If arguments are consumed without output when encountering %n, it could be used to benefit or improve information leak attacks that were exposed via a limited size buffer. Since %n is not used by the kernel, there is no reason to make an info leak attack any easier.
Signed-off-by: Kees Cook <keesc...@chromium.org> Cc: sta...@vger.kernel.org # 3.13+ --- lib/vsprintf.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/lib/vsprintf.c b/lib/vsprintf.c index 185b6d300ebc..9d5c48b705f9 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -1735,14 +1735,10 @@ int vsnprintf(char *buf, size_t size, const char *fmt, va_list args) case FORMAT_TYPE_NRCHARS: { /* * Since %n poses a greater security risk than - * utility, ignore %n and skip its argument. + * utility, it should not be implemented. Instead, + * when encountering %n, ignore the arguments. */ - void *skip_arg; - - WARN_ONCE(1, "Please remove ignored %%n in '%s'\n", - old_fmt); - - skip_arg = va_arg(args, void *); + WARN_ONCE(1, "Ignored %%n in '%s'\n", old_fmt); break; } -- 1.7.9.5 -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/