From 937b352e23839361e7bcbc84d0e180c1c3bb9285 Mon Sep 17 00:00:00 2001 From: Ed Maste Date: Sat, 9 May 2020 15:56:02 +0000 Subject: [PATCH] remove %n support from printf(9) It can be dangerous and there is no need for it in the kernel. Inspired by Kees Cook's change in Linux, and later OpenBSD. Reviewed by: cem, gordon, philip Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D24760 --- share/man/man9/printf.9 | 8 ++++++-- sys/kern/subr_prf.c | 18 +++++++++++------- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/share/man/man9/printf.9 b/share/man/man9/printf.9 index 0b4bd826aa5c..1a3640871bd1 100644 --- a/share/man/man9/printf.9 +++ b/share/man/man9/printf.9 @@ -26,7 +26,7 @@ .\" .\" $FreeBSD$ .\" -.Dd November 18, 2015 +.Dd May 9, 2020 .Dt PRINTF 9 .Os .Sh NAME @@ -83,7 +83,7 @@ parameter in the same manner as .Xr printf 3 . However, .Xr printf 9 -adds two other conversion specifiers. +adds two other conversion specifiers and omits one. .Pp The .Cm \&%b @@ -121,6 +121,10 @@ If present, a width directive will specify the number of bytes to display. By default, 16 bytes of data are output. .Pp The +.Cm \&%n +conversion specifier is not supported. +.Pp +The .Fn log function uses .Xr syslog 3 diff --git a/sys/kern/subr_prf.c b/sys/kern/subr_prf.c index 20f8b3ae3e3f..31117c4e3415 100644 --- a/sys/kern/subr_prf.c +++ b/sys/kern/subr_prf.c @@ -775,20 +775,24 @@ reswitch: switch (ch = (u_char)*fmt++) { lflag = 1; goto reswitch; case 'n': + /* + * We do not support %n in kernel, but consume the + * argument. + */ if (jflag) - *(va_arg(ap, intmax_t *)) = retval; + (void)va_arg(ap, intmax_t *); else if (qflag) - *(va_arg(ap, quad_t *)) = retval; + (void)va_arg(ap, quad_t *); else if (lflag) - *(va_arg(ap, long *)) = retval; + (void)va_arg(ap, long *); else if (zflag) - *(va_arg(ap, size_t *)) = retval; + (void)va_arg(ap, size_t *); else if (hflag) - *(va_arg(ap, short *)) = retval; + (void)va_arg(ap, short *); else if (cflag) - *(va_arg(ap, char *)) = retval; + (void)va_arg(ap, char *); else - *(va_arg(ap, int *)) = retval; + (void)va_arg(ap, int *); break; case 'o': base = 8;