diff options
author | chris <chris@FreeBSD.org> | 2002-06-13 23:35:22 +0000 |
---|---|---|
committer | chris <chris@FreeBSD.org> | 2002-06-13 23:35:22 +0000 |
commit | 8b53de5eaad88aa5da73d918840cc537b5ddfdc4 (patch) | |
tree | 0832619f8642e3e0ff7b7a8a9d77c227aa64c8a9 /lib/libc | |
parent | b5791a138c890157932492db8b12458391471c9a (diff) | |
download | FreeBSD-src-8b53de5eaad88aa5da73d918840cc537b5ddfdc4.zip FreeBSD-src-8b53de5eaad88aa5da73d918840cc537b5ddfdc4.tar.gz |
Include information on the dangers of passing a user-supplied string as
a format string. This will later on be changed to a reference to the
FreeBSD Security Architecture after it has been committed.
PR: docs/39320
Sposnored by: DARPA, NAI Labs
Diffstat (limited to 'lib/libc')
-rw-r--r-- | lib/libc/stdio/printf.3 | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/lib/libc/stdio/printf.3 b/lib/libc/stdio/printf.3 index c46284e..3f5f8b4 100644 --- a/lib/libc/stdio/printf.3 +++ b/lib/libc/stdio/printf.3 @@ -700,6 +700,27 @@ a buffer overflow attack. the FSA and .Sx EXAMPLES . ) +.Pp +.\" XXX - rewrite after FSA +The +.Fn printf +and +.Fn vprintf +functions are also easily misused in a manner allowing malicious users +to arbitrarily change a running program's functionality by either +causing the program to print potentially sensitive data +.Dq "left on the stack," +or causing it to generate a memory fault or bus error +by dereferencing an invalid pointer. +.Pp +Never, under any circumstances pass a string obtained from the network, +a file, or any user as a format string to a +.Fn printf +or +.Fn sprintf +function. +.Xc +.Ec .Sh SEE ALSO .Xr printf 1 , .Xr scanf 3 , |