The printf function in C is vulnerable to attacks using incorrect format specifiers and corresponding incorrect or unequal parameters. ‘safeprintf’ is a library that would prevent such unaccounted access to memory, thus preventing an attacker from making illegitimate writes to the memory and giving a potential attacker a chance to execute arbitrary.
File provided:
* safeprintf.c – Our overloaded library with the printf family of functions
* testcase1.c – This is the first of three test cases.
* testcase2.c – This is the second of three test cases.
* testcase3.c – This is the third of three test cases.
Keep all the above files in the same directory.
safeprint
Instructions on compiling the files:
1. Compile the safeprintf library by running the command-
gcc -w -Wall -fPIC -shared -o safeprintf.so safeprintf.c -ldl
safeprintf.so file will be generated in the same directory.
2. Now export the .so file using the command.
export LD_PRELOAD=./safeprintf.so
3. You can now run any test.c file by compiling it and running it using the command-
./test
The test file will be run using our overloaded family of ‘printf’ functions.
4. To unset LD_PRELOAD, use the command
unset LD_PRELOAD
Usage and download from git:
git clone https://github.com/omkartotade/safeprintf && cd safeprintf gcc -w -Wall -spic -shared -o safeprintf.so safeprintf.c -ldl gcc testcase1.c -o test1 gcc testcase2.c -o test2 gcc testcase3.c -o test3 unset LD_PRELOAD
Source: https://github.com/omkartotade