Add warnings about trusting user-supplied data.

Reviewed by: ru Approved by: murray Obtained from: OpenBSD
author: eric <eric@FreeBSD.org> 2001-05-25 20:42:40 +0000
committer: eric <eric@FreeBSD.org> 2001-05-25 20:42:40 +0000
commit: 851fceab51b8b97544af74fe8f395076099eff89 (patch)
tree: 144fe45e743943fd302233c906b124fcab0fb022 /lib/libc/stdio/printf.3
parent: ff64d076a6eb3ccc08915d957aa900350c6111c6 (diff)
download: FreeBSD-src-851fceab51b8b97544af74fe8f395076099eff89.zip
FreeBSD-src-851fceab51b8b97544af74fe8f395076099eff89.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/lib/libc/stdio/printf.3 b/lib/libc/stdio/printf.3
index 30b02a6..590c1c0 100644
--- a/lib/libc/stdio/printf.3
+++ b/lib/libc/stdio/printf.3
@@ -664,3 +664,17 @@ For safety, programmers should use the
 .Fn snprintf
 interface instead.
 Unfortunately, this interface is not portable.
+.Pp
+Never pass a string with user-supplied data as a format without using
+.Ql %s .
+An attacker can put format specifiers in the string to mangle your stack,
+leading to a possible security hole.
+This holds true even if the string was built using a function like
+.Fn snprintf ,
+as the resulting string may still contain user-supplied conversion specifiers
+for later interpolation by
+.Fn printf .
+.Pp
+Always use the proper secure idiom:
+.Pp
+.Dl snprintf(buffer, sizeof(buffer), "%s", string);
author	eric <eric@FreeBSD.org>	2001-05-25 20:42:40 +0000
committer	eric <eric@FreeBSD.org>	2001-05-25 20:42:40 +0000
commit	851fceab51b8b97544af74fe8f395076099eff89 (patch)
tree	144fe45e743943fd302233c906b124fcab0fb022 /lib/libc/stdio/printf.3
parent	ff64d076a6eb3ccc08915d957aa900350c6111c6 (diff)
download	FreeBSD-src-851fceab51b8b97544af74fe8f395076099eff89.zip FreeBSD-src-851fceab51b8b97544af74fe8f395076099eff89.tar.gz