Jump to content

Uncontrolled format string

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Enigmasoldier (talk | contribs) at 12:17, 17 March 2004 (Initial Write). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

Format string attacks are a new class of vulnerbilities discovered in June of 2000 previously thought harmless. The problem exists in the %n format token for C's printf() format strings that commands printf() to write back the number of bytes formatted to the same argument to printf(), assuming that the corresponding argument exists, and is of type int * . Software that allows unfiltered user input as the first argument to printf() is vulnerable to format string attacks.

This is a common vulnerability due to the fact that format bugs were previously thought harmless and resulted in vulnerabilites in many common tools. MITRE's CVE project list roughly 150 vulnerable programs.

Format bugs are because C's argument passing conventions are type-unsafe. In particular, the varargs mechanism allows functions to accept any number of arguments (e.g. printf) by "popping" as many [Argument|arguments] off the call stack as they wish, trusting the early arguments to indicate how many additional arguments are to be popped, and of what type.

See Also

Retrieved from "https://en.wikipedia.org/w/index.php?title=Uncontrolled_format_string&oldid=2803738"