http://kernsec.org/wiki/index.php?title=Bug_Classes/Format_string_injection&feed=atom&action=history
Bug Classes/Format string injection - Revision history
2024-03-29T07:01:52Z
Revision history for this page on the wiki
MediaWiki 1.36.1
http://kernsec.org/wiki/index.php?title=Bug_Classes/Format_string_injection&diff=3773&oldid=prev
KeesCook: /* Examples */
2016-04-12T22:29:44Z
<p><span dir="auto"><span class="autocomment">Examples</span></span></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 22:29, 12 April 2016</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l4">Line 4:</td>
<td colspan="2" class="diff-lineno">Line 4:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>= Examples =</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>= Examples =</div></td></tr>
<tr><td colspan="2"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">* [http://seclists.org/oss-sec/2013/q2/510 injection via block layer]</ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>= Mitigations =</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>= Mitigations =</div></td></tr>
</table>
KeesCook
http://kernsec.org/wiki/index.php?title=Bug_Classes/Format_string_injection&diff=3730&oldid=prev
KeesCook: Created page with "= Details = When an attacker supplied string is accidentally passed to format string parsing, the attacker can manipulate the resulting output. The write primitive available ..."
2015-11-04T22:17:07Z
<p>Created page with "= Details = When an attacker supplied string is accidentally passed to format string parsing, the attacker can manipulate the resulting output. The write primitive available ..."</p>
<p><b>New page</b></p><div>= Details =<br />
<br />
When an attacker supplied string is accidentally passed to format string parsing, the attacker can manipulate the resulting output. The write primitive available is through the use of the %n specifier, which writes to memory. All the other formats lead to information leaks.<br />
<br />
= Examples =<br />
<br />
= Mitigations =<br />
<br />
* [https://git.kernel.org/linus/708d96fd060bd1e729fc93048cea8901f8bacb7c Eliminate the use of %n]<br />
* detect non-const format strings at compile time (e.g. gcc's -Wformat-security)<br />
* detect non-const format strings at run time (e.g. memory location checking done with glibc's -D_FORITY_SOURCE=2)</div>
KeesCook