ljknews wrote:
> At 4:44 PM -0500 2/5/08, Steven M. Christey wrote:
>> On Mon, 4 Feb 2008, ljknews wrote:
>>
>>>> ("%99999999s" to fill up disk or memory, anybody?), so it's marked with
>>>> "All" and it's not in the C-specific view, even though there's a heavy
>>>> concentration of format strings in C/C++.
>>> It is marked as "All" ?
>>>
>>> What is the construct in Ada that has such a risk ?
>> Hmmmm, I don't see any, but then again I don't know Ada. Is there no
>> equivalent to format strings in Ada? No library support for it?
>
> Not that I know of, but if you can specify a Pascal equivalent
> I might be able to see what you are aiming at. Have you evaluated
> Pascal for this defect that is present in "All" languages ?
>
Pascal per-se does not have a format string vulnerability - you don't have
any functions like that in the base language.
Delphi (Borland's oo-pascal) however has a whole truckload of Format*
commands which take a format string as the first parameter and thus
would potentially be vulnerable to the DOS attack.
<rant>
Delphi has the capability of run-time bounds checking, which would catch
a lot of 'variables not on the stack' errors, however this can be turned
off for performance reasons. I don't have a ratio of on/off people. When
I originally wrote Delphi code in '96 I switched off bounds checking as
the systems I was running on could not take the hit. Now, it is left on
continuously as the cost of cycles is not worth it to have better software
</rant>
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________
