secure-coding – Tarik Billa

What is vulnerable about this C code?

December 3, 2023 by Tarik

You can override the PATH variable to point to a directory with your custom version of echo and since echo is executed using env, it isn’t treated as a built-in. This constitues a vulnerability only if the code is run as privileged user. In the example below file v.c contains the code from the question. … Read more

Which of sprintf/snprintf is more secure?

March 23, 2023 by Tarik

The two expressions you gave are not equivalent: sprintf takes no argument specifying the maximum number of bytes to write; it simply takes a destination buffer, a format string, and a bunch of arguments. Therefore, it may write more bytes than your buffer has space for, and in so doing write arbitrary code. The %.*s … Read more