markdown fixes

bradh352 · Jan 9, 2025 · 3f0d0b9 · 3f0d0b9
1 parent f4541d3
commit 3f0d0b9
Showing 1 changed file with 15 additions and 15 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -37,25 +37,25 @@ issue to only the reporter and the project's security team.
    we receive are invalid.  Please don't waste their time.
 2. The report must have a detailed description of the issue or issues.
 3. The report should have a valid minimal test case to reproduce the issue.
-  a. Any code in a test case that isn't relevant to reproducing the issue
+  1. Any code in a test case that isn't relevant to reproducing the issue
      ***must*** be removed.
-  b. The test case ***must*** compile cleanly with warnings enabled, for
+  2. The test case ***must*** compile cleanly with warnings enabled, for
      clang/gcc at a minimum, `-Wall -W`, or `/W3` for MSVC.
-  c. The reporter ***must*** validate the API being called is being used in an
+  3. The reporter ***must*** validate the API being called is being used in an
      appropriate manner, in accordance with common C best practices and
      requirements. e.g.:
-    i.   If an API takes a C string, that means the input must be a valid C
-         string (e.g. NULL terminated).
-    ii.  Must not cast incompatible data types to silence compiler warnings
-         (possibly generated by complying with 3b above) as this will cause
-         undefined behavior.  Use the right data types. (e.g.
-         `struct ares_txt_reply *` can't be cast to `ares_dns_record_t *`, they
-         are different types).
-    iii. Make sure to free/destroy any c-ares generated objects using the
-         correct function as documented in the man page of the function that
-         generated the object (e.g. use `ares_free_hostent()` to free
-         a `struct hostent *` created by `ares_parse_ptr_reply()`, not
-         `ares_free_data()`).
+    1. If an API takes a C string, that means the input must be a valid C
+       string (e.g. NULL terminated).
+    2. Must not cast incompatible data types to silence compiler warnings
+       (possibly generated by complying with 3b above) as this will cause
+       undefined behavior.  Use the right data types. (e.g.
+       `struct ares_txt_reply *` can't be cast to `ares_dns_record_t *`, they
+       are different types).
+    3. Make sure to free/destroy any c-ares generated objects using the
+       correct function as documented in the man page of the function that
+       generated the object (e.g. use `ares_free_hostent()` to free
+       a `struct hostent *` created by `ares_parse_ptr_reply()`, not
+       `ares_free_data()`).
 4. The report should include a stacktrace/backtrace of the issue if possible.
 5. Include the below acknowledgement statement in the email containing the
    vulnerability report.  Evaluation of the vulnerabilities will not occur