Skip to content

syslog issues #95041

New issue
New issue
Closed
Closed
syslog issues#95041
Assignees
serhiy-storchaka
Labels
3.10only security fixes3.11only security fixes3.12only security fixespendingThe issue will be closed if no feedback is providedtype-bugAn unexpected behavior, bug, or error
@serhiy-storchaka

Description

@serhiy-storchaka
serhiy-storchaka
opened on Jul 20, 2022

There are several issues with corner cases in syslog.openlog().

  • syslog_get_argv() swallows exceptions, but not in all cases.
  • if ident is non UTF-8 encodable, syslog.openlog() fails after setting the global reference to ident. Now the C string saved internally in the previous call to openlog() points to the freed memory.
  • PySys_Audit() can crash if ident is NULL.
  • There may be a race condition with syslog.syslog(), because the global reference to ident is decrefed before setting the new value.

And, since syslog.syslog() releases the GIL, there may be a race condition syslog.syslog() with syslog.openlog() and syslog.closelog() which can decref the global reference to ident.

P.S. @noamcohen97 noticed yet one issue in syslog.syslog() (potential returning a value from a function while an exception is set #95012 (comment)) and fixed it.

Metadata

Metadata

Assignees

Labels

3.10only security fixes3.11only security fixes3.12only security fixespendingThe issue will be closed if no feedback is providedtype-bugAn unexpected behavior, bug, or error

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions