Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

syslog issues #95041

Closed
serhiy-storchaka opened this issue Jul 20, 2022 · 6 comments
Closed

syslog issues #95041

serhiy-storchaka opened this issue Jul 20, 2022 · 6 comments
Assignees
@serhiy-storchaka
Labels
3.10 only security fixes 3.11 only security fixes 3.12 bugs and security fixes pending The issue will be closed if no feedback is provided type-bug An unexpected behavior, bug, or error

Comments

@serhiy-storchaka
Copy link
Member

serhiy-storchaka commented Jul 20, 2022
edited
Loading

There are several issues with corner cases in syslog.openlog().

  • syslog_get_argv() swallows exceptions, but not in all cases.
  • if ident is non UTF-8 encodable, syslog.openlog() fails after setting the global reference to ident. Now the C string saved internally in the previous call to openlog() points to the freed memory.
  • PySys_Audit() can crash if ident is NULL.
  • There may be a race condition with syslog.syslog(), because the global reference to ident is decrefed before setting the new value.

And, since syslog.syslog() releases the GIL, there may be a race condition syslog.syslog() with syslog.openlog() and syslog.closelog() which can decref the global reference to ident.

P.S. @noamcohen97 noticed yet one issue in syslog.syslog() (potential returning a value from a function while an exception is set #95012 (comment)) and fixed it.
@serhiy-storchaka serhiy-storchaka added type-bug An unexpected behavior, bug, or error 3.11 only security fixes 3.12 bugs and security fixes labels Jul 20, 2022
@serhiy-storchaka serhiy-storchaka self-assigned this Jul 20, 2022
@serhiy-storchaka serhiy-storchaka added the 3.10 only security fixes label Jul 20, 2022
serhiy-storchaka added a commit to serhiy-storchaka/cpython that referenced this issue Jul 20, 2022
@serhiy-storchaka
pythongh-95041: Fix several minor issues in syslog.openlog()
c317048 
* syslog_get_argv() swallows exceptions, but not in all cases.
* if ident is non UTF-8 encodable, syslog.openlog() fails after setting the
  global reference to ident. Now the C string saved internally in the previous
  call to openlog() points to the freed memory.
* PySys_Audit() can crash if ident is NULL.
* There may be a race condition with syslog.syslog(), because the global
  reference to ident is decrefed before setting the new value.
@bedevere-bot bedevere-bot mentioned this issue Jul 20, 2022
Merged
@serhiy-storchaka

This comment was marked as resolved.

Sign in to view
@arhadthedev

This comment was marked as resolved.

Sign in to view
@bedevere-bot bedevere-bot mentioned this issue Jul 26, 2022
Merged
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Jul 26, 2022
@serhiy-storchaka @miss-islington
pythongh-95041: Fix several minor issues in syslog.openlog() (pythonG…
9173e7b 
…H-95058)

* syslog_get_argv() swallows exceptions, but not in all cases.
* if ident is non UTF-8 encodable, syslog.openlog() fails after setting the
  global reference to ident. Now the C string saved internally in the previous
  call to openlog() points to the freed memory.
* PySys_Audit() can crash if ident is NULL.
* There may be a race condition with syslog.syslog(), because the global
  reference to ident is decrefed before setting the new value.
* Possible use of freed memory if syslog.openlog() is called while
  the GIL is released in syslog.syslog().
(cherry picked from commit 68c555a)

Co-authored-by: Serhiy Storchaka <[email protected]>
serhiy-storchaka added a commit that referenced this issue Jul 26, 2022
@serhiy-storchaka
gh-95041: Fix several minor issues in syslog.openlog() (GH-95058)
68c555a 
* syslog_get_argv() swallows exceptions, but not in all cases.
* if ident is non UTF-8 encodable, syslog.openlog() fails after setting the
  global reference to ident. Now the C string saved internally in the previous
  call to openlog() points to the freed memory.
* PySys_Audit() can crash if ident is NULL.
* There may be a race condition with syslog.syslog(), because the global
  reference to ident is decrefed before setting the new value.
* Possible use of freed memory if syslog.openlog() is called while
  the GIL is released in syslog.syslog().
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Jul 26, 2022
@serhiy-storchaka @miss-islington
pythongh-95041: Fix several minor issues in syslog.openlog() (pythonG…
abd4aea 
…H-95058)

* syslog_get_argv() swallows exceptions, but not in all cases.
* if ident is non UTF-8 encodable, syslog.openlog() fails after setting the
  global reference to ident. Now the C string saved internally in the previous
  call to openlog() points to the freed memory.
* PySys_Audit() can crash if ident is NULL.
* There may be a race condition with syslog.syslog(), because the global
  reference to ident is decrefed before setting the new value.
* Possible use of freed memory if syslog.openlog() is called while
  the GIL is released in syslog.syslog().
(cherry picked from commit 68c555a)

Co-authored-by: Serhiy Storchaka <[email protected]>
@bedevere-bot bedevere-bot mentioned this issue Jul 26, 2022
Merged
miss-islington added a commit that referenced this issue Jul 26, 2022
@miss-islington @serhiy-storchaka
gh-95041: Fix several minor issues in syslog.openlog() (GH-95058)
dd0c1a3 
* syslog_get_argv() swallows exceptions, but not in all cases.
* if ident is non UTF-8 encodable, syslog.openlog() fails after setting the
  global reference to ident. Now the C string saved internally in the previous
  call to openlog() points to the freed memory.
* PySys_Audit() can crash if ident is NULL.
* There may be a race condition with syslog.syslog(), because the global
  reference to ident is decrefed before setting the new value.
* Possible use of freed memory if syslog.openlog() is called while
  the GIL is released in syslog.syslog().
(cherry picked from commit 68c555a)

Co-authored-by: Serhiy Storchaka <[email protected]>
@serhiy-storchaka serhiy-storchaka mentioned this issue Jul 26, 2022
Merged
@bedevere-bot bedevere-bot mentioned this issue Jul 26, 2022
Merged
noamcohen97 added a commit to noamcohen97/cpython that referenced this issue Jul 26, 2022
@noamcohen97
pythongh-95041: fail syslog.syslog in case inner call to syslog.openl…
8210ab3 
…og fails
ambv pushed a commit that referenced this issue Jul 26, 2022
@miss-islington @serhiy-storchaka
gh-95041: Fix several minor issues in syslog.openlog() (GH-95058) (GH…
820904e 
…-95261)

* syslog_get_argv() swallows exceptions, but not in all cases.
* if ident is non UTF-8 encodable, syslog.openlog() fails after setting the
  global reference to ident. Now the C string saved internally in the previous
  call to openlog() points to the freed memory.
* PySys_Audit() can crash if ident is NULL.
* There may be a race condition with syslog.syslog(), because the global
  reference to ident is decrefed before setting the new value.
* Possible use of freed memory if syslog.openlog() is called while
  the GIL is released in syslog.syslog().
(cherry picked from commit 68c555a)

Co-authored-by: Serhiy Storchaka <[email protected]>
serhiy-storchaka pushed a commit that referenced this issue Jul 26, 2022
@noamcohen97
gh-95041: Fail syslog.syslog in case inner call to syslog.openlog fai…
b1f648e 
…ls (GH-95264)
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Jul 26, 2022
@noamcohen97 @miss-islington
pythongh-95041: Fail syslog.syslog in case inner call to syslog.openl…
a9c68d5 
…og fails (pythonGH-95264)

(cherry picked from commit b1f648e)

Co-authored-by: Noam Cohen <[email protected]>
This was referenced Jul 26, 2022
Merged
Merged
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Jul 26, 2022
@noamcohen97 @miss-islington
pythongh-95041: Fail syslog.syslog in case inner call to syslog.openl…
5ae3cb1 
…og fails (pythonGH-95264)

(cherry picked from commit b1f648e)

Co-authored-by: Noam Cohen <[email protected]>
@erlend-aasland
Copy link
Contributor

I'm keeping this open until you decide about the NEWS entry, Serhiy. I'll mark it pending close, though.

@erlend-aasland erlend-aasland added the pending The issue will be closed if no feedback is provided label Jul 26, 2022
@erlend-aasland
Copy link
Contributor

Fixed by:

miss-islington added a commit that referenced this issue Jul 26, 2022
@miss-islington @noamcohen97
gh-95041: Fail syslog.syslog in case inner call to syslog.openlog fai…
2f9e47c 
…ls (GH-95264)

(cherry picked from commit b1f648e)

Co-authored-by: Noam Cohen <[email protected]>
miss-islington added a commit that referenced this issue Jul 27, 2022
@miss-islington @noamcohen97
gh-95041: Fail syslog.syslog in case inner call to syslog.openlog fai…
9640c4c 
…ls (GH-95264)

(cherry picked from commit b1f648e)

Co-authored-by: Noam Cohen <[email protected]>
@erlend-aasland
Copy link
Contributor

(Ooops, sorry; pressed the wrong button)

@serhiy-storchaka serhiy-storchaka mentioned this issue Oct 6, 2022
Merged
@hauntsaninja
Copy link
Contributor

We kept this open based on #95264 (comment)

It looks like Serhiy added the tests in #97953 but chose not to add a changelog entry, so I think we can close this out.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@serhiy-storchaka serhiy-storchaka

Labels
3.10 only security fixes 3.11 only security fixes 3.12 bugs and security fixes pending The issue will be closed if no feedback is provided type-bug An unexpected behavior, bug, or error
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@serhiy-storchaka @arhadthedev @hauntsaninja @erlend-aasland