Seems like this should possibly be merged into https://lobste.rs/s/pxbgpu/p_s_s_s_s_n_breaks_wi_fi_on_iphones? /cc @pushcx
this has the details, so i think it would be better if that article were to be merged into this one.
Printf %n is a known source of security holes: https://www.exploit-db.com/docs/english/28476-linux-format-string-exploitation.pdf
Happily %n isn’t supported in those APIs, and many other platforms don’t even support it in printf any more
Seems like this should possibly be merged into https://lobste.rs/s/pxbgpu/p_s_s_s_s_n_breaks_wi_fi_on_iphones? /cc @pushcx
this has the details, so i think it would be better if that article were to be merged into this one.
Printf %n is a known source of security holes: https://www.exploit-db.com/docs/english/28476-linux-format-string-exploitation.pdf
Happily %n isn’t supported in those APIs, and many other platforms don’t even support it in printf any more