Attachment #22642 for bug #39230

View | Details | Raw Unified | Return to bug 39230
Collapse All | Expand All




.Ed
.Sh SECURITY CONSIDERATIONS
The
.Nm
family of functions take a
.Ar format
argument which is not to be left out, even if you are intending to
only print a single string.
Failure to include the
.Ar format
argument may lead to malicious users providing a specially
crafted format string to take control of the program.
.Pp
The
.Fn sprintf
and
.Fn vsprintf
functions lack bounds checking and are easily misused in a manner
which enables malicious users to arbitrarily change a running
program's functionality through a buffer overflow attack.
(See
the FSA
and

Return to bug 39230

Lines 690-701 Link Here

(-)printf.3 (-3 / +14 lines)
690	.Ed	690	.Ed
691	.Sh SECURITY CONSIDERATIONS	691	.Sh SECURITY CONSIDERATIONS
692	The	692	The
		693	.Nm
		694	family of functions take a
		695	.Ar format
		696	argument which is not to be left out, even if you are intending to
		697	only print a single string.
		698	Failure to include the
		699	.Ar format
		700	argument may lead to malicious users providing a specially
		701	crafted format string to take control of the program.
		702	.Pp
		703	The
693	.Fn sprintf	704	.Fn sprintf
694	and	705	and
695	.Fn vsprintf	706	.Fn vsprintf
696	functions are easily misused in a manner which enables malicious users	707	functions lack bounds checking and are easily misused in a manner
697	to arbitrarily change a running program's functionality through	708	which enables malicious users to arbitrarily change a running
698	a buffer overflow attack.	709	program's functionality through a buffer overflow attack.
699	(See	710	(See
700	the FSA	711	the FSA
701	and	712	and