Programmer's Ultimate Security DeskRef

_cscanf

Prototype: int _cscanf( const char *format [, argument] ... )

Summary: This function reads and assigns formatted data from the console command line.

Description: This function reads incoming formatted data from the console command line. The function input string "format" defines the formatting scheme for the data, while the arguments (if any) provide locations for the data assignment. The function returns the number of properly converted and assigned fields. A return value of 0 means that no fields were assigned.

Risk: This function is potentially vulnerable to a format string attack where an attacker could cause the application to crash unexpected or execute arbitrary code. Format string bugs were discovered in 2000 and the problem is typically spawned from user input that is not properly filtered. Both Microsoft .Net and SPI Dynamics to name two have secure objects that can be implemented to check strings and user input gained from human sources within applications to protect against input-directed vulnerabilities. It is critical that you verify the inputted data have only proper and expected characters in addition to ensuring that your function is properly called. For example, the functions should always utilize their parameters such as printf("%s", malicious_string) instead of printf(malicious_string).

Note: At time of publication, this function was designed for Windows compatibility.

Additional Resources: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vccore98/html/_crt__cscanf.asp

Impact: Medium

Cross References: _cprintf, fscanf, scanf, sscanf

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Device Drivers
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.