At 6:27 PM -0400 9/7/00, John Doh! wrote:
>Hello to you am I C coder who to wish write programs we cannot
>exploit via code such as below.
>
>>
>> main(int argc, char **argv)
>> {
>> if(argc > 1) {
>> printf(gettext("usage: %s filename\n"),argv[0]);
>> exit(0);
>> }
>> printf("normal execution proceeds...\n");
>> }
>
>Issue is must be getting format string from "untrusted" place, but want
>to limit substitution of %... to the substitution of say in example the
>argv[0], but to not do others so that say given "usage: %s filename %p"
>%p not interpret but to be print instead as literally so we get output
>of (saying to be argv[0] as test just for example)
>usage: test filename %p
Since gettext is getting a string from an untrusted place, you should
treat it as you would treat a string being typed in from a user.
For the example you give, you know that you are expecting ONE %s
argument, and that ONE %s is the only substitution you will allow.
So, have gettext return it's value into some string. Then, YOU search
that string for '%s'. then you do a printf of:
printf("%s%s%s", textBefore%s, argv[0], textAfter%s);
For the given example, this is pretty trivial. If you have several
different values you will substitute in the string returned by
gettext, then it gets a bit more cumbersome. My suggestion is a
fine solution for your example (IMO :-), but if you did have more
substitutions then I might try some alternate strategy.
One has to be careful about buffer overflows in that temp string,
of course.
---
Garance Alistair Drosehn = [EMAIL PROTECTED]
Senior Systems Programmer or [EMAIL PROTECTED]
Rensselaer Polytechnic Institute
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
