Module Name: src
Committed By: maxv
Date: Sat Jul 11 07:14:53 UTC 2020
Modified Files:
src/sys/kern: subr_prf.c
Log Message:
Remove support for '%n' in the kernel printf functions.
It makes vulnerabilities too easily exploitable, is unused and as a sanity
rule should not be used in the kernel to begin with.
Now, "printf(unfiltered_string);" is much less of a problem.
To generate a diff of this commit:
cvs rdiff -u -r1.184 -r1.185 src/sys/kern/subr_prf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/subr_prf.c
diff -u src/sys/kern/subr_prf.c:1.184 src/sys/kern/subr_prf.c:1.185
--- src/sys/kern/subr_prf.c:1.184 Sat May 23 23:42:43 2020
+++ src/sys/kern/subr_prf.c Sat Jul 11 07:14:53 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: subr_prf.c,v 1.184 2020/05/23 23:42:43 ad Exp $ */
+/* $NetBSD: subr_prf.c,v 1.185 2020/07/11 07:14:53 maxv Exp $ */
/*-
* Copyright (c) 1986, 1988, 1991, 1993
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_prf.c,v 1.184 2020/05/23 23:42:43 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_prf.c,v 1.185 2020/07/11 07:14:53 maxv Exp $");
#ifdef _KERNEL_OPT
#include "opt_ddb.h"
@@ -1373,20 +1373,21 @@ reswitch: switch (ch) {
base = DEC;
goto number;
case 'n':
+ /* no %n support in the kernel, consume and skip */
if (flags & MAXINT)
- *va_arg(ap, intmax_t *) = ret;
+ (void)va_arg(ap, intmax_t *);
else if (flags & PTRINT)
- *va_arg(ap, intptr_t *) = ret;
+ (void)va_arg(ap, intptr_t *);
else if (flags & SIZEINT)
- *va_arg(ap, ssize_t *) = ret;
+ (void)va_arg(ap, ssize_t *);
else if (flags & QUADINT)
- *va_arg(ap, quad_t *) = ret;
+ (void)va_arg(ap, quad_t *);
else if (flags & LONGINT)
- *va_arg(ap, long *) = ret;
+ (void)va_arg(ap, long *);
else if (flags & SHORTINT)
- *va_arg(ap, short *) = ret;
+ (void)va_arg(ap, short *);
else
- *va_arg(ap, int *) = ret;
+ (void)va_arg(ap, int *);
continue; /* no output */
case 'O':
flags |= LONGINT;
