summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2013-11-25 00:33:22 +0000
committerDamien Miller <djm@cvs.openbsd.org>2013-11-25 00:33:22 +0000
commit4e3d3859663501b27fc2b561faae7976c552e9de (patch)
tree5046e0945dd0cd8124ff30a5d41008eeb6e124a0
parent779d7c544dff9f0e5d8b33416963b1fbd8438738 (diff)
disable %n in printf(9); there is no need for it in the kernel besides
making format-string vulnerabilities exploitable; inspired by similar change made by Kees Cook to Linux; ok deraadt@
-rw-r--r--sys/kern/subr_prf.c13
1 files changed, 7 insertions, 6 deletions
diff --git a/sys/kern/subr_prf.c b/sys/kern/subr_prf.c
index 6ad71f5fab4..8131fc95be8 100644
--- a/sys/kern/subr_prf.c
+++ b/sys/kern/subr_prf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: subr_prf.c,v 1.79 2013/08/07 22:06:48 bluhm Exp $ */
+/* $OpenBSD: subr_prf.c,v 1.80 2013/11/25 00:33:21 djm Exp $ */
/* $NetBSD: subr_prf.c,v 1.45 1997/10/24 18:14:25 chuck Exp $ */
/*-
@@ -861,16 +861,17 @@ reswitch: switch (ch) {
base = DEC;
goto number;
case 'n':
+ /* %n is unsupported in the kernel; just skip it */
if (flags & QUADINT)
- *va_arg(ap, quad_t *) = ret;
+ (void)va_arg(ap, quad_t *);
else if (flags & LONGINT)
- *va_arg(ap, long *) = ret;
+ (void)va_arg(ap, long *);
else if (flags & SHORTINT)
- *va_arg(ap, short *) = ret;
+ (void)va_arg(ap, short *);
else if (flags & SIZEINT)
- *va_arg(ap, ssize_t *) = ret;
+ (void)va_arg(ap, ssize_t *);
else
- *va_arg(ap, int *) = ret;
+ (void)va_arg(ap, int *);
continue; /* no output */
case 'O':
flags |= LONGINT;