From 39838619bb8b65a8897abcfda8c17ad6de0115d8 Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Wed, 7 Feb 2024 16:08:11 -0500 Subject: syslog: use C locale for timestamp generation depending on contents of the LC_TIME locale, log messages could be malformatted (especially if the ABMON strings contain non-alphabetic characters) or the subsequent code could invoke undefined behavior, via passing a timebuf[] with unspecified contents to snprintf, if the translated ABMON string did not fit in the 16-byte timebuf. this does not appear to be a security-relevant bug, as locale loading functionality is intentionally not available to set*id programs -- the MUSL_LOCPATH environment variable is ignored when libc.secure is true, and custom locales are not loadable without it. --- src/misc/syslog.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/misc') diff --git a/src/misc/syslog.c b/src/misc/syslog.c index 7dc0c1be..710202f9 100644 --- a/src/misc/syslog.c +++ b/src/misc/syslog.c @@ -11,6 +11,7 @@ #include #include "lock.h" #include "fork_impl.h" +#include "locale_impl.h" static volatile int lock[1]; static char log_ident[32]; @@ -99,7 +100,7 @@ static void _vsyslog(int priority, const char *message, va_list ap) now = time(NULL); gmtime_r(&now, &tm); - strftime(timebuf, sizeof timebuf, "%b %e %T", &tm); + strftime_l(timebuf, sizeof timebuf, "%b %e %T", &tm, C_LOCALE); pid = (log_opt & LOG_PID) ? getpid() : 0; l = snprintf(buf, sizeof buf, "<%d>%s %n%s%s%.0d%s: ", -- cgit v1.2.1