Hi, The attached patch changes vasnprintf.c to avoid using %n in the general case, ie when the return value of snprintf is usable. This should help if more systems decide to make tighten %n usage. There are plans for that in OpenBSD land.
The existing comments in vasnprintf.c mention systems where gl_SNPRINTF_RETVAL_C99 and gl_SNPRINTF_TRUNCATION_C99 pass. This patch only considers the usability of the return value of snprintf, as lack of truncation seems to be a different problem (apparently handled later in the code). The patch is kept short so that no copyright assignement is needed, but further cleanup can be done. For example the list of systems where %n is avoided could be shortened.
From e1e92bafa5ed7476c3facfa8b0bbc3e5cc7e6b52 Mon Sep 17 00:00:00 2001
From: Jeremie Courreges-Anglas <j...@wxcvbn.org>
Date: Sat, 3 Oct 2020 22:24:37 +0200
Subject: [PATCH] vasnprintf: avoid using %n in the general case
Several systems have started deprecating or tightening %n
usage, for security reasons. Some ignore %n, some abort if the format
string is in writable memory, some just abort unconditionally.
Hardcoding a list of such systems doesn't scale.
* lib/vasnprintf.c: use the return value of snprintf if it is reliable.
---
lib/vasnprintf.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/vasnprintf.c b/lib/vasnprintf.c
index 7f7513956..b52629c0a 100644
--- a/lib/vasnprintf.c
+++ b/lib/vasnprintf.c
@@ -5117,7 +5117,9 @@ VASNPRINTF (DCHAR_T *resultbuf, size_t *lengthp,
#endif
*fbp = dp->conversion;
#if USE_SNPRINTF
-# if ! (((__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 3)) \
+# if HAVE_SNPRINTF_RETVAL_C99
+ fbp[1] = '\0';
+# elif ! (((__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 3)) \
&& !defined __UCLIBC__) \
|| (defined __APPLE__ && defined __MACH__) \
|| defined __ANDROID__ \
--
2.28.0
-- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
signature.asc
Description: PGP signature
