From mboxrd@z Thu Jan  1 00:00:00 1970
From: "chuli" <chul@cn.fujitsu.com>
Subject: [PATCH]fix the problem of using strtoul in priority_boost_parse and
	flush_parse
Date: Tue, 24 Jun 2008 14:05:57 +0800
Message-ID: <002501c8d5c0$5e6343e0$548da70a@truly>
Mime-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0026_01C8D603.6C8683E0"
Return-path: <linux-audit-bounces@redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: 'Steve Grubb' <sgrubb@redhat.com>
Cc: 'linux-audit' <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

This is a multi-part message in MIME format.

------=_NextPart_000_0026_01C8D603.6C8683E0
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hello=EF=BC=8C
  When the configure value of priority_boost or flush is larger than =
INT_MAX,
auditd is still started successfully. The priority_boost_parser and =
flush_parse=20
code use an int variable to store the result strtoul() and then compared =
with=20
INT_MAX.
  The attached patch fixes the problem in src/auditd-config.c and=20
audisp/audispd-config.c.

Regards
Chu Li

------=_NextPart_000_0026_01C8D603.6C8683E0
Content-Type: application/octet-stream; name="audit-1.7.4-audisp_INT_MAX.patch"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="audit-1.7.4-audisp_INT_MAX.patch"

--- audit/audisp/audispd-config.c	2008-06-24 13:37:33.000000000 +0800=0A=
+++ audit-1.7.4/audisp/audispd-config.c	2008-06-24 13:38:45.000000000 =
+0800=0A=
@@ -388,6 +388,7 @@=0A=
 {=0A=
 	const char *ptr =3D nv->value;=0A=
 	int i;=0A=
+	unsigned long j;=0A=
 =0A=
 	audit_msg(LOG_DEBUG, "priority_boost_parser called with: %s",=0A=
        				nv->value);=0A=
@@ -403,7 +404,7 @@=0A=
 	}=0A=
 	/* convert to unsigned int */=0A=
 	errno =3D 0;=0A=
-	i =3D strtoul(nv->value, NULL, 10);=0A=
+	j =3D strtoul(nv->value, NULL, 10);=0A=
 	if (errno) {=0A=
 		audit_msg(LOG_ERR,=0A=
 			"Error converting string to a number (%s) - line %d",=0A=
@@ -411,13 +412,13 @@=0A=
 		return 1;=0A=
 	}=0A=
 	/* Check its range */=0A=
-	if (i > INT_MAX) {=0A=
+	if (j > INT_MAX) {=0A=
 		audit_msg(LOG_ERR,=0A=
 			"Error - converted number (%s) is too large - line %d",=0A=
 			nv->value, line);=0A=
 		return 1;=0A=
 	}=0A=
-	config->priority_boost =3D (unsigned int)i;=0A=
+	config->priority_boost =3D (unsigned int)j;=0A=
 	return 0;=0A=
 }=0A=
 =0A=

------=_NextPart_000_0026_01C8D603.6C8683E0
Content-Type: application/octet-stream;
	name="audit-1.7.4-INT_MAX.patch"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="audit-1.7.4-INT_MAX.patch"

--- audit/src/auditd-config.c	2008-05-09 22:44:38.000000000 +0800=0A=
+++ audit-1.7.4/src/auditd-config.c	2008-06-24 13:31:56.000000000 +0800=0A=
@@ -783,6 +783,7 @@=0A=
 {=0A=
 	const char *ptr =3D nv->value;=0A=
 	int i;=0A=
+	unsigned long j;=0A=
 =0A=
 	audit_msg(LOG_DEBUG, "freq_parser called with: %s", nv->value);=0A=
 =0A=
@@ -798,7 +799,7 @@=0A=
 =0A=
 	/* convert to unsigned int */=0A=
 	errno =3D 0;=0A=
-	i =3D strtoul(nv->value, NULL, 10);=0A=
+	j =3D strtoul(nv->value, NULL, 10);=0A=
 	if (errno) {=0A=
 		audit_msg(LOG_ERR, =0A=
 			"Error converting string to a number (%s) - line %d",=0A=
@@ -806,13 +807,13 @@=0A=
 		return 1;=0A=
 	}=0A=
 	/* Check its range */=0A=
-	if (i > INT_MAX) {=0A=
+	if (j > INT_MAX) {=0A=
 		audit_msg(LOG_ERR, =0A=
 			"Error - converted number (%s) is too large - line %d",=0A=
 			nv->value, line);=0A=
 		return 1;=0A=
 	}=0A=
-	config->freq =3D (unsigned int)i;=0A=
+	config->freq =3D (unsigned int)j;=0A=
 	return 0;=0A=
 }=0A=
 =0A=
@@ -1113,6 +1114,7 @@=0A=
 {=0A=
 	const char *ptr =3D nv->value;=0A=
 	int i;=0A=
+	unsigned long j;=0A=
 =0A=
 	audit_msg(LOG_DEBUG, "priority_boost_parser called with: %s",=0A=
 								nv->value);=0A=
@@ -1129,7 +1131,7 @@=0A=
 =0A=
 	/* convert to unsigned int */=0A=
 	errno =3D 0;=0A=
-	i =3D strtoul(nv->value, NULL, 10);=0A=
+	j =3D strtoul(nv->value, NULL, 10);=0A=
 	if (errno) {=0A=
 		audit_msg(LOG_ERR, =0A=
 			"Error converting string to a number (%s) - line %d",=0A=
@@ -1137,13 +1139,13 @@=0A=
 		return 1;=0A=
 	}=0A=
 	/* Check its range */=0A=
-	if (i > INT_MAX) {=0A=
+	if (j > INT_MAX) {=0A=
 		audit_msg(LOG_ERR, =0A=
 			"Error - converted number (%s) is too large - line %d",=0A=
 			nv->value, line);=0A=
 		return 1;=0A=
 	}=0A=
-	config->priority_boost =3D (unsigned int)i;=0A=
+	config->priority_boost =3D (unsigned int)j;=0A=
 	return 0;=0A=
 }=0A=
 =0A=

------=_NextPart_000_0026_01C8D603.6C8683E0
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


------=_NextPart_000_0026_01C8D603.6C8683E0--