syslogmodule.c lack of NULL check #129345

wooffie · 2025-01-27T11:53:21Z

Bug description:

Line 178 in 7ec1742

    
           if (PySys_Audit("syslog.openlog", "Oll", ident ? ident : Py_None, logopt, facility) < 0) {

After in if body we use Py_DECREF(indent), which can cause null pointer dereference

CPython versions tested on:

CPython main branch

Operating systems tested on:

Other

Additional information

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Reporter: Burkov Egor ([email protected]).

Organization: R-Vision ([email protected]).

Linked PRs

serhiy-storchaka · 2025-01-27T11:57:22Z

Do you want to provide a PR?

wooffie · 2025-01-27T11:57:48Z

Do you want to provide a PR?

yes, sure

ZeroIntensity · 2025-01-27T15:55:08Z

Quick reproducer for a test case:

import syslog
import sys

sys.argv = None
def audit(event, _):
    if event == "syslog.openlog":
        raise RuntimeError("I didn't expect the spanish inquisition")

sys.addaudithook(audit)
syslog.openlog()

(cherry picked from commit 25cf79a) Co-authored-by: Burkov Egor <[email protected]>

…9443) gh-129345: null check for indent syslogmodule (GH-129348) (cherry picked from commit 25cf79a) Co-authored-by: Burkov Egor <[email protected]>

…9442) gh-129345: null check for indent syslogmodule (GH-129348) (cherry picked from commit 25cf79a) Co-authored-by: Burkov Egor <[email protected]>

wooffie added the type-bug An unexpected behavior, bug, or error label Jan 27, 2025

serhiy-storchaka added easy 3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes labels Jan 27, 2025

wooffie added a commit to wooffie/cpython that referenced this issue Jan 27, 2025

pythongh-129345: null check for indent syslogmodule

ac4f112

bedevere-app bot mentioned this issue Jan 27, 2025

gh-129345: null check for indent syslogmodule #129348

Merged

wooffie added a commit to wooffie/cpython that referenced this issue Jan 27, 2025

pythongh-129345: null check for indent syslogmodule

bf7a7fc

kumaraditya303 pushed a commit that referenced this issue Jan 29, 2025

gh-129345: null check for indent syslogmodule (#129348)

25cf79a

miss-islington pushed a commit to miss-islington/cpython that referenced this issue Jan 29, 2025

pythongh-129345: null check for indent syslogmodule (pythonGH-129348)

e397de5

(cherry picked from commit 25cf79a) Co-authored-by: Burkov Egor <[email protected]>

miss-islington pushed a commit to miss-islington/cpython that referenced this issue Jan 29, 2025

pythongh-129345: null check for indent syslogmodule (pythonGH-129348)

46db206

(cherry picked from commit 25cf79a) Co-authored-by: Burkov Egor <[email protected]>

This was referenced Jan 29, 2025

[3.13] gh-129345: null check for indent syslogmodule (GH-129348) #129442

Merged

[3.12] gh-129345: null check for indent syslogmodule (GH-129348) #129443

Merged

picnixz added the extension-modules C modules in the Modules dir label Jan 31, 2025

picnixz closed this as completed Feb 4, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

syslogmodule.c lack of NULL check #129345

syslogmodule.c lack of NULL check #129345

wooffie commented Jan 27, 2025 •

edited by bedevere-app bot

Loading

serhiy-storchaka commented Jan 27, 2025

wooffie commented Jan 27, 2025

ZeroIntensity commented Jan 27, 2025 •

edited

Loading

syslogmodule.c lack of NULL check #129345

syslogmodule.c lack of NULL check #129345

Comments

wooffie commented Jan 27, 2025 • edited by bedevere-app bot Loading

Bug description:

CPython versions tested on:

Operating systems tested on:

Additional information

Linked PRs

serhiy-storchaka commented Jan 27, 2025

wooffie commented Jan 27, 2025

ZeroIntensity commented Jan 27, 2025 • edited Loading

wooffie commented Jan 27, 2025 •

edited by bedevere-app bot

Loading

ZeroIntensity commented Jan 27, 2025 •

edited

Loading