printf hacking

**David Harmon** · Nov 19 '07, 07:05 AM

Re: printf hacking

On Sun, 18 Nov 2007 22:26:07 -0800 (PST) in comp.lang.c++,
singhraghvendra <raghu.iitr@gma il.comwrote,

>Hi
>
>I have a function as below
>
>void print(char* str)
>{
>printf(str);
>}
>
>now the user of the function can pass anything as the argument for
>print(). I am looking got major security issues with this fucntion.

Yes, it is really horrible. Look up what the first argument to printf
means! At minimum, it should be changed to:

void print(char* str)
{
printf("%s", str);
}

**mike3** · Nov 19 '07, 08:45 AM

Re: printf hacking

On Nov 18, 11:26 pm, singhraghvendra <raghu.i...@gma il.comwrote:

Hi
>
I have a function as below
>
void print(char* str)
{
printf(str);
>
}
>
now the user of the function can pass anything as the argument for
print(). I am looking got major security issues with this fucntion. I
mean can this fucntion be hacked somehow or can we give some input so
that we can crash the program. Its a kind of urgent so please help me
out with this.
>
raghu

First off, why bother? Why not just use printf(),
straight up?

If you just want to print a string you can do that
with printf, just like that! Or do you want to drop
formatting? If you pass a string with formatting
to this and containing placeholders like %d then
printf() will have nothing to draw fill values from
and unpredictable behavior will occur. If you are
wanting to be able to print any string, without
special formatting sequences being interpreted
that way, then use

printf("%s", str);

in your "print()" routine.

**alan** · Nov 19 '07, 08:45 AM

Re: printf hacking

On Nov 19, 2:26 pm, singhraghvendra <raghu.i...@gma il.comwrote:

Hi
>
I have a function as below
>
void print(char* str)
{
printf(str);
>
}
>
now the user of the function can pass anything as the argument for
print(). I am looking got major security issues with this fucntion. I
mean can this fucntion be hacked somehow or can we give some input so
that we can crash the program. Its a kind of urgent so please help me
out with this.

Presumably, this code is something you are objecting to in your
organization, and someone reasonably higher up is ignoring your
objections?
The exact method of crashing the code will depend on your target
system and possibly your target OS. I think it's harder to do code
injection these days.

You may be interested printf("%n") though if you really want to crash
the program.

**Philip Potter** · Nov 19 '07, 08:55 AM

Re: printf hacking

singhraghvendra wrote:

Hi
>
I have a function as below
>
void print(char* str)
{
printf(str);
}
>
now the user of the function can pass anything as the argument for
print(). I am looking got major security issues with this fucntion. I
mean can this fucntion be hacked somehow or can we give some input so
that we can crash the program. Its a kind of urgent so please help me
out with this.

Is this a homework question?

Look up the first argument to printf(), and what arbitrary input passed
to printf() with only one argument could cause failure.

--
Philip Potter pgp <atdoc.ic.ac. uk

**Marco Manfredini** · Nov 19 '07, 09:05 AM

Re: printf hacking

singhraghvendra wrote:

Hi
>
I have a function as below
>
void print(char* str)
{
printf(str);
}
>
now the user of the function can pass anything as the argument for
print(). I am looking got major security issues with this fucntion.

Please google "format string attack"

--
IYesNo yes=YesNoFactor y.getFactoryIns tance().YES;
yes.getDescript ion().equals(ar ray[0].toUpperCase()) ;

**James Kanze** · Nov 19 '07, 02:25 PM

Re: printf hacking

On Nov 19, 7:26 am, singhraghvendra <raghu.i...@gma il.comwrote:

I have a function as below

void print(char* str)
{
printf(str);
}

now the user of the function can pass anything as the argument for
print(). I am looking got major security issues with this fucntion. I
mean can this fucntion be hacked somehow or can we give some input so
that we can crash the program. Its a kind of urgent so please help me
out with this.

Printf is a major security hole, yes. Just use ostream.

--
James Kanze (GABI Software) email:james.kan ze@gmail.com
Conseils en informatique orientée objet/
Beratung in objektorientier ter Datenverarbeitu ng
9 place Sémard, 78210 St.-Cyr-l'École, France, +33 (0)1 30 23 00 34

**Cholo Lennon** · Nov 22 '07, 03:45 PM

Re: printf hacking

On Nov 19, 11:16 am, James Kanze <james.ka...@gm ail.comwrote:

On Nov 19, 7:26 am, singhraghvendra <raghu.i...@gma il.comwrote:
>

I have a function as below
void print(char* str)
{
printf(str);
}
now the user of the function can pass anything as the argument for
print(). I am looking got major security issues with this fucntion. I
mean can this fucntion be hacked somehow or can we give some input so
that we can crash the program. Its a kind of urgent so please help me
out with this.

>
Printf is a major security hole, yes. Just use ostream.
>

Another alternative is to use boost::format

Regards

--
Cholo Lennon
Bs.As.
ARG

**=?iso-8859-1?b?VG9t4XMg0yBoyWlsaWRoZQ==?=** · Nov 22 '07, 07:05 PM

Re: printf hacking

singhraghvendra :

I am looking got major security issues with this fucntion. I
mean can this fucntion be hacked somehow or can we give some input so
that we can crash the program. Its a kind of urgent so please help me
out with this.

Are you the same person who's been posting similar paranoid crap
lately? What exactly do you mean by a security hole? Or by hacking even?
Let's say, hypothetically speaking, that you had a shared library (e.g.
a .DLL file in windows) that had full access to the system. Also, you
have an executable file which does _not_ have access to the system. It is
possible that the executable can use the library to do Bad Stuff, but
that's only if the DLL provides such a mechanism to the executable.

By screwing up a call to printf, how do you think a virus can gain
control of your system? The question you SHOULD be asking is how the hell
the virus is running in the first place. Don't go researching prevention
after the infection's taken hold.

If I myself were writing the DLL, I'd take the position of allowing
the executable to do whatever it wants. And what if I virus takes
advantage of it, you say? Well you don't let the virus run.

--
TomÃ¡s Ã“ hÃ‰ilidhe

**Roland Pibinger** · Nov 22 '07, 10:45 PM

Re: printf hacking

On Thu, 22 Nov 2007 07:42:21 -0800 (PST), Cholo Lennon wrote:

>On Nov 19, 11:16 am, James Kanze <james.ka...@gm ail.comwrote:

>Printf is a major security hole, yes. Just use ostream.

>
>Another alternative is to use boost::format

IMO, neither Boost nor iostream are usable for real-world
applications. Small typesafe wrappers around (f)printf (which the OP
probably tried to implement) are suitable in most cases.

--
Roland Pibinger
"The best software is simple, elegant, and full of drama" - Grady Booch

**Marco Manfredini** · Nov 22 '07, 10:45 PM

Re: printf hacking

TomÃ¡s Ã“ hÃ‰ilidhe wrote:

singhraghvendra :
>

>I am looking got major security issues with this fucntion. I
>mean can this fucntion be hacked somehow or can we give some input so
>that we can crash the program. Its a kind of urgent so please help me
>out with this.

>
>
Are you the same person who's been posting similar paranoid crap
lately? What exactly do you mean by a security hole? Or by hacking even?

Bugtraq: Exploit for proftpd 1.2.0pre6

http://seclists.org/bugtraq/1999/Sep/0328.html

**Richard Herring** · Nov 23 '07, 10:25 AM

Re: printf hacking

In message <4746030f.53769 3@news.utanet.a t>, Roland Pibinger
<rpbg123@yahoo. comwrites

>On Thu, 22 Nov 2007 07:42:21 -0800 (PST), Cholo Lennon wrote:

>>On Nov 19, 11:16 am, James Kanze <james.ka...@gm ail.comwrote:

>>Printf is a major security hole, yes. Just use ostream.

>>
>>Another alternative is to use boost::format

>
>IMO,

.... and possibly a minority one...

>neither Boost nor iostream are usable for real-world
>applications .

That's far too sweeping. They may not be perfect, but I use parts of
Boost and iostreams in real-world applications all the time. They don't
cause me any problems and the customers are happy.

If what you really mean is that some parts, or some implementations , of
these libraries are unreliable, I suggest the onus is on you to be more
specific about which, and why.

>Small typesafe wrappers around (f)printf (which the OP
>probably tried to implement) are suitable in most cases.
>
>

--
Richard Herring

**James Kanze** · Nov 23 '07, 10:55 AM

Re: printf hacking

On Nov 22, 4:42 pm, Cholo Lennon <chololen...@ho tmail.comwrote:

On Nov 19, 11:16 am, James Kanze <james.ka...@gm ail.comwrote:

On Nov 19, 7:26 am, singhraghvendra <raghu.i...@gma il.comwrote:

I have a function as below
void print(char* str)
{
printf(str);
}
now the user of the function can pass anything as the argument for
print(). I am looking got major security issues with this fucntion. I
mean can this fucntion be hacked somehow or can we give some input so
that we can crash the program. Its a kind of urgent so please help me
out with this.

Printf is a major security hole, yes. Just use ostream.

Another alternative is to use boost::format

Been there, done that. (My Gabi::Format predates boost::format
by something like 10 years.) It solves the security issues, yes.
It still leaves you having to learn an arcane language in a
language for any real formatting. Iostream is a lot simpler to
understand and use, and a lot more flexible as well.

--
James Kanze (GABI Software) email:james.kan ze@gmail.com
Conseils en informatique orientée objet/
Beratung in objektorientier ter Datenverarbeitu ng
9 place Sémard, 78210 St.-Cyr-l'École, France, +33 (0)1 30 23 00 34

**tbarta@gmail.com** · Nov 24 '07, 05:05 AM

Re: printf hacking

On Nov 23, 4:13 am, Richard Herring <junk@[127.0.0.1]wrote:

In message <4746030f.537.. .@news.utanet.a t>, Roland Pibinger
<rpbg...@yahoo. comwrites
>

On Thu, 22 Nov 2007 07:42:21 -0800 (PST), Cholo Lennon wrote:

>On Nov 19, 11:16 am, James Kanze <james.ka...@gm ail.comwrote:
>Printf is a major security hole, yes. Just use ostream.

>

>Another alternative is to use boost::format

>

neither Boost nor iostream are usable for real-world
applications.

>
If what you really mean is that some parts, or some implementations , of
these libraries are unreliable, I suggest the onus is on you to be more
specific about which, and why.

How's this...

In some performance-critical sections of code, particularly low-
latency network application protocol serializing/deserializing,
iostreams are too slow to be useful. Printf's security can be check
at compile-time with GCC (-Wformat=2, IIRC), which should always be
used.

Everywhere besides the aforementioned performance-critical sections,
boost::format or iostreams should be used for developer efficiency --
or better yet... Python (^:

--
Tom

**=?iso-8859-1?b?VG9t4XMg0yBoyWlsaWRoZQ==?=** · Nov 25 '07, 01:05 PM

Re: printf hacking

Marco Manfredini:

http://seclists.org/bugtraq/1999/Sep/0328.html

_You_ control the string which is passed to printf, not the hacker.
If the hacker already has access to your RAM or machine code, then taking
precautions such as not using printf is like treating chickenpox with
antibiotics.

--
TomÃ¡s Ã“ hÃ‰ilidhe

printf hacking

printf hacking

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment