How do I prevent format string attacks and buffer overruns on iOS?
https://stackoverflow.com/questions/12946664
-
08-07-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianDomanda
Apple's Secure Coding Guide documentation provides guidance on:
- format string attacks
- buffer overflows
What is not clear (to me, anyway) is how to prevent format string attacks and buffer overruns when using NSString.
How do I go about defending against such attacks? Are there any categories I can apply to protect against this? Is there a "secure" NSString equivalent I can use?
Soluzione
Buffer overruns are generally not a problem when you are putting data into an NSString (or an NSMutableString), because when you create an NSString, you have to tell it how much data you are giving it, and it automatically allocates enough private storage to hold what you give it. Just stick to the published APIs and don't try any shenanigans like casting away const from a pointer returned by UTF8String and writing through the pointer.
Note that NSMutableData, unlike NSMutableString, provides the mutableBytes message, which returns a pointer to memory that you are allowed to write to. So if you're using that API, you do have to be careful about buffer overruns.
For format strings, you just have to follow the advice in that document. For example, never pass data from an untrusted source as the format argument, or even as part of the format argument. Generally your format strings should either be string literals or they should be returned from NSLocalizedString.
There's no “secure” version of NSString.
