At 6:27 PM -0400 9/7/00, John Doh! wrote:
>Hello to you am I C coder who to wish write programs we cannot 
>exploit via code such as below.
>
>>
>> main(int argc, char **argv)
>> {
>>   if(argc > 1) {
>>     printf(gettext("usage: %s filename\n"),argv[0]);
>>     exit(0);
>>  }
>>  printf("normal execution proceeds...\n");
>> }
>
>Issue is must be getting format string from "untrusted" place, but want
>to limit substitution of %... to the substitution of say in example the
>argv[0], but to not do others so that say given "usage: %s filename %p"
>%p not interpret but to be print instead as literally so we get output
>of (saying to be argv[0] as test just for example)
>usage: test filename %p

Since gettext is getting a string from an untrusted place, you should
treat it as you would treat a string being typed in from a user.

For the example you give, you know that you are expecting ONE %s
argument, and that ONE %s is the only substitution you will allow.

So, have gettext return it's value into some string.  Then, YOU search
that string for '%s'.  then you do a printf of:
    printf("%s%s%s", textBefore%s, argv[0], textAfter%s);

For the given example, this is pretty trivial.  If you have several
different values you will substitute in the string returned by
gettext, then it gets a bit more cumbersome.  My suggestion is a
fine solution for your example (IMO :-), but if you did have more
substitutions then I might try some alternate strategy.

One has to be careful about buffer overflows in that temp string,
of course.


---
Garance Alistair Drosehn           =   [EMAIL PROTECTED]
Senior Systems Programmer          or  [EMAIL PROTECTED]
Rensselaer Polytechnic Institute


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Reply via email to