FormatGuard
E724134
FormatGuard is a security tool designed to prevent buffer overflow attacks by automatically adding bounds-checking to C library functions that handle formatted input and output.
Statements (46)
| Predicate | Object |
|---|---|
| instanceOf |
security tool
ⓘ
software library ⓘ |
| aimsTo |
improve robustness of legacy C applications
ⓘ
reduce exploitation of memory corruption bugs ⓘ |
| approach | interpose safe versions of standard functions ⓘ |
| assumes | availability of standard C formatted I/O APIs ⓘ |
| category |
buffer overflow protection mechanism
ⓘ
defensive programming tool ⓘ |
| checks |
argument sizes
ⓘ
buffer bounds ⓘ format string consistency ⓘ |
| deployment | used as a protective wrapper around standard C library ⓘ |
| designGoal |
be transparent to existing C code
ⓘ
detect misuse of formatted I/O functions ⓘ require minimal source code changes ⓘ |
| granularity | function-level protection for formatted I/O calls ⓘ |
| hasPurpose | prevent buffer overflow attacks ⓘ |
| implements | automatic bounds checking ⓘ |
| mitigatesVulnerability | buffer overflow ⓘ |
| operatesOn |
C library functions
ⓘ
formatted input functions ⓘ formatted output functions ⓘ |
| prevents |
reading past end of input buffer
ⓘ
some format string related errors ⓘ writing past end of destination buffer ⓘ |
| relatedTo |
format string vulnerabilities
ⓘ
stack smashing attacks ⓘ |
| requires | linking with instrumented library ⓘ |
| securityDomain |
memory safety
ⓘ
software security ⓘ |
| targetsLanguage | C ⓘ |
| technique |
compile-time instrumentation
ⓘ
link-time wrapping of library calls ⓘ |
| wrapsFunctionFamily |
fprintf
ⓘ
fscanf ⓘ printf ⓘ scanf ⓘ snprintf ⓘ sprintf ⓘ sscanf ⓘ vfscanf ⓘ vprintf ⓘ vscanf ⓘ vsnprintf ⓘ vsprintf ⓘ vsscanf ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.