From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?gb2312?B?s7XB0sio?= Subject: [PATCH] auparse: add a check to au->source_list to ensure it not null Date: Wed, 8 May 2013 09:46:26 +0800 Message-ID: <000a01ce4b8d$da84eee0$8f8ecca0$@i-soft.com.cn> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6514831610958355928==" Return-path: Content-Language: zh-cn List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com Cc: mitr@redhat.com List-Id: linux-audit@redhat.com This is a multipart message in MIME format. --===============6514831610958355928== Content-Type: multipart/alternative; boundary="----=_NextPart_000_000B_01CE4BD0.E8ABB150" Content-Language: zh-cn This is a multipart message in MIME format. ------=_NextPart_000_000B_01CE4BD0.E8ABB150 Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: quoted-printable Hi all: I found a bug the process auvrt generate a coredump when there is no = file named audit.log, In the case the /var/log/audit/audit.log removed by someone. I make a patch to solve this problem. Index: auparse/auparse.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- auparse/auparse.c (=B0=E6=B1=BE 814) +++ auparse/auparse.c (=B9=A4=D7=F7=B8=B1=B1=BE) @@ -806,7 +806,7 @@ case AUSOURCE_FILE: case AUSOURCE_FILE_ARRAY: // if the first time through, open file - if (au->list_idx =3D=3D 0 && au->in =3D=3D NULL) = { + if (au->list_idx =3D=3D 0 && au->in =3D=3D NULL = && au->source_list !=3D NULL) { if (au->source_list[au->list_idx] =3D=3D = NULL) { errno =3D 0; return -2; =20 =20 =20 =20 =20 =20 [clq@localhost trunk]# auvirt Unable to open /var/log/audit/audit.log (No such file or directory) No log file Segmentation fault (core dumped) =20 The backtrace is as follows: Loaded symbols for /lib64/ld-linux-x86-64.so.2 Core was generated by `./tools/auvirt/.libs/lt-auvirt'. Program terminated with signal 11, Segmentation fault. #0 0x00007fb2cc547b24 in retrieve_next_line (au=3D0x682830) at = auparse.c:810 810 if = (au->source_list[au->list_idx] =3D=3D NULL) { Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.107.el6.x86_64 (gdb) bt #0 0x00007fb2cc547b24 in retrieve_next_line (au=3D0x682830) at = auparse.c:810 #1 auparse_next_event (au=3D0x682830) at auparse.c:958 #2 0x00007fb2cc547c52 in auparse_first_record (au=3D) at auparse.c:1131 #3 0x00007fb2cc547d77 in ausearch_next_event (au=3D0x682830) at = auparse.c:923 #4 0x00000000004043b8 in main (argc=3D, = argv=3D) at auvirt.c:1542 (gdb) f 0 #0 0x00007fb2cc547b24 in retrieve_next_line (au=3D0x682830) at = auparse.c:810 810 if = (au->source_list[au->list_idx] =3D=3D NULL) { (gdb) p *au $1 =3D {source =3D AUSOURCE_LOGS, source_list =3D 0x0, list_idx =3D 0, = in =3D 0x0, line_number =3D 0, next_buf =3D 0x0, off =3D 0, cur_buf =3D 0x0,=20 line_pushed =3D 0, le =3D {head =3D 0x0, cur =3D 0x0, cnt =3D 0, e =3D = {sec =3D 0, milli =3D 0, serial =3D 0, host =3D 0x0}}, expr =3D 0x680c90,=20 find_field =3D 0x0, search_where =3D AUSEARCH_STOP_EVENT, parse_state = =3D EVENT_EMPTY, databuf =3D {flags =3D 0, alloc_size =3D 0,=20 alloc_ptr =3D 0x0, offset =3D 0, len =3D 0, max_len =3D 0}, callback = =3D 0, callback_user_data =3D 0x0, callback_user_data_destroy =3D 0} (gdb) p au->source_list $2 =3D (char **) 0x0 (gdb) =20 =20 Best Regards! ------=_NextPart_000_000B_01CE4BD0.E8ABB150 Content-Type: text/html; charset="gb2312" Content-Transfer-Encoding: quoted-printable

Hi = all:

I found a bug the = process auvrt generate a coredump when there is no file named audit.log, = In the case the /var/log/audit/audit.log removed by = someone.

I make a patch to solve = this problem.

Index: = auparse/auparse.c

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

--- auparse/auparse.c   (=B0=E6=B1=BE 814)

+++ = auparse/auparse.c   (=B9=A4=D7=F7=B8=B1=B1=BE)

@@ -806,7 +806,7 = @@

          =       case = AUSOURCE_FILE:

          =       case = AUSOURCE_FILE_ARRAY:

          =             &= nbsp; // if the first time through, open file

-          = ;            = if (au->list_idx =3D=3D 0 && au->in =3D=3D NULL) = {

+         =             &= nbsp; if (au->list_idx =3D=3D 0 && au->in =3D=3D NULL = && au->source_list !=3D NULL) {

          =             &= nbsp;         if = (au->source_list[au->list_idx] =3D=3D NULL) = {

          =             &= nbsp;           &n= bsp;     errno =3D 0;

          =             &= nbsp;           &n= bsp;     return -2;

 

 

 

 

 

 

[clq@localhost trunk]# = auvirt

Unable to open = /var/log/audit/audit.log (No such file or = directory)

No log = file

Segmentation fault (core = dumped)

 

The backtrace is as = follows:

Loaded symbols for = /lib64/ld-linux-x86-64.so.2

Core was generated by = `./tools/auvirt/.libs/lt-auvirt'.

Program terminated with signal 11, Segmentation = fault.

#0  = 0x00007fb2cc547b24 in retrieve_next_line (au=3D0x682830) at = auparse.c:810

810         &nb= sp;           &nbs= p;            = ;   if (au->source_list[au->list_idx] =3D=3D NULL) = {

Missing separate = debuginfos, use: debuginfo-install = glibc-2.12-1.107.el6.x86_64

(gdb) = bt

#0  = 0x00007fb2cc547b24 in retrieve_next_line (au=3D0x682830) at = auparse.c:810

#1  = auparse_next_event (au=3D0x682830) at = auparse.c:958

#2  = 0x00007fb2cc547c52 in auparse_first_record (au=3D<value optimized = out>) at auparse.c:1131

#3  = 0x00007fb2cc547d77 in ausearch_next_event (au=3D0x682830) at = auparse.c:923

#4  = 0x00000000004043b8 in main (argc=3D<value optimized out>, = argv=3D<value optimized out>) at = auvirt.c:1542

(gdb) f = 0

#0  = 0x00007fb2cc547b24 in retrieve_next_line (au=3D0x682830) at = auparse.c:810

810         &nb= sp; =             &= nbsp;           &n= bsp; if (au->source_list[au->list_idx] =3D=3D NULL) = {

(gdb) p = *au

$1 =3D {source =3D = AUSOURCE_LOGS, source_list =3D 0x0, list_idx =3D 0, in =3D 0x0, = line_number =3D 0, next_buf =3D 0x0, off =3D 0, cur_buf =3D 0x0, =

  line_pushed = =3D 0, le =3D {head =3D 0x0, cur =3D 0x0, cnt =3D 0, e =3D {sec =3D 0, = milli =3D 0, serial =3D 0, host =3D 0x0}}, expr =3D 0x680c90, =

  find_field = =3D 0x0, search_where =3D AUSEARCH_STOP_EVENT, parse_state =3D = EVENT_EMPTY, databuf =3D {flags =3D 0, alloc_size =3D 0, =

    alloc_ptr =3D 0x0, offset =3D 0, = len =3D 0, max_len =3D 0}, callback =3D 0, callback_user_data =3D 0x0, = callback_user_data_destroy =3D 0}

(gdb) = p au->source_list

$2 =3D (char **) = 0x0

(gdb)

 

 

Best = Regards!

------=_NextPart_000_000B_01CE4BD0.E8ABB150-- --===============6514831610958355928== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --===============6514831610958355928==--