format string attack

format string attack
● ►en loc. f. ►COP Attaque rendue possible par l'omission de la spécification exacte du format à utiliser pour afficher une chaîne, en C. Classiquement, le programmeur écrit printf(str); à la place de printf("%s", str);. Du coup, si printf est un paramètre entrée par l'utilisateur, celui-ci se retrouve avec beaucoup de latitude pour jeter un œil sur la pile.

Dictionnaire d'informatique francophone. 2013.

Игры ⚽ Нужно решить контрольную?

Regardez d'autres dictionnaires:

  • Format string attack — Format string attacks are a class of software vulnerability discovered around 1999. Previously thought harmless, Format string attacks can be used to crash a program or to execute harmful code. The problem stems from the use of unfiltered user… …   Wikipedia

  • printf format string — An example of the printf function. Printf format string (which stands for print formatted ) refers to a control parameter used by a class of functions typically associated with some types of programming languages. The format string specifies a… …   Wikipedia

  • String exploits — Several implementation / design flaws are associated with string programming, some of those are associated with security exploits. Concatenation problems It is possible to cause String1 + User Input String + String2 to behave in unepected ways by …   Wikipedia

  • Portable Document Format — PDF redirects here. For other uses, see PDF (disambiguation). Portable Document Format Adobe Reader icon Filename extension .pdf Internet media type application/pdf application/x pdf application/x bzpdf application/x gzpdf …   Wikipedia

  • Magic string — A magic string is an input that a programmer believes will never come externally and which activates otherwise hidden functionality. A user of this program would likely provide input that gives an expected response in most situations. However, if …   Wikipedia

  • Timing attack — In cryptography, a timing attack is a side channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms. The attack exploits the fact that every operation in a computer …   Wikipedia

  • Star Wars Episode II: Attack of the Clones — This article is about the film. For the video game, see Star Wars Episode II: Attack of the Clones (video game). Star Wars Episode II: Attack of the Clones Theatrical poster …   Wikipedia

  • Air on the G String — The Air on the G String is an adaptation by August Wilhelmj of Johann Sebastian Bach s Air . The air is usually played slowly and freely, and features an intertwining harmony and melody. History The original piece is part of Bach s Orchestral… …   Wikipedia

  • Printf — The class of printf functions (which stands for print formatted ) is a class of functions, typically associated with curly bracket programming languages, that accept a string parameter (called the format string) which specifies a method for… …   Wikipedia

  • Scanf — is a function that reads data with specified format from a given string stream source, originated from C programming language, and is present in many other programming languages.The scanf function prototype is: :int scanf (char *format, ...);The… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”