WireGuard implementation for the OpenBSD kernel https://git.zx2c4.com/wireguard-openbsd/atom/lib/libc/stdio?h=master 2021-04-01T14:27:47Z 2021-04-01T14:27:47Z deraadt deraadt@openbsd.org 2021-04-01T14:27:47Z urn:sha1:4af6ccb13c0b15884de7ae705671083a7b06d335 which will satisfy the toughest compiler options 2021-02-02T07:33:29Z jmc jmc@openbsd.org 2021-02-02T07:33:29Z urn:sha1:c1d0308a693828b31d436726f1e24f9a9741b4ac 2020-10-27T21:06:57Z deraadt deraadt@openbsd.org 2020-10-27T21:06:57Z urn:sha1:cd45c0a61756abdf73ec21d4f2e41d9144f129b6 Largely considered attack surface nowadays. The benefit provided by %n is completely overshadowed by the risk. New uses of %n don't seem to be entering the C ecosystem, as static tools flag them. And everyone points fingers at those people.... The list of programs (and libraries) which use %n is therefore finite and shrinking. Most of the %n use comes out of the GNU ecosystem. jca@ has convinced gnulib to fix their code (so we need to wait for software including gnulib to make new releases). A few libraries have moved ahead of us and become more strict. Some n longer permit %n (for instance, andriod bionic). Others log the occurance. Some log and abort if the output location is W|X (MacOS). Our base tree is clean. The ports tree contains a handful during build time, and unknown count (more) during runtime. We would like to abort programs on any occurance of %n. Or we could be like MacOS, aborting for W|X pages (but would need a system call which can check that condition, and that introduces addressspace knowledge we don't want attackers to know, and may be a poor tradeoff). For now, we can syslog, to increase awareness, and involve more people in the greater community to remove %n uses. [If %n is at the end, use the *printf return value. If it occurs in the middle, split the printf calls into multiples] Hopefully one day, we can just abort() when %n happens. Help us get there? ok jca, plus naddy for ports team 2020-09-13T12:58:08Z tb tb@openbsd.org 2020-09-13T12:58:08Z urn:sha1:253b110478f75e318d7f2390fa51e13ada5c85d3 2020-09-13T11:55:53Z claudio claudio@openbsd.org 2020-09-13T11:55:53Z urn:sha1:e15c5ff1aee02a98934fd1d41fd19e6698758994 OK deraadt@ 2020-08-17T16:17:39Z millert millert@openbsd.org 2020-08-17T16:17:39Z urn:sha1:d35e2a8f3fb7a08e8e9807b48cdfb1e897d73641 OK deraadt@ martijn@ 2020-08-14T12:00:33Z millert millert@openbsd.org 2020-08-14T12:00:33Z urn:sha1:ac593df8eb280317c6c3cf3013e2b2f08f75bb18 OK martijn@ mpi@ 2020-07-10T17:04:18Z deraadt deraadt@openbsd.org 2020-07-10T17:04:18Z urn:sha1:fc72f1bd953fd972e97f29fcde7eea07c3a5550a list of "[size]n" includes "n" on it's own, thereby the "int" case is described correctly. ok schwarze 2020-07-10T14:43:18Z schwarze schwarze@openbsd.org 2020-07-10T14:43:18Z urn:sha1:84fb3e49dc326f9c662b215011e0b21895666ecc to properly show the (differing) syntaxes of all the conversion specifications, and reduce the amount of forward references from the list of modifiers to the list of specifiers. While here, properly explain %lc and %ls. Also correct RETURN VALUES, which incorrectly talked about counting characters while actually bytes are counted. Using feedback from millert@, deraadt@, tb@, and Martin Vahlensieck. OK deraadt@, millert@, and tb@ on intermediate versions of this diff and no objections from jmc@. 2020-07-06T17:24:59Z schwarze schwarze@openbsd.org 2020-07-06T17:24:59Z urn:sha1:e571446a95083129733d5660e73f71944a5ef2f5 1. Clarify that %G uses %F, not %f; noticed by millert@. 2. Mention that %g originally meant "general notation", see: https://minnie.tuhs.org/cgi-bin/utree.pl?file=V7/usr/src/libc/stdio/doprnt.s Triggered by a somewhat different patch from Ian <ropers at gmail dot com>. Feedback and OK millert@ and jmc@.