From 3db6bc30f0e26d953bca864b431c6c743877e324 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Mon, 30 Aug 2021 11:16:49 +0000
Subject: [PATCH] jca and I converted %n to a syslog warning about a year ago,
 and the ports ecosystem experienced a very good cleanup.  Time has arrived to
 switch (as planned) to syslog + abort, which will result in a coredump thus
 identifying the remaining culprits in a more visible fashion. vfprintf(3) and
 vfwprintf(3) man pages still require documentation changes. with jca

---
 lib/libc/stdio/vfprintf.c  | 75 +++++++++----------------------------
 lib/libc/stdio/vfwprintf.c | 77 +++++++++++---------------------------
 2 files changed, 39 insertions(+), 113 deletions(-)

diff --git a/lib/libc/stdio/vfprintf.c b/lib/libc/stdio/vfprintf.c
index 53f59e6faca..527de41d75c 100644
--- a/lib/libc/stdio/vfprintf.c
+++ b/lib/libc/stdio/vfprintf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: vfprintf.c,v 1.79 2020/10/27 21:06:57 deraadt Exp $	*/
+/*	$OpenBSD: vfprintf.c,v 1.80 2021/08/30 11:16:49 deraadt Exp $	*/
 /*-
  * Copyright (c) 1990 The Regents of the University of California.
  * All rights reserved.
@@ -56,9 +56,6 @@
 #include "local.h"
 #include "fvwrite.h"
 
-static const char n_msg[] = ": *printf used %n: ";
-static int n_report;
-
 union arg {
 	int			intarg;
 	unsigned int		uintarg;
@@ -801,63 +798,29 @@ fp_common:
 			}
 			break;
 #endif /* FLOATING_POINT */
-#ifndef NO_PRINTF_PERCENT_N
 		case 'n': {
-			int maxprot = 0;
-
-#ifdef notyet
-			if (mprotections(fmt0, strlen(fmt0) + 1,
-			    &maxprot) == -1)
-				maxprot = 0;
-			maxprot &= ~PROT_READ;
-#endif
+			static const char n_msg[] = ": *printf used %n, aborting: ";
+			char buf[1024], *p;
 
-			if (n_report == 0 || maxprot) {
-				char buf[1024], *p;
+			/* <10> is LOG_CRIT */
+			strlcpy(buf, "<10>", sizeof buf);
 
-				/* <10> is LOG_CRIT */
-				strlcpy(buf, "<10>", sizeof buf);
-
-				/* XXX */
-				if ((p = getenv("_THIS_PORT")) != NULL) {
-					strlcat(buf, p, sizeof buf);
-					strlcat(buf, " ", sizeof buf);
-				}
-
-				/* Make sure progname does not fill the whole buffer */
-				strlcat(buf, __progname, sizeof(buf) - sizeof n_msg);
-				strlcat(buf, n_msg, sizeof buf);
-				strlcat(buf, fmt0, sizeof buf);
-				if ((p = strchr(buf, '\n')))
-					*p = '\0';
-				if (maxprot)
-					strlcat(buf, ": aborting", sizeof buf);
-				sendsyslog(buf, strlen(buf), LOG_CONS);
-				n_report = 1;
+			/* XXX */
+			if ((p = getenv("_THIS_PORT")) != NULL) {
+				strlcat(buf, p, sizeof buf);
+				strlcat(buf, " ", sizeof buf);
 			}
 
-			if (maxprot)
-				abort();
-
-			if (flags & LLONGINT)
-				*GETARG(long long *) = ret;
-			else if (flags & LONGINT)
-				*GETARG(long *) = ret;
-			else if (flags & SHORTINT)
-				*GETARG(short *) = ret;
-			else if (flags & CHARINT)
-				*GETARG(signed char *) = ret;
-			else if (flags & PTRINT)
-				*GETARG(ptrdiff_t *) = ret;
-			else if (flags & SIZEINT)
-				*GETARG(ssize_t *) = ret;
-			else if (flags & MAXINT)
-				*GETARG(intmax_t *) = ret;
-			else
-				*GETARG(int *) = ret;
-			continue;	/* no output */
+			/* Make sure progname does not fill the whole buffer */
+			strlcat(buf, __progname, sizeof(buf) - sizeof n_msg);
+			strlcat(buf, n_msg, sizeof buf);
+			strlcat(buf, fmt0, sizeof buf);
+			if ((p = strchr(buf, '\n')))
+				*p = '\0';
+			sendsyslog(buf, strlen(buf), LOG_CONS);
+			abort();
+			break;
 			}
-#endif /* NO_PRINTF_PERCENT_N */
 		case 'O':
 			flags |= LONGINT;
 			/*FALLTHROUGH*/
@@ -1350,7 +1313,6 @@ reswitch:	switch (ch) {
 				ADDTYPE(T_DOUBLE);
 			break;
 #endif /* FLOATING_POINT */
-#ifndef NO_PRINTF_PERCENT_N
 		case 'n':
 			if (flags & LLONGINT)
 				ADDTYPE(TP_LLONG);
@@ -1367,7 +1329,6 @@ reswitch:	switch (ch) {
 			else
 				ADDTYPE(TP_INT);
 			continue;	/* no output */
-#endif /* NO_PRINTF_PERCENT_N */
 		case 'O':
 			flags |= LONGINT;
 			/*FALLTHROUGH*/
diff --git a/lib/libc/stdio/vfwprintf.c b/lib/libc/stdio/vfwprintf.c
index cadbed15337..15312c27a18 100644
--- a/lib/libc/stdio/vfwprintf.c
+++ b/lib/libc/stdio/vfwprintf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: vfwprintf.c,v 1.20 2020/10/27 21:06:57 deraadt Exp $ */
+/*	$OpenBSD: vfwprintf.c,v 1.21 2021/08/30 11:16:49 deraadt Exp $ */
 /*-
  * Copyright (c) 1990 The Regents of the University of California.
  * All rights reserved.
@@ -55,9 +55,6 @@
 #include "local.h"
 #include "fvwrite.h"
 
-static const char n_msg[] = ": *wprintf used %n";
-static int n_report;
-
 union arg {
 	int			intarg;
 	unsigned int		uintarg;
@@ -785,62 +782,32 @@ fp_common:
 			}
 			break;
 #endif /* FLOATING_POINT */
-#ifndef NO_PRINTF_PERCENT_N
 		case 'n': {
-			int maxprot = 0;
-
-#ifdef notyet
-			if (mprotections(fmt0, wcslen(fmt0) + 1,
-			    &maxprot) == -1)
-				maxprot = 0;
-			maxprot &= ~PROT_READ;
-#endif
+			static const char n_msg[] = ": *wprintf used %n, aborting";
+			char buf[1024], *p;
 
-			if (n_report == 0 || maxprot) {
-				char buf[1024], *p;
+			/* <10> is LOG_CRIT */
+			strlcpy(buf, "<10>", sizeof buf);
 
-				/* <10> is LOG_CRIT */
-				strlcpy(buf, "<10>", sizeof buf);
-
-				/* XXX */
-				if ((p = getenv("_THIS_PORT")) != NULL) {
-					strlcat(buf, p, sizeof buf);
-					strlcat(buf, " ", sizeof buf);
-				}
-
-				/* Make sure progname does not fill the whole buffer */
-				strlcat(buf, __progname, sizeof(buf) - sizeof n_msg);
-				strlcat(buf, n_msg, sizeof buf);
-				/* XXX should we include the wide string? */
-				if ((p = strchr(buf, '\n')))
-					*p = '\0';
-				if (maxprot)
-					strlcat(buf, ": aborting", sizeof buf);
-				sendsyslog(buf, strlen(buf), LOG_CONS);
-				n_report = 1;
+			/* XXX */
+			if ((p = getenv("_THIS_PORT")) != NULL) {
+				strlcat(buf, p, sizeof buf);
+				strlcat(buf, " ", sizeof buf);
 			}
-			if (maxprot)
-				abort();
 
-			if (flags & LLONGINT)
-				*GETARG(long long *) = ret;
-			else if (flags & LONGINT)
-				*GETARG(long *) = ret;
-			else if (flags & SHORTINT)
-				*GETARG(short *) = ret;
-			else if (flags & CHARINT)
-				*GETARG(signed char *) = ret;
-			else if (flags & PTRINT)
-				*GETARG(ptrdiff_t *) = ret;
-			else if (flags & SIZEINT)
-				*GETARG(ssize_t *) = ret;
-			else if (flags & MAXINT)
-				*GETARG(intmax_t *) = ret;
-			else
-				*GETARG(int *) = ret;
-			continue;	/* no output */
+			/* Make sure progname does not fill the whole buffer */
+			strlcat(buf, __progname, sizeof(buf) - sizeof n_msg);
+			strlcat(buf, n_msg, sizeof buf);
+			/*
+			 * vfprintf sends fmt0 via syslog, but this is not
+			 * good behaviour for wide strings.
+			 */
+			if ((p = strchr(buf, '\n')))
+				*p = '\0';
+			sendsyslog(buf, strlen(buf), LOG_CONS);
+			abort();
+			break;
 			}
-#endif /* NO_PRINTF_PERCENT_N */
 		case 'O':
 			flags |= LONGINT;
 			/*FALLTHROUGH*/
@@ -1347,7 +1314,6 @@ reswitch:	switch (ch) {
 				ADDTYPE(T_DOUBLE);
 			break;
 #endif /* FLOATING_POINT */
-#ifndef NO_PRINTF_PERCENT_N
 		case 'n':
 			if (flags & LLONGINT)
 				ADDTYPE(TP_LLONG);
@@ -1364,7 +1330,6 @@ reswitch:	switch (ch) {
 			else
 				ADDTYPE(TP_INT);
 			continue;	/* no output */
-#endif /* NO_PRINTF_PERCENT_N */
 		case 'O':
 			flags |= LONGINT;
 			/*FALLTHROUGH*/
-- 
2.20.1