From mboxrd@z Thu Jan  1 00:00:00 1970
From: Miloslav =?UTF-8?Q?Trma=C4=8D?= <mitr@redhat.com>
Subject: [PATCH] Don't free() static data in libauparse
Date: Mon, 02 Jun 2008 14:29:13 +0000
Message-ID: <1212416953.2746.17.camel@amilo>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=-FDDa0DUx50DTcc+mjhJd"
Return-path: <linux-audit-bounces@redhat.com>
Received: from pobox.stuttgart.redhat.com (pobox.stuttgart.redhat.com
	[172.16.2.10])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m52ETJYU032120
	for <linux-audit@redhat.com>; Mon, 2 Jun 2008 10:29:20 -0400
Received: from [10.32.4.145] (vpn-4-145.str.redhat.com [10.32.4.145])
	by pobox.stuttgart.redhat.com (8.13.1/8.13.1) with ESMTP id
	m52ETILt025750
	for <linux-audit@redhat.com>; Mon, 2 Jun 2008 10:29:19 -0400
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com


--=-FDDa0DUx50DTcc+mjhJd
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Hello,
The "interpretation" code in libuparse stores literal strings as
interpreted data for the second operand of fcntl().  This causes a crash
in free() when freeing the record.

The attached patch fixes the crash.
	Mirek

--=-FDDa0DUx50DTcc+mjhJd
Content-Disposition: inline; filename=audit-1.7.4-fcntl.patch
Content-Type: text/x-patch; name=audit-1.7.4-fcntl.patch; charset=utf8
Content-Transfer-Encoding: 7bit

diff -urN audit/auparse/interpret.c audit-1.7.4/auparse/interpret.c
--- audit/auparse/interpret.c	2008-05-15 23:09:57.000000000 +0200
+++ audit-1.7.4/auparse/interpret.c	2008-06-02 16:04:38.000000000 +0200
@@ -732,7 +732,7 @@
 
 	s = fcntl_i2s(cmd);
 	if (s != NULL)
-		return s;
+		return strdup(s);
 	asprintf(&out, "unknown fcntl command(%d)", cmd);
 	return out;
 }

--=-FDDa0DUx50DTcc+mjhJd
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


--=-FDDa0DUx50DTcc+mjhJd--