packages/aide
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Package init

Browse Source
This commit is contained in:
overweight 2019-09-30 10:31:23 -04:00
commit 0ab47545b7
13 changed files with 719 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
Add-missing-include-in-src-db.c.patch Normal file
View File

@ -0,0 +1,28 @@
From c6e47606cb485457afd06d74c7f372011184fa73 Mon Sep 17 00:00:00 2001
From: Ilya Tumaykin <itumaykin@gmail.com>
Date: Tue, 23 May 2017 17:24:29 +0300
Subject: [PATCH 05/20] Add missing include in src/db.c
url_fclose() function used in this file is defined in fopen.h.
---
src/db.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/db.c b/src/db.c
index dd133d4..858240d 100644
--- a/src/db.c
+++ b/src/db.c
@@ -28,6 +28,10 @@
#include "db_disk.h"
#include "md.h"
+#ifdef WITH_CURL
+#include "fopen.h"
+#endif
+
#ifdef WITH_PSQL
#include "db_sql.h"
#endif
--
2.19.1

46
Fix-root_prefix-option.patch Normal file
View File

@ -0,0 +1,46 @@
From 11a2c9828cc5d182a0a3090af4ee7687eb997f57 Mon Sep 17 00:00:00 2001
From: Hannes von Haugwitz <hannes@vonhaugwitz.com>
Date: Sat, 18 Nov 2017 09:00:27 +0100
Subject: [PATCH 02/20] Fix root_prefix option
---
ChangeLog | 3 +++
src/db_disk.c | 4 ++--
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 14a3c72..43f84a1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+2017-11-18 Hannes von Haugwitz <hannes@vonhaugwitz.com>
+ * Fix root_prefix option
+
2017-10-29 Hannes von Haugwitz <hannes@vonhaugwitz.com>
* Fix short form of --limit parameter
diff --git a/src/db_disk.c b/src/db_disk.c
index 47e3e3e..36748e7 100644
--- a/src/db_disk.c
+++ b/src/db_disk.c
@@ -203,7 +203,7 @@ db_line *db_readline_disk ()
fullname=malloc((conf->root_prefix_length+2)*sizeof(char));
strncpy(fullname, conf->root_prefix, conf->root_prefix_length+1);
strncat (fullname, "/", 1);
- if (!get_file_status(&fullname[conf->root_prefix_length], &fs)) {
+ if (!get_file_status(fullname, &fs)) {
add = check_rxtree (&fullname[conf->root_prefix_length], conf->tree, &attr, fs.st_mode);
error (240, "%s match=%d, tree=%p, attr=%llu\n", &fullname[conf->root_prefix_length], add,
conf->tree, attr);
@@ -249,7 +249,7 @@ recursion:
If not call, db_readline_disk again...
*/
- if (get_file_status(&fullname[conf->root_prefix_length], &fs)) {
+ if (get_file_status(fullname, &fs)) {
free (fullname);
goto recursion;
}
--
2.19.1

37
Fix-short-form-of-limit-parameter.patch Normal file
View File

@ -0,0 +1,37 @@
From 4863aa95d571c95107841aebf97d3d32aa8b3577 Mon Sep 17 00:00:00 2001
From: Hannes von Haugwitz <hannes@vonhaugwitz.com>
Date: Sun, 29 Oct 2017 22:16:39 +0100
Subject: [PATCH 01/20] Fix short form of --limit parameter
---
ChangeLog | 3 +++
src/aide.c | 2 +-
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index 263c438..14a3c72 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+2017-10-29 Hannes von Haugwitz <hannes@vonhaugwitz.com>
+ * Fix short form of --limit parameter
+
2016-07-25 Hannes von Haugwitz <hannes@vonhaugwitz.com>
* Release version 0.16
diff --git a/src/aide.c b/src/aide.c
index f85c1b4..2971178 100644
--- a/src/aide.c
+++ b/src/aide.c
@@ -117,7 +117,7 @@ static int read_param(int argc,char**argv)
};
while(1){
- option = getopt_long(argc, argv, "hV::vc:B:A:r:iCuDE", options, &i);
+ option = getopt_long(argc, argv, "hV::vc:l:B:A:r:iCuDE", options, &i);
if(option==-1)
break;
switch(option)
--
2.19.1

40
README.quickstart Normal file
View File

@ -0,0 +1,40 @@
1) Customize /etc/aide.conf to your liking. In particular, add
important directories and files which you would like to be
covered by integrity checks. Avoid files which are expected
to change frequently or which don't affect the safety of your
system.
2) Run "/usr/sbin/aide --init" to build the initial database.
With the default setup, that creates /var/lib/aide/aide.db.new.gz
3) Store /etc/aide.conf, /usr/sbin/aide and /var/lib/aide/aide.db.new.gz
in a secure location, e.g. on separate read-only media (such as
CD-ROM). Alternatively, keep MD5 fingerprints or GPG signatures
of those files in a secure location, so you have means to verify
that nobody modified those files.
4) Copy /var/lib/aide/aide.db.new.gz to /var/lib/aide/aide.db.gz
which is the location of the input database.
5) Run "/usr/sbin/aide --check" to check your system for inconsistencies
compared with the AIDE database. Prior to running a check manually,
ensure that the AIDE binary and database have not been modified
without your knowledge.
Caution!
With the default setup, an AIDE check is not run periodically as a
cron job. It cannot be guaranteed that the AIDE binaries, config
file and database are intact. It is not recommended that you run
automated AIDE checks without verifying AIDE yourself frequently.
In addition to that, AIDE does not implement any password or
encryption protection for its own files.
It is up to you how to put a file integrity checker to good effect
and how to set up automated checks if you think it adds a level of
safety (e.g. detecting failed/incomplete compromises or unauthorized
modification of special files). On a compromised system, the
intruder could disable the automated check. Or he could replace the
AIDE binary, config file and database easily when they are not
located on read-only media.

27
Skip-reading-section-data-if-the-section-doesn-t-con.patch Normal file
View File

@ -0,0 +1,27 @@
From dd98dbd23770b8f8b95dc5a08ad5d5546831076a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Jirkovsk=C3=BD?= <l.jirkovsky@gmail.com>
Date: Fri, 8 Mar 2019 20:44:51 +0100
Subject: [PATCH 19/20] Skip reading section data if the section doesn't
contain any table.
Fixes floating point exception on go files.
---
src/do_md.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/do_md.c b/src/do_md.c
index 86fde8d..35c0751 100644
--- a/src/do_md.c
+++ b/src/do_md.c
@@ -99,7 +99,7 @@ int is_prelinked(int fd) {
while (!bingo && (scn = elf_nextscn(elf, scn)) != NULL) {
(void) gelf_getshdr(scn, &shdr);
- if (shdr.sh_type != SHT_DYNAMIC)
+ if (shdr.sh_type != SHT_DYNAMIC || shdr.sh_entsize == 0)
continue;
while (!bingo && (data = elf_getdata (scn, data)) != NULL) {
--
2.19.1

BIN
aide-0.16.tar.gz Normal file
View File

Binary file not shown.

103
aide-0.16b1-fipsfix.patch Normal file
View File

@ -0,0 +1,103 @@
diff -up ./src/aide.c.orig ./aide-0.16b1/src/aide.c
--- ./src/aide.c.orig 2016-07-12 11:10:08.013158385 +0200
+++ ./src/aide.c 2016-07-12 11:30:54.867833064 +0200
@@ -511,9 +511,28 @@ int main(int argc,char**argv)
#endif
umask(0177);
init_sighandler();
-
setdefaults_before_config();
+#if WITH_GCRYPT
+ error(255,"Gcrypt library initialization\n");
+ /*
+ * Initialize libgcrypt as per
+ * http://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html
+ *
+ *
+ */
+ gcry_control(GCRYCTL_SET_ENFORCED_FIPS_FLAG, 0);
+ gcry_control(GCRYCTL_INIT_SECMEM, 1);
+
+ if(!gcry_check_version(GCRYPT_VERSION)) {
+ error(0,"libgcrypt version mismatch\n");
+ exit(VERSION_MISMATCH_ERROR);
+ }
+
+ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+#endif /* WITH_GCRYPT */
+
+
if(read_param(argc,argv)==RETFAIL){
error(0, _("Invalid argument\n") );
exit(INVALID_ARGUMENT_ERROR);
@@ -646,6 +665,9 @@ int main(int argc,char**argv)
}
#endif
}
+#ifdef WITH_GCRYPT
+ gcry_control(GCRYCTL_TERM_SECMEM, 0);
+#endif /* WITH_GCRYPT */
return RETOK;
}
const char* aide_key_3=CONFHMACKEY_03;
diff -up ./src/md.c.orig ./aide-0.16b1/src/md.c
--- ./src/md.c.orig 2016-04-15 23:30:16.000000000 +0200
+++ ./src/md.c 2016-07-12 11:35:04.007675329 +0200
@@ -201,14 +201,7 @@ int init_md(struct md_container* md) {
}
#endif
#ifdef WITH_GCRYPT
- error(255,"Gcrypt library initialization\n");
- if(!gcry_check_version(GCRYPT_VERSION)) {
- error(0,"libgcrypt version mismatch\n");
- exit(VERSION_MISMATCH_ERROR);
- }
- gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
- gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
- if(gcry_md_open(&md->mdh,0,0)!=GPG_ERR_NO_ERROR){
+ if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){
error(0,"gcrypt_md_open failed\n");
exit(IO_ERROR);
}
@@ -299,7 +292,7 @@ int close_md(struct md_container* md) {
/*. There might be more hashes in the library. Add those here.. */
- gcry_md_reset(md->mdh);
+ gcry_md_close(md->mdh);
#endif
#ifdef WITH_MHASH
diff -up ./src/util.c.orig ./aide-0.16b1/src/util.c
--- ./src/util.c.orig 2016-07-12 11:39:17.023437355 +0200
+++ ./src/util.c 2016-07-12 11:39:51.618721157 +0200
@@ -519,28 +519,5 @@ int syslog_facility_lookup(char *s)
return(AIDE_SYSLOG_FACILITY);
}
-/* We need these dummy stubs to fool the linker into believing that
- we do not need them at link time */
-
-void* dlopen(char*filename,int flag)
-{
- return NULL;
-}
-
-void* dlsym(void*handle,char*symbol)
-{
- return NULL;
-}
-
-void* dlclose(void*handle)
-{
- return NULL;
-}
-
-const char* dlerror(void)
-{
- return NULL;
-}
-
const char* aide_key_2=CONFHMACKEY_02;
const char* db_key_2=DBHMACKEY_02;

15
aide-0.16rc1-man.patch Normal file
View File

@ -0,0 +1,15 @@
diff -up ./doc/aide.1.in.orig ./doc/aide.1.in
--- ./doc/aide.1.in.orig 2016-07-12 16:10:01.724595895 +0200
+++ ./doc/aide.1.in 2016-07-12 16:06:21.968639822 +0200
@@ -103,9 +103,9 @@ echo <encoded_checksum> | base64 \-d | h
.SH FILES
.IP \fB@sysconfdir@/aide.conf\fR
Default aide configuration file.
-.IP \fB@sysconfdir@/aide.db\fR
+.IP \fB@localstatedir@/lib/aide/aide.db\fR
Default aide database.
-.IP \fB@sysconfdir@/aide.db.new\fR
+.IP \fB@localstatedir@/lib/aide/aide.db.new\fR
Default aide output database.
.SH SEE ALSO
.BR aide.conf (5)

37
aide-define_hash_use_gcrypt.patch Normal file
View File

@ -0,0 +1,37 @@
diff -Nur aide-0.16/include/md.h aide-0.16.new/include/md.h
--- aide-0.16/include/md.h 2016-07-25 22:56:55.000000000 +0200
+++ aide-0.16.new/include/md.h 2018-11-21 14:07:01.347479021 +0100
@@ -48,7 +48,7 @@
#define HASH_GCRYPT_COUNT GCRY_MD_CRC32
#ifndef WITH_MHASH
#define HASH_USE_GCRYPT (DB_MD5|DB_SHA1|DB_RMD160|DB_TIGER|DB_CRC32|\
- DB_HAVAL|DB_CRC32|DB_SHA256|DB_SHA512)
+ DB_CRC32B|DB_SHA256|DB_SHA512)
#endif
#endif
diff -Nur aide-0.16/src/md.c aide-0.16.new/src/md.c
--- aide-0.16/src/md.c 2016-07-25 22:56:55.000000000 +0200
+++ aide-0.16.new/src/md.c 2018-11-21 14:06:05.602295496 +0100
@@ -55,10 +55,12 @@
r=DB_TIGER;
break;
}
+/* until libgcrypt-1.8.4 not implemented yet, see doc/gcrypt.info-1
case GCRY_MD_HAVAL: {
r=DB_HAVAL;
break;
}
+*/
case GCRY_MD_SHA256: {
r=DB_SHA256;
break;
@@ -219,7 +221,7 @@
if(gcry_md_enable(md->mdh,i)==GPG_ERR_NO_ERROR){
md->calc_attr|=h;
} else {
- error(0,"gcry_md_enable %i failed",i);
+ error(0,"gcry_md_enable %i failed, see /usr/include/gcrypt.h enum gcry_md_algos",i);
md->todo_attr&=~h;
}
}

223
aide.conf Normal file
View File

@ -0,0 +1,223 @@
# Example configuration file for AIDE.
@@define DBDIR /var/lib/aide
@@define LOGDIR /var/log/aide
# The location of the database to be read.
database=file:@@{DBDIR}/aide.db.gz
# The location of the database to be written.
#database_out=sql:host:port:database:login_name:passwd:table
#database_out=file:aide.db.new
database_out=file:@@{DBDIR}/aide.db.new.gz
# Whether to gzip the output to database
gzip_dbout=yes
# Default.
verbose=5
report_url=file:@@{LOGDIR}/aide.log
report_url=stdout
#report_url=stderr
#NOT IMPLEMENTED report_url=mailto:root@foo.com
#NOT IMPLEMENTED report_url=syslog:LOG_AUTH
# These are the default rules.
#
#p: permissions
#i: inode:
#n: number of links
#u: user
#g: group
#s: size
#b: block count
#m: mtime
#a: atime
#c: ctime
#S: check for growing size
#acl: Access Control Lists
#selinux SELinux security context
#xattrs: Extended file attributes
#md5: md5 checksum
#sha1: sha1 checksum
#sha256: sha256 checksum
#sha512: sha512 checksum
#rmd160: rmd160 checksum
#tiger: tiger checksum
#haval: haval checksum (MHASH only)
#gost: gost checksum (MHASH only)
#crc32: crc32 checksum (MHASH only)
#whirlpool: whirlpool checksum (MHASH only)
FIPSR = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha256
#R: p+i+n+u+g+s+m+c+acl+selinux+xattrs+md5
#L: p+i+n+u+g+acl+selinux+xattrs
#E: Empty group
#>: Growing logfile p+u+g+i+n+S+acl+selinux+xattrs
# You can create custom rules like this.
# With MHASH...
# ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32
ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger
# Everything but access time (Ie. all changes)
EVERYTHING = R+ALLXTRAHASHES
# Sane, with multiple hashes
# NORMAL = R+rmd160+sha256+whirlpool
NORMAL = FIPSR+sha512
# For directories, don't bother doing hashes
DIR = p+i+n+u+g+acl+selinux+xattrs
# Access control only
PERMS = p+i+u+g+acl+selinux
# Logfile are special, in that they often change
LOG = >
# Just do sha256 and sha512 hashes
LSPP = FIPSR+sha512
# Some files get updated automatically, so the inode/ctime/mtime change
# but we want to know when the data inside them changes
DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha256
# Next decide what directories/files you want in the database.
/boot NORMAL
/bin NORMAL
/sbin NORMAL
/lib NORMAL
/lib64 NORMAL
/opt NORMAL
/usr NORMAL
/root NORMAL
# These are too volatile
!/usr/src
!/usr/tmp
# Check only permissions, inode, user and group for /etc, but
# cover some important files closely.
/etc PERMS
!/etc/mtab
# Ignore backup files
!/etc/.*~
/etc/exports NORMAL
/etc/fstab NORMAL
/etc/passwd NORMAL
/etc/group NORMAL
/etc/gshadow NORMAL
/etc/shadow NORMAL
/etc/security/opasswd NORMAL
/etc/hosts.allow NORMAL
/etc/hosts.deny NORMAL
/etc/sudoers NORMAL
/etc/skel NORMAL
/etc/logrotate.d NORMAL
/etc/resolv.conf DATAONLY
/etc/nscd.conf NORMAL
/etc/securetty NORMAL
# Shell/X starting files
/etc/profile NORMAL
/etc/bashrc NORMAL
/etc/bash_completion.d/ NORMAL
/etc/login.defs NORMAL
/etc/zprofile NORMAL
/etc/zshrc NORMAL
/etc/zlogin NORMAL
/etc/zlogout NORMAL
/etc/profile.d/ NORMAL
/etc/X11/ NORMAL
# Pkg manager
/etc/yum.conf NORMAL
/etc/yumex.conf NORMAL
/etc/yumex.profiles.conf NORMAL
/etc/yum/ NORMAL
/etc/yum.repos.d/ NORMAL
/var/log LOG
/var/run/utmp LOG
# This gets new/removes-old filenames daily
!/var/log/sa
# As we are checking it, we've truncated yesterdays size to zero.
!/var/log/aide.log
# LSPP rules...
# AIDE produces an audit record, so this becomes perpetual motion.
# /var/log/audit/ LSPP
/etc/audit/ LSPP
/etc/libaudit.conf LSPP
/usr/sbin/stunnel LSPP
/var/spool/at LSPP
/etc/at.allow LSPP
/etc/at.deny LSPP
/etc/cron.allow LSPP
/etc/cron.deny LSPP
/etc/cron.d/ LSPP
/etc/cron.daily/ LSPP
/etc/cron.hourly/ LSPP
/etc/cron.monthly/ LSPP
/etc/cron.weekly/ LSPP
/etc/crontab LSPP
/var/spool/cron/root LSPP
/etc/login.defs LSPP
/etc/securetty LSPP
/var/log/faillog LSPP
/var/log/lastlog LSPP
/etc/hosts LSPP
/etc/sysconfig LSPP
/etc/inittab LSPP
/etc/grub/ LSPP
/etc/rc.d LSPP
/etc/ld.so.conf LSPP
/etc/localtime LSPP
/etc/sysctl.conf LSPP
/etc/modprobe.conf LSPP
/etc/pam.d LSPP
/etc/security LSPP
/etc/aliases LSPP
/etc/postfix LSPP
/etc/ssh/sshd_config LSPP
/etc/ssh/ssh_config LSPP
/etc/stunnel LSPP
/etc/vsftpd.ftpusers LSPP
/etc/vsftpd LSPP
/etc/issue LSPP
/etc/issue.net LSPP
/etc/cups LSPP
# With AIDE's default verbosity level of 5, these would give lots of
# warnings upon tree traversal. It might change with future version.
#
#=/lost\+found DIR
#=/home DIR
# Ditto /var/log/sa reason...
!/var/log/and-httpd
# Admins dot files constantly change, just check perms
/root/\..* PERMS

9
aide.logrotate Normal file
View File

@ -0,0 +1,9 @@
/var/log/aide/*.log {
weekly
missingok
rotate 4
compress
delaycompress
copytruncate
minsize 100k
}

106
aide.spec Normal file
View File

@ -0,0 +1,106 @@
Name: aide
Version: 0.16
Release: 13
Summary: Advanced Intrusion Detection Environment
License: GPLv2+
URL: http://sourceforge.net/projects/aide
Source0: http://sourceforge.net/projects/aide/files/aide/%{version}/%{name}-%{version}.tar.gz
Source1: aide.conf
Source2: README.quickstart
Source3: aide.logrotate
BuildRequires: gcc make bison flex pcre-devel libgpg-error-devel libgcrypt-devel zlib-devel libcurl-devel
BuildRequires: libacl-devel libselinux-devel libattr-devel e2fsprogs-devel audit-libs-devel git
Patch1: aide-0.16rc1-man.patch
Patch2: aide-0.16b1-fipsfix.patch
Patch6000: aide-define_hash_use_gcrypt.patch
Patch6001: Fix-short-form-of-limit-parameter.patch
Patch6002: Fix-root_prefix-option.patch
Patch6003: Add-missing-include-in-src-db.c.patch
Patch6004: src-do_md.c-fix-memory-leak-in-is_prelinked.patch
Patch6005: Skip-reading-section-data-if-the-section-doesn-t-con.patch
%description
AIDE (Advanced Intrusion Detection Environment, [eyd]) is a file and directory integrity checker.
It creates a database from the regular expression rules that it finds from the config file(s).
Once this database is initialized it can be used to verify the integrity of the files.
%package_help
%prep
%autosetup -n %{name}-%{version} -p1 -Sgit
%build
%configure --disable-static --with-config_file=%{_sysconfdir}/aide.conf --with-gcrypt --with-zlib \
--with-curl --with-posix-acl --with-selinux --with-xattr --with-e2fsattrs --with-audit
make %{?_smp_mflags}
%install
%make_install bindir=%{_sbindir}
install -Dpm0644 -t %{buildroot}%{_sysconfdir} %{S:1}
install -Dpm0644 -t %{buildroot}%{_datadir}/doc/aide-help %{S:2}
install -Dpm0644 -t %{buildroot}%{_sysconfdir}/logrotate.d/aide %{S:3}
mkdir -p %{buildroot}%{_localstatedir}/log/aide
mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide
%pre
%preun
%post
%postun
%files
%defattr(-,root,root)
%license COPYING
%doc AUTHORS ChangeLog contrib/
%{_sbindir}/*
%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/aide.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/aide
%dir %attr(0700,root,root) %{_localstatedir}/lib/aide
%dir %attr(0700,root,root) %{_localstatedir}/log/aide
%files help
%defattr(-,root,root)
%doc NEWS README doc/manual.html README.quickstart
%{_mandir}/*/*
%changelog
* Sat Sep 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.16-13
- Type:enhancement
- ID:NA
- SUG:NA
- DESC:revise description
* Fri Aug 23 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.16-12
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:strengthen spec
* Tue Aug 20 2019 guoxiaoqi<guoxiaoqi2@huawei.com> - 0.16-11
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:rename patches
* Tue Apr 9 2019 wangxiao<wangxiao65@huawei.com> - 0.16-10
- Type:bugfix
- ID:NA
- SUG:restart
- DESC:Fix short form of --limit parameter
Fix root_prefix option
Add missing include in src/db.c
Fix memory leak in is_prelinked
Skip reading section data if the section doesn't contain any table.
* Sun Apr 7 2019 zoujing<zoujing13@huawei.com> - 0.16-9
- Type:enhancement
- ID:NA
- SUG:restart
- DESC: backport patch for fixing "DBG: md_enable: algorithm 7 not available"
* Tue Jul 31 2018 openEuler Buildteam <buildteam@openeuler.org> - 0.16-8
- Package init

48
src-do_md.c-fix-memory-leak-in-is_prelinked.patch Normal file
View File

@ -0,0 +1,48 @@
From 242ce0bd6cedbbc989c565364679c57ee9171424 Mon Sep 17 00:00:00 2001
From: Hannes von Haugwitz <hannes@vonhaugwitz.com>
Date: Fri, 7 Dec 2018 08:16:08 +0100
Subject: [PATCH 10/20] src/do_md.c: fix memory leak in is_prelinked
* thanks to Robert Springer for the patch
* closes #103
---
ChangeLog | 4 ++++
src/do_md.c | 7 +++++--
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/do_md.c b/src/do_md.c
index bc06e62..86fde8d 100644
--- a/src/do_md.c
+++ b/src/do_md.c
@@ -1,7 +1,7 @@
/* aide, Advanced Intrusion Detection Environment
* vi: ts=8 sw=8
*
- * Copyright (C) 1999-2002,2004-2006,2009-2011,2013 Rami Lehti, Pablo
+ * Copyright (C) 1999-2002,2004-2006,2009-2011,2013,2018 Rami Lehti, Pablo
* Virolainen, Mike Markley, Richard van den Berg, Hannes von Haugwitz
* $Header$
*
@@ -90,8 +90,10 @@ int is_prelinked(int fd) {
if ((elf = elf_begin (fd, ELF_C_READ, NULL)) == NULL
|| elf_kind(elf) != ELF_K_ELF
|| gelf_getehdr(elf, &ehdr) == NULL
- || !(ehdr.e_type == ET_DYN || ehdr.e_type == ET_EXEC))
+ || !(ehdr.e_type == ET_DYN || ehdr.e_type == ET_EXEC)) {
+ elf_end(elf);
return 0;
+ }
bingo = 0;
while (!bingo && (scn = elf_nextscn(elf, scn)) != NULL) {
@@ -113,6 +115,7 @@ int is_prelinked(int fd) {
}
}
}
+ elf_end(elf);
return bingo;
}
--
2.19.1