From: Steve Grubb <sgrubb@redhat.com>
To: linux-audit@redhat.com
Subject: Re: [PATCH] Fix audispd crash on ARM 32-Bits
Date: Sat, 12 Dec 2020 14:45:46 -0500 [thread overview]
Message-ID: <11696239.O9o76ZdvQC@x2> (raw)
In-Reply-To: <20201212021050.26656-1-javier.tia@hpe.com>
Hello,
Thanks for the patch. But if its true that this is against audit-2.4.3, then
there is a good chance this is fixed by 2.8.5. There were a number of fixes in
this area that fixed various issues with plugins.
Best Regards,
-Steve
On Friday, December 11, 2020 9:10:50 PM EST Javier Tiá wrote:
> On ARM 32-Bits, audispd is crashing. Backtrace:
>
> (gdb) bt
> 0 0xb6e20958 in __GI_raise (sig=sig@entry=6)
> at /usr/src/debug/glibc/2.23-r0/git/sysdeps/unix/sysv/linux/raise.c:54
> 1 0xb6e21e58 in __GI_abort ()
> at /usr/src/debug/glibc/2.23-r0/git/stdlib/abort.c:118
> 2 0xb6e59d64 in __libc_message (do_abort=do_abort@entry=2,
> fmt=0xb6f1119c "*** Error in `%s': %s: 0x%s ***\n")
> at /usr/src/debug/glibc/2.23-r0/git/sysdeps/posix/libc_fatal.c:175
> 3 0xb6e60108 in malloc_printerr (action=<optimized out>,
> str=0xb6f11354 "double free or corruption (fasttop)", ptr=<optimized
> out>, ar_ptr=<optimized out>)
> at /usr/src/debug/glibc/2.23-r0/git/malloc/malloc.c:5007
> 4 0xb6e60a98 in _int_free (av=0xb6f2d79c <main_arena>, p=<optimized out>,
> have_lock=<optimized out>)
> at /usr/src/debug/glibc/2.23-r0/git/malloc/malloc.c:3868
> 5 0x004234b8 in free_pconfig (config=0x43b398)
> at
> /usr/src/debug/audit/2.4.3-r8/audit-2.4.3/audisp/audispd-pconfig.c:513 6
> 0x00421244 in main (argc=<optimized out>, argv=<optimized out>) at
> /usr/src/debug/audit/2.4.3-r8/audit-2.4.3/audisp/audispd.c:464
>
> (gdb) f 5
> (gdb) p config->path
> $2 = 0x43b5f0 ""
> (gdb) p config->name
> $3 = 0x43b370 "h\264C
>
> Be paranoid and overwrite config->path with zero bytes before doing the
> free().
> ---
> audisp/audispd-pconfig.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/audisp/audispd-pconfig.c b/audisp/audispd-pconfig.c
> index a8b7878..a13f681 100644
> --- a/audisp/audispd-pconfig.c
> +++ b/audisp/audispd-pconfig.c
> @@ -510,7 +510,11 @@ void free_pconfig(plugin_conf_t *config)
> close(config->plug_pipe[0]);
> if (config->plug_pipe[1] >= 0)
> close(config->plug_pipe[1]);
> + /* Be paranoid and overwrite config->path with zero bytes before doing
> the + * free() */
> + memset(config->path, 0, strlen(config->path));
> free((void *)config->path);
> + config->path = NULL;
> free((void *)config->name);
> }
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
next prev parent reply other threads:[~2020-12-12 19:46 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-12 2:10 [PATCH] Fix audispd crash on ARM 32-Bits Javier Tiá
2020-12-12 19:45 ` Steve Grubb [this message]
2020-12-12 20:21 ` Tia, Javier
2020-12-14 4:34 ` Steve Grubb
2020-12-16 14:40 ` Tia, Javier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=11696239.O9o76ZdvQC@x2 \
--to=sgrubb@redhat.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox