bus/selinux: Move vsnprintf call to avoid va_list reuse
In log_callback() the same va_list is reused for a call to vsnprintf and vsyslog. A va_list can't be reused in this manner, such use is undefined behavior that changes depending on glibc version. In current glibc versions a segfault can be observed from the callsite at bus/selinux.c:412. When trying to log a non-auditable event, the segfault happens in strlen inside vsyslog. Moving the call to vsnprintf closer to audit_log_user_avc_message (which is followed by a 'goto out') avoids the reuse and segfault. Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
This commit is contained in:
parent
237063358e
commit
52b73d511b
|
@ -114,9 +114,6 @@ log_callback (int type, const char *fmt, ...)
|
|||
* syslog if OOM, like the equivalent AppArmor code does. */
|
||||
char buf[PATH_MAX*2];
|
||||
|
||||
/* FIXME: need to change this to show real user */
|
||||
vsnprintf(buf, sizeof(buf), fmt, ap);
|
||||
|
||||
switch (type)
|
||||
{
|
||||
case SELINUX_AVC:
|
||||
|
@ -139,6 +136,8 @@ log_callback (int type, const char *fmt, ...)
|
|||
}
|
||||
|
||||
if (audit_type > 0) {
|
||||
/* FIXME: need to change this to show real user */
|
||||
vsnprintf(buf, sizeof(buf), fmt, ap);
|
||||
audit_log_user_avc_message(audit_fd, audit_type, buf, NULL, NULL,
|
||||
NULL, getuid());
|
||||
goto out;
|
||||
|
|
Loading…
Reference in New Issue