ljknews wrote:
> At 4:44 PM -0500 2/5/08, Steven M. Christey wrote:
>> On Mon, 4 Feb 2008, ljknews wrote:
>>>> ("%99999999s" to fill up disk or memory, anybody?), so it's marked with
>>>> "All" and it's not in the C-specific view, even though there's a heavy
>>>> concentration of format strings in C/C++.
>>> It is marked as "All" ?
>>> What is the construct in Ada that has such a risk ?
>> Hmmmm, I don't see any, but then again I don't know Ada.  Is there no
>> equivalent to format strings in Ada?  No library support for it?
> Not that I know of, but if you can specify a Pascal equivalent
> I might be able to see what you are aiming at.  Have you evaluated
> Pascal for this defect that is present in "All" languages ?

Pascal per-se does not have a format string vulnerability - you don't have
any functions like that in the base language.

Delphi (Borland's oo-pascal) however has a whole truckload of Format*
commands which take a format string as the first parameter and thus
would potentially be vulnerable to the DOS attack.
Delphi has the capability of run-time bounds checking, which would catch
a lot of 'variables not on the stack' errors, however this can be turned
off for performance reasons. I don't have a ratio of on/off people. When
I originally wrote Delphi code in '96 I switched off bounds checking as
the systems I was running on could not take the hit. Now, it is left on
continuously as the cost of cycles is not worth it to have better software
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.

Reply via email to