Re: [PATCH] remove %n printf format specifier support from vsprintf.c

[viro]

On Thu, Apr 08, 2004 at 12:18:15AM +0300, Muli Ben-Yehuda wrote:
> Hi, 
> 
> This patch removes support for the %n format specifier from
> vsprintf, remove the sole use of %n in the kernel, fixes seq_printf to
> return the number of characters written rather than 0 on success
> (thus getting rid of %n), and fixes the only two callers of seq_printf
> who bothered to look at the return value.  
> 
> The printf man page has this to say about '%n': 
> 
> "The number of characters written so far is stored into the integer
> indicated by the int * (or variant) pointer argument.  No argument is
> converted." 
> 
> Very little code actually uses %n for that. These days, %n has a much
> more common use - in printf format string exploits. Since there's only
> one user of %n in the kernel, this patch removes support for it and
> fixes the user. To preempt the obvious argument, I agree that printk
> should look and behave as much as possible as printf - except where
> it's harmful. We don't support floating point, for example, and I
> doubt we should support %n - although I don't strongly care one way or
> another. 

IMO that's wrong - if we get untrusted format we are screwed anyway (shove
enough %s and you are pretty much guaranteed to get an oops) and it's more
than likely that check for return value being negative will be forgotten.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/