Boost logo

Boost :

Subject: Re: [boost] Printf-style format specifiers (was: Review - boost::log)
From: Andrey Semashev (andrey.semashev_at_[hidden])
Date: 2010-03-14 18:10:10


On 03/15/2010 12:50 AM, Vladimir Prus wrote:
> On Sunday 14 March 2010 23:37:06 Scott McMurray wrote:
>
>> On 14 March 2010 15:21, Tom Brinkman<reportbase2007_at_[hidden]> wrote:
>>>> The printf style parameters is responsible for thousands and thousands of
>>>> security vulnerabilities.
>>>
>>> Just plain wrong.
>>>
>>
>> Some evidence for your position would be good, since it's trivial to
>> find documentation of holes from printf-style parameters:
>> http://en.wikipedia.org/wiki/Format_string_attack
>
> I don't think that's hole from printf-style parameters. By reading that
> page it's trivial to notice that it's the %n format specifier -- which
> actually writes something into program -- is the key component of attack.
> Clearly a printf-like function that does not support any way to modify
> program state is safe. Am I missing something?

You do understand that the use of ellipsis is error-prone, even if it
doesn't lead to program modification, do you? It is common knowledge
that sprintf-like functions are often misused, which results in buffer
overruns or incorrect arguments being passed. In C++, the problem of
accidental passing of non-POD typed arguments is added.


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk