summaryrefslogtreecommitdiff
path: root/lib/libc/stdio/printf.3
diff options
context:
space:
mode:
authorMarc Espie <espie@cvs.openbsd.org>1999-09-22 10:05:26 +0000
committerMarc Espie <espie@cvs.openbsd.org>1999-09-22 10:05:26 +0000
commit9f2f5f50d8f95065c150dc4caf7ecceb1b25f9e9 (patch)
tree93ec1da63269f7fe3c7912802a3a13517f280a3a /lib/libc/stdio/printf.3
parentcc461764cc4388b9dec90044335cc0978268908a (diff)
BUGS->CAVEATS
Warn against brain-dead ProFTPd hole.
Diffstat (limited to 'lib/libc/stdio/printf.3')
-rw-r--r--lib/libc/stdio/printf.312
1 files changed, 10 insertions, 2 deletions
diff --git a/lib/libc/stdio/printf.3 b/lib/libc/stdio/printf.3
index e62ea2f3986..aabe4fdb8bc 100644
--- a/lib/libc/stdio/printf.3
+++ b/lib/libc/stdio/printf.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: printf.3,v 1.20 1999/08/08 14:46:56 deraadt Exp $
+.\" $OpenBSD: printf.3,v 1.21 1999/09/22 10:05:25 espie Exp $
.\"
.\" Copyright (c) 1990, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@@ -634,7 +634,7 @@ and
.Fn vasprintf
first appeared in the GNU C library. This implementation first appeared in
.Ox 2.3 .
-.Sh BUGS
+.Sh CAVEATS
The conversion formats
.Cm \&%D ,
.Cm \&%O ,
@@ -678,6 +678,14 @@ systems and the
.Fn asprintf
interface is not portable.
.Pp
+Never print a user-supplied string directly as a format without using
+.Cm %s ,
+as an attacker can put format specifiers in that string to mangle
+your stack. Be sure to use the proper secure idiom:
+.Bd -literal -offset indent
+snprintf(buffer, sizeof(buffer), "%s", string)
+.Ed
+.Pp
There is no way for printf to know the size of each argument passed. If
you use positional arguments you must ensure that all parameters, up to the
last positionally specified parameter, are used in the format string. This