NAME¶
fmtcheck
—
sanitizes user-supplied
printf(3)-style format string
LIBRARY¶
library “libbsd”
SYNOPSIS¶
#include
<bsd/stdio.h>
const char *
fmtcheck
(
const
char *fmt_suspect,
const char
*fmt_default);
DESCRIPTION¶
The
fmtcheck
() scans
fmt_suspect and
fmt_default to determine if
fmt_suspect will consume the same argument
types as
fmt_default and to ensure that
fmt_suspect is a valid format string.
The
printf(3) family of functions cannot verify the
types of arguments that they are passed at run-time. In some cases, like
catgets(3), it is useful or necessary to use a
user-supplied format string with no guarantee that the format string matches
the specified arguments.
The
fmtcheck
() was designed to be used in
these cases, as in:
printf(fmtcheck(user_format, standard_format), arg1, arg2);
In the check, field widths, fillers, precisions, etc. are ignored (unless the
field width or precision is an asterisk
‘
*
’ instead of a digit string). Also,
any text other than the format specifiers is completely ignored.
RETURN VALUES¶
If
fmt_suspect is a valid format and consumes
the same argument types as
fmt_default, then
the
fmtcheck
() will return
fmt_suspect. Otherwise, it will return
fmt_default.
SECURITY CONSIDERATIONS¶
Note that the formats may be quite different as long as they accept the same
arguments. For example, “
%p %o %30s %#llx %-10.*e
%n
” is compatible with “
This number %lu
%d%% and string %s has %qd numbers and %.*g floats (%n)
”.
However, “
%o
” is not equivalent to
“
%lx
” because the first requires an
integer and the second requires a long.
SEE ALSO¶
printf(3)
BUGS¶
The
fmtcheck
() function does not understand
all of the conversions that
printf(3) does.