On Sat, May 03, 2014 at 11:28:16AM +0200, Reyk Floeter wrote: > On Fri, May 02, 2014 at 06:50:04PM -0600, Bob Beck wrote: > > What's their hangup with %n? We normally don't like polluting the world > > with #ifdef OPENSSL_NO_PERCENT_N... We normally nuke stuff like that > > Well, it is an evil thing that is rarely used and well-known for some > format string vulnerabilities. So either adding this #define or > removing it from our libc wouldn't be a bad idea. But it is in POSIX, > right? > > At a first look, I only found it in a few places of our tree where it > could be removed: > > gcc, texinfo, curses, libform, sqlite, less, tmux, unbound, nsd > > Not couting ports, but some software already seems to check if %n is > available to do a fallback otherwise. > > Reyk
And you do expect the fallback to be of good quality ? I think that the same rationale that lead to including some crypto code in openssl applies there: if we don't provide it, people will roll their own posixy-printf, and we know how well that turns out in general... (including stuff that peeks and duplicates the internals of FILE, like I'll be happy if I *never* get to fix this kind of code again).