diff options
author | Jeremi Piotrowski <jpiotrowski@microsoft.com> | 2023-01-09 17:11:32 +0100 |
---|---|---|
committer | Simon McVittie <smcv@collabora.com> | 2023-02-08 10:09:44 +0000 |
commit | c7ab8552adbf89ab13bda57bf9c3c02989e2339b (patch) | |
tree | a68e360e3e267675708591ed84228bc5234dd1e7 | |
parent | ff71375661c799ea29ca7aefd8fe39759b3125f7 (diff) |
bus/selinux: Move vsnprintf call to avoid va_list reuse
In log_callback() the same va_list is reused for a call to vsnprintf and
vsyslog. A va_list can't be reused in this manner, such use is undefined
behavior that changes depending on glibc version.
In current glibc versions a segfault can be observed from the callsite at
bus/selinux.c:412. When trying to log a non-auditable event, the segfault
happens in strlen inside vsyslog.
Moving the call to vsnprintf closer to audit_log_user_avc_message (which is
followed by a 'goto out') avoids the reuse and segfault.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
(cherry picked from commit 52b73d511b27de1fde3dd075af5d90393a1cd97d)
-rw-r--r-- | bus/selinux.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/bus/selinux.c b/bus/selinux.c index 42017e7a..c3cca7f8 100644 --- a/bus/selinux.c +++ b/bus/selinux.c @@ -112,9 +112,6 @@ log_callback (int type, const char *fmt, ...) * syslog if OOM, like the equivalent AppArmor code does. */ char buf[PATH_MAX*2]; - /* FIXME: need to change this to show real user */ - vsnprintf(buf, sizeof(buf), fmt, ap); - switch (type) { case SELINUX_AVC: @@ -137,6 +134,8 @@ log_callback (int type, const char *fmt, ...) } if (audit_type > 0) { + /* FIXME: need to change this to show real user */ + vsnprintf(buf, sizeof(buf), fmt, ap); audit_log_user_avc_message(audit_fd, audit_type, buf, NULL, NULL, NULL, getuid()); goto out; |