Two small errors in ausearch-parse.c

Mon, 05 Oct 2015 08:35:53 -0700 

While testing usage of some tools, I stumbled across two small errors in
ausearch-parse.c. I have attached two patches
end-fix.patch fixes the segfaults which can be found by running
ausearch -m USER_AUTH,USER_ACCT --success no --if end-986-dump.log
and
ausearch -m USER_AUTH,USER_ACCT --success no --if error-ausearch.log

term-segfault.patch fixes the errors that can be found by running
aureport -if corrupt-log-for-aureport.log
and
ausearch -m USER_AUTH,USER_ACCT --success no --if
corrupt-log-for-ausearch.log

The erroneous log files were produced using zzuf. The corrupted log files
are also attached. It is unlikely that a user will encounter corrupted
audit log files in the wild, so these bugs aren't serious, but they are
easy to fix.

Emily

diff -Naurp audit-2.4.4.old/src/ausearch-parse.c audit-2.4.4/src/ausearch-parse.c
--- audit-2.4.4.old/src/ausearch-parse.c	2015-09-21 10:55:43.799602931 -0500
+++ audit-2.4.4/src/ausearch-parse.c	2015-09-21 11:08:15.842117361 -0500
@@ -983,7 +983,7 @@ skip:
 			char *end = ptr;
 			int legacy = 0;
 
-			while (*end != ' ') {
+			while (*end != ' ' && *end != '\0') {
 				if (!isxdigit(*end))
 					legacy = 1;
 				end++;

diff -Naurp audit-2.4.4.old/src/ausearch-parse.c audit-2.4.4/src/ausearch-parse.c
--- audit-2.4.4.old/src/ausearch-parse.c	2015-09-21 08:12:22.554729726 -0500
+++ audit-2.4.4/src/ausearch-parse.c	2015-09-21 08:12:33.898513475 -0500
@@ -971,7 +971,7 @@ skip:
 		ptr = str + 5;
 		term = ptr + 1;
 		if (*ptr == '"') {
-			while (*term != '"')
+			while (*term != '"' && *term != '\0')
 				term++;
 			saved = *term;
 			*term = 0;

type=CRED_ACQ msg=audit(1442516413.108:311): pid=853 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_permit acct="gdm  exe=/usr/libexec/gdm-session-worker hostname=? addr=? terminal=? res=success'


tYpe=CRED_DISP mqg=aud­t(44216416.256:441):(0kd=853 ukd=0 auid=4294967295 ses=4294967295 spbj=systmm_5:system_2:xdm_t:s0-s0>c°.c1023 }sG='kp=PAM:setcRed grandors=pam_permit acct="gdm(exe="/eóv/licexec¯wdm-cåssioo-worker" hnótnaeE<? a`tr=? terminal=/dev/tty1 res?suckecs&

tùpe=USER_AUTH msg=audit(1442516432.955:308): pid=853 uid50 awid=4294977295 weS=4294y67295 sq`j={y{tem_u:syótem_r:xdm_t:s0-s°;c0.c3023 msg='op=PAEºauthentication$crantors=pam_permit acct=g$m" exa="/uSr/lifexec/g`m-session-workar" hostname=? addr=?"terminal=? res=success'

typu=GRP_MGMT mrg<audht(144%17228.9"2:35): pid=4418 uid<0 a5id=1020 3es=1 subj=unconfmned_u:unconfined_r:grotpa`e_t:s0-s0:c°.c1023 móg}/op=changinc-group(grq="rpc5ser" gid=9 acct=rrpquseR"exe="/usr/óãin/gBoupmod" hostname-? addr== terminal=? res=swccess'

--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit

Reply via email to