safety and C

[RoSsIaCrIiLoIA]

I'm reading a book on safety.
Do you know that?
printf("Use:> %s prog\n", argv[0] );
or
printf("Use:> %s prog\n", str_in_input);
is danger.
If str_in_input=" %x " this would print the return address of printf.
If str_in_input=" %x%x%x%x%x%x%x%x%x%x%x%x%x " it could see the stack.
and what If in the stack there is a pointer to a string password?

 

[Thomas stegen]

I'm reading a book on safety.
Do you know that?
printf("Use:> %s prog\n", argv[0] );
or
printf("Use:> %s prog\n", str_in_input);
is danger.
If str_in_input=" %x " this would print the return address of printf.

It will print "Use:> %x prog\n"

If str_in_input=" %x%x%x%x%x%x%x%x%x%x%x%x%x " it could see the stack.

It will print "Use:> %x%x%x%x%x%x%x%x%x%x%x%x%x prog\n"

and what If in the stack there is a pointer to a string password?

Nope it cannot, above is perfectly safe.

-- Thomas.

 

[Martin Ambuhl]

I'm reading a book on safety.
Do you know that?
printf("Use:> %s prog\n", argv[0] );
or
printf("Use:> %s prog\n", str_in_input);
is danger.
If str_in_input=" %x " this would print the return address of printf.
If str_in_input=" %x%x%x%x%x%x%x%x%x%x%x%x%x " it could see the stack.
and what If in the stack there is a pointer to a string password?

Where are you getting this crap? See the program below and its output:

#include <stdio.h>
int main(void)
{
char *str_in_input;
printf("[output]\n");
str_in_input = " %x ";
printf("Use:> %s prog\n", str_in_input);
str_in_input = " %x%x%x%x%x%x%x%x%x%x%x%x%x ";
printf("Use:> %s prog\n", str_in_input);
return 0;
}

[output]
Use:> %x prog
Use:> %x%x%x%x%x%x%x%x%x%x%x%x%x prog

 

[RoSsIaCrIiLoIA]

I'm reading a book on safety.
Do you know that?
printf("Use:> %s prog\n", argv[0] );
or
printf("Use:> %s prog\n", str_in_input);
is danger.
If str_in_input=" %x " this would print the return address of printf.

It will print "Use:> %x prog\n"

Yes but this print
Inserisci una stringa> %x %hx %hx %hx %hx %hx %hx %hx %hx
40b034 f000 7825 7868 7868 7868 7868 7868 7868
Is it possible to exit from s?

#include <stdio.h>

int main(void)
{char s[50] = {0};
int d = 0;
while( 1 )
{
printf("Inserisci una stringa> "); fflush(stdout);
fgets(s, sizeof s, stdin);
printf(s);
if(*s=='1') break;
}
return 0;
}

 

[Thomas stegen]

Yes but this print

Of course it does.

Inserisci una stringa> %x %hx %hx %hx %hx %hx %hx %hx %hx
40b034 f000 7825 7868 7868 7868 7868 7868 7868
Is it possible to exit from s?

s is a string, there is no entrance or exit...

printf("Inserisci una stringa> "); fflush(stdout);
fgets(s, sizeof s, stdin);
printf(s);

I trust you see the difference between the above
and printf("%s", s) ?

Or just use puts.

 

[Richard Delorme]

RoSsIaCrIiLoIA a écrit :

RoSsIaCrIiLoIA wrote:

I'm reading a book on safety.
Do you know that?
printf("Use:> %s prog\n", argv[0] );
or
printf("Use:> %s prog\n", str_in_input);
is danger.
If str_in_input=" %x " this would print the return address of printf.

It will print "Use:> %x prog\n"

Yes but this print
Inserisci una stringa> %x %hx %hx %hx %hx %hx %hx %hx %hx
40b034 f000 7825 7868 7868 7868 7868 7868 7868
Is it possible to exit from s?

#include <stdio.h>

int main(void)
{char s[50] = {0};
int d = 0;
while( 1 )
{
printf("Inserisci una stringa> "); fflush(stdout);
fgets(s, sizeof s, stdin);
printf(s);
if(*s=='1') break;
}
return 0;
}

Indeed printf(s); may be unsafe if s can be entered by a malevolent
person. However printf("%s", s); or the similar versions in your first
message are not.

 

[Dan Pop]

Of course it does.


s is a string, there is no entrance or exit...


I trust you see the difference between the above
and printf("%s", s) ?

If he did, he wouldn't have posted the original bullshit in the first
place...

Dan

 

[Keith Thompson]

I'm reading a book on safety.
Do you know that?
printf("Use:> %s prog\n", argv[0] );
or
printf("Use:> %s prog\n", str_in_input);
is danger.
If str_in_input=" %x " this would print the return address of printf.
If str_in_input=" %x%x%x%x%x%x%x%x%x%x%x%x%x " it could see the stack.
and what If in the stack there is a pointer to a string password?

Either your book is incorrect, or you've misunderstood it. There is
an issue here, but your examples don't demonstrate it.

Here's a simple program that prints its first command-line argument,
if any, followed by a newline:

#include <stdio.h>
int main(int argc, char **argv)
{
if (argc >= 2) {
printf("%s", argv[1]);
}
else {
printf("(no arguments)");
}
printf("\n");
return 0;
}

This is perfectly safe (at least for our current purposes).

Here's another version of the same program:

#include <stdio.h>
int main(int argc, char **argv)
{
if (argc >= 2) {
printf(argv[1]); /* DANGER!! */
}
else {
printf("(no arguments)");
}
printf("\n");
return 0;
}

On the line marked "DANGER!!", it uses an unchecked string as the
format argument to printf(). If I run this program with an argument
like "foobar" or "42", it will work exactly the same way as the first
version. If the argument happens to contain a printf format, though,
like "%s", it invokes undefined, because it tells printf() to look for
a second argument that wasn't actually passed to it.

The canonical first program contains the line
printf("hello, world\n");
It could instead be written as
printf("%s\n", "hello, world");
or
printf("%s", "hello, world\n");
but it really doesn't make any difference; since the format string is
a literal, we can tell by inspection that it doesn't contain any
conversion specifiers. If the string comes from an outside source,
such as the command line or standard input, we can't make that
assumption, so we need to use "%s" to guarantee that any specifiers
that happen to be in the string are just printed, not interpreted.