[PATCH] Fix a bug of parsing "acct=" in function parse

public inbox for linux-audit@redhat.com
 help / color / mirror / Atom feed

* [PATCH] Fix a bug of parsing "acct=" in function parse_user()
@ 2008-08-28 10:40 Peng Haitao
  2008-08-28 19:16 ` Steve Grubb
  2008-08-28 19:34 ` Steve Grubb
  0 siblings, 2 replies; 3+ messages in thread
From: Peng Haitao @ 2008-08-28 10:40 UTC (permalink / raw)
  To: Steve Grubb; +Cc: audit-list

Hello steve,

The value of "acct=" which is not in double quotation, cannot be right gotten.

The log is:
type=USER_CHAUTHTOK msg=audit(1167580800.033:178653): user pid=23192 uid=0 auid=0 subj=root:system_r:unconfined_t:s0-s0:c0.c1023 msg='op=adding user acct=aulog exe="/usr/sbin/useradd" (hostname=?, addr=?, terminal=pts/6 res=success)'

Signed-off-by: Peng Haitao <penght@cn.fujitsu.com>

---
 src/ausearch-parse.c |    3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)

diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
index d9c305a..b80b984 100644
--- a/src/ausearch-parse.c
+++ b/src/ausearch-parse.c
@@ -791,13 +791,12 @@ static int parse_user(const lnode *n, search_items *s)
 				*term = saved;
 			} else { 
 				/* Handle legacy accts */
-				char *end = term;
+				char *end = ptr;
 				int legacy = 0;
 
 				while (*end != ' ') {
 					if (!isxdigit(*end)) {
 						legacy = 1;
-						break;
 					}
 					end++;
 				}
-- 
1.5.3


-- 
Regards
Peng Haitao

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] Fix a bug of parsing "acct=" in function parse_user()
  2008-08-28 10:40 [PATCH] Fix a bug of parsing "acct=" in function parse_user() Peng Haitao
@ 2008-08-28 19:16 ` Steve Grubb
  2008-08-28 19:34 ` Steve Grubb
  1 sibling, 0 replies; 3+ messages in thread
From: Steve Grubb @ 2008-08-28 19:16 UTC (permalink / raw)
  To: Peng Haitao; +Cc: audit-list

On Thursday 28 August 2008 06:40:01 Peng Haitao wrote:
> The value of "acct=" which is not in double quotation, cannot be right
> gotten.
>
> The log is:
> type=USER_CHAUTHTOK msg=audit(1167580800.033:178653): user pid=23192 uid=0
> auid=0 subj=root:system_r:unconfined_t:s0-s0:c0.c1023 msg='op=adding user
> acct=aulog exe="/usr/sbin/useradd" (hostname=?, addr=?, terminal=pts/6
> res=success)'

Thanks for providing the log entry that causes a problem. How does this show 
up as a problem in ausearch or aureport?

Thanks,
-Steve

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] Fix a bug of parsing "acct=" in function parse_user()
  2008-08-28 10:40 [PATCH] Fix a bug of parsing "acct=" in function parse_user() Peng Haitao
  2008-08-28 19:16 ` Steve Grubb
@ 2008-08-28 19:34 ` Steve Grubb
  1 sibling, 0 replies; 3+ messages in thread
From: Steve Grubb @ 2008-08-28 19:34 UTC (permalink / raw)
  To: Peng Haitao; +Cc: audit-list

On Thursday 28 August 2008 06:40:01 Peng Haitao wrote:
> he value of "acct=" which is not in double quotation, cannot be right
> gotten.

OK, I see what this is doing. Applied. Thanks for the patch.

-Steve

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2008-08-28 19:34 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-08-28 10:40 [PATCH] Fix a bug of parsing "acct=" in function parse_user() Peng Haitao
2008-08-28 19:16 ` Steve Grubb
2008-08-28 19:34 ` Steve Grubb

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox