[Bro-Dev] #567: Protect/secure format strings in Reporter.cc
Bro Tracker
bro at tracker.bro-ids.org
Thu Sep 8 09:24:55 PDT 2011
#567: Protect/secure format strings in Reporter.cc
----------------------+------------------------
Reporter: gregor | Owner:
Type: Problem | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version: git/master
Resolution: | Keywords: beta
----------------------+------------------------
Comment (by gregor):
{{{
#!rst
The fastpath commit found the one instance were I experienced crashes.
I would still strongly opt to change the way the format strings are done
currently. Either by
a) requiring developers to explicitly use the fmt() function and removing
format string capabilities from
the reporter.
b) Having two sets of methods in Reporter. E.g., Info() and InfoFmt() of
which the first one only accepts
fixed strings and the second accepts a format string. This way a
developer needs to make a conscious
decision about using format strings.
Why do I really want this?
* Such bug are quite dangerous because they could ultimate lead to
arbitrary code execution.
* They are hard to find, since it's likely that the bug will only be
triggered in very rare cases.
* It's easy to make this error. E.g., a developer wants to print a warning
and sees another piece of
code that uses reporter->Warning(foo) (which might be perfectly save if
foo is guaranteed to not have
format strings) and assumes that Warning() just takes a fixed string as
argument.
}}
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/567#comment:4>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list