bus/selinux: Move vsnprintf call to avoid va_list reuse

In log_callback() the same va_list is reused for a call to vsnprintf and
vsyslog. A va_list can't be reused in this manner, such use is undefined
behavior that changes depending on glibc version.

In current glibc versions a segfault can be observed from the callsite at
bus/selinux.c:412. When trying to log a non-auditable event, the segfault
happens in strlen inside vsyslog.

Moving the call to vsnprintf closer to audit_log_user_avc_message (which is
followed by a 'goto out') avoids the reuse and segfault.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>

diff --git a/bus/selinux.c b/bus/selinux.c
index 359f69a761e4ac6f400a6ec74b25da9a03058e56..16665f45261c19308e2ed0f4bfeb8eb60ca4a0ae 100644 (file)
--- a/bus/selinux.c
+++ b/bus/selinux.c
@@ -114,9 +114,6 @@ log_callback (int type, const char *fmt, ...)
      * syslog if OOM, like the equivalent AppArmor code does. */
     char buf[PATH_MAX*2];
 
-    /* FIXME: need to change this to show real user */
-    vsnprintf(buf, sizeof(buf), fmt, ap);
-
     switch (type)
       {
       case SELINUX_AVC:
@@ -139,6 +136,8 @@ log_callback (int type, const char *fmt, ...)
       }
 
     if (audit_type > 0) {
+      /* FIXME: need to change this to show real user */
+      vsnprintf(buf, sizeof(buf), fmt, ap);
       audit_log_user_avc_message(audit_fd, audit_type, buf, NULL, NULL,
                              NULL, getuid());
       goto out;