—Jens
> On Jul 11, 2015, at 3:45 AM, Jan E. Schotsman <[email protected]> wrote: > > >> On Jul 10, 2015, at 10:07 PM, Steve Mills wrote: >> Better yet, don't do that, *because it's potentially insecure*. > It isn't because I make the string myself. If it's possible for the string you create to contain a "%", then you've at least got a (quite likely crashing) bug in your code. If it's not, then can you guarantee that your code will never evolve such that the string might contain a "%"? For instance, if part of the string comes from a parameter to this function, you now have to enforce that the function is never called with a string containing "%". Which is easy to forget a year from now, or if someone else ever has to extend your code. And if anyone ever writes code that reads data from a file or network and part of that data gets passed to your function, then they've created a security hole without knowing it. This is how these real world exploits come to be. It's especially hard to track down if there are several layers of code between the file/network I/O and the function with the vulnerability. A key part of being a good programmer is writing code that's maintainable and understandable. It's the difference between engineering and hacking. Please don't take this personally, but if this came up in a job interview, I would not hire someone who argued what you said above. > All the discussions online are about using scanf and the like. Printf-like functions are just as vulnerable if you know how to craft the evil input. There's one obscure format character that writes back to the stack. Read the article. >> Just do this instead: >> printf("%s", myString); > Interesting. If the solution is that simple why didn't I find that anywhere > in the internet? I don't know where you looked or what keywords you searched for... Anyway, even the above isn't the best solution because it adds the overhead of printf interpreting the format string. If all you want to do is write a C string to stdout, just call puts(). Don't use a chainsaw where scissors will do :) --Jens _______________________________________________ Do not post admin requests to the list. They will be ignored. Xcode-users mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/xcode-users/archive%40mail-archive.com This email sent to [email protected]
