From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: Re: Two small errors in ausearch-parse.c Date: Tue, 06 Oct 2015 11:47:09 -0400 Message-ID: <1539828.zXIRCf1O94@x2> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com List-Id: linux-audit@redhat.com On Saturday, October 03, 2015 06:13:16 PM Emily Ratliff wrote: > While testing usage of some tools, I stumbled across two small errors in > ausearch-parse.c. I have attached two patches Thanks. Applied. > end-fix.patch fixes the segfaults which can be found by running > ausearch -m USER_AUTH,USER_ACCT --success no --if end-986-dump.log > and > ausearch -m USER_AUTH,USER_ACCT --success no --if error-ausearch.log > > term-segfault.patch fixes the errors that can be found by running > aureport -if corrupt-log-for-aureport.log > and > ausearch -m USER_AUTH,USER_ACCT --success no --if > corrupt-log-for-ausearch.log > > The erroneous log files were produced using zzuf. The corrupted log files > are also attached. It is unlikely that a user will encounter corrupted > audit log files in the wild, so these bugs aren't serious, but they are > easy to fix. I would agree. The fixes were in a place where an intial " was found and it was looking for the terminating one. Its highly unlikely this would ever be encountered in the wild because libaudit would typically handle the writing of that ". -Steve