CSCE548_StrFormatAttacks2

CSCE548_StrFormatAttacks2 - void syslog( LOG_FILE,...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
By: Stephen Gowan
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Overview String Formatting Explained Exploiting string format errors Examples Spotting and correcting the problem
Background image of page 2
Format string attacks C/C++ most strongly affected Not validating user input is the main reason for format string problems Reading strings from a compromised file another vulnerability
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
How it affects security Access Control: Redirect execution to malicious code Confidentiality: Can expose information about a program that can lead to further exploitation Integrity: Values can be overwritten in memory
Background image of page 4
Exploiting string format problems #include <stdio.h> int main(int argc, char* argv[]) { If(argc > 1) printf(argv[1]); return 0; } Sample input: “%x %x” Sample output: 12ffc0 4011e5 Source: (Howard, LeBlanc, and Viega 19)
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Examples continued… Incorrect: syslog(LOG_FILE, someText); Correct: char textBuffer[MAX_SIZE]; strncpy(textBuffer, someText, sizeof(textBuffer)-1); textBuffer[sizeof(textBuffer)-1] = '\0';
Background image of page 6
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Background image of page 8
Background image of page 9
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: void syslog( LOG_FILE, "%s", textBuffer); Source: (Barnum) Detecting and spotting the problems Luckily the problem is easy to detect and mitigate Lexical source code scanners can detect the errors and Crispin Cowan offers FormatGuard a built in compilation tool Right: printf(%s, user_input); printf(%d, user_input); Wrong: printf(user_input); syslog(LOG_FILE, userText); Summary Do use fixed format strings Do NOT pass user intput directly as the format string functions. Do avoid using printf(), scanf() family of functions if you can. Resources Howard, Michael, David LeBlanc, and John Viega. Nineteen deadly sins of software security . McGraw-Hill Osborne Media, 2005. 18-24. Print. Barnum, Sean. "Syslog 2." www.buildsercutiyin.us-cert.gov . Cigital, Inc., 23 04 2007. Web. 21 Mar 2010. <https://buildsecurityin.us-cert.gov/bsi-rules/home/g1/859-BSI.html>....
View Full Document

This note was uploaded on 12/13/2011 for the course CSCE 548 taught by Professor Farkas during the Spring '10 term at South Carolina.

Page1 / 9

CSCE548_StrFormatAttacks2 - void syslog( LOG_FILE,...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online