diff options
| author |   aaron <aaron@openbsd.org> | 2000-08-25 17:43:14 +0000 |
|---|---|---|
| committer | aaron <aaron@openbsd.org> | 2000-08-25 17:43:14 +0000 |
| commit | 443564e20efcc369e98714826bb039805f569746 (patch) | |
| tree | 736301c827baee43ba7e1ddfc05539d9a8df01cd /lib/libc/stdio/printf.3 | |
| parent | Sync with FreeBSD. Summary of changes: (diff) | |
| download | wireguard-openbsd-443564e20efcc369e98714826bb039805f569746.tar.xz wireguard-openbsd-443564e20efcc369e98714826bb039805f569746.zip | |
In the format string bug description under CAVEATS, clarify what we mean by
building the string ``by hand'' using a function like snprintf(); deraadt@ ok
Diffstat (limited to 'lib/libc/stdio/printf.3')
| -rw-r--r-- | lib/libc/stdio/printf.3 | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/libc/stdio/printf.3 b/lib/libc/stdio/printf.3 index 4225c6fd77b..c30c43fd7ec 100644 --- a/lib/libc/stdio/printf.3 +++ b/lib/libc/stdio/printf.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: printf.3,v 1.30 2000/07/16 22:44:57 millert Exp $ +.\" $OpenBSD: printf.3,v 1.31 2000/08/25 17:43:15 aaron Exp $ .\" .\" Copyright (c) 1990, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -687,15 +687,15 @@ systems and the interface is not portable. .Pp It is important to never pass a string with user-supplied data as a -format without using %s. +format without using +.Ql %s . An attacker can put format specifiers in the string to mangle your stack, leading to a possible security hole. This holds true even if you have built the string .Dq by hand using a function like .Fn snprintf , -as the attacker can escape the percent sign -.Pq Sq % +as the resulting string may still contain user-supplied conversion specifiers for later interpolation by .Fn printf . .Pp |