...
Because no function parameter has the same meaning as an arbitrary parameter, the caller can provide an arbitrary number of arguments to the function.
| Code Block |
|---|
|
/* in foo.h */
void foo();
/* in foo.c */
void foo() {
int i = 3;
printf("i value: %d\n", i);
}
/* in caller.c */
#include "foo.h"
foo(3);
|
...
In this compliant solution, void is specified explicitly as a parameter in the declaration of foo's prototype.
| Code Block |
|---|
|
/* in foo.h */
void foo(void);
/* in foo.c */
void foo(void) {
int i = 3;
printf("i value: %d\n", i);
}
/* in caller.c */
#include "foo.h"
foo(3);
|
...
Another possible vulnerability is the leak of privileged information. In this noncompliant code example, a user with high privileges feeds some secret input to the caller that the caller then passes to foo(). Because of the way foo() is defined, we might assume that there is no way for foo() to retrieve information from the caller. However, because the value of i is really passed into a stack (before the return address of the caller), a malicious programmer can change the internal implementation and copy the value manually into a less privileged file.
| Code Block |
|---|
|
/* compile using gcc4.3.3 */
void foo() {
/* use asm code to retrieve i
* implicitly from caller
* and transfer it to a less privileged file */
}
...
/* caller */
foo(i); /* i is fed from user input */
|
Compliant Solution (Information Outflow)
| Code Block |
|---|
|
void foo(void) {
int i = 3;
printf("i value: %d\n", i);
}
|
...
