logging: Fix potential use-after-free in LogPrintStr(...) #13148

pull practicalswift wants to merge 2 commits into bitcoin:master from practicalswift:logprintstr-uaf changing 2 files +9 −10

practicalswift commented at 8:45 AM on May 2, 2018: contributor

Fix potential use-after-free in LogPrintStr(...).

freopen(…) frees m_fileout.
logging: Fix potential use-after-free in LogPrintStr(...) 76f344de6d
fanquake added the label Utils/log/libs on May 2, 2018
laanwj commented at 9:18 AM on May 2, 2018: member

Feel free to take over https://github.com/laanwj/bitcoin/tree/2018_05_logprintf_remove_return_value, which removes the unused and incorrect return value from LogPrintstr and has this commit rebased on top.

logging: remove unused return value from LogPrintStr

`LogPrintStr` returns the number of characters printed. This number is
doubled if both logging to console and logging to file is enabled. As
the return value is never used, I've opted to remove it instead of try
to fix it.

Credit: @laanwj

0bd4cd398b

practicalswift commented at 9:26 AM on May 2, 2018: contributor

@laanwj Nice cleanup! Added that commit to this PR.
laanwj commented at 9:53 AM on May 2, 2018: member

utACK https://github.com/bitcoin/bitcoin/pull/13148/commits/0bd4cd398b19c2ef90e2f39b40a60b9fa915d2b2
promag commented at 10:55 AM on May 2, 2018: member

utACK 0bd4cd3.
laanwj merged this on May 3, 2018
laanwj closed this on May 3, 2018
laanwj referenced this in commit b62b437acd on May 3, 2018
ajtowns commented at 1:05 PM on May 3, 2018: contributor
I don't think this patch is really correct -- in the usual failure case where the old file handle is closed, but a new file can't be (re)opened (due to permissions, eg), we'll silently drop the current log message, then start writing any future log messages to the m_msgs_before_open buffer, which will never be cleared. Am I missing something?

If I'm not, seems like better behaviour might be something like:
```
     if (m_reopen_file) {
          m_reopen_file = false;
          FILE* new_fileout = fopen(m_file_path, "a");
          if (!new_fileout) {
               // release m_file_mutex first
               LogPrintf("Failed to reopen log file %s\n", m_file_path);
          } else {
               fflush(m_fileout);
               fclose(m_fileout);
               m_fileout = new_fileout;
          }
     }
```
(Would it make sense to do StartShutdown() if logging stops working?)
practicalswift cross-referenced this on May 3, 2018 from issue Don't close old debug log file handle prematurely when trying to re-open (on SIGHUP) by practicalswift
Bushstar cross-referenced this on May 4, 2018 from issue commits from bitcoin/master by Bushstar
luke-jr referenced this in commit 448935e011 on Jul 7, 2018
laanwj referenced this in commit bb0277819a on Aug 31, 2018
jasonbcox referenced this in commit 1d91c62d14 on Sep 13, 2019
jasonbcox referenced this in commit 3bdbe48216 on Sep 13, 2019
jonspock referenced this in commit cb6ac65be1 on Dec 22, 2019
jonspock referenced this in commit 130286a16d on Dec 22, 2019
proteanx referenced this in commit 268df15a73 on Dec 23, 2019
proteanx referenced this in commit 910826634c on Dec 23, 2019
random-zebra cross-referenced this on Feb 14, 2021 from issue [Logging] remove unused return value from LogPrintStr by random-zebra
random-zebra referenced this in commit a10317adc1 on Feb 21, 2021
practicalswift deleted the branch on Apr 10, 2021
UdjinM6 referenced this in commit ed721566da on May 21, 2021
UdjinM6 referenced this in commit a03d649a48 on May 25, 2021
TheArbitrator referenced this in commit ffe806b91d on Jun 7, 2021
Munkybooty referenced this in commit a58bf3ca3f on Jun 30, 2021
Munkybooty referenced this in commit 561093f425 on Jul 2, 2021
Munkybooty referenced this in commit 2be36d4db5 on Jul 2, 2021
gades referenced this in commit aa0558cb65 on Apr 21, 2022
bitcoin locked this on Aug 18, 2022

Contributors

Labels

Linked (view graph)

#13159 Don't close old debug log file handle prematurely when trying to re-open (on SIGHUP)