lava icon indicating copy to clipboard operation
lava copied to clipboard

Published 20 hours ago verified publisher icon panda-re

no taint from scanf

Open liangjs opened this issue 4 years ago • 2 comments

If the input data is read by fscanf, it seems the data will not be tainted?

liangjs avatar Dec 06 '20 07:12 liangjs

That's possible – our taint system only looks at read and pread, and only looks at actual files (no stdin). If fscanf is using some other mechanism, or is reading from stdin, then you will have to add support for that in the file_taint plugin, or modify the target so that it reads from one of the supported sources.

moyix avatar Sep 15 '21 15:09 moyix

If fscanf is from a file, would that not correspond to sys_read, though? So it depends, maybe.

On Wed, Sep 15, 2021 at 11:34 AM Brendan Dolan-Gavitt < @.***> wrote:

That's possible – our taint system only looks at read and pread, and only looks at actual files (no stdin). If fscanf is using some other mechanism, or is reading from stdin, then you will have to add support for that in the file_taint plugin, or modify the target so that it reads from one of the supported sources.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/panda-re/lava/issues/46#issuecomment-920128264, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAZ2OBYXCBZYLFCV24RI7PDUCC4HBANCNFSM4UPD5X4A .

-- When I see an adult on a bicycle, I do not despair for the future of the human race. - H. G.Wells

tleek avatar Sep 15 '21 22:09 tleek