printf hacking

**raghu.iitr** · November 19th, 2007, 01:13 AM

Hi

I have a function as below

void print(char* str)
{
printf(str);
}

now the user of the function can pass anything as the argument for print(). I am looking got major security issues with this fucntion. I mean can this fucntion be hacked somehow or can we give some input so that we can crash the program. Its a kind of urgent so please help me out with this.

raghu

**Kheun** · November 19th, 2007, 01:20 AM

printf() function only display the string onto the console. If you allow input from user, the most, it will display random bits on the stack.

However, if you use function like sprintf(), memory can be overwritten that may lead your program to run spurious code injected from the user's input.

**laserlight** · November 19th, 2007, 01:23 AM

Methinks it should be:

Code:

void print(char* str)
{
    printf("%s", str);
}

I mean can this fucntion be hacked somehow or can we give some input so that we can crash the program.

I am not an expert, but I would think that this is perfectly safe as the problem would be on input, not output.

**raghu.iitr** · November 19th, 2007, 01:39 AM

any other input people??

**KevinHall** · November 19th, 2007, 01:53 AM

It's very easy for a user to crash the program. All the user has to do is pass something like "%s". If the stack happens to contain zeros or something that translates into an address that the process cannot access, then it is very easy to get a core dump or a memory access violation. To make the attack have a higher chance of success, all he/she would have do is pass "%s%s%s%s%s%s%s%s%s" to the function (or something even longer).

The correct way to deal with the problem was suggested by laserlight. Try "printf("%s", str);

- Kevin

Thread: printf hacking

Thread Tools

Display

printf hacking

Re: printf hacking

Re: printf hacking

Re: printf hacking

Re: printf hacking

Posting Permissions