Theo de Raadt wrote:
> Similar comments here:
>
> > Another attempt to be helpful. This removes %n from brltty.
> > Compiles, but untested due to I don't have a braille device.
> >
> > +@@ -87,8 +87,9 @@ describeCommand (int command, char *buffer, int size)
> > + candidate->name, number, candidate->description);
> > + } else {
> > + int offset;
> > +- snprintf(buffer, size, "%s: %n%s",
> > +- candidate->name, &offset, candidate->description);
> > ++ offset = snprintf(buffer, size, "%s: %s",
> > ++ candidate->name, candidate->description);
> > ++ offset -= strlen(candidate->description);
>
> You can remove the %n%s from the tail of the format string, and
> calculate offset directly:
>
> offset = snprintf(buffer, size, "%s: ", candidate->name, &offset);
The &offset slipped in here, right? I can't make sense of it.
> After checking offset isn't -1 or an overflow (which the code
> currently does not do), then append the description into the buffer:
>
> snprintf(buffer + offset, size - offset, "%s", candidate->description);
>
> And if the offset bounds check is added, how could an upstream say no to
> accepting a diff which handles a string truncation better?
Thanks a lot for the hand-holding.
Updated patch:
Index: misc/brltty/Makefile
===================================================================
RCS file: /cvs/ports/misc/brltty/Makefile,v
retrieving revision 1.20
diff -u -p -u -p -r1.20 Makefile
--- misc/brltty/Makefile 11 Feb 2021 12:51:03 -0000 1.20
+++ misc/brltty/Makefile 11 Sep 2021 06:42:51 -0000
@@ -3,7 +3,7 @@
COMMENT= access software for a blind person using a braille terminal
DISTNAME= brltty-3.6
-REVISION= 5
+REVISION= 6
CATEGORIES= misc
HOMEPAGE= http://mielke.cc/brltty
MASTER_SITES= ${HOMEPAGE}/releases/
Index: misc/brltty/patches/patch-Programs_cmd_c
===================================================================
RCS file: misc/brltty/patches/patch-Programs_cmd_c
diff -N misc/brltty/patches/patch-Programs_cmd_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ misc/brltty/patches/patch-Programs_cmd_c 11 Sep 2021 06:42:51 -0000
@@ -0,0 +1,20 @@
+$OpenBSD$
+
+Remove %n format-specifier from snprintf
+
+Index: Programs/cmd.c
+--- Programs/cmd.c.orig
++++ Programs/cmd.c
+@@ -87,9 +87,9 @@ describeCommand (int command, char *buffer, int size)
+ candidate->name, number, candidate->description);
+ } else {
+ int offset;
+- snprintf(buffer, size, "%s: %n%s",
+- candidate->name, &offset, candidate->description);
+-
++ offset = snprintf(buffer, size, "%s: ", candidate->name);
++ if(offset>0)
++ snprintf(buffer + offset, size - offset, "%s",
candidate->description);
+ if ((blk == 0) && (command & BRL_FLG_TOGGLE_MASK)) {
+ char *description = buffer + offset;
+ const char *oldVerb = "toggle";
