diff options
author | kris <kris@FreeBSD.org> | 2001-04-17 07:59:52 +0000 |
---|---|---|
committer | kris <kris@FreeBSD.org> | 2001-04-17 07:59:52 +0000 |
commit | 0f958ee7467ce3cd3eaedbef81be48790d0b6b1a (patch) | |
tree | 3a26f765580b87bb8dbbe23a52082eaf344945c5 /lib/libc/gen/fmtcheck.3 | |
parent | b6da0fca774d229c4776e41d019373d1ec0df7ab (diff) | |
download | FreeBSD-src-0f958ee7467ce3cd3eaedbef81be48790d0b6b1a.zip FreeBSD-src-0f958ee7467ce3cd3eaedbef81be48790d0b6b1a.tar.gz |
Add fmtcheck(), a function for checking consistency of format string
arguments where the format string is obtained from user data, or
otherwise difficult to verify statically.
Example usage:
printf(fmtcheck(user_format, standard_format), arg1, arg2);
checks the format string user_format for consistency (same number/order/
type of format operators) with standard_format. If they differ,
standard_format is used instead to avoid potential crashes or security
violations.
Obtained from: NetBSD
Reviewed by: -arch
Diffstat (limited to 'lib/libc/gen/fmtcheck.3')
-rw-r--r-- | lib/libc/gen/fmtcheck.3 | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/lib/libc/gen/fmtcheck.3 b/lib/libc/gen/fmtcheck.3 new file mode 100644 index 0000000..d52ea48 --- /dev/null +++ b/lib/libc/gen/fmtcheck.3 @@ -0,0 +1,100 @@ +.\" Copyright (c) 2000 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This file was contributed to The NetBSD Foundation by Allen Briggs. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by the NetBSD +.\" Foundation, Inc. and its contributors. +.\" 4. Neither the name of The NetBSD Foundation nor the names of its +.\" contributors may be used to endorse or promote products derived +.\" from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.Dd October 17, 2000 +.Os +.Dt FMTCHECK 3 +.Sh NAME +.Nm fmtcheck +.Nd sanitizes user-supplied printf(3)-style format string +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.Fd #include <stdio.h> +.Ft const char * +.Fn fmtcheck "const char *fmt_suspect" "const char *fmt_default" +.Sh DESCRIPTION +The +.Nm +function scans +.Fa fmt_suspect +and +.Fa fmt_default +to determine if +.Fa fmt_suspect +will consume the same argument types as +.Fa fmt_default +and to ensure that +.Fa fmt_suspect +is a valid format string. +.Pp +The +.Xr printf 3 +family of functions can not verify the types of arguments that they are +passed at run-time. In some cases, like +.Xr catgets 3 , +it is useful or necessary to use a user-supplied format string with no +guarantee that the format string matches the specified parameters. +.Pp +The +.Nm +function was designed to be used in these cases, as in: +.Bd -literal -offset indent +printf(fmtcheck(user_format, standard_format), arg1, arg2); +.Ed +.Pp +In the check, field widths, fillers, precisions, etc. are ignored (unless +the field width or precision is an asterisk +.Ql * +instead of a digit string). Also, any text other than the format specifiers +is completely ignored. +.Pp +Note that the formats may be quite different as long as they accept the +same parameters. For example, ".Dq %p %o %30s %#llx %-10.*e %n" is +compatible with "This number %lu %d%% and string %s has %qd numbers +and %.*g floats (%n)." However, "%o" is not equivalent to "%lx" because +the first requires an integer and the second requires a long. +.Sh RETURN VALUES +If +.Fa fmt_suspect +is a valid format and consumes the same argument types as +.Fa fmt_default , +then the +.Nm +function will return +.Fa fmt_suspect . +Otherwise, it will return +.Fa fmt_default . +.Sh SEE ALSO +.Xr printf 3 |