Hi Steve, Thank you for your prompt response and for pointing to a solution.
Yes, this patch it's applied to audit v2.4.3. It's an embedded device, and at the moment, we're unable to upgrade the audit to a higher audit version. If audit v2.4.y were still maintainable, would you accept this patch for audit v2.4.y? -Javier On 12/12/20 1:45 PM, Steve Grubb wrote: > Hello, > > Thanks for the patch. But if its true that this is against audit-2.4.3, then > there is a good chance this is fixed by 2.8.5. There were a number of fixes in > this area that fixed various issues with plugins. > > Best Regards, > -Steve > > On Friday, December 11, 2020 9:10:50 PM EST Javier Tiá wrote: >> On ARM 32-Bits, audispd is crashing. Backtrace: >> >> (gdb) bt >> 0 0xb6e20958 in __GI_raise (sig=sig@entry=6) >> at /usr/src/debug/glibc/2.23-r0/git/sysdeps/unix/sysv/linux/raise.c:54 >> 1 0xb6e21e58 in __GI_abort () >> at /usr/src/debug/glibc/2.23-r0/git/stdlib/abort.c:118 >> 2 0xb6e59d64 in __libc_message (do_abort=do_abort@entry=2, >> fmt=0xb6f1119c "*** Error in `%s': %s: 0x%s ***\n") >> at /usr/src/debug/glibc/2.23-r0/git/sysdeps/posix/libc_fatal.c:175 >> 3 0xb6e60108 in malloc_printerr (action=<optimized out>, >> str=0xb6f11354 "double free or corruption (fasttop)", ptr=<optimized >> out>, ar_ptr=<optimized out>) >> at /usr/src/debug/glibc/2.23-r0/git/malloc/malloc.c:5007 >> 4 0xb6e60a98 in _int_free (av=0xb6f2d79c <main_arena>, p=<optimized out>, >> have_lock=<optimized out>) >> at /usr/src/debug/glibc/2.23-r0/git/malloc/malloc.c:3868 >> 5 0x004234b8 in free_pconfig (config=0x43b398) >> at >> /usr/src/debug/audit/2.4.3-r8/audit-2.4.3/audisp/audispd-pconfig.c:513 6 >> 0x00421244 in main (argc=<optimized out>, argv=<optimized out>) at >> /usr/src/debug/audit/2.4.3-r8/audit-2.4.3/audisp/audispd.c:464 >> >> (gdb) f 5 >> (gdb) p config->path >> $2 = 0x43b5f0 "" >> (gdb) p config->name >> $3 = 0x43b370 "h\264C >> >> Be paranoid and overwrite config->path with zero bytes before doing the >> free(). >> --- >> audisp/audispd-pconfig.c | 4 ++++ >> 1 file changed, 4 insertions(+) >> >> diff --git a/audisp/audispd-pconfig.c b/audisp/audispd-pconfig.c >> index a8b7878..a13f681 100644 >> --- a/audisp/audispd-pconfig.c >> +++ b/audisp/audispd-pconfig.c >> @@ -510,7 +510,11 @@ void free_pconfig(plugin_conf_t *config) >> close(config->plug_pipe[0]); >> if (config->plug_pipe[1] >= 0) >> close(config->plug_pipe[1]); >> + /* Be paranoid and overwrite config->path with zero bytes before doing >> the + * free() */ >> + memset(config->path, 0, strlen(config->path)); >> free((void *)config->path); >> + config->path = NULL; >> free((void *)config->name); >> } > > > > -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
