summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAaron Campbell <aaron@cvs.openbsd.org>2000-10-19 18:18:55 +0000
committerAaron Campbell <aaron@cvs.openbsd.org>2000-10-19 18:18:55 +0000
commit89b9f42f7f56a97c16834c65a768c7817bc36114 (patch)
tree303ae05756db3c22500d11eec03e153f281975c9
parent6c44a023e78bec467cc91b884b434ebef81dc01e (diff)
Put the fmt strings CAVEATS section into userland printf(1) man page, too;
it applies here as well.
-rw-r--r--usr.bin/printf/printf.113
1 files changed, 12 insertions, 1 deletions
diff --git a/usr.bin/printf/printf.1 b/usr.bin/printf/printf.1
index c63bb3baffa..7dd31b6eda1 100644
--- a/usr.bin/printf/printf.1
+++ b/usr.bin/printf/printf.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: printf.1,v 1.11 2000/03/23 21:10:18 aaron Exp $
+.\" $OpenBSD: printf.1,v 1.12 2000/10/19 18:18:54 aaron Exp $
.\"
.\" Copyright (c) 1989, 1990 The Regents of the University of California.
.\" All rights reserved.
@@ -316,6 +316,17 @@ The
.Nm
command appeared in
.Bx 4.3 Reno .
+.Sh CAVEATS
+It is important to never pass a string with user-supplied data as a
+format without using
+.Ql %s .
+An attacker can put format specifiers in the string to mangle your stack,
+leading to a possible security hole.
+.Pp
+Be sure to always use the proper secure idiom:
+.Bd -literal -offset indent
+printf "%s" "$STRING"
+.Ed
.Sh BUGS
Since arguments are translated from
.Tn ASCII