From: 车烈权 <liequan.che@i-soft.com.cn>
To: linux-audit@redhat.com
Cc: mitr@redhat.com
Subject: [PATCH] auparse: add a check to au->source_list to ensure it not null
Date: Wed, 8 May 2013 18:53:15 +0800 [thread overview]
Message-ID: <000301ce4bda$3e6e68e0$bb4b3aa0$@i-soft.com.cn> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 2792 bytes --]
Hi all:
I found a bug the process auvrt generate a coredump when there is no file
named audit.log, In the case the /var/log/audit/audit.log removed by
someone.
I make a patch to solve this problem.
Index: auparse/auparse.c
===================================================================
--- auparse/auparse.c (版本 814)
+++ auparse/auparse.c (工作副本)
@@ -806,7 +806,7 @@
case AUSOURCE_FILE:
case AUSOURCE_FILE_ARRAY:
// if the first time through, open file
- if (au->list_idx == 0 && au->in == NULL) {
+ if (au->list_idx == 0 && au->in == NULL &&
au->source_list != NULL) {
if (au->source_list[au->list_idx] == NULL) {
errno = 0;
return -2;
[clq@localhost trunk]# auvirt
Unable to open /var/log/audit/audit.log (No such file or directory)
No log file
Segmentation fault (core dumped)
The backtrace is as follows:
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Core was generated by `./tools/auvirt/.libs/lt-auvirt'.
Program terminated with signal 11, Segmentation fault.
#0 0x00007fb2cc547b24 in retrieve_next_line (au=0x682830) at auparse.c:810
810 if (au->source_list[au->list_idx] ==
NULL) {
Missing separate debuginfos, use: debuginfo-install
glibc-2.12-1.107.el6.x86_64
(gdb) bt
#0 0x00007fb2cc547b24 in retrieve_next_line (au=0x682830) at auparse.c:810
#1 auparse_next_event (au=0x682830) at auparse.c:958
#2 0x00007fb2cc547c52 in auparse_first_record (au=<value optimized out>) at
auparse.c:1131
#3 0x00007fb2cc547d77 in ausearch_next_event (au=0x682830) at auparse.c:923
#4 0x00000000004043b8 in main (argc=<value optimized out>, argv=<value
optimized out>) at auvirt.c:1542
(gdb) f 0
#0 0x00007fb2cc547b24 in retrieve_next_line (au=0x682830) at auparse.c:810
810 if (au->source_list[au->list_idx] ==
NULL) {
(gdb) p *au
$1 = {source = AUSOURCE_LOGS, source_list = 0x0, list_idx = 0, in = 0x0,
line_number = 0, next_buf = 0x0, off = 0, cur_buf = 0x0,
line_pushed = 0, le = {head = 0x0, cur = 0x0, cnt = 0, e = {sec = 0, milli
= 0, serial = 0, host = 0x0}}, expr = 0x680c90,
find_field = 0x0, search_where = AUSEARCH_STOP_EVENT, parse_state =
EVENT_EMPTY, databuf = {flags = 0, alloc_size = 0,
alloc_ptr = 0x0, offset = 0, len = 0, max_len = 0}, callback = 0,
callback_user_data = 0x0, callback_user_data_destroy = 0}
(gdb) p au->source_list
$2 = (char **) 0x0
(gdb)
Best Regards!
[-- Attachment #1.2: Type: text/html, Size: 11009 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
next reply other threads:[~2013-05-08 10:53 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-08 10:53 车烈权 [this message]
2013-05-09 2:13 ` [PATCH] auparse: add a check to au->source_list to ensure it not null Steve Grubb
-- strict thread matches above, loose matches on Subject: below --
2013-05-08 7:06 liequan che
2013-05-08 1:46 车烈权
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='000301ce4bda$3e6e68e0$bb4b3aa0$@i-soft.com.cn' \
--to=liequan.che@i-soft.com.cn \
--cc=linux-audit@redhat.com \
--cc=mitr@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox