+ vsprintf-ignore-arguments-to-%n.patch added to -mm tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Subject: + vsprintf-ignore-arguments-to-%n.patch added to -mm tree
To: keescook@xxxxxxxxxxxx,dborkman@xxxxxxxxxx,jkosina@xxxxxxx,joe@xxxxxxxxxxx,olof@xxxxxxxxx,rmallon@xxxxxxxxx,stable@xxxxxxxxxxxxxxx,stepanm@xxxxxxxxxxxxxx,viro@xxxxxxxxxxxxxxxxxx
From: akpm@xxxxxxxxxxxxxxxxxxxx
Date: Tue, 28 Jan 2014 12:05:40 -0800


The patch titled
     Subject: vsprintf: ignore arguments to %n
has been added to the -mm tree.  Its filename is
     vsprintf-ignore-arguments-to-%n.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/vsprintf-ignore-arguments-to-%n.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/vsprintf-ignore-arguments-to-%n.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/SubmitChecklist when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Kees Cook <keescook@xxxxxxxxxxxx>
Subject: vsprintf: ignore arguments to %n

If arguments are consumed without output when encountering %n, it could be
used to benefit or improve information leak attacks that were exposed via
a limited size buffer.  Since %n is not used by the kernel, there is no
reason to make an info leak attack any easier.

Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Ryan Mallon <rmallon@xxxxxxxxx>
Cc: Jiri Kosina <jkosina@xxxxxxx>
Cc: Joe Perches <joe@xxxxxxxxxxx>
Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Cc: Olof Johansson <olof@xxxxxxxxx>
Cc: Stepan Moskovchenko <stepanm@xxxxxxxxxxxxxx>
Cc: Daniel Borkmann <dborkman@xxxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx>	[3.13+]
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 lib/vsprintf.c |   10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff -puN lib/vsprintf.c~vsprintf-ignore-arguments-to-%n lib/vsprintf.c
--- a/lib/vsprintf.c~vsprintf-ignore-arguments-to-%n
+++ a/lib/vsprintf.c
@@ -1735,14 +1735,10 @@ int vsnprintf(char *buf, size_t size, co
 		case FORMAT_TYPE_NRCHARS: {
 			/*
 			 * Since %n poses a greater security risk than
-			 * utility, ignore %n and skip its argument.
+			 * utility, it should not be implemented. Instead,
+			 * when encountering %n, ignore the arguments.
 			 */
-			void *skip_arg;
-
-			WARN_ONCE(1, "Please remove ignored %%n in '%s'\n",
-					old_fmt);
-
-			skip_arg = va_arg(args, void *);
+			WARN_ONCE(1, "Ignored %%n in '%s'\n", old_fmt);
 			break;
 		}
 
_

Patches currently in -mm which might be from keescook@xxxxxxxxxxxx are

origin.patch
vsprintf-ignore-arguments-to-%n.patch
lib-vsprintf-add-%pt-format-specifier.patch
binfmt_elfc-use-get_random_int-to-fix-entropy-depleting.patch
linux-next.patch

--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]