From mboxrd@z Thu Jan  1 00:00:00 1970
From: Zhang Xiliang <zhangxiliang@cn.fujitsu.com>
Subject: [PATCH 1/5] Add the field checking for missing value after opration
Date: Wed, 06 Aug 2008 16:12:42 +0800
Message-ID: <48995CFA.5020302@cn.fujitsu.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Steve Grubb <sgrubb@redhat.com>, Linux Audit <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

Hello Steve, 

I think the missing value for -F should be checking. 

For example,
auditctl -a exit,always -F pid=

No error message is output and "pid=0" is added to rule.


Signed-off-by: Zhang Xiliang <zhangxiliang@cn.fujitsu.com>
---
 lib/deprecated.c |    3 +++
 lib/libaudit.c   |    3 +++
 src/auditctl.c   |    5 +++++
 3 files changed, 11 insertions(+), 0 deletions(-)

diff --git a/lib/deprecated.c b/lib/deprecated.c
index e05e826..5a1c04f 100644
--- a/lib/deprecated.c
+++ b/lib/deprecated.c
@@ -230,6 +230,9 @@ int audit_rule_fieldpair(struct audit_rule *rule, const char *pair, int flags)
 	if (v == NULL || f == v)
 		return -1;
 
+	if (*v == NULL)
+		return -20;
+
 	audit_msg(LOG_DEBUG,"pair=%s\n", f);
 	if ((field = audit_name_to_field(f)) < 0) 
 		return -2;
diff --git a/lib/libaudit.c b/lib/libaudit.c
index 4bedfaf..6ec15d8 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -823,6 +823,9 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
 	if (v == NULL || f == v)
 		return -1;
 
+	if (*v == NULL)
+		return -20;
+
 	if ((field = audit_name_to_field(f)) < 0) 
 		return -2;
 
diff --git a/src/auditctl.c b/src/auditctl.c
index 48f1369..3958afb 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -847,6 +847,11 @@ static int setopt(int count, char *vars[])
 					"Key field needs a watch or syscall given prior to it\n");
 				retval = -1;
 				break;
+			case -20:
+				fprintf(stderr,
+					"-F missing value after opration for %s\n", optarg);
+				retval = -1;
+				break;
 			default:
 				retval = -1;
 				break;