|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Catching format bugs
From: Olaf Kirch (okir
caldera.de)Date: Sat Sep 16 2000 - 09:36:25 CDT
- Next message: typoinferno.tusculum.edu: "ping (was: Re: traceroute 1.4a6)"
- Previous message: Tim Robbins: "Re: traceroute 1.4a6"
- Next in thread: Len Lattanzi: "Re: Catching format bugs"
- Reply: Len Lattanzi: "Re: Catching format bugs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi all,
I just wanted to bounce around an idea for catching formatting bugs
with less drastic measures than lobotomizing libc (i.e. removing %n
completely).
There's a very simple way to tell a constant from a non-constant string,
which is to compare it to _end:
extern char _end;
if (format + strlen(format) >= &_end
&& strstr(format, "%n") != NULL) {
/* non-const format string with %n? looks fishy */
syslog(LOG_ERR, "fishy non-const format: `%s'", format);
abort();
}
Unless you've compiled your program with -fwritable-strings, constant
strings are write-protected.
Maybe there are less destructive ways of dealing with the non-const %n
format case, but the question is whether that's really necessary.
Anyway, this is my proposal. This could be implemented either in glibc
(bad idea because it breaks 100% conformance) or in a libsafe type
of thing.
Does this sound reasonable? Is there anyone who'd like to try adding
this to libsafe?
Olaf
PS: The last program I had to with -fwritable-strings was Taylor UUCP 1.04,
long fixed since...
-- Olaf Kirch | --- o --- Nous sommes du soleil we love when we play okir
- Next message: typoinferno.tusculum.edu: "ping (was: Re: traceroute 1.4a6)"
- Previous message: Tim Robbins: "Re: traceroute 1.4a6"
- Next in thread: Len Lattanzi: "Re: Catching format bugs"
- Reply: Len Lattanzi: "Re: Catching format bugs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]