diff options
-rw-r--r-- | lib/libc/stdio/fgetln.3 | 24 | ||||
-rw-r--r-- | lib/libc/stdio/fgets.3 | 24 | ||||
-rw-r--r-- | lib/libc/stdio/getc.3 | 6 | ||||
-rw-r--r-- | lib/libc/stdio/mktemp.3 | 176 | ||||
-rw-r--r-- | lib/libc/stdio/stdio.3 | 12 | ||||
-rw-r--r-- | lib/libc/stdio/tmpnam.3 | 9 |
6 files changed, 126 insertions, 125 deletions
diff --git a/lib/libc/stdio/fgetln.3 b/lib/libc/stdio/fgetln.3 index bd213be5a74..ea34dc2f2f3 100644 --- a/lib/libc/stdio/fgetln.3 +++ b/lib/libc/stdio/fgetln.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: fgetln.3,v 1.8 2000/12/24 00:30:57 aaron Exp $ +.\" $OpenBSD: fgetln.3,v 1.9 2003/06/01 18:56:04 jmc Exp $ .\" .\" Copyright (c) 1990, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -109,6 +109,17 @@ for any of the errors specified for the routines .Xr stat 2 , or .Xr realloc 3 . +.Sh SEE ALSO +.Xr ferror 3 , +.Xr fgets 3 , +.Xr fopen 3 , +.Xr fparseln 3 , +.Xr putc 3 +.Sh HISTORY +The +.Fn fgetln +function first appeared in +.Bx 4.4 . .Sh CAVEATS Since the returned buffer is not a C string (it is not null terminated), a common practice is to replace the newline character with @@ -140,14 +151,3 @@ temporary buffer: } } .Ed -.Sh SEE ALSO -.Xr ferror 3 , -.Xr fgets 3 , -.Xr fopen 3 , -.Xr fparseln 3 , -.Xr putc 3 -.Sh HISTORY -The -.Fn fgetln -function first appeared in -.Bx 4.4 . diff --git a/lib/libc/stdio/fgets.3 b/lib/libc/stdio/fgets.3 index a192125a1ec..3c1fb9cd21c 100644 --- a/lib/libc/stdio/fgets.3 +++ b/lib/libc/stdio/fgets.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: fgets.3,v 1.17 2003/05/17 10:30:10 pjanzen Exp $ +.\" $OpenBSD: fgets.3,v 1.18 2003/06/01 18:56:04 jmc Exp $ .\" .\" Copyright (c) 1990, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -134,6 +134,17 @@ may also fail and set .Va errno for any of the errors specified for the routine .Xr getchar 3 . +.Sh SEE ALSO +.Xr feof 3 , +.Xr ferror 3 , +.Xr fgetln 3 +.Sh STANDARDS +The functions +.Fn fgets +and +.Fn gets +conform to +.St -ansiC . .Sh CAVEATS The following bit of code illustrates a case where the programmer assumes a string is too long if it does not contain a newline: @@ -179,17 +190,6 @@ which may indeed include a newline. Consider using .Xr fgetln 3 instead when dealing with untrusted input. -.Sh SEE ALSO -.Xr feof 3 , -.Xr ferror 3 , -.Xr fgetln 3 -.Sh STANDARDS -The functions -.Fn fgets -and -.Fn gets -conform to -.St -ansiC . .Sh BUGS Since it is usually impossible to ensure that the next input line is less than some arbitrary length, and because overflowing the diff --git a/lib/libc/stdio/getc.3 b/lib/libc/stdio/getc.3 index 7b7e09faffc..a6ce67452c0 100644 --- a/lib/libc/stdio/getc.3 +++ b/lib/libc/stdio/getc.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: getc.3,v 1.8 2003/05/03 19:08:21 jmc Exp $ +.\" $OpenBSD: getc.3,v 1.9 2003/06/01 18:56:04 jmc Exp $ .\" .\" Copyright (c) 1990, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -118,9 +118,9 @@ functions conform to Since .Dv EOF is a valid integer value, -.Xr feof +.Xr feof 3 and -.Xr ferror +.Xr ferror 3 must be used to check for failure after calling .Fn getw . The size and byte order of an diff --git a/lib/libc/stdio/mktemp.3 b/lib/libc/stdio/mktemp.3 index a60fed07e40..af20b699829 100644 --- a/lib/libc/stdio/mktemp.3 +++ b/lib/libc/stdio/mktemp.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: mktemp.3,v 1.29 2003/05/03 19:08:21 jmc Exp $ +.\" $OpenBSD: mktemp.3,v 1.30 2003/06/01 18:56:04 jmc Exp $ .\" .\" Copyright (c) 1989, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -104,7 +104,7 @@ is told the length of the suffix string, i.e., strlen("suffix"); The .Fn mkdtemp function makes the same replacement to the template as in -.Xr mktemp 3 +.Fn mktemp and creates the template directory, mode 0700. .Sh RETURN VALUES The @@ -119,92 +119,6 @@ The function returns \-1 if no suitable file could be created. If either call fails an error code is placed in the global variable .Va errno . -.Sh ERRORS -The -.Fn mkstemp -and -.Fn mkdtemp -functions may set -.Va errno -to one of the following values: -.Bl -tag -width Er -.It Bq Er ENOTDIR -The pathname portion of the template is not an existing directory. -.El -.Pp -The -.Fn mkstemp -and -.Fn mkdtemp -functions may also set -.Va errno -to any value specified by the -.Xr stat 2 -function. -.Pp -The -.Fn mkstemp -function may also set -.Va errno -to any value specified by the -.Xr open 2 -function. -.Pp -The -.Fn mkstemps -function may also set -.Va errno -to any value specified by the -.Xr open 2 -function or, -.Bl -tag -width Er -.It Bq Er EINVAL -The suffix length is longer than the template length. -.El -.Pp -The -.Fn mkdtemp -function may also set -.Va errno -to any value specified by the -.Xr mkdir 2 -function. -.Sh BUGS -For -.Fn mktemp -there is an obvious race between file name selection and file -creation and deletion: the program is typically written to call -.Xr tmpnam 3 , -.Xr tempnam 3 , -or -.Fn mktemp . -Subsequently, the program calls -.Xr open 2 -or -.Xr fopen 3 -and erroneously opens a file (or symbolic link, FIFO or other -device) that the attacker has created in the expected file location. -Hence -.Fn mkstemp -is recommended, since it atomically creates the file. -An attacker can guess the filenames produced by -.Fn mktemp . -Whenever it is possible, -.Fn mkstemp -or -.Fn mkdtemp -should be used instead. -.Pp -For this reason, -.Xr ld 1 -will output a warning message whenever it links code that uses -.Fn mktemp . -.Pp -The -.Fn mkdtemp -and -.Fn mkstemps -functions are nonstandard and should not be used if portability is required. .Sh EXAMPLES Quite often a programmer will want to replace a use of .Fn mktemp @@ -284,6 +198,56 @@ fails with an .Va errno of .Er EEXIST . +.Sh ERRORS +The +.Fn mkstemp +and +.Fn mkdtemp +functions may set +.Va errno +to one of the following values: +.Bl -tag -width Er +.It Bq Er ENOTDIR +The pathname portion of the template is not an existing directory. +.El +.Pp +The +.Fn mkstemp +and +.Fn mkdtemp +functions may also set +.Va errno +to any value specified by the +.Xr stat 2 +function. +.Pp +The +.Fn mkstemp +function may also set +.Va errno +to any value specified by the +.Xr open 2 +function. +.Pp +The +.Fn mkstemps +function may also set +.Va errno +to any value specified by the +.Xr open 2 +function or, +.Bl -tag -width Er +.It Bq Er EINVAL +The suffix length is longer than the template length. +.El +.Pp +The +.Fn mkdtemp +function may also set +.Va errno +to any value specified by the +.Xr mkdir 2 +function. .Sh SEE ALSO .Xr chmod 2 , .Xr getpid 2 , @@ -310,3 +274,39 @@ The .Fn mkstemps function appeared in .Ox 2.3 . +.Sh BUGS +For +.Fn mktemp +there is an obvious race between file name selection and file +creation and deletion: the program is typically written to call +.Xr tmpnam 3 , +.Xr tempnam 3 , +or +.Fn mktemp . +Subsequently, the program calls +.Xr open 2 +or +.Xr fopen 3 +and erroneously opens a file (or symbolic link, FIFO or other +device) that the attacker has created in the expected file location. +Hence +.Fn mkstemp +is recommended, since it atomically creates the file. +An attacker can guess the filenames produced by +.Fn mktemp . +Whenever it is possible, +.Fn mkstemp +or +.Fn mkdtemp +should be used instead. +.Pp +For this reason, +.Xr ld 1 +will output a warning message whenever it links code that uses +.Fn mktemp . +.Pp +The +.Fn mkdtemp +and +.Fn mkstemps +functions are nonstandard and should not be used if portability is required. diff --git a/lib/libc/stdio/stdio.3 b/lib/libc/stdio/stdio.3 index 68865add010..8b92f5bda89 100644 --- a/lib/libc/stdio/stdio.3 +++ b/lib/libc/stdio/stdio.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: stdio.3,v 1.14 2002/07/24 22:59:03 deraadt Exp $ +.\" $OpenBSD: stdio.3,v 1.15 2003/06/01 18:56:04 jmc Exp $ .\" .\" Copyright (c) 1990, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -285,14 +285,14 @@ vsscanf input format conversion .Xr open 2 , .Xr read 2 , .Xr write 2 +.Sh STANDARDS +The +.Nm stdio +library conforms to +.St -ansiC . .Sh BUGS The standard buffered functions do not interact well with certain other library and system functions, especially .Xr vfork and .Xr abort . -.Sh STANDARDS -The -.Nm stdio -library conforms to -.St -ansiC . diff --git a/lib/libc/stdio/tmpnam.3 b/lib/libc/stdio/tmpnam.3 index efb6f1a5dc0..29cbb4cd684 100644 --- a/lib/libc/stdio/tmpnam.3 +++ b/lib/libc/stdio/tmpnam.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: tmpnam.3,v 1.11 2003/04/02 19:00:26 jmc Exp $ +.\" $OpenBSD: tmpnam.3,v 1.12 2003/06/01 18:56:04 jmc Exp $ .\" .\" Copyright (c) 1988, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -191,8 +191,9 @@ with the historic interface). First, there is an obvious race between file name selection and file creation and deletion: the program is typically written to call -.Fn tmpnam Ns , -.Fn tmpname Ns , or +.Fn tmpnam , +.Fn tmpname , +or .Xr mktemp 3 . Subsequently, the program calls .Xr open 2 @@ -208,7 +209,7 @@ Second, most historic implementations provide only a limited number of possible temporary file names (usually 26) before file names will start being recycled. Third, the System V implementations of these functions (and of -.Xr mktemp ) +.Xr mktemp 3 ) use the .Xr access 2 function to determine whether or not the temporary file may be created. |