diff options
| author | Rich Felker <dalias@aerifal.cx> | 2024-02-07 16:08:11 -0500 | 
|---|---|---|
| committer | Rich Felker <dalias@aerifal.cx> | 2024-02-07 16:08:11 -0500 | 
| commit | 39838619bb8b65a8897abcfda8c17ad6de0115d8 (patch) | |
| tree | fa25d3f221295a7ed7b1ace7336d1ab80e842b16 /include/link.h | |
| parent | 8b7048680731707d135ea231f81eb3eaf52378ee (diff) | |
| download | musl-39838619bb8b65a8897abcfda8c17ad6de0115d8.tar.gz | |
syslog: use C locale for timestamp generation
depending on contents of the LC_TIME locale, log messages could be
malformatted (especially if the ABMON strings contain non-alphabetic
characters) or the subsequent code could invoke undefined behavior,
via passing a timebuf[] with unspecified contents to snprintf, if
the translated ABMON string did not fit in the 16-byte timebuf.
this does not appear to be a security-relevant bug, as locale loading
functionality is intentionally not available to set*id programs -- the
MUSL_LOCPATH environment variable is ignored when libc.secure is true,
and custom locales are not loadable without it.
Diffstat (limited to 'include/link.h')
0 files changed, 0 insertions, 0 deletions
