I'm trying to implement a wrapper for printf, which filters the string to prevent special non-printable characters. The background behind this is a console output for a secure software where the secure output should be preceded by "SECURE:" and the non-secure output should be preceded by "NONSECURE". I want to prevent someone to insert some control chars to overwrite the prefix (like including an '\r' at the beginning.)
Question
holdmybeer
Hi all,
I'm trying to implement a wrapper for printf, which filters the string to prevent special non-printable characters. The background behind this is a console output for a secure software where the secure output should be preceded by "SECURE:" and the non-secure output should be preceded by "NONSECURE". I want to prevent someone to insert some control chars to overwrite the prefix (like including an '\r' at the beginning.)
So far, I found a good example for a wrapper:
void nonsec_printf(char *string, ...) { va_list argp; fprintf(stdout, "NONSEC: "); va_start(argp, string); vfprintf(stdout, string, argp); va_end(argp); }
How could I check the parameters for any special characters? Or should I rather start one level deeper at putc...
Link to comment
Share on other sites
10 answers to this question
Recommended Posts
Archived
This topic is now archived and is closed to further replies.