• Kees Cook's avatar
    vsprintf: ignore %n again · 9196436a
    Kees Cook authored
    This ignores %n in printf again, as was originally documented.
    Implementing %n poses a greater security risk than utility, so it should
    stay ignored.  To help anyone attempting to use %n, a warning will be
    emitted if it is encountered.
    
    Based on an earlier patch by Joe Perches.
    
    Because %n was designed to write to pointers on the stack, it has been
    frequently used as an attack vector when bugs are found that leak
    user-controlled strings into functions that ultimately process format
    strings.  While this class of bug can still be turned into an
    information leak, removing %n eliminates the common method of elevating
    such a bug into an arbitrary kernel memory writing primitive,
    significantly reducing the danger of this class of bug.
    
    For seq_file users that need to know the length of a written string for
    padding, please see seq_setwidth() and seq_pad() instead.
    Signed-off-by: default avatarKees Cook <keescook@chromium.org>
    Cc: Joe Perches <joe@perches.com>
    Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
    Cc: David Miller <davem@davemloft.net>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    9196436a
vsprintf.c 58.3 KB