* [PATCH] auparse: add a check to au->source_list to ensure it not null
@ 2013-05-08 1:46 车烈权
0 siblings, 0 replies; 4+ messages in thread
From: 车烈权 @ 2013-05-08 1:46 UTC (permalink / raw)
To: linux-audit; +Cc: mitr
[-- Attachment #1.1: Type: text/plain, Size: 2792 bytes --]
Hi all:
I found a bug the process auvrt generate a coredump when there is no file
named audit.log, In the case the /var/log/audit/audit.log removed by
someone.
I make a patch to solve this problem.
Index: auparse/auparse.c
===================================================================
--- auparse/auparse.c (版本 814)
+++ auparse/auparse.c (工作副本)
@@ -806,7 +806,7 @@
case AUSOURCE_FILE:
case AUSOURCE_FILE_ARRAY:
// if the first time through, open file
- if (au->list_idx == 0 && au->in == NULL) {
+ if (au->list_idx == 0 && au->in == NULL &&
au->source_list != NULL) {
if (au->source_list[au->list_idx] == NULL) {
errno = 0;
return -2;
[clq@localhost trunk]# auvirt
Unable to open /var/log/audit/audit.log (No such file or directory)
No log file
Segmentation fault (core dumped)
The backtrace is as follows:
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Core was generated by `./tools/auvirt/.libs/lt-auvirt'.
Program terminated with signal 11, Segmentation fault.
#0 0x00007fb2cc547b24 in retrieve_next_line (au=0x682830) at auparse.c:810
810 if (au->source_list[au->list_idx] ==
NULL) {
Missing separate debuginfos, use: debuginfo-install
glibc-2.12-1.107.el6.x86_64
(gdb) bt
#0 0x00007fb2cc547b24 in retrieve_next_line (au=0x682830) at auparse.c:810
#1 auparse_next_event (au=0x682830) at auparse.c:958
#2 0x00007fb2cc547c52 in auparse_first_record (au=<value optimized out>) at
auparse.c:1131
#3 0x00007fb2cc547d77 in ausearch_next_event (au=0x682830) at auparse.c:923
#4 0x00000000004043b8 in main (argc=<value optimized out>, argv=<value
optimized out>) at auvirt.c:1542
(gdb) f 0
#0 0x00007fb2cc547b24 in retrieve_next_line (au=0x682830) at auparse.c:810
810 if (au->source_list[au->list_idx] ==
NULL) {
(gdb) p *au
$1 = {source = AUSOURCE_LOGS, source_list = 0x0, list_idx = 0, in = 0x0,
line_number = 0, next_buf = 0x0, off = 0, cur_buf = 0x0,
line_pushed = 0, le = {head = 0x0, cur = 0x0, cnt = 0, e = {sec = 0, milli
= 0, serial = 0, host = 0x0}}, expr = 0x680c90,
find_field = 0x0, search_where = AUSEARCH_STOP_EVENT, parse_state =
EVENT_EMPTY, databuf = {flags = 0, alloc_size = 0,
alloc_ptr = 0x0, offset = 0, len = 0, max_len = 0}, callback = 0,
callback_user_data = 0x0, callback_user_data_destroy = 0}
(gdb) p au->source_list
$2 = (char **) 0x0
(gdb)
Best Regards!
[-- Attachment #1.2: Type: text/html, Size: 11013 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH] auparse: add a check to au->source_list to ensure it not null
@ 2013-05-08 7:06 liequan che
0 siblings, 0 replies; 4+ messages in thread
From: liequan che @ 2013-05-08 7:06 UTC (permalink / raw)
To: linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 2778 bytes --]
Hi all:
I found a bug the process auvrt generate a coredump when there is no file
named audit.log, In the case the /var/log/audit/audit.log removed by
someone.
I make a patch to solve this problem.
Index: auparse/auparse.c
===================================================================
--- auparse/auparse.c (版本 814)
+++ auparse/auparse.c (工作副本)
@@ -806,7 +806,7 @@
case AUSOURCE_FILE:
case AUSOURCE_FILE_ARRAY:
// if the first time through, open file
- if (au->list_idx == 0 && au->in == NULL) {
+ if (au->list_idx == 0 && au->in == NULL &&
au->source_list != NULL) {
if (au->source_list[au->list_idx] == NULL) {
errno = 0;
return -2;
[clq@localhost trunk]# auvirt
Unable to open /var/log/audit/audit.log (No such file or directory)
No log file
Segmentation fault (core dumped)
The backtrace is as follows:
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Core was generated by `./tools/auvirt/.libs/lt-auvirt'.
Program terminated with signal 11, Segmentation fault.
#0 0x00007fb2cc547b24 in retrieve_next_line (au=0x682830) at auparse.c:810
810 if (au->source_list[au->list_idx]
== NULL) {
Missing separate debuginfos, use: debuginfo-install
glibc-2.12-1.107.el6.x86_64
(gdb) bt
#0 0x00007fb2cc547b24 in retrieve_next_line (au=0x682830) at auparse.c:810
#1 auparse_next_event (au=0x682830) at auparse.c:958
#2 0x00007fb2cc547c52 in auparse_first_record (au=<value optimized out>)
at auparse.c:1131
#3 0x00007fb2cc547d77 in ausearch_next_event (au=0x682830) at auparse.c:923
#4 0x00000000004043b8 in main (argc=<value optimized out>, argv=<value
optimized out>) at auvirt.c:1542
(gdb) f 0
#0 0x00007fb2cc547b24 in retrieve_next_line (au=0x682830) at auparse.c:810
810 if (au->source_list[au->list_idx]
== NULL) {
(gdb) p *au
$1 = {source = AUSOURCE_LOGS, source_list = 0x0, list_idx = 0, in = 0x0,
line_number = 0, next_buf = 0x0, off = 0, cur_buf = 0x0,
line_pushed = 0, le = {head = 0x0, cur = 0x0, cnt = 0, e = {sec = 0,
milli = 0, serial = 0, host = 0x0}}, expr = 0x680c90,
find_field = 0x0, search_where = AUSEARCH_STOP_EVENT, parse_state =
EVENT_EMPTY, databuf = {flags = 0, alloc_size = 0,
alloc_ptr = 0x0, offset = 0, len = 0, max_len = 0}, callback = 0,
callback_user_data = 0x0, callback_user_data_destroy = 0}
(gdb) p au->source_list
$2 = (char **) 0x0
(gdb)
Best Regards!
[-- Attachment #1.2: Type: text/html, Size: 8178 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH] auparse: add a check to au->source_list to ensure it not null
@ 2013-05-08 10:53 车烈权
2013-05-09 2:13 ` Steve Grubb
0 siblings, 1 reply; 4+ messages in thread
From: 车烈权 @ 2013-05-08 10:53 UTC (permalink / raw)
To: linux-audit; +Cc: mitr
[-- Attachment #1.1: Type: text/plain, Size: 2792 bytes --]
Hi all:
I found a bug the process auvrt generate a coredump when there is no file
named audit.log, In the case the /var/log/audit/audit.log removed by
someone.
I make a patch to solve this problem.
Index: auparse/auparse.c
===================================================================
--- auparse/auparse.c (版本 814)
+++ auparse/auparse.c (工作副本)
@@ -806,7 +806,7 @@
case AUSOURCE_FILE:
case AUSOURCE_FILE_ARRAY:
// if the first time through, open file
- if (au->list_idx == 0 && au->in == NULL) {
+ if (au->list_idx == 0 && au->in == NULL &&
au->source_list != NULL) {
if (au->source_list[au->list_idx] == NULL) {
errno = 0;
return -2;
[clq@localhost trunk]# auvirt
Unable to open /var/log/audit/audit.log (No such file or directory)
No log file
Segmentation fault (core dumped)
The backtrace is as follows:
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Core was generated by `./tools/auvirt/.libs/lt-auvirt'.
Program terminated with signal 11, Segmentation fault.
#0 0x00007fb2cc547b24 in retrieve_next_line (au=0x682830) at auparse.c:810
810 if (au->source_list[au->list_idx] ==
NULL) {
Missing separate debuginfos, use: debuginfo-install
glibc-2.12-1.107.el6.x86_64
(gdb) bt
#0 0x00007fb2cc547b24 in retrieve_next_line (au=0x682830) at auparse.c:810
#1 auparse_next_event (au=0x682830) at auparse.c:958
#2 0x00007fb2cc547c52 in auparse_first_record (au=<value optimized out>) at
auparse.c:1131
#3 0x00007fb2cc547d77 in ausearch_next_event (au=0x682830) at auparse.c:923
#4 0x00000000004043b8 in main (argc=<value optimized out>, argv=<value
optimized out>) at auvirt.c:1542
(gdb) f 0
#0 0x00007fb2cc547b24 in retrieve_next_line (au=0x682830) at auparse.c:810
810 if (au->source_list[au->list_idx] ==
NULL) {
(gdb) p *au
$1 = {source = AUSOURCE_LOGS, source_list = 0x0, list_idx = 0, in = 0x0,
line_number = 0, next_buf = 0x0, off = 0, cur_buf = 0x0,
line_pushed = 0, le = {head = 0x0, cur = 0x0, cnt = 0, e = {sec = 0, milli
= 0, serial = 0, host = 0x0}}, expr = 0x680c90,
find_field = 0x0, search_where = AUSEARCH_STOP_EVENT, parse_state =
EVENT_EMPTY, databuf = {flags = 0, alloc_size = 0,
alloc_ptr = 0x0, offset = 0, len = 0, max_len = 0}, callback = 0,
callback_user_data = 0x0, callback_user_data_destroy = 0}
(gdb) p au->source_list
$2 = (char **) 0x0
(gdb)
Best Regards!
[-- Attachment #1.2: Type: text/html, Size: 11009 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] auparse: add a check to au->source_list to ensure it not null
2013-05-08 10:53 [PATCH] auparse: add a check to au->source_list to ensure it not null 车烈权
@ 2013-05-09 2:13 ` Steve Grubb
0 siblings, 0 replies; 4+ messages in thread
From: Steve Grubb @ 2013-05-09 2:13 UTC (permalink / raw)
To: 车烈权; +Cc: linux-audit
On Wednesday, May 08, 2013 06:53:15 PM 车烈权 wrote:
> I found a bug the process auvrt generate a coredump when there is no file
> named audit.log, In the case the /var/log/audit/audit.log removed by
> someone.
>
> I make a patch to solve this problem.
Applied. Thanks!
-Steve
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-05-09 2:13 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-05-08 10:53 [PATCH] auparse: add a check to au->source_list to ensure it not null 车烈权
2013-05-09 2:13 ` Steve Grubb
-- strict thread matches above, loose matches on Subject: below --
2013-05-08 7:06 liequan che
2013-05-08 1:46 车烈权
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox