From: deraadt <deraadt@openbsd.org>
Date: Tue, 6 Oct 2015 23:01:43 +0000 (+0000)
Subject: obvious tame "stdio".  For those not keeping score, this is another
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=222df3215a9d0f6e28a23d89297c1c85a15f188b;p=openbsd

obvious tame "stdio".  For those not keeping score, this is another
program which has had string mismanagement bugs before, probably
of the exploitable fashion.. if used in the wrong kind of script..
---

diff --git a/usr.bin/printf/printf.c b/usr.bin/printf/printf.c
index 289177c3bf8..f7883ea969d 100644
--- a/usr.bin/printf/printf.c
+++ b/usr.bin/printf/printf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: printf.c,v 1.22 2014/05/25 07:36:36 jmc Exp $	*/
+/*	$OpenBSD: printf.c,v 1.23 2015/10/06 23:01:43 deraadt Exp $	*/
 
 /*
  * Copyright (c) 1989 The Regents of the University of California.
@@ -32,6 +32,7 @@
 #include <ctype.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <unistd.h>
 #include <string.h>
 #include <limits.h>
 #include <locale.h>
@@ -81,6 +82,9 @@ main(int argc, char *argv[])
 
 	setlocale (LC_ALL, "");
 
+	if (tame("stdio", NULL) == -1)
+		err(1, "tame");
+
 	/* Need to accept/ignore "--" option. */
 	if (argc > 1 && strcmp(argv[1], "--") == 0) {
 		argc--;