bus/selinux: Move vsnprintf call to avoid va_list reuse

In log_callback() the same va_list is reused for a call to vsnprintf and
vsyslog. A va_list can't be reused in this manner, such use is undefined
behavior that changes depending on glibc version.

In current glibc versions a segfault can be observed from the callsite at
bus/selinux.c:412. When trying to log a non-auditable event, the segfault
happens in strlen inside vsyslog.

Moving the call to vsnprintf closer to audit_log_user_avc_message (which is
followed by a 'goto out') avoids the reuse and segfault.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
(cherry picked from commit 52b73d511b27de1fde3dd075af5d90393a1cd97d)

diff --git a/bus/selinux.c b/bus/selinux.c
index 42017e7a00499facf62d4773e4db120bae66858c..c3cca7f8783d4f90e6622398621419b4228d23fc 100644 (file)
--- a/bus/selinux.c
+++ b/bus/selinux.c
@@ -112,9 +112,6 @@ log_callback (int type, const char *fmt, ...)
      * syslog if OOM, like the equivalent AppArmor code does. */
     char buf[PATH_MAX*2];
 
-    /* FIXME: need to change this to show real user */
-    vsnprintf(buf, sizeof(buf), fmt, ap);
-
     switch (type)
       {
       case SELINUX_AVC:
@@ -137,6 +134,8 @@ log_callback (int type, const char *fmt, ...)
       }
 
     if (audit_type > 0) {
+      /* FIXME: need to change this to show real user */
+      vsnprintf(buf, sizeof(buf), fmt, ap);
       audit_log_user_avc_message(audit_fd, audit_type, buf, NULL, NULL,
                              NULL, getuid());
       goto out;