Re: [PATCH] vsprintf: BUG on %n

From: Joe Perches
Date: Mon Jan 27 2014 - 18:12:48 EST

Next message: Andrew Morton: "Re: [PATCH] lib: Export interval_tree"
Previous message: Ryan Mallon: "Re: [PATCH] vsprintf: BUG on %n"
In reply to: Kees Cook: "Re: [PATCH] vsprintf: BUG on %n"
Next in thread: Andrew Morton: "Re: [PATCH] vsprintf: BUG on %n"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2014-01-27 at 15:03 -0800, Kees Cook wrote:
> Now that there has been a full release of the kernel, and all users
> of %n have been dropped, switch to %n use triggering a BUG. Ignoring
> arguments could be used to assist in information leaks if an arbitrary
> format string was under the control of an attacker.
[]
> diff --git a/lib/vsprintf.c b/lib/vsprintf.c
[]
> @@ -1735,15 +1735,12 @@ int vsnprintf(char *buf, size_t size, const char *fmt, va_list args)
> case FORMAT_TYPE_NRCHARS: {
> /*
> * Since %n poses a greater security risk than
> - * utility, ignore %n and skip its argument.
> + * utility, it should not be implemented. Instead,
> + * BUG when encountering %n, since there are no
> + * legitimate users and skipping arguments could
> + * assist information leak attacks.
> */
> - void *skip_arg;
> -
> - WARN_ONCE(1, "Please remove ignored %%n in '%s'\n",
> - old_fmt);
> -
> - skip_arg = va_arg(args, void *);
> - break;
> + BUG();

BUGs should be avoided where possible.

I think using BUG here isn't necessary or good.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: [PATCH] lib: Export interval_tree"
Previous message: Ryan Mallon: "Re: [PATCH] vsprintf: BUG on %n"
In reply to: Kees Cook: "Re: [PATCH] vsprintf: BUG on %n"
Next in thread: Andrew Morton: "Re: [PATCH] vsprintf: BUG on %n"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]