April 2016
Beginner
342 pages
9h 51m
English
Content preview from Cyber Security Essentials
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
134 Cyber seCurity essentiAls
C programming language to accept an unknown number of param-
eters using a va_list structure to store them. Normally, a compiler
will compare the number of parameters that a function accepts to the
function definition to prevent programming mistakes; however, the
printf function and other similar functions accept different numbers
of parameters depending upon the format string itself. Using only one
parameter to printf can create a vulnerability if a user can influence
that parameter. Again, the format parameter can accept many differ-
ent formats such as strings (%s), decimal numbers (%d), or hex values
(%x). A legiti ...