Format string vulnerabilities

created by spender

(thing) by spender (5.4 y) (print) ? (I like it!) Wed Nov 29 2000 at 15:16:05

Format string vulnerabilities are security flaws in a programmer's code (usually these occur in the C language). It is usually present in the printf, sprintf, and syslog functions, though it can occur in any function that allows format strings (two characters, generally a "%" symbol, followed by a second character, that determines the format of the variable being parsed, be it integer, floating-point, string, or hexadecimal) to be used in an insecure way.

For example:

printf("%s",name);
is the secure way of using printf(), while
printf(name);
is insecure, and will result in the program crashing and being susceptible to buffer overflows.

buffer overflow	Why administration through web is evil	Using keyboard LEDs for something useful	p.o.d.
Hollerith descriptor	computer security

Y'know, if you log in, you can write something here, or contact authors directly on the site. Create a New User if you don't already have an account.

Login
Password

Ctrl Y
cognitive dissonance	(fiction)
SharQ
Gone Baby Gone	(review)
halfWit
If I could, I'd title this "Freedom"	(thing)
Roninspoon
Airline Hero	(thing)
Ktistec
Why Women Are Always Cold	(person)
doctor wilson
Drug policy reform	(thing)
tejasa
Easy Raspberry Cheesecake	(recipe)
Joysim
Drug policy reform	(idea)
aneurin
Tyburn	(place)
niruena
Boiling to death	(idea)
artman2003
summer	(thing)
doctor wilson
The Silver City and the Silent Sea	(log)
Dreamvirus
The Silver City and the Silent Sea	(poetry)
Aerobe
A nihilist's soulmate	(poetry)
BookReader
Soup, of the green variety	(recipe)