Reg. sprintf

Reg. sprintf

[Vivek Katakam]

Hi all,
I am facing Segementation violation in the following function.

Breakpoint 1, main (argc=1, argv=0x7fbfffd7f8) at dr_end.c:230
230       sprintf(detail_filename, "/tmp/%s", mkstemp(filename_template));
(gdb) p detail_filename
$1 = "\000\020\024\227*\000\000\000\226\004V\225*\000\000\000¨Ä\000\226*\000\000\000
)¹\225*", '\0' <repeats 11 times>, "°Ñÿ¿\177\000\000\000\031më\226*",
'\0' <repeats 11 times>, "¨Ä\000\226*\000\000\000F\017V\225*\000\000"
(gdb) p filename_template
$2 = "STARS_filedetail_XXXXXX\000·f\225*\000\000\000\220Óÿ¿\177\000\000\000\020\017V\225*\000\000\000\210Óÿ¿\177\000\000\000\200Óÿ¿\177\000\000\000\001\000\000\000GNU\000\000\000\000\000\000\000\000"
s
Program received signal SIGSEGV, Segmentation fault.
0x0000002a95e45290 in strlen () from /lib64/tls/libc.so.6

I am using gcc 3.2.3

I have initialized the string varibles to null . but i am still
getting the error.

Regards,
Vivek

Re: Reg. sprintf

[Brian Dessent]

Vivek Katakam wrote:

> I am facing Segementation violation in the following function.

This does not have anything to do with gcc.  I suggest you post your
question on a basic C language forum like comp.lang.c.  The compiler has
nothing to do with functions like mkstemp(), they are provided by
whatever C library you are using.

> 
> Breakpoint 1, main (argc=1, argv=0x7fbfffd7f8) at dr_end.c:230
> 230       sprintf(detail_filename, "/tmp/%s", mkstemp(filename_template));
> (gdb) p detail_filename

The reason you get the SEGV is because this code is broken.  mkstemp()
opens the file and returns a file descriptor (integer) not a string. 
The whole point of using mkstemp() is that it avoids the potential
security hole caused by the race that can occur between generating the
filename and opening the file.  The above code looks like somebody tried
to blindly substitute mkstemp() for mktemp() without actually
understanding the difference.

Read the fine manual:
http://www.gnu.org/software/libc/manual/html_node/Temporary-Files.html
http://www.freebsd.org/cgi/man.cgi?query=mkstemp

Brian

Re: Reg. sprintf

[Vivek Katakam]

Hi Brian,

When compilation i was getting this error thrown by the compiler and
so I have used that:

the use of `mktemp' is dangerous, better use `mkstemp'

Regards,
Vivek


On 5/30/06, Brian Dessent <brian@dessent.net> wrote:
> Vivek Katakam wrote:
>
> > I am facing Segementation violation in the following function.
>
> This does not have anything to do with gcc.  I suggest you post your
> question on a basic C language forum like comp.lang.c.  The compiler has
> nothing to do with functions like mkstemp(), they are provided by
> whatever C library you are using.
>
> >
> > Breakpoint 1, main (argc=1, argv=0x7fbfffd7f8) at dr_end.c:230
> > 230       sprintf(detail_filename, "/tmp/%s", mkstemp(filename_template));
> > (gdb) p detail_filename
>
> The reason you get the SEGV is because this code is broken.  mkstemp()
> opens the file and returns a file descriptor (integer) not a string.
> The whole point of using mkstemp() is that it avoids the potential
> security hole caused by the race that can occur between generating the
> filename and opening the file.  The above code looks like somebody tried
> to blindly substitute mkstemp() for mktemp() without actually
> understanding the difference.
>
> Read the fine manual:
> http://www.gnu.org/software/libc/manual/html_node/Temporary-Files.html
> http://www.freebsd.org/cgi/man.cgi?query=mkstemp
>
> Brian
>

Re: Reg. sprintf

[Brian Dessent]

Vivek Katakam wrote:

> When compilation i was getting this error thrown by the compiler and
> so I have used that:
> 
> the use of `mktemp' is dangerous, better use `mkstemp'

This message is telling you that using 'mktemp' is not secure and can
lead to vulnerabilities.  It does not mean that you can simply change
all references to 'mktemp' to 'mkstemp' without refactoring the code to
account for the fact that they work differently.

Brian