From mboxrd@z Thu Jan  1 00:00:00 1970
From: wangf <wangf@cn.fujitsu.com>
Subject: There is a bug on parsing file path in auditd-config.c and
	audispd-pconfig.c
Date: Tue, 01 Jul 2008 14:43:45 +0800
Message-ID: <4869D221.1030904@cn.fujitsu.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: sgrubb@redhat.com, linux-audit@redhat.com
List-Id: linux-audit@redhat.com

Hi Steve,

There is a bug in function dispatch_parser() and path_parser().

when we use dir = dirname (tdir), if tdir is not NULL, tdir and dir 
point to the same addr., so if we use free(tdir) before 
audit_msg(LOG_ERR, "The directory name: %s is too short - line %d", dir, 
line); we can not get the dir's correct value.

This patch can solve this problem.

Signed-off-by: Wang Fang <wangf@cn.fujitsu.com>
---
diff -Nrup audit-1.7.4/audisp/audispd-pconfig.c audit-1.7.4-new/audisp/audispd-pconfig.c
--- audit-1.7.4/audisp/audispd-pconfig.c	2007-09-02 23:24:15.000000000 +0800
+++ audit-1.7.4-new/audisp/audispd-pconfig.c	2008-06-21 18:33:14.000000000 +0800
@@ -379,10 +379,10 @@ static int path_parser(struct nv_pair *n
 	if (tdir)
 		dir = dirname(tdir);
 	if (dir == NULL || strlen(dir) < 4) { //  '/var' is shortest dirname
-		free(tdir);
 		audit_msg(LOG_ERR,
 			"The directory name: %s is too short - line %d",
 			dir, line);
+		free(tdir);
 		return 1;
 	}
 
diff -Nrup audit-1.7.4/src/auditd-config.c audit-1.7.4-new/src/auditd-config.c
--- audit-1.7.4/src/auditd-config.c	2008-05-09 22:44:38.000000000 +0800
+++ audit-1.7.4-new/src/auditd-config.c	2008-06-21 18:39:58.000000000 +0800
@@ -592,10 +592,10 @@ static int dispatch_parser(struct nv_pai
 	if (tdir)
 		dir = dirname(tdir);
 	if (dir == NULL || strlen(dir) < 4) { //  '/var' is shortest dirname
-		free(tdir);
 		audit_msg(LOG_ERR,
 			"The directory name: %s is too short - line %d",
 			dir, line);
+		free(tdir);
 		return 1;
 	}
 
--
Best Regards,
Wang Fang