vasnprintf: avoid using %n in the general case

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

vasnprintf: avoid using %n in the general case

From:	Jeremie Courreges-Anglas
Subject:	vasnprintf: avoid using %n in the general case
Date:	Sun, 04 Oct 2020 00:18:03 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/27.1 (berkeley-unix)

Hi,

The attached patch changes vasnprintf.c to avoid using %n in the general
case, ie when the return value of snprintf is usable.  This should help
if more systems decide to make tighten %n usage.  There are plans for
that in OpenBSD land.

The existing comments in vasnprintf.c mention systems where
gl_SNPRINTF_RETVAL_C99 and gl_SNPRINTF_TRUNCATION_C99 pass.  This patch
only considers the usability of the return value of snprintf, as lack
of truncation seems to be a different problem (apparently handled later
in the code).

The patch is kept short so that no copyright assignement is needed, but
further cleanup can be done.  For example the list of systems where %n
is avoided could be shortened.

From e1e92bafa5ed7476c3facfa8b0bbc3e5cc7e6b52 Mon Sep 17 00:00:00 2001
From: Jeremie Courreges-Anglas <jca@wxcvbn.org>
Date: Sat, 3 Oct 2020 22:24:37 +0200
Subject: [PATCH] vasnprintf: avoid using %n in the general case

Several systems have started deprecating or tightening %n
usage, for security reasons.  Some ignore %n, some abort if the format
string is in writable memory, some just abort unconditionally.
Hardcoding a list of such systems doesn't scale.
* lib/vasnprintf.c: use the return value of snprintf if it is reliable.
---
 lib/vasnprintf.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/vasnprintf.c b/lib/vasnprintf.c
index 7f7513956..b52629c0a 100644
--- a/lib/vasnprintf.c
+++ b/lib/vasnprintf.c
@@ -5117,7 +5117,9 @@ VASNPRINTF (DCHAR_T *resultbuf, size_t *lengthp,
 #endif
                   *fbp = dp->conversion;
 #if USE_SNPRINTF
-# if ! (((__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 3))        \
+# if HAVE_SNPRINTF_RETVAL_C99
+                fbp[1] = '\0';
+# elif ! (((__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 3)) \
          && !defined __UCLIBC__)                                            \
         || (defined __APPLE__ && defined __MACH__)                          \
         || defined __ANDROID__                                              \
-- 
2.28.0

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

vasnprintf: avoid using %n in the general case, Jeremie Courreges-Anglas <=
- Re: vasnprintf: avoid using %n in the general case, Bruno Haible, 2020/10/04
  - Re: vasnprintf: avoid using %n in the general case, Jeremie Courreges-Anglas, 2020/10/04

Prev by Date: Re: Port getprogname module to SCO OpenServer
Next by Date: Re: Port getprogname module to SCO OpenServer
Previous by thread: fix typo in 39be62df3b9b2453392109f4b6c4bb418e8d175a
Next by thread: Re: vasnprintf: avoid using %n in the general case
Index(es):
- Date
- Thread