|
|
|
|
|
|
by senozhatsky
2336 days ago
|
|
|
OK, understood. So what you meant was more like puts()'s attack surface is smaller than printf()'s.
This is not how your message appeared to me - "printf() is vulnerable to injections, use puts() instead". Both are vulnerable to "unintended read()-s". |
|
|
printf is vulnerable to both read and _write_ attacks when you misuse it by only supplying the single argument. It's vulnerable to injections that can lead to remote execution and all sorts of CVEs.
puts is sometimes vulnerable to read attacks, but not often.