osmocom
/
libosmocore
mirror of https://gerrit.osmocom.org/libosmocore
11
0
Fork 1
Code Issues Releases Wiki Activity

logging: fix NULL pointer dereference in _output_buf() 

In the _output_buf() we explicitly initialize only the 'buf' and 'len'
fields of the struct osmo_strbuf, leaving the 'pos' field implicitly
initialized to NULL.  Later, in this function, 'sb.pos' is passed to
ctime_r() and strlen(), leading to a NULL pointer dereference (segfault)
in certain scenarios.

This situation can occur when color logging is disabled or when
a specific logging subsystem has no associated color.  Any application
using libosmocore's logging API would crash with the following config:

log stderr
 logging filter all 1
 logging timestamp 1
 logging color 0

Fix this by initializing the 'pos' field explicitly.

Change-Id: I7ec9badf525e03e54e10b725d820c636eaa3fd1c
Fixes: d71331bc "logging: fix nul octets in log output / use osmo_strbuf"
Fixes: CID#336550
This commit is contained in:
Vadim Yanitskiy 2023-12-10 17:09:23 +07:00 committed by neels
parent d2e8f67f3d
commit 9c603e64bf
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/core/logging.c
View File

@ -488,7 +488,7 @@ static int _output_buf(char *buf, int buf_len, struct log_target *target, unsign
{
int ret;
const char *c_subsys = NULL;
struct osmo_strbuf sb = { .buf = buf, .len = buf_len };
struct osmo_strbuf sb = { .buf = buf, .pos = buf, .len = buf_len };
/* safety net in case of encountering errors and returning nothing */
buf[0] = '\0';