From: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Date: Mon, 9 Jan 2023 16:11:32 +0000 (+0100)
Subject: bus/selinux: Move vsnprintf call to avoid va_list reuse
X-Git-Tag: dbus-1.15.4~10^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=52b73d511b27de1fde3dd075af5d90393a1cd97d;p=thirdparty%2Fdbus.git

bus/selinux: Move vsnprintf call to avoid va_list reuse

In log_callback() the same va_list is reused for a call to vsnprintf and
vsyslog. A va_list can't be reused in this manner, such use is undefined
behavior that changes depending on glibc version.

In current glibc versions a segfault can be observed from the callsite at
bus/selinux.c:412. When trying to log a non-auditable event, the segfault
happens in strlen inside vsyslog.

Moving the call to vsnprintf closer to audit_log_user_avc_message (which is
followed by a 'goto out') avoids the reuse and segfault.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
---

diff --git a/bus/selinux.c b/bus/selinux.c
index 359f69a76..16665f452 100644
--- a/bus/selinux.c
+++ b/bus/selinux.c
@@ -114,9 +114,6 @@ log_callback (int type, const char *fmt, ...)
      * syslog if OOM, like the equivalent AppArmor code does. */
     char buf[PATH_MAX*2];
 
-    /* FIXME: need to change this to show real user */
-    vsnprintf(buf, sizeof(buf), fmt, ap);
-
     switch (type)
       {
       case SELINUX_AVC:
@@ -139,6 +136,8 @@ log_callback (int type, const char *fmt, ...)
       }
 
     if (audit_type > 0) {
+      /* FIXME: need to change this to show real user */
+      vsnprintf(buf, sizeof(buf), fmt, ap);
       audit_log_user_avc_message(audit_fd, audit_type, buf, NULL, NULL,
                              NULL, getuid());
       goto out;