Big documentation shortcoming: QString::arg()

Marc Mutz mutz at kde.org
Wed Jul 10 18:56:50 BST 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

Code using multiple QString::arg()'s on a string sequentially can be 
tricked into replacing the wrong parts of texts. If :arg() is used to 
insert (multiple) "user-supplied" strings, then the resulting program 
may be vulnerable to quite a few attacks. A simple test program is 
attached. Try e.g.
$ testqstring '%1 first text' 'second text'
1: s == 1: %1 first text; 2: %2
2: s == 1: second text first text; 2:

This is particularly dangerous if this mechnism is used to construct 
command lines to be executed.
Of course, a careful programmer will never use arg() for this and always 
check the to-be-inserted strings for "%n" and warn if one is found, but 
nonetheless a big fat warning in the documentation of QString::arg() 
should be in order.

Thanks,
Marc

- -- 
Marc Mutz <mutz at kde.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9LHVi3oWD+L2/6DgRAlqXAJ4lnwJYcdXqBIt7XFGy3tyW6xe+uwCeL8+h
QCjC1UGxKRYxM5XJ3VkN3Es=
=am39
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: testqstring.cpp
Type: text/x-c++src
Size: 264 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20020710/86b8c73b/attachment.cpp>


More information about the kde-core-devel mailing list