printf黑客 [英] printf hacking
问题描述
嗨
我的功能如下
void print(char * str)
{
printf(str);
}
现在函数的用户可以传递任何东西作为
print()。我觉得这个问题有重大的安全问题。我的b $ b意味着这个功能会被某种方式黑客攻击,或者我们可以提供一些输入,所以我们可以让程序崩溃。这是一种紧急情况所以请帮助我
用这个。
raghu
Hi
I have a function as below
void print(char* str)
{
printf(str);
}
now the user of the function can pass anything as the argument for
print(). I am looking got major security issues with this fucntion. I
mean can this fucntion be hacked somehow or can we give some input so
that we can crash the program. Its a kind of urgent so please help me
out with this.
raghu
推荐答案
On Sun,2007年11月18日22:26:07 -0800(太平洋标准时间)在comp.lang.c ++,
singhraghvendra< ra ******** @ gmail .comwrote,
On Sun, 18 Nov 2007 22:26:07 -0800 (PST) in comp.lang.c++,
singhraghvendra <ra********@gmail.comwrote,
>嗨
我的功能如下
void print(char * str )
{
printf(str);
}
现在函数的用户可以传递任何东西作为
print()的参数。我觉得这个问题有重大的安全问题。
>Hi
I have a function as below
void print(char* str)
{
printf(str);
}
now the user of the function can pass anything as the argument for
print(). I am looking got major security issues with this fucntion.
是的,真的太可怕了。查看printf
的第一个参数是什么意思!至少应该更改为:
void print(char * str)
{
printf("%) s",str);
}
Yes, it is really horrible. Look up what the first argument to printf
means! At minimum, it should be changed to:
void print(char* str)
{
printf("%s", str);
}
11月18日晚上11:26,singhraghvendra< raghu.i。 .. @ gmail.comwrote:
On Nov 18, 11:26 pm, singhraghvendra <raghu.i...@gmail.comwrote:
嗨
我的功能如下
void print(char * str)
{
printf(str);
}
现在函数的用户可以传递任何东西作为
print()的参数。我觉得这个问题有重大的安全问题。我的b $ b意味着这个功能会被某种方式黑客攻击,或者我们可以提供一些输入,所以我们可以让程序崩溃。这是一种紧急情况所以请帮助我
用这个。
raghu
Hi
I have a function as below
void print(char* str)
{
printf(str);
}
now the user of the function can pass anything as the argument for
print(). I am looking got major security issues with this fucntion. I
mean can this fucntion be hacked somehow or can we give some input so
that we can crash the program. Its a kind of urgent so please help me
out with this.
raghu
首先,为什么要打扰?为什么不直接使用printf(),
?
如果你只想打印字符串就可以做到这一点
与printf一样,就像那样!或者你想放弃
格式化?如果你传递一个格式为
的字符串并包含%d之类的占位符那么
printf()将无法从
$ b $中绘制填充值b将发生不可预测的行为。如果你想要能够打印任何字符串,那么没有
特殊格式化序列被解释为
那样,然后使用
printf("%s",str);
在你的print()中例程。
First off, why bother? Why not just use printf(),
straight up?
If you just want to print a string you can do that
with printf, just like that! Or do you want to drop
formatting? If you pass a string with formatting
to this and containing placeholders like %d then
printf() will have nothing to draw fill values from
and unpredictable behavior will occur. If you are
wanting to be able to print any string, without
special formatting sequences being interpreted
that way, then use
printf("%s", str);
in your "print()" routine.
11月19日下午2:26,singhraghvendra< raghu.i ... @ gmail.comwrote:
On Nov 19, 2:26 pm, singhraghvendra <raghu.i...@gmail.comwrote:
嗨
我的功能如下
void print(char * str)
$
printf(str);
}
现在该函数的用户可以传递任何东西作为
print()的论据。我觉得这个问题有重大的安全问题。我的b $ b意味着这个功能会被某种方式黑客攻击,或者我们可以提供一些输入,所以我们可以让程序崩溃。这是一种紧急情况,所以请帮助我
。
Hi
I have a function as below
void print(char* str)
{
printf(str);
}
now the user of the function can pass anything as the argument for
print(). I am looking got major security issues with this fucntion. I
mean can this fucntion be hacked somehow or can we give some input so
that we can crash the program. Its a kind of urgent so please help me
out with this.
据推测,这段代码是您在
组织中反对的内容,有人合理地更高的是忽略了您的
异议?
崩溃代码的确切方法取决于您的目标
系统以及可能的目标操作系统。我认为这些天做代码更难以接受
注射。
你可能会对printf("%n)感兴趣但是如果你真的想要崩溃
该计划。
Presumably, this code is something you are objecting to in your
organization, and someone reasonably higher up is ignoring your
objections?
The exact method of crashing the code will depend on your target
system and possibly your target OS. I think it''s harder to do code
injection these days.
You may be interested printf("%n") though if you really want to crash
the program.
这篇关于printf黑客的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
