Bug ID: 26100
Summary: Race in syslog(3) with regards to tag printing.
Assignee: unassigned at sourceware dot org
Reporter: jjindrak at suse dot cz
CC: drepper.fsp at gmail dot com
Target Milestone: ---
Hello, when syslog(3) prints a message, it goes through the following piece of
code to determine whether the different parts of the message should be printed:
misc/syslog.c (comments mine):
> if (LogTag == NULL)
> LogTag = __progname;
> if (LogTag != NULL) // This evaluates to true.
> __fputs_unlocked (LogTag, f);
> if (LogStat & LOG_PID)
> fprintf (f, "[%d]", (int) __getpid ());
> // Imagine LogTag gets set to NULL by closelog()
> // called in another thread.
> if (LogTag != NULL) // This evaluates to false.
> putc_unlocked (':', f);
> putc_unlocked (' ', f);
As the comments in the snippet say, it is possible for LogTag to be reset to
NULL after a tag (either user supplied value or __progname) was printed into
the membuffer. However, this means that the last condition evaluates to false
and the ': ' separator between the tag and the message is not printed,
resulting in a mangled output to the system log (which may e.g. confuse
processes grepping the log).
This happens in our glibc-2.22, but as the code does not differ in the mainline
version of glibc I think it is also affected.
An example proposed patch from me would be:
@@ -201,11 +201,15 @@ __vsyslog_chk(int pri, int flag, const c
msgoff = ftell (f);
if (LogTag == NULL)
LogTag = __progname;
+ int used_tag = 0;
if (LogTag != NULL)
- __fputs_unlocked (LogTag, f);
+ __fputs_unlocked (LogTag, f);
+ used_tag = 1;
if (LogStat & LOG_PID)
fprintf (f, "[%d]", (int) __getpid ());
- if (LogTag != NULL)
+ if (used_tag)
putc_unlocked (':', f);
putc_unlocked (' ', f);
A third party that reported the bug to us has verified that this patch fixed
the issue for them. Whenever syslog outputs a tag (be it a custom value or
__progname), this patch makes sure that the ': ' separator is also printed.
You are receiving this mail because:
You are on the CC list for the bug.