update_engine: Move variable to function level script to prevent UaF.
main's SetupLogging() had a temporary string variable holding the
result of SetupLogFile(), which is the filename where we should
write the log to. logging::InitLogging interface accepts a
logging::LoggingSettings struct that holds a char* to the log file
name that needs to be alive while it is referenced from the
LoggingSettings struct, instead of just holding a std::string.
This patch moves the temporary string variable to the same scope
as the LoggingSettings struct, preventing a use-after-free.
BUG=chromium:419659
TEST=`USE="clan asan" emerge-link update_engine libchrome libchromeos` and deployed to a link device.
TEST=`update_engine` doesn't crash reporting an error in /var/log/asan.* with this patch.
Change-Id: I87adddeec0002592d67512d14a8d6d1a597843cf
Reviewed-on: https://chromium-review.googlesource.com/221501
Reviewed-by: Alex Vakulenko <avakulenko@chromium.org>
Tested-by: Alex Deymo <deymo@chromium.org>
Commit-Queue: Alex Deymo <deymo@chromium.org>
diff --git a/main.cc b/main.cc
index 3242c3d..cf77f74 100644
--- a/main.cc
+++ b/main.cc
@@ -157,6 +157,7 @@
}
void SetupLogging() {
+ string log_file;
logging::LoggingSettings log_settings;
log_settings.lock_log = logging::DONT_LOCK_LOG_FILE;
log_settings.delete_old = logging::APPEND_TO_OLD_LOG_FILE;
@@ -166,7 +167,7 @@
log_settings.log_file = nullptr;
log_settings.logging_dest = logging::LOG_TO_SYSTEM_DEBUG_LOG;
} else {
- const string log_file = SetupLogFile("/var/log");
+ log_file = SetupLogFile("/var/log");
log_settings.log_file = log_file.c_str();
log_settings.logging_dest = logging::LOG_TO_FILE;
}