Re: exim fixing %n (from deraadt@)

Mon, 20 Sep 2021 08:18:53 -0700 


On 9/20/21 1:13 PM, Stuart Henderson wrote:

On 2021/09/20 13:09, Renaud Allard wrote:



On 9/20/21 11:32 AM, Stuart Henderson wrote:

On 2021/09/20 10:29, Stuart Henderson wrote:

Some of these are pretty hairy and it's a moving codebase. Since they
are applying compiler "printf-like" attribute to functions which are
using their own functions rather than libc printf, and we are purely
making this change to disable the spurious warning because there is
no abort in their %n handling, can't we just disable the annotations
instead?


actually my patch comment is too short, maybe this instead

Don't do printf-like checks on Exim's internal printf-like functions on
OpenBSD. libc printf functions abort() on %n use, and the compiler has
been modified to warn about this; however this does not apply to Exim's
functions which do still support %n.




This is more a political decision on what we are trying to solve here,
compiler warnings or secure coding practices. In the end, I would like to
have Theo's point of view.


The other patch doesn't solve anything other than false-positive warnings,
because the implementation of their printf-like functions still supports %n.





From a maintenance perspective, the mtypes patch could make it upstream 
and it would also avoid to have to patch newer code which could include 
further use of %n.





Index: patches/patch-src_mytypes_h
===================================================================
RCS file: patches/patch-src_mytypes_h
diff -N patches/patch-src_mytypes_h
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_mytypes_h 20 Sep 2021 09:28:21 -0000
@@ -0,0 +1,20 @@
+$OpenBSD$
+
+Don't do printf-like checks on OpenBSD, which warn about %n use.
+
+Index: src/mytypes.h
+--- src/mytypes.h.orig
++++ src/mytypes.h
+@@ -33,7 +33,11 @@ local_scan.h includes it and exim.h includes them both
+ the arguments of printf-like functions. This is done by a macro. */
+
+ #if defined(__GNUC__) || defined(__clang__)
+-# define PRINTF_FUNCTION(A,B) __attribute__((format(printf,A,B)))
++# if defined(__OpenBSD__)
++#  define PRINTF_FUNCTION(A,B)        /**/
++# else
++#  define PRINTF_FUNCTION(A,B)        __attribute__((format(printf,A,B)))
++# endif
+ # define ARG_UNUSED           __attribute__((__unused__))
+ # define WARN_UNUSED_RESULT   __attribute__((__warn_unused_result__))
+ # define ALLOC                        __attribute__((malloc))















Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature























					Reply via email to