Re: [PATCH] vsprintf: ignore arguments to %n

From: Kees Cook
Date: Tue Jan 28 2014 - 15:51:17 EST

Next message: Borislav Petkov: "Re: AMD microcode loading broken on 32 bit"
Previous message: Borislav Petkov: "Re: [GIT PULL] x86/kaslr for v3.14"
In reply to: Ryan Mallon: "Re: [PATCH] vsprintf: ignore arguments to %n"
Next in thread: Ryan Mallon: "Re: [PATCH] vsprintf: ignore arguments to %n"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jan 27, 2014 at 5:02 PM, Ryan Mallon <rmallon@xxxxxxxxx> wrote:
> On 28/01/14 11:39, Kees Cook wrote:
>> If arguments are consumed without output when encountering %n, it
>> could be used to benefit or improve information leak attacks that were
>> exposed via a limited size buffer. Since %n is not used by the kernel,
>> there is no reason to make an info leak attack any easier.
>
> I was thinking more like the following. Print the warning if %n is
> detected in format_decode(), but otherwise just remove the handling of
> %n outright and treat it like any other invalid format specifier.
> Something like this completely untested patch. Thoughts?

I'd be totally fine with it. Minor typo in the comment before the
WARN_ONCE (should be "its" instead of "it"), but otherwise looks good.
Consider it:

Acked-by: Kees Cook <keescook@xxxxxxxxxxxx>

It builds and boots fine for me, FWIW.

-Kees

--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Borislav Petkov: "Re: AMD microcode loading broken on 32 bit"
Previous message: Borislav Petkov: "Re: [GIT PULL] x86/kaslr for v3.14"
In reply to: Ryan Mallon: "Re: [PATCH] vsprintf: ignore arguments to %n"
Next in thread: Ryan Mallon: "Re: [PATCH] vsprintf: ignore arguments to %n"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]