Skip to content Skip to sidebar Skip to footer
Home / Android / Android Ndk / C / C++ / Printf

Demonstrating Printf Or __android_log_print Vulnerabilities With Android Ndk

Post a Comment
I am interested in demoing printf vulnerabilities via an NDK app. To be clear, I am aware that to log in the console we can use __android_log_print(ANDROID_LOG_DEBUG, 'LOG_TAG', 'P

Solution 1:

You do realize that Android is open source.

Starting with looking for __android_log_print() and finding it: https://android.googlesource.com/platform/system/core/+/refs/heads/master/liblog/logger_write.cpp

int __android_log_print(int prio, const char* tag, const char* fmt, ...) {
  va_list ap;
  char buf[LOG_BUF_SIZE];
  va_start(ap, fmt);
  vsnprintf(buf, LOG_BUF_SIZE, fmt, ap);
  va_end(ap);
  return __android_log_write(prio, tag, buf);
}

I eventually ended up looking at: https://android.googlesource.com/platform/bionic/+/refs/heads/master/libc/stdio/vfprintf.cpp

lines 453-454:

case'n':
    __fortify_fatal("%%n not allowed on Android");

Also referenced in the code is additional safety through FORTIFY which is described in the following blog post:

https://android-developers.googleblog.com/2017/04/fortify-in-android.html

Solution 2:

Android specifically does not support %n format specifiers because they're vulnerable.

https://android.googlesource.com/platform/bionic/+/400b073ee38ecc2a38234261b221e3a7afc0498e/tests/stdio_test.cpp#328

Post a Comment for "Demonstrating Printf Or __android_log_print Vulnerabilities With Android Ndk"