printf

This is a commonly used function for printing output to the terminal. It is vulnerable to format string exploits because it allows the user to specify a format string containing formatting commands.

Prototype

int printf(const char *format, ...);

This function is used for printing output to the terminal. It takes a format string as an argument, which specifies the format of the output, and it can take additional arguments that provide the data to be formatted and printed.

Vulnerable example

#include <stdio.h>

int main(int argc, char *argv[]) {
    char *user_input;
    user_input = argv[1];
    printf(user_input);
    return 0;
}

The code calls the printf() function with user_input as the argument. This will cause the printf() function to interpret the string pointed to by user_input as a format string and print the formatted output to the terminal.

Prevent

There is multiple ways to prevent format string exploitation :

  • Check the input for certain characters or patterns that may indicate an attempt to exploit the function, and replace or remove these characters as necessary. For example, check the input for the % character, which is used to introduce formatting commands in the format string, and replace it with a different character or remove it entirely.

#include <stdio.h>
#include <string.h>

int main(int argc, char *argv[]) {
    char *user_input;
    user_input = argv[1];

    // Replace any instances of the % character with a space
    int i;
    for (i = 0; i < strlen(user_input); i++) {
        if (user_input[i] == '%') {
            user_input[i] = ' ';
        }
    }

    printf(user_input);
    return 0;
}

  • Use a different function to print the user input. For example, use the fputs() function, which writes a string to a file but does not interpret formatting commands.

#include <stdio.h>

int main(int argc, char *argv[]) {
    char *user_input;
    user_input = argv[1];

    // Write the user input to the terminal using the fputs() function
    fputs(user_input, stdout);

    return 0;
}

  • Use the %s formatting command to print the user input, rather than using the user input as the format string itself. This will prevent the printf() function from interpreting the user input as a format string.

#include <stdio.h>

int main(int argc, char *argv[]) {
    char *user_input;
    user_input = argv[1];

    // Print the user input using the %s formatting command
    printf("%s", user_input);

    return 0;
}

It is important to choose the right approach based on your specific needs and the requirements of your program. It may also be necessary to combine multiple approaches to effectively prevent format string exploits.

PreviousDangerous functionsNextfprintf

Last updated