In the format string bug description under CAVEATS, clarify what we mean by

building the string ``by hand'' using a function like snprintf(); deraadt@ ok

3 files changed, 12 insertions, 12 deletions

diff --git a/lib/libc/gen/setproctitle.3 b/lib/libc/gen/setproctitle.3
index fd0f5c22a6f..6cee2e43e93 100644
--- a/lib/libc/gen/setproctitle.3
+++ b/lib/libc/gen/setproctitle.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: setproctitle.3,v 1.10 2000/07/16 22:44:58 millert Exp $
+.\"	$OpenBSD: setproctitle.3,v 1.11 2000/08/25 17:43:14 aaron Exp $
 .\"
 .\" Copyright (c) 1994, 1995 Christopher G. Demetriou
 .\" All rights reserved.
@@ -75,15 +75,15 @@ function first appeared in
 .Nx 0.9a .
 .Sh CAVEATS
 It is important to never pass a string with user-supplied data as a 
-format without using %s.
+format without using
+.Ql %s .
 An attacker can put format specifiers in the string to mangle your stack, 
 leading to a possible security hole.
 This holds true even if you have built the string
 .Dq by hand
 using a function like
 .Fn snprintf ,
-as the attacker can escape the percent sign
-.Pq Sq %
+as the resulting string may still contain user-supplied conversion specifiers
 for later interpolation by
 .Fn setproctitle .
 .Pp
diff --git a/lib/libc/gen/syslog.3 b/lib/libc/gen/syslog.3
index f7e48e952f1..a99b14a357b 100644
--- a/lib/libc/gen/syslog.3
+++ b/lib/libc/gen/syslog.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: syslog.3,v 1.8 2000/07/16 22:44:58 millert Exp $
+.\"	$OpenBSD: syslog.3,v 1.9 2000/08/25 17:43:14 aaron Exp $
 .\"
 .\" Copyright (c) 1985, 1991, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -271,15 +271,15 @@ functions appeared in
 .Bx 4.2 .
 .Sh CAVEATS
 It is important to never pass a string with user-supplied data as a
-format without using %s.
+format without using
+.Ql %s .
 An attacker can put format specifiers in the string to mangle your stack,
 leading to a possible security hole.
 This holds true even if you have built the string
 .Dq by hand
 using a function like
 .Fn snprintf ,
-as the attacker can escape the percent sign
-.Pq Sq %
+as the resulting string may still contain user-supplied conversion specifiers
 for later interpolation by
 .Fn syslog .
 .Pp
diff --git a/lib/libc/stdio/printf.3 b/lib/libc/stdio/printf.3
index 4225c6fd77b..c30c43fd7ec 100644
--- a/lib/libc/stdio/printf.3
+++ b/lib/libc/stdio/printf.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: printf.3,v 1.30 2000/07/16 22:44:57 millert Exp $
+.\"	$OpenBSD: printf.3,v 1.31 2000/08/25 17:43:15 aaron Exp $
 .\"
 .\" Copyright (c) 1990, 1991, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -687,15 +687,15 @@ systems and the
 interface is not portable.
 .Pp
 It is important to never pass a string with user-supplied data as a
-format without using %s.
+format without using
+.Ql %s .
 An attacker can put format specifiers in the string to mangle your stack,
 leading to a possible security hole.
 This holds true even if you have built the string
 .Dq by hand
 using a function like
 .Fn snprintf ,
-as the attacker can escape the percent sign
-.Pq Sq %
+as the resulting string may still contain user-supplied conversion specifiers
 for later interpolation by
 .Fn printf .
 .Pp