From mboxrd@z Thu Jan  1 00:00:00 1970
From: Zhang Xiliang <zhangxiliang@cn.fujitsu.com>
Subject: [PATCH 1/2] Fix the bug for missing field name before operator
Date: Thu, 07 Aug 2008 18:32:01 +0800
Message-ID: <489ACF21.8080707@cn.fujitsu.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Steve Grubb <sgrubb@redhat.com>, Linux Audit <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

Hello Steve,

Steve Grubb said the following on 2008-08-07 3:19:
> > 
> > Yes, this was in attempt to make sure that they didn't type -F =10. In that 
> > case v will equal f because they start at the same address.
> > 
> > -Steve
> > 

I think the way "f == v" can't make sure that they didn't type -F =10.
After "v = strstr(pair, "=")" and v++. The v will not equal to f.

For example,
auditctl -a exit,always -F =10
Error message "-F unknown field: =10" is output. 

It is checked by "audit_name_to_field()", but not "f == v".
Because before v++, the "*v" is set to 0. we can use "*f == 0" to check out the case. The patch is for it.

Signed-off-by: Zhang Xiliang <zhangxiliang@cn.fujitsu.com>
---
 lib/deprecated.c |    5 ++++-
 lib/libaudit.c   |    5 ++++-
 src/auditctl.c   |    4 ++++
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/lib/deprecated.c b/lib/deprecated.c
index af1780b..6bf42dd 100644
--- a/lib/deprecated.c
+++ b/lib/deprecated.c
@@ -227,8 +227,11 @@ int audit_rule_fieldpair(struct audit_rule *rule, const char *pair, int flags)
 		// op = AUDIT_EQUAL;
 	}
 
-	if (v == NULL || f == v)
+	if (v == NULL)
 		return -1;
+	
+	if (*f == 0)
+		return -22;
 
 	if (*v == 0)
 		return -20;
diff --git a/lib/libaudit.c b/lib/libaudit.c
index 42c2176..e0f108a 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -820,8 +820,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
 		op = AUDIT_BIT_MASK;
 	}
 
-	if (v == NULL || f == v)
+	if (v == NULL)
 		return -1;
+	
+	if (*f == 0)
+		return -22;
 
 	if (*v == 0)
 		return -20;
diff --git a/src/auditctl.c b/src/auditctl.c
index 10894f9..6144795 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -852,6 +852,10 @@ static int setopt(int count, char *vars[])
 					"-F value should be a number for %s\n", optarg);
 				retval = -1;
 				break;
+			case -22:
+				fprintf(stderr,
+					"-F missing field name before operator for %s\n", optarg);
+				retval = -1;
 			default:
 				retval = -1;
 				break;