lib/55041: syslog(3) segfaults due invalid read address when calling with invalid priority

To: lib-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: lib/55041: syslog(3) segfaults due invalid read address when calling with invalid priority
From: k4m1%protonmail.com@localhost
Date: Mon, 2 Mar 2020 13:55:00 +0000 (UTC)

>Number:         55041
>Category:       lib
>Synopsis:       syslog(3) segfaults due invalid read address when calling with invalid priority
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Mar 02 13:55:00 +0000 2020
>Originator:     Would rather not specify
>Release:        NetBSD 8.1
>Organization:
>Environment:
NetBSD localhost 8.1 NetBSD 8.1 (GENERIC) #0: Fri May 31 08:43:59 UTC 2019  mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
invalid `priority` argument from syslog(3) is taken as argument `const char *s` for strlen(3). This leads to segmentation fault as strlen attempts to read from address `priority`.
>How-To-Repeat:
C source-code to re-trigger segfault:

#include <syslog.h>

int
main()
{
        /* syslog(int priority, const char *message, ...); */
        syslog(-1, "foobar");
}
>Fix:
not exactly sure where the strlen() call with `priority` happens, but
fix would be not to do that, to state the obvious.

Prev by Date: PR/55041 CVS commit: src/lib/libc/gen
Next by Date: Re: kern/54818: 9.0_RC1 pagedaemon spins
Previous by Thread: PR/55041 CVS commit: src/lib/libc/gen
Next by Thread: misc/55042: Panic when creating a directory on a NFS served ZFS
Indexes:

Home | Main Index | Thread Index | Old Index