Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update 0x13-V5-Validation-Sanitization-Encoding.md #1982

Merged
merged 2 commits into from
Jul 24, 2024
Merged

Conversation

jmanico
Copy link
Member

@jmanico jmanico commented Jun 21, 2024

work for #1731

@tghosth
Copy link
Collaborator

tghosth commented Jun 27, 2024

@csfreak92 is that sufficent extra context do you think?

@csfreak92
Copy link
Collaborator

It looks good, @tghosth though there's something missing I think. I say that because format string vulnerabilities are kind of like a command injection through these format strings being interpreted as commands. Would sanitization of input be enough? I'm pondering as well if that's enough or not. Welcome for more feedback.

@tghosth
Copy link
Collaborator

tghosth commented Jul 2, 2024

Sanitization should always be enough I think... It generally means removing special characters so should probably be the most aggressive protection

@csfreak92
Copy link
Collaborator

Ah I see, ok then that closes it. I concur with this PR. :)

@jmanico
Copy link
Member Author

jmanico commented Jul 3, 2024 via email

@tghosth tghosth enabled auto-merge (squash) July 24, 2024 05:26
@tghosth tghosth merged commit c62c55d into master Jul 24, 2024
2 checks passed
@tghosth tghosth deleted the format-strings branch July 24, 2024 05:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants