How to mitigate Format String Vulnerabilities

Introduction:

This article provides an overview of various techniques that can be used to mitigate Format String vulnerabilities. In addition to the mitigations that are offered by the compilers & operating systems, we will also discuss preventive measures that can be used while writing programs in languages susceptible to Format String vulnerabilities. 

Techniques to prevent or mitigate Format String Vulnerabilities vulnerabilities:

Following are various common ways we can use to prevent or mitigate Format String vulnerabilities. Let us discuss each of them in detail.

1. Writing securecode.
2. Making use of compiler warnings
3. Source code auditing

Writing secure code:

Writing secure code is the best way to prevent Format String vulnerabilities since the root cause of Format String vulnerabilities is insecure coding. When programs are written in languages that are susceptible to Format String vulnerabilities, developers must be aware of risky functions and their secure usage. 

Let us consider the following code snippet as an example. printf() function is printing user supplied input and there is no format specifier used. An attacker can take advantage of this situation by passing arbitrary format specifiers.

The following code snippet shows the secure implementation of the same program.

As you can notice in the preceding code snippet, argv[1] is properly formatted using %s within the program. Because of this, the attacker has no way to exploit this program. Following  is what the attacker will see if he/she attempts to pass format specifiers to the program. Since, user input is properly formatted as string input, the user input is printed right away instead of fetching arbitrary data from the stack.

(Read more...)