George V. Reilly's Blog

Tuesday, February 06, 2007

« Review: In the Beginning ... Was the Com... | Main | I-957: The Defense of Marriage Initiativ... »

In my post about Printf Tricks a couple of years ago, I mentioned that "%n is dangerous and disabled by default in Visual Studio 2005."

I got email today from someone who was porting a large codebase to VS 2005. He was getting an assert from %n and he needed a way to get past it. He intends to fix the uses of %n when he has a chance.

I spent several minutes digging around in MSDN and came up with set_printf_count_output. Wikipedia's Format string attack page led me to Exploiting Format String Vulnerabilities, which describes in detail how %n (and %s) may be exploited.

In short, if you have printf(unvalidated_user_input), instead of printf("%s", unvalidated_user_input), then placing %n into unvalidated_user_input can lead to printf writing arbitrary data into memory.

Programming

posted on Wednesday, February 07, 2007 7:19:18 AM (Pacific Standard Time, UTC-08:00)

Comments [0]
Related posts:
StackOverflow DevDays Seattle 2009
Third-Party Cookies
Gitting Along
Sprints
Hash Table Attacks
Stack Overflow

Comments are closed.

www.flickr.com

George V. Reilly's Picture of the Day photoset

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.

E-mail

Theme design by George V. Reilly with newtelligence dasBlog 1.9.6315.0

Pick a theme:
Sign In