Format String Ugliness

• Function sets process title

  • (results visible with ps command)

• void setproctitle(const char *fmt, ...);

  • Variable length parameter list like printf()

• Misuse: incorrect parameter list

  • setproctitle(input)
  • input is a string supplied by the user
  • Correct:
  • setproctitle( "%s", input)

• Vulnerable to % format directives embedded in user input

  • Function pulls bogus values off stack (random strings)