This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: Patch to add __builtin_printf

To: Kaveh Ghazi <ghazi at caip dot rutgers dot edu>
Subject: Re: Patch to add __builtin_printf
From: Zack Weinberg <zack at rabi dot columbia dot edu>
Date: Tue, 19 Sep 2000 15:42:37 -0400
cc: gcc-patches at gcc dot gnu dot org


In light of recent security advisories, I'd like to see us do a
transformation like this:

  char *foo;  printf (foo);  -> printf ("%s", foo);  [->fputs (foo, stdout)]

and issue a loud warning about the potential hole.  Note that the
transformation only applies when there are no arguments after the variable.

A demonstration of the danger:

$ cat test.c
#include <stdio.h>
int main(int ac, char **av) {
	printf (av[0]);
	putchar ('\n');
	return 0;
}
$ gcc test.c
$ ./a.out
./a.out
$ mv a.out "blah %s blah"
$ "./blah %s blah" | tr -c ' -~' '$'
./blah $$$$$$$$$$$$$$$$$$$$$$$@H*$@$ blah

With clever use of things like %n, this can be as bad as the classic
unchecked strcpy.

zw

p.s. I'm currently reading gcc-patches via the web archive.

Follow-Ups:
- Security patch for printf - please no! (Was: Re: Patch to add__builtin_printf)
  - From: Kamil Iskra

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]