[LIBC] Modfied Version of sscanf
Jilles Tjoelker
jilles at stack.nl
Sun May 1 16:29:27 UTC 2011
On Sat, Apr 30, 2011 at 06:44:43PM +0200, Martin Möller wrote:
> This is my first email to this list, so hello to all members.
> The current version of sscanf, stops when a whitespace characters occurs in
> a string
> when the "%s" (string) type is used.
> The following code:
> char name [20], value [20];
> sscanf ("Test 2->Test 3", "%s->%s", name, value);
> printf ("%s->%s\n", name, value);
> outputs total garbage on my FreeBSD-7.0-RELEASE #0 amd64.
> Is there already a way to do this or should we release a new version of
> sscanf, e.g. called sscanfWS.
> This modified version would output: Test 2->Test 3.
I think you should use functions like memchr(), strchr() and strtok_r()
rather than sscanf().
For one, your code has undefined behaviour if the name or the value
exceed 19 bytes. If the input is untrusted, as your follow-up seems to
indicate, this undefined behaviour likely manifests in allowing an
attacker to execute code of his own choosing. Even if you avoid the
buffer overflow using a format string like "%19s->%19s" it is still not
very good as you may not get an error if the string is too long. Silent
truncation might invalidate security checks done elsewhere and can lead
to hard-to-diagnose bugs.
--
Jilles Tjoelker
More information about the freebsd-hackers
mailing list