printf hacking

On Sun, 18 Nov 2007 22:26:07 -0800 (PST) in comp.lang.c++,
singhraghvendra <ra********@gmail.comwrote,

>Hi

I have a function as below

void print(char* str)
{
printf(str);
}

now the user of the function can pass anything as the argument for
print(). I am looking got major security issues with this fucntion.

Yes, it is really horrible. Look up what the first argument to printf
means! At minimum, it should be changed to:

void print(char* str)
{
printf("%s", str);
}

On Nov 18, 11:26 pm, singhraghvendra <raghu.i...@gmail.comwrote:

Hi

I have a function as below

void print(char* str)
{
printf(str);

}

now the user of the function can pass anything as the argument for
print(). I am looking got major security issues with this fucntion. I
mean can this fucntion be hacked somehow or can we give some input so
that we can crash the program. Its a kind of urgent so please help me
out with this.

raghu

First off, why bother? Why not just use printf(),
straight up?

If you just want to print a string you can do that
with printf, just like that! Or do you want to drop
formatting? If you pass a string with formatting
to this and containing placeholders like %d then
printf() will have nothing to draw fill values from
and unpredictable behavior will occur. If you are
wanting to be able to print any string, without
special formatting sequences being interpreted
that way, then use

printf("%s", str);

in your "print()" routine.

On Nov 19, 2:26 pm, singhraghvendra <raghu.i...@gmail.comwrote:

Hi

I have a function as below

void print(char* str)
{
printf(str);

}

now the user of the function can pass anything as the argument for
print(). I am looking got major security issues with this fucntion. I
mean can this fucntion be hacked somehow or can we give some input so
that we can crash the program. Its a kind of urgent so please help me
out with this.

Presumably, this code is something you are objecting to in your
organization, and someone reasonably higher up is ignoring your
objections?
The exact method of crashing the code will depend on your target
system and possibly your target OS. I think it's harder to do code
injection these days.

You may be interested printf("%n") though if you really want to crash
the program.

singhraghvendra wrote:

Hi

I have a function as below

void print(char* str)
{
printf(str);
}

now the user of the function can pass anything as the argument for
print(). I am looking got major security issues with this fucntion. I
mean can this fucntion be hacked somehow or can we give some input so
that we can crash the program. Its a kind of urgent so please help me
out with this.

Is this a homework question?

Look up the first argument to printf(), and what arbitrary input passed
to printf() with only one argument could cause failure.

--
Philip Potter pgp <atdoc.ic.ac.uk

singhraghvendra wrote:

Hi

I have a function as below

void print(char* str)
{
printf(str);
}

now the user of the function can pass anything as the argument for
print(). I am looking got major security issues with this fucntion.

Please google "format string attack"

--
IYesNo yes=YesNoFactory.getFactoryInstance().YES;
yes.getDescription().equals(array[0].toUpperCase());

On Nov 19, 7:26 am, singhraghvendra <raghu.i...@gmail.comwrote:

I have a function as below

void print(char* str)
{
printf(str);
}

now the user of the function can pass anything as the argument for
print(). I am looking got major security issues with this fucntion. I
mean can this fucntion be hacked somehow or can we give some input so
that we can crash the program. Its a kind of urgent so please help me
out with this.

Printf is a major security hole, yes. Just use ostream.

--
James Kanze (GABI Software) email:ja*********@gmail.com
Conseils en informatique orientée objet/
Beratung in objektorientierter Datenverarbeitung
9 place Sémard, 78210 St.-Cyr-l'École, France, +33 (0)1 30 23 00 34

On Nov 19, 11:16 am, James Kanze <james.ka...@gmail.comwrote:

On Nov 19, 7:26 am, singhraghvendra <raghu.i...@gmail.comwrote:

I have a function as below
void print(char* str)
{
printf(str);
}
now the user of the function can pass anything as the argument for
print(). I am looking got major security issues with this fucntion. I
mean can this fucntion be hacked somehow or can we give some input so
that we can crash the program. Its a kind of urgent so please help me
out with this.

Printf is a major security hole, yes. Just use ostream.

Another alternative is to use boost::format

Regards

--
Cholo Lennon
Bs.As.
ARG

singhraghvendra:

I am looking got major security issues with this fucntion. I
mean can this fucntion be hacked somehow or can we give some input so
that we can crash the program. Its a kind of urgent so please help me
out with this.

Are you the same person who's been posting similar paranoid crap
lately? What exactly do you mean by a security hole? Or by hacking even?
Let's say, hypothetically speaking, that you had a shared library (e.g.
a .DLL file in windows) that had full access to the system. Also, you
have an executable file which does _not_ have access to the system. It is
possible that the executable can use the library to do Bad Stuff, but
that's only if the DLL provides such a mechanism to the executable.

By screwing up a call to printf, how do you think a virus can gain
control of your system? The question you SHOULD be asking is how the hell
the virus is running in the first place. Don't go researching prevention
after the infection's taken hold.

If I myself were writing the DLL, I'd take the position of allowing
the executable to do whatever it wants. And what if I virus takes
advantage of it, you say? Well you don't let the virus run.

--
Tomás Ó hÉilidhe

On Thu, 22 Nov 2007 07:42:21 -0800 (PST), Cholo Lennon wrote:

>On Nov 19, 11:16 am, James Kanze <james.ka...@gmail.comwrote:

>Printf is a major security hole, yes. Just use ostream.

Another alternative is to use boost::format

IMO, neither Boost nor iostream are usable for real-world
applications. Small typesafe wrappers around (f)printf (which the OP
probably tried to implement) are suitable in most cases.
--
Roland Pibinger
"The best software is simple, elegant, and full of drama" - Grady Booch

Tomás Ó hÉilidhe wrote:

singhraghvendra:

>I am looking got major security issues with this fucntion. I
mean can this fucntion be hacked somehow or can we give some input so
that we can crash the program. Its a kind of urgent so please help me
out with this.

Are you the same person who's been posting similar paranoid crap
lately? What exactly do you mean by a security hole? Or by hacking even?

http://seclists.org/bugtraq/1999/Sep/0328.html

In message <47*************@news.utanet.at>, Roland Pibinger
<rp*****@yahoo.comwrites

>On Thu, 22 Nov 2007 07:42:21 -0800 (PST), Cholo Lennon wrote:

>>On Nov 19, 11:16 am, James Kanze <james.ka...@gmail.comwrote:

>>Printf is a major security hole, yes. Just use ostream.

Another alternative is to use boost::format

IMO,

.... and possibly a minority one...

>neither Boost nor iostream are usable for real-world
applications.

That's far too sweeping. They may not be perfect, but I use parts of
Boost and iostreams in real-world applications all the time. They don't
cause me any problems and the customers are happy.

If what you really mean is that some parts, or some implementations, of
these libraries are unreliable, I suggest the onus is on you to be more
specific about which, and why.

>Small typesafe wrappers around (f)printf (which the OP
probably tried to implement) are suitable in most cases.

--
Richard Herring

On Nov 22, 4:42 pm, Cholo Lennon <chololen...@hotmail.comwrote:

On Nov 19, 11:16 am, James Kanze <james.ka...@gmail.comwrote:

On Nov 19, 7:26 am, singhraghvendra <raghu.i...@gmail.comwrote:

I have a function as below
void print(char* str)
{
printf(str);
}
now the user of the function can pass anything as the argument for
print(). I am looking got major security issues with this fucntion. I
mean can this fucntion be hacked somehow or can we give some input so
that we can crash the program. Its a kind of urgent so please help me
out with this.

Printf is a major security hole, yes. Just use ostream.

Another alternative is to use boost::format

Been there, done that. (My Gabi::Format predates boost::format
by something like 10 years.) It solves the security issues, yes.
It still leaves you having to learn an arcane language in a
language for any real formatting. Iostream is a lot simpler to
understand and use, and a lot more flexible as well.

--
James Kanze (GABI Software) email:ja*********@gmail.com
Conseils en informatique orientée objet/
Beratung in objektorientierter Datenverarbeitung
9 place Sémard, 78210 St.-Cyr-l'École, France, +33 (0)1 30 23 00 34

On Nov 23, 4:13 am, Richard Herring <ju**@[127.0.0.1]wrote:

In message <4746030f.537...@news.utanet.at>, Roland Pibinger
<rpbg...@yahoo.comwrites

On Thu, 22 Nov 2007 07:42:21 -0800 (PST), Cholo Lennon wrote:

>On Nov 19, 11:16 am, James Kanze <james.ka...@gmail.comwrote:
Printf is a major security hole, yes. Just use ostream.

>Another alternative is to use boost::format

neither Boost nor iostream are usable for real-world
applications.

If what you really mean is that some parts, or some implementations, of
these libraries are unreliable, I suggest the onus is on you to be more
specific about which, and why.

How's this...

In some performance-critical sections of code, particularly low-
latency network application protocol serializing/deserializing,
iostreams are too slow to be useful. Printf's security can be check
at compile-time with GCC (-Wformat=2, IIRC), which should always be
used.

Everywhere besides the aforementioned performance-critical sections,
boost::format or iostreams should be used for developer efficiency --
or better yet... Python (^:

--
Tom

Marco Manfredini:

http://seclists.org/bugtraq/1999/Sep/0328.html

_You_ control the string which is passed to printf, not the hacker.
If the hacker already has access to your RAM or machine code, then taking
precautions such as not using printf is like treating chickenpox with
antibiotics.

--
Tomás Ó hÉilidhe

On Nov 24, 2:04 am, "tba...@gmail.com" <tba...@gmail.comwrote:

On Nov 23, 4:13 am, Richard Herring <ju**@[127.0.0.1]wrote:

In message <4746030f.537...@news.utanet.at>, Roland Pibinger
<rpbg...@yahoo.comwrites

>On Thu, 22 Nov 2007 07:42:21 -0800 (PST), Cholo Lennon wrote:
>>On Nov 19, 11:16 am, James Kanze <james.ka...@gmail.comwrote:
>>Printf is a major security hole, yes. Just use ostream.

>>Another alternative is to use boost::format

>neither Boost nor iostream are usable for real-world
>applications.

If what you really mean is that some parts, or some implementations, of
these libraries are unreliable, I suggest the onus is on you to be more
specific about which, and why.

How's this...

In some performance-critical sections of code, particularly low-
latency network application protocol serializing/deserializing,
iostreams are too slow to be useful. Printf's security can be check
at compile-time with GCC (-Wformat=2, IIRC), which should always be
used.

Everywhere besides the aforementioned performance-critical sections,
boost::format or iostreams should be used for developer efficiency --
or better yet... Python (^:

Well, I know that boost::format and iostreams are 5 or more times
slower than printf (At least in my dev. system) but I still use
boost::format. I work in telecommunications. Some of our applications
use boost::format (and a lot of boost stuff). The central point is
that not all 'real' applications (even in telecommunications) are time
critical, so I prefer security and object oriented capabilities over
performance. When performance matters I evaluate another alternatives
like sprintf or printf.

Regards

--
Cholo Lennon
Bs.As.
ARG