Disable using __sprintf_chk ()

Question

Disable using __sprintf_chk ()

I observe that a C ++ program uses sprintfwhere this sprintf implicitly calls __sprintf_chk(). This __sprintf_chk()one seems to check for buffer overflows by checking stack frames.

For my research purpose, I wonder if usage can be turned off __sprintf_chk()?

+5

c ++ c printf fortify-source

flyingbin Aug 30 '12 at 16:41

source share

2 answers

__sprintf_chk(), , , .... , , __sprintf_chk()?

, FORTIFY_SOURCE. , . , :

CFLAGS += -U_FORTIFY_SOURCE

:

CFLAGS += -D_FORTIFY_SOURCE=0

: , FORTIFY_SOURCE, . , , .

, [ ] , FORTIFY_SOURCE:

mempcpy
memmove
MemSet
stpcpy
strncpy
strcat
strncat
Sprintf
snprintf
vsprintf
vsnprintf

. gcc -D_FORTIFY_SOURCE = 1 -D_FORTIFY_SOURCE = 2.

+5

jww 12 . '14 9:23

osgx · Accepted Answer · 2012-08-30T18:38:58+0000

Try replacing all sprintf calls in your program as follows:

 sprintf(params...);

at

 (sprintf)(params...);

This will disable any preprocessor-based sprint changes (* only if sprintf has been modified using a functionally similar macro, as is the case __sprintf_chk).

There are options for gcc -fno-stack-protector -fno-mudflap. Could also be -D_FORTIFY_SOURCE=0(for any glibc)

Ubuntu debian : http://wiki.debian.org/Hardening https://wiki.ubuntu.com/Security/Features https://wiki.ubuntu.com/ToolChain/CompilerFlags

SSP (-) Fortify_source (glibc): http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt

PS: __fgets_chk __gets_chk __printf_chk __fprintf_chk __vprintf_chk __vfprintf_chk __vsprintf_chk __wmemcpy_chk __wmemmove_chk __wmempcpy_chk __wmemset_chk __wcscpy_chk __wcpcpy_chk __wcsncpy_chk __wcpncpy_chk __wcscat_chk __wcsncat_chk __swprintf_chk __vswprintf_chk __fwprintf_chk __wprintf_chk __vfwprintf_chk __vwprintf_chk __fgetws_chk __wcrtomb_chk __mbsrtowcs_chk __wcsrtombs_chk __mbsnrtowcs_chk __wcsnrtombs_chk __memcpy_chk __memmove_chk __mempcpy_chk __memset_chk __strcpy_chk __strncpy_chk __stpncpy_chk __strcat_chk

Disable using __sprintf_chk ()

More articles: