search

chrislimqc / Cloud-Computing

Cloud comp project
0 stars 0 forks source link

Uncontrolled Format String Vulnerability #13

Open Gitchatbot opened 6 months ago

Gitchatbot commented 6 months ago

Suggested Code changes

https://api.github.com/repos/chrislimqc/Cloud-Computing/contents/format.c

Reasoning

An attacker can leverage this vulnerability to read from and write to arbitrary memory locations, leading to a potential crash or arbitrary code execution. It is a critical security issue.

Suggested Amended Code

This code should be completely rewritten. User input should not be directly passed to format string functions. Instead, proper input validation and argument formatting should be done. Here is an ammended code: 

#include <stdio.h>

int main(int argc, char **argv) {
    char *secret = "This is a secret!shhhhh\n";

    if(argc > 1) {
        printf("%s", argv[1]);
    }

    return 0;
}
marvenlee2486 commented 6 months ago

Could you please rewrite the code