| 1234567891011121314 |
- /* printf is a standard C function that's a great way to easily print
- * data to the console using format specifiers. That being said, it's
- * common knowledge that you should NEVER give a user the ability to directly
- * set the first parameter of a function that can take format specifiers.
- * To pass this challenge, you need to find out why users shouldn't be given
- * full control of printf. A vulnerable function will take a string you provide
- * and pass it to printf along with a value you need to modify.
- */
- // A format specifier is a character set like %s or %f.
- // Look for one that writes to memory.
- // int printf ( const char * format, ... );
- // dont allow people to write their own format strings with printf - said a wise man
- std::string input = "i444 %n";
|
