lib/58389: syslog_r should be async-signal-safe

To: lib-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: lib/58389: syslog_r should be async-signal-safe
From: campbell+netbsd%mumble.net@localhost
Date: Mon, 1 Jul 2024 22:45:01 +0000 (UTC)

>Number:         58389
>Category:       lib
>Synopsis:       syslog_r should be async-signal-safe
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jul 01 22:45:00 +0000 2024
>Originator:     Taylor R Campbell
>Release:        current, 10, 9, ...
>Organization:
The NetBSD_r Foundation
>Environment:
>Description:
openlog_r and closelog_r may clobber errno, even though they don't report errors to the caller through errno.  They should save and restore it instead.

syslog_r uses tzset, and strftime which also calls tzset.  This requires taking global locks and modifying global state.  syslog_r should avoid both of those.  Maybe it should just format timestamps in UTC, unconditionally.

syslog_r may also use certain vsnprintf format directives, like positional argument references, that trigger memory allocation.
>How-To-Repeat:
find a remote code execution flaw in openssh (CVE-2024-6387)
>Fix:
Yes, please!

Follow-Ups:
- Re: lib/58389: syslog_r should be async-signal-safe
  - From: SODA Noriyuki

Prev by Date: PR/58388 CVS commit: src/sys/ufs/ext2fs
Next by Date: lib/58390: vis(3) and family should be async-signal-safe
Previous by Thread: PR/58388 CVS commit: src/sys/ufs/ext2fs
Next by Thread: Re: lib/58389: syslog_r should be async-signal-safe
Indexes:

Home | Main Index | Thread Index | Old Index