Audit contexts can be reused, so initialize a name's osid to the
default in audit_getname(). This ensures we don't log a bogus object
label when no inode data is collected for a name.
Untested patch against lspp.63 kernel.
Signed-off-by: Amy Griffis <[EMAIL PROTECTED]>
---
diff -Nrup linux-2.6.18.x86_64/kernel/auditsc.c
linux-2.6.18.x86_64-amg/kernel/auditsc.c
--- linux-2.6.18.x86_64/kernel/auditsc.c 2007-01-23 17:17:07.000000000
-0500
+++ linux-2.6.18.x86_64-amg/kernel/auditsc.c 2007-01-23 17:20:35.000000000
-0500
@@ -1215,6 +1215,7 @@ void __audit_getname(const char *name)
context->names[context->name_count].name_len = AUDIT_NAME_FULL;
context->names[context->name_count].name_put = 1;
context->names[context->name_count].ino = (unsigned long)-1;
+ context->names[context->name_count].osid = 0;
++context->name_count;
if (!context->pwd) {
read_lock(¤t->fs->lock);
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
