...
| Code Block |
|---|
|
void incorrect_password(const char *user) {
fprintf(stderr, "%s could not be authenticated.", user);
}
}
|
Non-Compliant Code Example (POSIX)
...
| Code Block |
|---|
|
void incorrect_password(const char *user, const char *password) {
/* user names are restricted to 256 characters or less */
size_t len = strlen(user) + sizeof("%s could not be authenticated.") - 1;
char *msg = (char *)malloc(len);
if (!msg) {
/* handle error condition */
}
snprintf(msg, len, "%s could not be authenticated.", user);
syslog(LOG_INFO, msg);
free(msg);
}
|
...
| Code Block |
|---|
|
void incorrect_password(const char *user) {
syslog(LOG_INFO, "%s could not be authenticated.", user);
}
}
|
Risk Assessment
Failing to exclude user input from format specifiers may allow an attacker to crash a vulnerable process, view the contents of the stack, view memory content, or write to an arbitrary memory location and consequently execute arbitrary code with the permissions of the vulnerable process.
...
