Now that there has been a full release of the kernel, and all users of %n have been dropped, switch to %n use triggering a BUG. Ignoring arguments could be used to assist in information leaks if an arbitrary format string was under the control of an attacker.
Signed-off-by: Kees Cook <[email protected]> --- lib/vsprintf.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/lib/vsprintf.c b/lib/vsprintf.c index 185b6d300ebc..a27fd7f61325 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -1735,15 +1735,12 @@ int vsnprintf(char *buf, size_t size, const char *fmt, va_list args) case FORMAT_TYPE_NRCHARS: { /* * Since %n poses a greater security risk than - * utility, ignore %n and skip its argument. + * utility, it should not be implemented. Instead, + * BUG when encountering %n, since there are no + * legitimate users and skipping arguments could + * assist information leak attacks. */ - void *skip_arg; - - WARN_ONCE(1, "Please remove ignored %%n in '%s'\n", - old_fmt); - - skip_arg = va_arg(args, void *); - break; + BUG(); } default: -- 1.7.9.5 -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
