From 5a01bd8fc580db2edf79343f28a8e93f47af098a Mon Sep 17 00:00:00 2001 From: deraadt Date: Mon, 30 Aug 2021 17:07:47 +0000 Subject: [PATCH] Document that %n has been neutered -- it now does syslog+abort. ok ingo --- lib/libc/stdio/printf.3 | 28 +++++++++------------------- 1 file changed, 9 insertions(+), 19 deletions(-) diff --git a/lib/libc/stdio/printf.3 b/lib/libc/stdio/printf.3 index f83b9030fc0..71554f0aeb1 100644 --- a/lib/libc/stdio/printf.3 +++ b/lib/libc/stdio/printf.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: printf.3,v 1.90 2021/04/01 14:27:47 deraadt Exp $ +.\" $OpenBSD: printf.3,v 1.91 2021/08/30 17:07:47 deraadt Exp $ .\" .\" Copyright (c) 1990, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -33,7 +33,7 @@ .\" .\" @(#)printf.3 8.1 (Berkeley) 6/4/93 .\" -.Dd $Mdocdate: April 1 2021 $ +.Dd $Mdocdate: August 30 2021 $ .Dt PRINTF 3 .Os .Sh NAME @@ -576,26 +576,16 @@ supporting the same modifiers. .Cm n .Sm on .Pp -The number of bytes written so far is stored at the variable indicated -by the pointer argument. The .Cm %n -conversion specifier produces no output. +conversion specifier has serious security implications, so it was changed to +no longer store the number of bytes written so far into the variable indicated +by the pointer argument. +Instead a +.Xr syslog 3 +message will be generated, after which the program is aborted with +.Dv SIGABRT . .Pp -Make sure the -.Ar size -modifier matches the type of the pointer passed: -.Bl -column %hhn -.It Cm %hhn Ta Vt signed char * -.It Cm %hn Ta Vt signed short * -.It Cm %n Ta Vt signed int * -.It Cm %ln Ta Vt signed long * Pq percent ell en -.It Cm %lln Ta Vt signed long long * Pq percent ell ell en -.It Cm %jn Ta Vt intmax_t * -.It Cm %tn Ta Vt ptrdiff_t * -.It Cm %zn Ta Vt ssize_t * -.It Cm %qn Ta Vt quad_t * Pq deprecated -.El .It Cm %o .Sm off .Cm % -- 2.20.1