Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

syslogmodule.c lack of NULL check #129345

Open
wooffie opened this issue Jan 27, 2025 · 3 comments
Open

syslogmodule.c lack of NULL check #129345

wooffie opened this issue Jan 27, 2025 · 3 comments
Labels
3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes easy type-bug An unexpected behavior, bug, or error

Comments

@wooffie
Copy link
Contributor

wooffie commented Jan 27, 2025
edited by bedevere-app bot
Loading

Bug description:

cpython/Modules/syslogmodule.c

Line 178 in 7ec1742

if (PySys_Audit("syslog.openlog", "Oll", ident ? ident : Py_None, logopt, facility) < 0) {

After in if body we use Py_DECREF(indent), which can cause null pointer dereference

CPython versions tested on:

CPython main branch

Operating systems tested on:

Other

Additional information

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Reporter: Burkov Egor (eburkov@rvision.ru).

Organization: R-Vision (support@rvision.ru).

Linked PRs
@wooffie wooffie added the type-bug An unexpected behavior, bug, or error label Jan 27, 2025
@serhiy-storchaka serhiy-storchaka added easy 3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes labels Jan 27, 2025
@serhiy-storchaka
Copy link
Member

Do you want to provide a PR?

@wooffie
Copy link
Contributor Author

wooffie commented Jan 27, 2025

Do you want to provide a PR?

yes, sure

wooffie added a commit to wooffie/cpython that referenced this issue Jan 27, 2025
@wooffie
pythongh-129345: null check for indent syslogmodule
ac4f112
@bedevere-app bedevere-app bot mentioned this issue Jan 27, 2025
Merged
wooffie added a commit to wooffie/cpython that referenced this issue Jan 27, 2025
@wooffie
pythongh-129345: null check for indent syslogmodule
bf7a7fc
@ZeroIntensity
Copy link
Member

ZeroIntensity commented Jan 27, 2025
edited
Loading

Quick reproducer for a test case:

import syslog
import sys

sys.argv = None
def audit(event, _):
    if event == "syslog.openlog":
        raise RuntimeError("I didn't expect the spanish inquisition")

sys.addaudithook(audit)
syslog.openlog()

kumaraditya303 pushed a commit that referenced this issue Jan 29, 2025
@wooffie
gh-129345: null check for indent syslogmodule (#129348)
25cf79a
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Jan 29, 2025
@wooffie @miss-islington
pythongh-129345: null check for indent syslogmodule (pythonGH-129348)
e397de5 
(cherry picked from commit 25cf79a)

Co-authored-by: Burkov Egor <xwooffie@gmail.com>
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Jan 29, 2025
@wooffie @miss-islington
pythongh-129345: null check for indent syslogmodule (pythonGH-129348)
46db206 
(cherry picked from commit 25cf79a)

Co-authored-by: Burkov Egor <xwooffie@gmail.com>
This was referenced Jan 29, 2025
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes easy type-bug An unexpected behavior, bug, or error
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@serhiy-storchaka @ZeroIntensity @wooffie