From mboxrd@z Thu Jan  1 00:00:00 1970
From: "chuli" <chul@cn.fujitsu.com>
Subject: [PATCH]fix the bug of using strtoul in priority_boost_parse() and
	freq_parse()
Date: Fri, 25 Jul 2008 08:53:48 +0800
Message-ID: <000901c8edf0$e5ec4620$958da70a@truly>
Return-path: <linux-audit-bounces@redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: 'Steve Grubb' <sgrubb@redhat.com>
Cc: 'linux-audit' <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

Hello Mr. SteveŁ¬

  In src/auditd-config.c and audisp/audispd-config.c, the function
priority_boost_parser() and freq_parse() use strtoul to convert the numeric 
and
then compare it with INT_MAX. It meant that the value of priority_boost and 
freq
in /etc/audit/auditd.conf should not be larger than INT_MAX.

  But there is a little error in the codes: it uses an int variable to store 
the
result of strtoul() and then compare the variable with INT_MAX. So the result
of comparison is always "not larger than".
  I think it's better to modify the codes to implement its intention.

  The attached patch fixes the problem in src/auditd-config.c and
audisp/audispd-config.c of audit-1.7.4.

  What's your opinion about such modification?

PS:
priority_boost: a non-negative number that tells the audit daemon how much of
a priority boost it should take.
freq: a non-negative number that tells the audit damon how many records to 
write
before issuing an explicit flush to disk command.


Signed-off-by: Chu Li<chul@cn.fujitsu.com>
---
diff --git a/src/auditd-config.c b/src/auditd-config.c
index 8a81b46..e9111a4 100644
--- a/src/auditd-config.c
+++ b/src/auditd-config.c
@@ -782,7 +782,7 @@ static int freq_parser(struct nv_pair *nv, int line,
 		struct daemon_conf *config)
 {
 	const char *ptr = nv->value;
-	int i;
+	unsigned long i;

 	audit_msg(LOG_DEBUG, "freq_parser called with: %s", nv->value);

@@ -1112,7 +1112,7 @@ static int priority_boost_parser(struct nv_pair *nv, int 
line,
 	struct daemon_conf *config)
 {
 	const char *ptr = nv->value;
-	int i;
+	unsigned long i;

 	audit_msg(LOG_DEBUG, "priority_boost_parser called with: %s",
 								nv->value);
diff --git a/audisp/audispd-config.c b/audisp/audispd-config.c
index b0bcaef..e9d254a 100644
--- a/audisp/audispd-config.c
+++ b/audisp/audispd-config.c
@@ -387,7 +387,7 @@ static int priority_boost_parser(struct nv_pair *nv, int 
line,
 	struct daemon_conf *config)
 {
 	const char *ptr = nv->value;
-	int i;
+	unsigned long i;

 	audit_msg(LOG_DEBUG, "priority_boost_parser called with: %s",
        				nv->value);

Regards
Chu Li