Looking for vulnerable functions
If you remember from the previous chapter, when looking for vulnerabilities, we started by looking for unsafe C/C++ functions listed in the symbols table. Unsafe C/C++ functions are likely to introduce vulnerabilities because it's up to the developer to check the parameters passed to the function. Therefore, they have the opportunity to commit a programming error with safety implications.
In this case, we will analyze a script that looks for the use of variables expected to be initialized by sscanf
without validating the proper initialization:
00 int main() { 01 char* data = ""; 02 char name[20]; 03 int age; 04 int return_value = sscanf(data, "%s %i", name, &age); 05 printf("I'm %s.\n", name); 06 printf("I'm %i years old.", age); 07 }
When compiling this code and executing it, the result is unpredictable. Since the data
variable is initialized to an empty string in...