
int main(int argc, char **argv)
{
if (argc >= 2) {
printf(argv[1]); /* DANGER!! */
}
else {
printf("(no arguments)");
}
printf("\n");
return 0;
}

On the line marked "DANGER!!", it uses an unchecked string as the
format argument to printf(). If I run this program with an argument
like "foobar" or "42", it will work exactly the same way as the first
version. If the argument happens to contain a printf format, though,
like "%s", it invokes undefined, because it tells printf() to look for
a second argument that wasn't actually passed to it.

The canonical first program contains the line
printf("hello, world\n");
It could instead be written as
printf("%s\n", "hello, world");
or
printf("%s", "hello, world\n");
but it really doesn't make any difference; since the format string is
a literal, we can tell by inspection that it doesn't contain any
conversion specifiers. If the string comes from an outside source,
such as the command line or standard input, we can't make that
assumption, so we need to use "%s" to guarantee that any specifiers
that happen to be in the string are just printed, not interpreted.

--
Keith Thompson (The_Other_Keith) ks***@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <*> <http://users.sdsc.edu/~kst>
Schroedinger does Shakespeare: "To be *and* not to be"