Introduction to Printing and Format Strings
Introduction
This article provides an overview of how printing functions work and how format strings are used to format the data being printed. Developers often use print functions for a variety of reasons such as displaying data to the users and printing debug messages. While these print functions appear to be innocent, they can cause serious damage if proper care is not taken while using them. Let us understand some of the print function concepts in this article, which are foundational to understand print related vulnerabilities such as Format String vulnerabilities.
Format functions
In a later section, we are going to discuss how format strings are used with format functions. But following is a list of commonly used format functions.
- fprint – Writes the printf to a file
- printf – Output a formatted string
- sprintf – Prints into a string
- snprintf – Prints into a string checking the length
- vfprintf – Prints the a va_arg structure to a file
- vprintf – Prints the va_arg structure to stdout
- vsprintf – Prints the va_arg to a string
- vsnprintf – Prints the va_arg to a string checking the length
Understanding printf:
To better understand Format String vulnerabilities, let us first understand how print family of functions work by taking printf function in C language as an example.
Let us begin by considering the following C program as an example.
test1.c
| #include<stdio.h> void main(){ int a = 100; float b = 2.3; int *c; c = &a; printf(“%d, %f, %p n”, a,b,c); } |
The above C Program contains one printf function with multiple format specifiers namely %d, %f, %p.
When the printf function is executed with a format specifier, it prints data as specified by the format specifier. Let us take the following printf function as an (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Srinivas. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/RsrGFJGXe-s/
