The printf function in C is vulnerable to attacks using incorrect format specifiers and corresponding incorrect or unequal parameters. ‘safeprintf’ is a library that would prevent such unaccounted access to memory, thus preventing an attacker from making illegitimate writes to the memory and giving a potential attacker a chance to execute arbitrary.
* safeprintf.c – Our overloaded library with the printf family of functions
* testcase1.c – This is the first of three test cases.
* testcase2.c – This is the second of three test cases.
* testcase3.c – This is the third of three test cases.
Keep all the above files in the same directory.
Instructions on compiling the files:
1. Compile the safeprintf library by running the command-
gcc -w -Wall -fPIC -shared -o safeprintf.so safeprintf.c -ldl
safeprintf.so file will be generated in the same directory.
2. Now export the .so file using the command.
3. You can now run any test.c file by compiling it and running it using the command-
The test file will be run using our overloaded family of ‘printf’ functions.
4. To unset LD_PRELOAD, use the command
Usage and download from git:
git clone https://github.com/omkartotade/safeprintf && cd safeprintf
gcc -w -Wall -spic -shared -o safeprintf.so safeprintf.c -ldl
gcc testcase1.c -o test1
gcc testcase2.c -o test2
gcc testcase3.c -o test3