Hacker News new | past | comments | ask | show | jobs | submit login

Is there any reason NSLog doesn't filter input to escape these format args?



It can't. http://en.wikipedia.org/wiki/Uncontrolled_format_string:

"In particular, the varargs mechanism allows functions to accept any number of arguments (e.g. printf) by "popping" as many arguments off the call stack as they wish, trusting the early arguments to indicate how many additional arguments are to be popped, and of what types."

NSLog is similar; it has to trust its first argument to be consistent with the number and types of arguments actually passed to it.

If you call NSLog(x), but do not have complete control over the value of x, you cannot guarantee that.


Because it's the format string, which the programmer is supposed to control?

NSLog(untrusted); bad. NSLog("The user entered %s", untrusted); OK.


Because that would defeat the entire purpose of NSLog.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: