From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jeff Layton <jlayton@redhat.com>
Subject: Re: [PATCH] audit: missing variable declaration/initialization when
	AUDIT_DEBUG == 2.
Date: Thu, 26 Jul 2012 08:34:19 -0400
Message-ID: <20120726083419.16bf047f@tlielax.poochiereds.net>
References: <1342647041-13210-1-git-send-email-pmoody@google.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <1342647041-13210-1-git-send-email-pmoody@google.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Peter Moody <pmoody@google.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Wed, 18 Jul 2012 14:30:41 -0700
Peter Moody <pmoody@google.com> wrote:

> Additionally it looks like audit_free_names might return too early when
> AUDIT_DEBUG was set to 2.
> 
> Signed-off-by: Peter Moody <pmoody@google.com>
> ---
>  kernel/auditsc.c |    8 ++++----
>  1 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 4b96415..0c1db46 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -997,6 +997,7 @@ static inline void audit_free_names(struct audit_context *context)
>  
>  #if AUDIT_DEBUG == 2
>  	if (context->put_count + context->ino_count != context->name_count) {
> +		int i = 0;
>  		printk(KERN_ERR "%s:%d(:%d): major=%d in_syscall=%d"
>  		       " name_count=%d put_count=%d"
>  		       " ino_count=%d [NOT freeing]\n",
> @@ -1005,11 +1006,10 @@ static inline void audit_free_names(struct audit_context *context)
>  		       context->name_count, context->put_count,
>  		       context->ino_count);
>  		list_for_each_entry(n, &context->names_list, list) {
> -			printk(KERN_ERR "names[%d] = %p = %s\n", i,
> +			printk(KERN_ERR "names[%d] = %p = %s\n", i++,
>  			       n->name, n->name ?: "(null)");
>  		}
>  		dump_stack();
> -		return;
>  	}

I'm not certain what the intent of this code was, but if you remove the
"return" above, then the printk above it that says "[NOT FREEING]". Will
no longer be valid.

>  #endif
>  #if AUDIT_DEBUG
> @@ -2084,10 +2084,10 @@ void audit_putname(const char *name)
>  		       __FILE__, __LINE__, context->serial, name);
>  		if (context->name_count) {
>  			struct audit_names *n;
> -			int i;
> +			int i = 0;
>  
>  			list_for_each_entry(n, &context->names_list, list)
> -				printk(KERN_ERR "name[%d] = %p = %s\n", i,
> +				printk(KERN_ERR "name[%d] = %p = %s\n", i++,
>  				       n->name, n->name ?: "(null)");
>  			}
>  #endif