CSC 482/582: Computer Security

Slides:



Advertisements
Similar presentations
A C++ Crash Course Part II UW Association for Computing Machinery Questions & Feedback.
Advertisements

I/O: SPARC Assembly Department of Computer Science Georgia State University Georgia State University Updated Spring 2014.
1 Chapter 10 Strings and Pointers. 2 Introduction  String Constant  Example: printf(“Hello”); “Hello” : a string constant oA string constant is a series.
Character String Manipulation. Overview Character string functions sscanf() function sprintf() function.
What is a pointer? First of all, it is a variable, just like other variables you studied So it has type, storage etc. Difference: it can only store the.
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Dale Roberts Basic I/O – scanf() CSCI 230 Department of Computer and Information Science, School of Science, IUPUI Dale Roberts, Lecturer Department of.
CS1061 C Programming Lecture 16: Formatted I/0 A. O’Riordan, 2004.
41 A Depth Program #include int main(void) { int inches, feet, fathoms; //declarations fathoms = 7; feet = 6 * fathoms; inches = 12 * feet; printf(“Wreck.
More on Numerical Computation CS-2301 B-term More on Numerical Computation CS-2301, System Programming for Non-majors (Slides include materials from.
Chapter 9 Formatted Input/Output Acknowledgment The notes are adapted from those provided by Deitel & Associates, Inc. and Pearson Education Inc.
1 CSE1301 Computer Programming: Lecture 9 Input/Output.
CS 161 Introduction to Programming and Problem Solving Chapter 13 Console IO Herbert G. Mayer, PSU Status 9/8/2014 Initial content copied verbatim from.
Chapter 18 I/O in C. Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display Standard C Library I/O commands.
 2000 Prentice Hall, Inc. All rights reserved. Chapter 9 - Formatted Input/Output Outline 9.1Introduction 9.2Streams 9.3Formatting Output with printf.
© Copyright 1992–2004 by Deitel & Associates, Inc. and Pearson Education Inc. All Rights Reserved Streams Streams –Sequences of characters organized.
CMPE13 Cyrus Bazeghi Chapter 18 I/O in C. CMPE Standard C Library I/O commands are not included as part of the C language. Instead, they are part.
Chapter 9 Formatted Input/Output. Objectives In this chapter, you will learn: –To understand input and output streams. –To be able to use all print formatting.
Chapter 6 Buffer Overflow. Buffer Overflow occurs when the program overwrites data outside the bounds of allocated memory It was one of the first exploited.
Sales person receive RM200/week plus 9% of their gross sales for that week. Write an algorithms to calculate the sales person’s earning from the input.
Chapter 3 Processing and Interactive Input. 2 Assignment  The general syntax for an assignment statement is variable = operand; The operand to the right.
CNG 140 C Programming Lecture Notes 2 Processing and Interactive Input Spring 2007.
A First Book of ANSI C Fourth Edition Chapter 3 Processing and Interactive Input.
CS390S, Week 4: Format String Vulnerabilities & Integer Overflows Pascal Meunier, Ph.D., M.Sc., CISSP January 31, 2007 Developed thanks to the support.
Chapter 18 I/O in C.
Chapter 7 Formatted input and output. 7.1 introduction Tax: This result is correct; but it would be better Maybe as $13, Make formatting.
Overflow Examples 01/13/2012. ACKNOWLEDGEMENTS These slides where compiled from the Malware and Software Vulnerabilities class taught by Dr Cliff Zou.
1 Homework HW6 On line – due next class Starting K&R Chapter 7 and Appendix B Also, UNIX – Various chapters in Glass.
Lecture Starting K&R Chapter 7 and Appendix B Also, UNIX – Various chapters in Glass.
Copyright ©: Nahrstedt, Angrave, Abdelzaher1 C Basics Tarek Abdelzaher and Vikram Adve.
CSC141 Introduction to Computer Programming Teacher: AHMED MUMTAZ MUSTEHSAN Lecture - 6.
CSC141- Introduction to Computer programming Teacher: AHMED MUMTAZ MUSTEHSAN Lecture – 21 Thanks for Lecture Slides:
© Janice Regan, CMPT 102, Sept CMPT 102 Introduction to Scientific Computer Programming Input and Output.
Sairajiv Burugapalli. This chapter covers three main categories of classic software vulnerability: Buffer overflows Integer vulnerabilities Format string.
GAME203 – C Files stdio.h C standard Input/Output “getchar()”
1 CSC103: Introduction to Computer and Programming Lecture No 28.
C How to Program, 7/e © by Pearson Education, Inc. All Rights Reserved.
Department of Electronic & Electrical Engineering IO reading and writing variables scanf printf format strings "%d %c %f"
CS 1704 Introduction to Data Structures and Software Engineering.
Announcements You will receive your scores back for Assignment 2 this week. You will have an opportunity to correct your code and resubmit it for partial.
CS426Fall 2010/Lecture 141 Computer Security CS 426 Lecture 14 Software Vulnerabilities: Format String and Integer Overflow Vulnerabilities.
Files A collection of related data treated as a unit. Two types Text
Lecture 20: C File Processing. Why Using Files? Storage of data in variables and arrays is temporary Data lost when a program terminates. Files are used.
Formatted I/O ä ä Standard Output ä ä printf() family of functions ä ä Standard Input ä ä scanf() family of functions.
C is readable... :-) What does this function do?
Command Line Arguments
TMF1414 Introduction to Programming
File Access (7.5) CSE 2031 Fall July 2018.
Chapter 18 I/O in C.
Programming in C Input / Output.
Input and Output Lecture 4.
Input/Output Input/Output operations are performed using input/output functions Common input/output functions are provided as part of C’s standard input/output.
Programming in C Input / Output.
CSI 121 Structured Programming Language Lecture 7: Input/Output
Ken D. Nguyen Department of Computer Science Georgia State University
Lecture 13 Input/Output Files.
Introduction to CS Your First C Programs
A First Book of ANSI C Fourth Edition
Format String.
Chapter 18 I/O in C.
File I/O in C Lecture 7 Narrator: Lecture 7: File I/O in C.
Miscellaneous functions
CSC 495/583 Topics of Software Security Format String Bug (2) & Heap
File Input and Output.
Programming in C Input / Output.
Buffer Overflows.
C Secure Coding: Format String Vulnerability Igor Sobinov 2018
Ken D. Nguyen Department of Computer Science Georgia State University
Format String Vulnerability
Chapter 18 I/O in C.
Presentation transcript:

CSC 482/582: Computer Security Format String Vulnerabilities CSC 482/582: Computer Security

Variadic Functions Functions with a variable number of arguments. Use <stdarg.h> in standard C. Supported by most languages in some way. Defining the interface Mem location where variadic arguments begin. Size of arguments (int, double, etc.) Method for communicating count of arguments. Repeat to find all arguments Increment pointer by argument size. Get data. CSC 482/582: Computer Security

Variadic Functions in C #include <stdarg.h> double average(int count, ...) { va_list ap; int j; double sum = 0; va_start(ap, count); /* Last fixed param gives address */ for (j = 0; j < count; j++) { sum += va_arg(ap, double); /* Incr ap to next arg */ } va_end(ap); return sum / count; CSC 482/582: Computer Security

Format Strings Convert basic data types to output strings Percent(%) symbols in string indicate substitutions. %[flags][width][.precision][length][type] Example format strings and resulting output printf(“%010d”, 2009)  0000002009 printf(“%4.2f”, 3.1415926)  3.14 Example functions printf(), fprintf(), sprintf(), etc. scanf(), fscanf(), etc. syslog() CSC 482/582: Computer Security

Format String Types Type Meaning Passed As %d Integer as a signed decimal number. Value %u Unsigned integer as decimal number. %f Double in fixed point notation. %x Unsigned integer as hexadecimal number. %s Null-terminated string. Ref %n Write number of characters successfully written so far into an integer pointer. CSC 482/582: Computer Security

printf() information leaks User-specified format strings userstring = “foo %x”; printf(userstring); Where can it find arguments to replace %x? The Stack: %x reads 4-bytes higher in stack Could be another local variable from this function or a previously called one. Solution: printf(“%s”, userstring) or fputs(userstring) CSC 482/582: Computer Security

printf() buffer overflows Overflow example char buf[256]; sprintf(buf,“The data is %s\n”, userstr); C90 solution sprintf(buf,“The data is .32%s\n”,userstr); C99 solution snprintf(buf, 255, “The data is %s\n”, userstr); CSC 482/582: Computer Security

%n format command Number of characters written so far is stored into the integer indicated by the int * pointer argument. char buf[] = "0123456789"; int *n; printf(“buf=%s%n\n", buf, n); printf("n=%d\n", *n); Output: buf=0123456789 n=14 CSC 482/582: Computer Security

%n format attack Plan of Attack Use %n to write anywhere in memory Find address of variable to overwrite Place address of variable on stack (as part of format string) so %n will write to that address Write # of characters equal to value to insert into variable (use precision, e.g., %.64x) Use %n to write anywhere in memory Address on stack can point to any location CSC 482/582: Computer Security

Securing Formatted Output Exclude user input from format strings. Limit length of formatted output with length specifies or by using snprint(). Compiler checks gcc provides –Wformat-security option, which will warn about potential formatted output security issues. CSC 482/582: Computer Security

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.