[Bro-Dev] #567: Protect/secure format strings in Reporter.cc

Bro Tracker bro at tracker.bro-ids.org
Thu Sep 8 09:24:55 PDT 2011

#567: Protect/secure format strings in Reporter.cc
  Reporter:  gregor   |      Owner:
      Type:  Problem  |     Status:  new
  Priority:  Normal   |  Milestone:  Bro1.6
 Component:  Bro      |    Version:  git/master
Resolution:           |   Keywords:  beta

Comment (by gregor):


 The fastpath commit found the one instance were I experienced crashes.

 I would still strongly opt to change the way the format strings are done
 currently. Either by

 a) requiring developers to explicitly use the fmt() function and removing
 format string capabilities from
    the reporter.

 b) Having two sets of methods in Reporter. E.g., Info() and InfoFmt() of
 which the first one only accepts
    fixed strings and the second accepts a format string. This way a
 developer needs to make a conscious
    decision about using format strings.

 Why do I really want this?

 * Such bug are quite dangerous because they could ultimate lead to
 arbitrary code execution.
 * They are hard to find, since it's likely that the bug will only be
 triggered in very rare cases.
 * It's easy to make this error. E.g., a developer wants to print a warning
 and sees another piece of
   code that uses reporter->Warning(foo) (which might be perfectly save if
 foo is guaranteed to not have
   format strings) and assumes that Warning() just takes a fixed string as


Ticket URL: <http://tracker.bro-ids.org/bro/ticket/567#comment:4>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker

More information about the bro-dev mailing list