diff options
author | chris <chris@FreeBSD.org> | 2002-06-18 08:55:17 +0000 |
---|---|---|
committer | chris <chris@FreeBSD.org> | 2002-06-18 08:55:17 +0000 |
commit | 275daea3378736e5c39a04f758055711c12273a2 (patch) | |
tree | c874fea598e4ef22e5a2924fddf56e3fef606b95 /lib/libc/stdio | |
parent | 293e16b82f4db11e8c50a64edb59e5c6d978a04d (diff) | |
download | FreeBSD-src-275daea3378736e5c39a04f758055711c12273a2.zip FreeBSD-src-275daea3378736e5c39a04f758055711c12273a2.tar.gz |
Fix style and wording bugs introduced in my last commit.
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'lib/libc/stdio')
-rw-r--r-- | lib/libc/stdio/printf.3 | 20 |
1 files changed, 9 insertions, 11 deletions
diff --git a/lib/libc/stdio/printf.3 b/lib/libc/stdio/printf.3 index d10b294..4caf19d 100644 --- a/lib/libc/stdio/printf.3 +++ b/lib/libc/stdio/printf.3 @@ -713,18 +713,18 @@ foo(const char *arbitrary_string, const char *and_another) { char onstack[8]; -#if defined(BAD) +#ifdef BAD /* * This first sprintf is bad behavior. Do not use sprintf! */ - (void)sprintf(onstack, "%s, %s", arbitrary_string, and_another); -#elif defined(BETTER) + sprintf(onstack, "%s, %s", arbitrary_string, and_another); +#else /* * The following two lines demonstrate better use of * snprintf(). */ - (void)snprintf(onstack, sizeof(onstack) - 1, "%s, %s", - arbitrary_string, and_another); + snprintf(onstack, sizeof(onstack), "%s, %s", arbitrary_string, + and_another); #endif } .Ed @@ -742,15 +742,13 @@ or causing it to generate a memory fault or bus error by dereferencing an invalid pointer. .Pp .Cm %n -can be used to write arbitrary data to the stack. +can be used to write arbitrary data to potentially carefully-selected +addresses. Programmers are therefore strongly advised to never pass untrusted strings as the .Fa format -argument. -.Pp -Never pass a string with user-supplied data as a format without using -.Ql %s . -An attacker can put format specifiers in the string to mangle your stack, +argument, as an attacker can put format specifiers in the string +to mangle your stack, leading to a possible security hole. This holds true even if the string was built using a function like .Fn snprintf , |