summaryrefslogtreecommitdiff
path: root/arch
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2013-03-23 18:59:30 -0400
committerRich Felker <dalias@aerifal.cx>2013-03-23 18:59:30 -0400
commit427c0ca79e8ab429681310308a0a87cd5fdd1837 (patch)
tree04f3dfe19d6fce0e138751f510751f8ef24e722e /arch
parentdfdc337b3b276e6ea0e4786ede699f4d0d93dc40 (diff)
downloadmusl-427c0ca79e8ab429681310308a0a87cd5fdd1837.tar.gz
musl-427c0ca79e8ab429681310308a0a87cd5fdd1837.tar.bz2
musl-427c0ca79e8ab429681310308a0a87cd5fdd1837.tar.xz
musl-427c0ca79e8ab429681310308a0a87cd5fdd1837.zip
fix multiple bugs in syslog interfaces
1. as reported by William Haddon, the value returned by snprintf was wrongly used as a length passed to sendto, despite it possibly exceeding the buffer length. this could lead to invalid reads and leaking additional data to syslog. 2. openlog was storing a pointer to the ident string passed by the caller, rather than copying it. this bug is shared with (and even documented in) other implementations like glibc, but such behavior does not seem to meet the requirements of the standard. 3. extremely long ident provided to openlog, or corrupt ident due to the above issue, could possibly have resulted in buffer overflows. despite having the potential for smashing the stack, i believe the impact is low since ident points to a short string literal in typical application usage (and per the above bug, other usages will break horribly on other implementations). 4. when used with LOG_NDELAY, openlog was not connecting the newly-opened socket; sendto was being used instead. this defeated the main purpose of LOG_NDELAY: preparing for chroot. 5. the default facility was not being used at all, so all messages without an explicit facility passed to syslog were getting logged at the kernel facility. 6. setlogmask was not thread-safe; no synchronization was performed updating the mask. the fix uses atomics rather than locking to avoid introducing a lock in the fast path for messages whose priority is not in the mask. 7. in some code paths, the syslog lock was being unlocked twice; this could result in releasing a lock that was actually held by a different thread. some additional enhancements to syslog such as a default identifier based on argv[0] or similar may still be desired; at this time, only the above-listed bugs have been fixed.
Diffstat (limited to 'arch')
0 files changed, 0 insertions, 0 deletions