remove %n support from printf(9)

It can be dangerous and there is no need for it in the kernel. Inspired by Kees Cook's change in Linux, and later OpenBSD. Reviewed by: cem, gordon, philip Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D24760
svn path=/head/; revision=360849
2020-05-09 15:56:02 +00:00 · 2020-05-09 15:56:02 +00:00 · 937b352e23 · 2020-12-20 02:59:44 +00:00
commit 937b352e23
parent 75c600d287
2 changed files with 17 additions and 9 deletions
--- a/share/man/man9/printf.9
+++ b/share/man/man9/printf.9
@ -26,7 +26,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd November 18, 2015
+.Dd May 9, 2020
 .Dt PRINTF 9
 .Os
 .Sh NAME
@ -83,7 +83,7 @@ parameter in the same manner as
 .Xr printf 3 .
 However,
 .Xr printf 9
-adds two other conversion specifiers.
+adds two other conversion specifiers and omits one.
 .Pp
 The
 .Cm \&%b
@ -121,6 +121,10 @@ If present, a width directive will specify the number of bytes to display.
 By default, 16 bytes of data are output.
 .Pp
 The
+.Cm \&%n
+conversion specifier is not supported.
+.Pp
+The
 .Fn log
 function uses
 .Xr syslog 3
--- a/sys/kern/subr_prf.c
+++ b/sys/kern/subr_prf.c
@ -775,20 +775,24 @@ reswitch:	switch (ch = (u_char)*fmt++) {
 				lflag = 1;
 			goto reswitch;
 		case 'n':
+			/*
+			 * We do not support %n in kernel, but consume the
+			 * argument.
+			 */
 			if (jflag)
-				*(va_arg(ap, intmax_t *)) = retval;
+				(void)va_arg(ap, intmax_t *);
 			else if (qflag)
-				*(va_arg(ap, quad_t *)) = retval;
+				(void)va_arg(ap, quad_t *);
 			else if (lflag)
-				*(va_arg(ap, long *)) = retval;
+				(void)va_arg(ap, long *);
 			else if (zflag)
-				*(va_arg(ap, size_t *)) = retval;
+				(void)va_arg(ap, size_t *);
 			else if (hflag)
-				*(va_arg(ap, short *)) = retval;
+				(void)va_arg(ap, short *);
 			else if (cflag)
-				*(va_arg(ap, char *)) = retval;
+				(void)va_arg(ap, char *);
 			else
-				*(va_arg(ap, int *)) = retval;
+				(void)va_arg(ap, int *);
 			break;
 		case 'o':
 			base = 8;