diff options
author | Marc Espie <espie@cvs.openbsd.org> | 1999-09-22 10:05:26 +0000 |
---|---|---|
committer | Marc Espie <espie@cvs.openbsd.org> | 1999-09-22 10:05:26 +0000 |
commit | 9f2f5f50d8f95065c150dc4caf7ecceb1b25f9e9 (patch) | |
tree | 93ec1da63269f7fe3c7912802a3a13517f280a3a /lib/libc/stdio/printf.3 | |
parent | cc461764cc4388b9dec90044335cc0978268908a (diff) |
BUGS->CAVEATS
Warn against brain-dead ProFTPd hole.
Diffstat (limited to 'lib/libc/stdio/printf.3')
-rw-r--r-- | lib/libc/stdio/printf.3 | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/lib/libc/stdio/printf.3 b/lib/libc/stdio/printf.3 index e62ea2f3986..aabe4fdb8bc 100644 --- a/lib/libc/stdio/printf.3 +++ b/lib/libc/stdio/printf.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: printf.3,v 1.20 1999/08/08 14:46:56 deraadt Exp $ +.\" $OpenBSD: printf.3,v 1.21 1999/09/22 10:05:25 espie Exp $ .\" .\" Copyright (c) 1990, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -634,7 +634,7 @@ and .Fn vasprintf first appeared in the GNU C library. This implementation first appeared in .Ox 2.3 . -.Sh BUGS +.Sh CAVEATS The conversion formats .Cm \&%D , .Cm \&%O , @@ -678,6 +678,14 @@ systems and the .Fn asprintf interface is not portable. .Pp +Never print a user-supplied string directly as a format without using +.Cm %s , +as an attacker can put format specifiers in that string to mangle +your stack. Be sure to use the proper secure idiom: +.Bd -literal -offset indent +snprintf(buffer, sizeof(buffer), "%s", string) +.Ed +.Pp There is no way for printf to know the size of each argument passed. If you use positional arguments you must ensure that all parameters, up to the last positionally specified parameter, are used in the format string. This |