Re: [pcre-dev] PCRE 7.5-RC2 Release candidate

Top Page
Delete this message
Author: Philip Hazel
Date:  
To: Sheri
CC: pcre-dev
Subject: Re: [pcre-dev] PCRE 7.5-RC2 Release candidate
On Mon, 31 Dec 2007, Sheri wrote:

> Although I don't quite understand the security issues, this discussion
> suggests that %n should be removed from the standard:
>
> http://www.matasano.com/log/536/format-string-protection-disabling-n-by-default/


But at least one poster disagrees, and lists many applications that use
it. If a competent programmer uses it, it is perfectly safe. The
security issue arises only when an incompetent programmer allows a user
to pass a format string - something which one should *never* do. As a C
novice (actually, probably as a BCPL novice) I learned the difference
between printf(s) and printf("%s",s) when s is a user-supplied string.

Anyway, to remove a feature that has been in the standard for 17 years
and is relatively widely used is going to cause much trouble. I doubt
whether the standards bodies would go along with this. After all, there
are plenty of other features of C that can be abused.

Having said that, there is only one use of %n in pcregrep, and none
anywhere else in the PCRE package. As it happens, it is a particularly
simple usage to remove, so I will do so.

Philip

--
Philip Hazel