diff options
| author | Rich Felker <dalias@aerifal.cx> | 2024-02-07 16:08:11 -0500 |
|---|---|---|
| committer | Rich Felker <dalias@aerifal.cx> | 2024-02-07 16:08:11 -0500 |
| commit | 39838619bb8b65a8897abcfda8c17ad6de0115d8 (patch) | |
| tree | fa25d3f221295a7ed7b1ace7336d1ab80e842b16 /src | |
| parent | 8b7048680731707d135ea231f81eb3eaf52378ee (diff) | |
| download | musl-39838619bb8b65a8897abcfda8c17ad6de0115d8.tar.gz musl-39838619bb8b65a8897abcfda8c17ad6de0115d8.tar.xz musl-39838619bb8b65a8897abcfda8c17ad6de0115d8.zip | |
syslog: use C locale for timestamp generation
depending on contents of the LC_TIME locale, log messages could be malformatted (especially if the ABMON strings contain non-alphabetic characters) or the subsequent code could invoke undefined behavior, via passing a timebuf[] with unspecified contents to snprintf, if the translated ABMON string did not fit in the 16-byte timebuf. this does not appear to be a security-relevant bug, as locale loading functionality is intentionally not available to set*id programs -- the MUSL_LOCPATH environment variable is ignored when libc.secure is true, and custom locales are not loadable without it.
Diffstat (limited to 'src')
| -rw-r--r-- | src/misc/syslog.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/misc/syslog.c b/src/misc/syslog.c index 7dc0c1be..710202f9 100644 --- a/src/misc/syslog.c +++ b/src/misc/syslog.c @@ -11,6 +11,7 @@ #include <fcntl.h> #include "lock.h" #include "fork_impl.h" +#include "locale_impl.h" static volatile int lock[1]; static char log_ident[32]; @@ -99,7 +100,7 @@ static void _vsyslog(int priority, const char *message, va_list ap) now = time(NULL); gmtime_r(&now, &tm); - strftime(timebuf, sizeof timebuf, "%b %e %T", &tm); + strftime_l(timebuf, sizeof timebuf, "%b %e %T", &tm, C_LOCALE); pid = (log_opt & LOG_PID) ? getpid() : 0; l = snprintf(buf, sizeof buf, "<%d>%s %n%s%s%.0d%s: ", |