diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2013-11-25 00:33:22 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2013-11-25 00:33:22 +0000 |
| commit | 4e3d3859663501b27fc2b561faae7976c552e9de (patch) | |
| tree | 5046e0945dd0cd8124ff30a5d41008eeb6e124a0 /sys | |
| parent | 779d7c544dff9f0e5d8b33416963b1fbd8438738 (diff) | |
disable %n in printf(9); there is no need for it in the kernel besides
making format-string vulnerabilities exploitable; inspired by similar
change made by Kees Cook to Linux; ok deraadt@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/kern/subr_prf.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/sys/kern/subr_prf.c b/sys/kern/subr_prf.c index 6ad71f5fab4..8131fc95be8 100644 --- a/sys/kern/subr_prf.c +++ b/sys/kern/subr_prf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: subr_prf.c,v 1.79 2013/08/07 22:06:48 bluhm Exp $ */ +/* $OpenBSD: subr_prf.c,v 1.80 2013/11/25 00:33:21 djm Exp $ */ /* $NetBSD: subr_prf.c,v 1.45 1997/10/24 18:14:25 chuck Exp $ */ /*- @@ -861,16 +861,17 @@ reswitch: switch (ch) { base = DEC; goto number; case 'n': + /* %n is unsupported in the kernel; just skip it */ if (flags & QUADINT) - *va_arg(ap, quad_t *) = ret; + (void)va_arg(ap, quad_t *); else if (flags & LONGINT) - *va_arg(ap, long *) = ret; + (void)va_arg(ap, long *); else if (flags & SHORTINT) - *va_arg(ap, short *) = ret; + (void)va_arg(ap, short *); else if (flags & SIZEINT) - *va_arg(ap, ssize_t *) = ret; + (void)va_arg(ap, ssize_t *); else - *va_arg(ap, int *) = ret; + (void)va_arg(ap, int *); continue; /* no output */ case 'O': flags |= LONGINT; |