From mboxrd@z Thu Jan  1 00:00:00 1970
From: Miloslav =?UTF-8?Q?Trma=C4=8D?= <mitr@redhat.com>
Subject: [PATCH] Fix uninitialized data access in audit_log_user_command()
Date: Mon, 24 Mar 2008 03:32:39 +0100
Message-ID: <1206325959.17164.35.camel@amilo>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=-e2CyXUa1cAy/hSYH87A2"
Return-path: <linux-audit-bounces@redhat.com>
Received: from [10.32.4.3] (vpn-4-3.str.redhat.com [10.32.4.3])
	by pobox.stuttgart.redhat.com (8.13.1/8.13.1) with ESMTP id
	m2O2WdF1009858
	for <linux-audit@redhat.com>; Sun, 23 Mar 2008 22:32:39 -0400
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com


--=-e2CyXUa1cAy/hSYH87A2
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Hello,
audit_log_user_command() uses uninitialized commname if getcwd() fails.
The attached patch fixes this.
	Mirek

--=-e2CyXUa1cAy/hSYH87A2
Content-Disposition: attachment; filename=audit-1.6.9-user_command.patch
Content-Type: text/x-patch; name=audit-1.6.9-user_command.patch; charset=UTF-8
Content-Transfer-Encoding: 7bit

diff -ur audit/lib/audit_logging.c audit-1.6.9/lib/audit_logging.c
--- audit/lib/audit_logging.c	2008-03-24 03:17:30.000000000 +0100
+++ audit-1.6.9/lib/audit_logging.c	2008-03-24 03:23:35.000000000 +0100
@@ -632,7 +632,7 @@
 
 	// We borrow the commname buffer
 	if (getcwd(commname, PATH_MAX) == NULL)
-		strcpy(cwdname, "?");
+		strcpy(commname, "?");
 	strcpy(cwdname, commname);
 	p = commname;
 	len = strlen(commname);

--=-e2CyXUa1cAy/hSYH87A2
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


--=-e2CyXUa1cAy/hSYH87A2--