If the num_logs is set to 0 and keep_logs is set, we go back into a
loop of MAX_INT! in rotate_logs().
commit 9145e97c ("Do not rotate logs when num_logs < 2.") fixed the
issue with not going further if num_logs is less than 2, because if
num_logs is zero, we trigger this bug because of the loop:
for (i=num_logs - 1; i>1; i--) {
As i is an unsigned int, if num_logs is zero, we initialize i to
"0 - 1" or 4,294,967,295. Thus, runs this loop over 4 billion times!
But this caused a regressing if keep_logs is set, so this
num_logs < 2 was skipped if keep_logs is set, causing the huge loop
to run once again if num_logs is zero!
There's no reason i needs to be unsigned, if i is signed, then if we
pass in num_logs = 0, then i will start off as -1, and -1 > 1 will fail
the loop and fix the issue. I don't envision anyone wanting to
keep 2,147,483,648 log files around.
Fixes: a7f9f8b5 ("Fix auditd regression where keep_logs is limited by
rotate_logs 2 file test")
Signed-off-by: Steven Rostedt (VMware) <[email protected]>
---
diff --git a/src/auditd-event.c b/src/auditd-event.c
index 1c93173..68eacd5 100644
--- a/src/auditd-event.c
+++ b/src/auditd-event.c
@@ -1012,8 +1012,8 @@ static void fix_disk_permissions(void)
static void rotate_logs(unsigned int num_logs, unsigned int keep_logs)
{
- int rc;
- unsigned int len, i;
+ int rc, i;
+ unsigned int len;
char *oldname, *newname;
/* Check that log rotation is enabled in the configuration file. There
@@ -1065,7 +1065,7 @@ static void rotate_logs(unsigned int num_logs, unsigned
int keep_logs)
snprintf(oldname, len, "%s.1", config->log_file);
known_logs = 0;
- for (i=num_logs - 1; i>1; i--) {
+ for (i=(int)num_logs - 1; i>1; i--) {
snprintf(oldname, len, "%s.%u", config->log_file, i-1);
snprintf(newname, len, "%s.%u", config->log_file, i);
/* if the old file exists */
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
