[Insight-developers] Change in ITK[master]: BUG: Fix possibility of buffer overflow in itkNumericSeriesF...
M Stauffer (V)
mstauff at verizon.net
Wed Jan 5 12:03:34 EST 2011
Very interesting! I was thinking only of buffer overrun.
Since this function only expects an interger format specification, maybe
the thing to do is manually implement the formatting via ostringstream,
rejecting any format strings that don't have only integer specifiers.
Basic operation would be easy, but getting all possible flags would be a
little tedious, if a user wants some unusal integer formatting for some
reason (or has done that in existing code).
-Michael
>-----Original Message-----
>From: Sean McBride [mailto:sean at rogue-research.com]
>Sent: Wednesday, January 05, 2011 11:40 AM
>To: Hans Johnson; M Stauffer (V); Bill Lorensen; ITK
>Cc: Luis Ibanez; Kent Williams
>Subject: Re: [Insight-developers] Change in ITK[master]: BUG:
>Fix possibility of buffer overflow in itkNumericSeriesF...
>
>On Wed, 5 Jan 2011 09:47:23 -0600, Hans Johnson said:
>
>>> VS 2008 docs point to _snprintf for snprintf, and have this warning:
>>> "Ensure that format is not a user-defined string. Because this
>>> function does not guarantee NULL termination (in
>particular, when the
>>> return value is count), ensure that it is followed by code
>that adds
>>> the null terminator. "
>>>
>>> As long as a null terminator is added after the call for safety, I
>>> don't see why you can't use an user-defined string, unless the
>>> routine dumbly writes the whole formatted string to the buffer
>>> without regard to its defined size.
>
>Regarding user-supplied format strings, see, for example:
>
><http://en.wikipedia.org/wiki/Format_string_attack>
>
><https://www.securecoding.cert.org/confluence/display/seccode/FIO30-C.
>+Exclude+user+input+from+format+strings>
>
>--
>____________________________________________________________
>Sean McBride, B. Eng sean at rogue-research.com
>Rogue Research www.rogue-research.com
>Mac Software Developer Montréal, Québec, Canada
>
>
More information about the Insight-developers
mailing list