diff options
| author | Aaron Campbell <aaron@cvs.openbsd.org> | 2000-08-31 13:35:34 +0000 |
|---|---|---|
| committer | Aaron Campbell <aaron@cvs.openbsd.org> | 2000-08-31 13:35:34 +0000 |
| commit | db0b2f67a9758275a6028e0d9beb5b0180b4fd98 (patch) | |
| tree | 1b6cb636c12394df03869f8b80eb6ecc5c50cd9e /lib/libc | |
| parent | c200e6d38ead783bf38688db3470e730895be8ba (diff) | |
Put the CAVEATS section explaining format string issues in this man page too.
Diffstat (limited to 'lib/libc')
| -rw-r--r-- | lib/libc/gen/err.3 | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/lib/libc/gen/err.3 b/lib/libc/gen/err.3 index 8abf6848ed3..59fdd623917 100644 --- a/lib/libc/gen/err.3 +++ b/lib/libc/gen/err.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: err.3,v 1.10 2000/06/29 16:13:59 millert Exp $ +.\" $OpenBSD: err.3,v 1.11 2000/08/31 13:35:33 aaron Exp $ .\" .\" Copyright (c) 1993 .\" The Regents of the University of California. All rights reserved. @@ -154,3 +154,24 @@ and .Fn warn functions first appeared in .Bx 4.4 . +.Sh CAVEATS +It is important to never pass a string with user-supplied data as a +format without using +.Ql %s . +An attacker can put format specifiers in the string to mangle your stack, +leading to a possible security hole. +This holds true even if you have built the string +.Dq by hand +using a function like +.Fn snprintf , +as the resulting string may still contain user-supplied conversion specifiers +for later interpolation by the +.Fn err +and +.Fn warn +functions. +.Pp +Be sure to always use the proper secure idiom: +.Bd -literal -offset indent +err(1, "%s", string); +.Ed |