From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marcelo Cerri Subject: [PATCH 1/2] auparse: Remove quotes from parsed fields Date: Wed, 8 Feb 2012 15:04:57 -0200 Message-ID: <1328720698-24633-1-git-send-email-mhcerri@linux.vnet.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from mx1.redhat.com (ext-mx13.extmail.prod.ext.phx2.redhat.com [10.5.110.18]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id q18H5YGe006226 for ; Wed, 8 Feb 2012 12:05:34 -0500 Received: from e24smtp04.br.ibm.com (e24smtp04.br.ibm.com [32.104.18.25]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id q18H5WHI021818 for ; Wed, 8 Feb 2012 12:05:32 -0500 Received: from /spool/local by e24smtp04.br.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 8 Feb 2012 15:05:21 -0200 Received: from d24av02.br.ibm.com (d24av02.br.ibm.com [9.8.31.93]) by d24relay03.br.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id q18H51OW21954716 for ; Wed, 8 Feb 2012 15:05:02 -0200 Received: from d24av02.br.ibm.com (loopback [127.0.0.1]) by d24av02.br.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id q18H512g027019 for ; Wed, 8 Feb 2012 15:05:01 -0200 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com Cc: gcwilson@us.ibm.com, bryntcor@us.ibm.com List-Id: linux-audit@redhat.com Auparse just removes single quotes at the end of a field value and leaves quotes at the beginning. With this patch, auparse removes quotes at the beggining of a parsed field value and handles double quotes at the same way as single quotes. This is a simple test program to reproduce the problem: ----- int main() { const char *buffer= "type=VIRT_RESOURCE msg=audit(1327574186.046:174): user pid=6748 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0 msg='virt=kvm resrc=net reason=start vm=\"CentOS\" uuid=fb4149f5-9ff6-4095-f6d3-a1d03936fdfa old-net='?' new-net='52:54:00:DB:AE:B4 test': exe=\"/usr/sbin/libvirtd\" hostname=? addr=? terminal=? res=success'\n"; auparse_state_t *au = auparse_init(AUSOURCE_BUFFER, buffer); if (au == NULL) return -1; while (auparse_next_event(au) > 0) { printf("%s\n", auparse_find_field(au, "new-net")); } auparse_destroy(au); return 0; } ----- --- auparse/ellist.c | 6 +++++- 1 files changed, 5 insertions(+), 1 deletions(-) diff --git a/auparse/ellist.c b/auparse/ellist.c index eafcfee..8c3061d 100644 --- a/auparse/ellist.c +++ b/auparse/ellist.c @@ -137,6 +137,9 @@ static int parse_up_record(rnode* r) // Remove beginning cruft of name if (*ptr == '(') ptr++; + // Remove quotes + if (*val == '\'' || *val == '"') + val++; n.name = strdup(ptr); n.val = strdup(val); // Remove trailing punctuation @@ -149,7 +152,8 @@ static int parse_up_record(rnode* r) n.val[len-1] = 0; len--; } - if (len && n.val[len-1] == '\'') { + if (len && (n.val[len - 1] == '\'' + || n.val[len - 1] == '"')) { n.val[len-1] = 0; len--; } -- 1.7.1