Re: [PATCH 1/4] lib/vsprintf.c: handle invalid format specifiers more robustly

2015-09-28 Thread Kees Cook
On Fri, Sep 25, 2015 at 10:41 AM, Rasmus Villemoes wrote: > If we meet any invalid or unsupported format specifier, 'handling' it > by just printing it as a literal string is not safe: Presumably the > format string and the arguments passed gcc's type checking, but that > means something like

Re: [PATCH 1/4] lib/vsprintf.c: handle invalid format specifiers more robustly

2015-09-28 Thread Rasmus Villemoes
On Mon, Sep 28 2015, Andy Shevchenko wrote: >> /* >> - * Since %n poses a greater security risk than >> utility, treat >> - * it as an invalid format specifier. Warn about its >> use so >> - * that new instances don't get added. >> +

Re: [PATCH 1/4] lib/vsprintf.c: handle invalid format specifiers more robustly

2015-09-28 Thread Andy Shevchenko
On Fri, 2015-09-25 at 19:41 +0200, Rasmus Villemoes wrote: > If we meet any invalid or unsupported format specifier, 'handling' it > by just printing it as a literal string is not safe: Presumably the > format string and the arguments passed gcc's type checking, but that > means something like

Re: [PATCH 1/4] lib/vsprintf.c: handle invalid format specifiers more robustly

2015-09-28 Thread Rasmus Villemoes
On Mon, Sep 28 2015, Andy Shevchenko wrote: >> /* >> - * Since %n poses a greater security risk than >> utility, treat >> - * it as an invalid format specifier. Warn about its >> use so >> - * that new

Re: [PATCH 1/4] lib/vsprintf.c: handle invalid format specifiers more robustly

2015-09-28 Thread Andy Shevchenko
On Fri, 2015-09-25 at 19:41 +0200, Rasmus Villemoes wrote: > If we meet any invalid or unsupported format specifier, 'handling' it > by just printing it as a literal string is not safe: Presumably the > format string and the arguments passed gcc's type checking, but that > means something like

Re: [PATCH 1/4] lib/vsprintf.c: handle invalid format specifiers more robustly

2015-09-28 Thread Kees Cook
On Fri, Sep 25, 2015 at 10:41 AM, Rasmus Villemoes wrote: > If we meet any invalid or unsupported format specifier, 'handling' it > by just printing it as a literal string is not safe: Presumably the > format string and the arguments passed gcc's type checking, but that

[PATCH 1/4] lib/vsprintf.c: handle invalid format specifiers more robustly

2015-09-25 Thread Rasmus Villemoes
If we meet any invalid or unsupported format specifier, 'handling' it by just printing it as a literal string is not safe: Presumably the format string and the arguments passed gcc's type checking, but that means something like sprintf(buf, "%n %pd", , dentry) would end up interpreting as a

[PATCH 1/4] lib/vsprintf.c: handle invalid format specifiers more robustly

2015-09-25 Thread Rasmus Villemoes
If we meet any invalid or unsupported format specifier, 'handling' it by just printing it as a literal string is not safe: Presumably the format string and the arguments passed gcc's type checking, but that means something like sprintf(buf, "%n %pd", , dentry) would end up interpreting as a