diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 2000-07-16 22:44:59 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 2000-07-16 22:44:59 +0000 |
commit | 0a24e02b6c0cddae26902400e476fbc2a416c9b1 (patch) | |
tree | a5af2c642326a36b6b45d368e0a6687369286c7d | |
parent | 8352d6ce819ef1ddee08b0f601c6fb179b10cf92 (diff) |
Stronger caveat wrt stack smashing via % escapes. Each man page
carries the same caveat...
-rw-r--r-- | lib/libc/gen/setproctitle.3 | 20 | ||||
-rw-r--r-- | lib/libc/gen/syslog.3 | 20 | ||||
-rw-r--r-- | lib/libc/stdio/printf.3 | 19 |
3 files changed, 48 insertions, 11 deletions
diff --git a/lib/libc/gen/setproctitle.3 b/lib/libc/gen/setproctitle.3 index a8eabe1a12e..fd0f5c22a6f 100644 --- a/lib/libc/gen/setproctitle.3 +++ b/lib/libc/gen/setproctitle.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: setproctitle.3,v 1.9 2000/07/07 00:13:56 aaron Exp $ +.\" $OpenBSD: setproctitle.3,v 1.10 2000/07/16 22:44:58 millert Exp $ .\" .\" Copyright (c) 1994, 1995 Christopher G. Demetriou .\" All rights reserved. @@ -74,10 +74,20 @@ The function first appeared in .Nx 0.9a . .Sh CAVEATS -Never pass a user-supplied string directly as a format without using %s, -as an attacker can put format specifiers in that string to mangle your -stack. -Be sure to use the proper secure idiom: +It is important to never pass a string with user-supplied data as a +format without using %s. +An attacker can put format specifiers in the string to mangle your stack, +leading to a possible security hole. +This holds true even if you have built the string +.Dq by hand +using a function like +.Fn snprintf , +as the attacker can escape the percent sign +.Pq Sq % +for later interpolation by +.Fn setproctitle . +.Pp +Be sure to always use the proper secure idiom: .Bd -literal -offset indent setproctitle("%s", string); .Ed diff --git a/lib/libc/gen/syslog.3 b/lib/libc/gen/syslog.3 index 3dc53dd111c..f7e48e952f1 100644 --- a/lib/libc/gen/syslog.3 +++ b/lib/libc/gen/syslog.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: syslog.3,v 1.7 1999/07/09 13:35:19 aaron Exp $ +.\" $OpenBSD: syslog.3,v 1.8 2000/07/16 22:44:58 millert Exp $ .\" .\" Copyright (c) 1985, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -269,3 +269,21 @@ syslog(LOG_INFO|LOG_LOCAL2, "foobar error: %m"); These functions appeared in .Bx 4.2 . +.Sh CAVEATS +It is important to never pass a string with user-supplied data as a +format without using %s. +An attacker can put format specifiers in the string to mangle your stack, +leading to a possible security hole. +This holds true even if you have built the string +.Dq by hand +using a function like +.Fn snprintf , +as the attacker can escape the percent sign +.Pq Sq % +for later interpolation by +.Fn syslog . +.Pp +Be sure to always use the proper secure idiom: +.Bd -literal -offset indent +syslog("%s", string); +.Ed diff --git a/lib/libc/stdio/printf.3 b/lib/libc/stdio/printf.3 index 6a9f4f34942..4225c6fd77b 100644 --- a/lib/libc/stdio/printf.3 +++ b/lib/libc/stdio/printf.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: printf.3,v 1.29 2000/07/07 00:09:10 aaron Exp $ +.\" $OpenBSD: printf.3,v 1.30 2000/07/16 22:44:57 millert Exp $ .\" .\" Copyright (c) 1990, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -686,10 +686,19 @@ systems and the .Fn asprintf interface is not portable. .Pp -Never print a user-supplied string directly as a format without using -.Cm %s , -as an attacker can put format specifiers in that string to mangle -your stack. +It is important to never pass a string with user-supplied data as a +format without using %s. +An attacker can put format specifiers in the string to mangle your stack, +leading to a possible security hole. +This holds true even if you have built the string +.Dq by hand +using a function like +.Fn snprintf , +as the attacker can escape the percent sign +.Pq Sq % +for later interpolation by +.Fn printf . +.Pp Be sure to use the proper secure idiom: .Bd -literal -offset indent snprintf(buffer, sizeof(buffer), "%s", string); |