Hello,
The "interpretation" code in libuparse stores literal strings as
interpreted data for the second operand of fcntl(). This causes a crash
in free() when freeing the record.
The attached patch fixes the crash.
Mirek
diff -urN audit/auparse/interpret.c audit-1.7.4/auparse/interpret.c
--- audit/auparse/interpret.c 2008-05-15 23:09:57.000000000 +0200
+++ audit-1.7.4/auparse/interpret.c 2008-06-02 16:04:38.000000000 +0200
@@ -732,7 +732,7 @@
s = fcntl_i2s(cmd);
if (s != NULL)
- return s;
+ return strdup(s);
asprintf(&out, "unknown fcntl command(%d)", cmd);
return out;
}
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
