Sort sections, sort SEE ALSO, remove trailing whitespace.

2008-12-11 09:07:46 +00:00 · 2008-12-11 09:07:46 +00:00 · 5d7029bf64
commit 5d7029bf64
parent 2c4ff71b65
1 changed files with 79 additions and 79 deletions
--- a/lib/libc/stdio/printf.3
+++ b/lib/libc/stdio/printf.3
@ -1,4 +1,4 @@
-.\"	$NetBSD: printf.3,v 1.45 2008/12/11 04:30:57 yamt Exp $
+.\"	$NetBSD: printf.3,v 1.46 2008/12/11 09:07:46 wiz Exp $
 .\"
 .\" Copyright (c) 1990, 1991, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@ -386,10 +386,10 @@ equivalent in size to a
 The following length modifier is valid for the
 .Cm a ,
 .Cm A ,
-.Cm e , 
-.Cm E , 
-.Cm f , 
-.Cm F , 
+.Cm e ,
+.Cm E ,
+.Cm f ,
+.Cm F ,
 .Cm g ,
 or
 .Cm G
@ -712,7 +712,7 @@ If an output error was encountered, these functions shall return a
 negative value.
 .Sh EXAMPLES
 .br
-To print a date and time in the form 
+To print a date and time in the form
 .Dq Li "Sunday, July 3, 10:02" ,
 where
 .Fa weekday
@ -750,77 +750,6 @@ char *newfmt(const char *fmt, ...)
 		return (p);
 }
 .Ed
-.Sh SECURITY CONSIDERATIONS
-The
-.Fn sprintf
-and
-.Fn vsprintf
-functions are easily misused in a manner which enables malicious users
-to arbitrarily change a running program's functionality through
-a buffer overflow attack.
-Because
-.Fn sprintf
-and
-.Fn vsprintf
-assume an infinitely long string,
-callers must be careful not to overflow the actual space;
-this is often hard to assure.
-For safety, programmers should use the
-.Fn snprintf
-interface instead.
-For example:
-.Bd -literal
-void
-foo(const char *arbitrary_string, const char *and_another)
-{
-	char onstack[8];
-
-#ifdef BAD
-	/*
-	 * This first sprintf is bad behavior.  Do not use sprintf!
-	 */
-	sprintf(onstack, "%s, %s", arbitrary_string, and_another);
-#else
-	/*
-	 * The following two lines demonstrate better use of
-	 * snprintf().
-	 */
-	snprintf(onstack, sizeof(onstack), "%s, %s", arbitrary_string,
-	    and_another);
-#endif
-}
-.Ed
-.Pp
-The
-.Fn printf
-and
-.Fn sprintf
-family of functions are also easily misused in a manner
-allowing malicious users to arbitrarily change a running program's
-functionality by either causing the program
-to print potentially sensitive data
-.Dq "left on the stack" ,
-or causing it to generate a memory fault or bus error
-by dereferencing an invalid pointer.
-.Pp
-.Cm %n
-can be used to write arbitrary data to potentially carefully-selected
-addresses.
-Programmers are therefore strongly advised to never pass untrusted strings
-as the
-.Fa format
-argument, as an attacker can put format specifiers in the string
-to mangle your stack,
-leading to a possible security hole.
-This holds true even if the string was built using a function like
-.Fn snprintf ,
-as the resulting string may still contain user-supplied conversion specifiers
-for later interpolation by
-.Fn printf .
-.Pp
-Always use the proper secure idiom:
-.Pp
-.Dl "snprintf(buffer, sizeof(buffer), \*q%s\*q, string);"
 .Sh ERRORS
 In addition to the errors documented for the
 .Xr write 2
@ -836,10 +765,10 @@ Insufficient storage space is available.
 .Sh SEE ALSO
 .Xr printf 1 ,
 .Xr fmtcheck 3 ,
-.Xr printf 9 ,
 .Xr scanf 3 ,
 .Xr setlocale 3 ,
-.Xr wprintf 3
+.Xr wprintf 3 ,
+.Xr printf 9
 .Sh STANDARDS
 Subject to the caveats noted in the
 .Sx BUGS
@ -954,3 +883,74 @@ The
 family of functions do not correctly handle multibyte characters in the
 .Fa format
 argument.
+.Sh SECURITY CONSIDERATIONS
+The
+.Fn sprintf
+and
+.Fn vsprintf
+functions are easily misused in a manner which enables malicious users
+to arbitrarily change a running program's functionality through
+a buffer overflow attack.
+Because
+.Fn sprintf
+and
+.Fn vsprintf
+assume an infinitely long string,
+callers must be careful not to overflow the actual space;
+this is often hard to assure.
+For safety, programmers should use the
+.Fn snprintf
+interface instead.
+For example:
+.Bd -literal
+void
+foo(const char *arbitrary_string, const char *and_another)
+{
+	char onstack[8];
+
+#ifdef BAD
+	/*
+	 * This first sprintf is bad behavior.  Do not use sprintf!
+	 */
+	sprintf(onstack, "%s, %s", arbitrary_string, and_another);
+#else
+	/*
+	 * The following two lines demonstrate better use of
+	 * snprintf().
+	 */
+	snprintf(onstack, sizeof(onstack), "%s, %s", arbitrary_string,
+	    and_another);
+#endif
+}
+.Ed
+.Pp
+The
+.Fn printf
+and
+.Fn sprintf
+family of functions are also easily misused in a manner
+allowing malicious users to arbitrarily change a running program's
+functionality by either causing the program
+to print potentially sensitive data
+.Dq "left on the stack" ,
+or causing it to generate a memory fault or bus error
+by dereferencing an invalid pointer.
+.Pp
+.Cm %n
+can be used to write arbitrary data to potentially carefully-selected
+addresses.
+Programmers are therefore strongly advised to never pass untrusted strings
+as the
+.Fa format
+argument, as an attacker can put format specifiers in the string
+to mangle your stack,
+leading to a possible security hole.
+This holds true even if the string was built using a function like
+.Fn snprintf ,
+as the resulting string may still contain user-supplied conversion specifiers
+for later interpolation by
+.Fn printf .
+.Pp
+Always use the proper secure idiom:
+.Pp
+.Dl "snprintf(buffer, sizeof(buffer), \*q%s\*q, string);"