packages/aide
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Handle malformed path and duplicate database entries

Browse Source
This commit is contained in:
yixiangzhike 2022-02-22 17:54:47 +08:00
parent e298ed2559
commit 5149f9a812
3 changed files with 204 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
aide.spec
View File

@ -1,6 +1,6 @@
Name: aide Name: aide
Version: 0.17.3 Version: 0.17.3
Release: 4 Release: 5
Summary: Advanced Intrusion Detection Environment Summary: Advanced Intrusion Detection Environment
License: GPLv2+ License: GPLv2+
URL: http://sourceforge.net/projects/aide URL: http://sourceforge.net/projects/aide
@ -13,6 +13,8 @@ BuildRequires: libacl-devel libselinux-devel libattr-devel e2fsprogs-devel audi
Patch0: Add-sm3-algorithm-for-aide.patch Patch0: Add-sm3-algorithm-for-aide.patch
Patch1: backport-CVE-2021-45417-Precalculate-buffer-size-in-base64-functions.patch Patch1: backport-CVE-2021-45417-Precalculate-buffer-size-in-base64-functions.patch
Patch2: backport-Handle-malformed-database-lines.patch
Patch3: backport-Fix-handling-of-duplicate-database-entries.patch
%description %description
AIDE (Advanced Intrusion Detection Environment, [eyd]) is a file and directory integrity checker. AIDE (Advanced Intrusion Detection Environment, [eyd]) is a file and directory integrity checker.
@ -60,6 +62,12 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide
%{_mandir}/*/* %{_mandir}/*/*
%changelog %changelog
* Tue Feb 22 2022 yixiangzhike <yixiangzhike007@163.com> - 0.17.3-5
- Type:bugfix
- ID:NA
- SUG:NA
- DESC: handle malformed path and duplicate database entries
* Tue Feb 8 2022 yixiangzhike <yixiangzhike007@163.com> - 0.17.3-4 * Tue Feb 8 2022 yixiangzhike <yixiangzhike007@163.com> - 0.17.3-4
- Type:CVE - Type:CVE
- ID:CVE-2021-45417 - ID:CVE-2021-45417

26
backport-Fix-handling-of-duplicate-database-entries.patch Normal file
View File

@ -0,0 +1,26 @@
From 1067d1e1ce10dcd8f374e9d4295d39d75abf4958 Mon Sep 17 00:00:00 2001
From: Hannes von Haugwitz <hannes@vonhaugwitz.com>
Date: Sun, 20 Feb 2022 18:09:10 +0100
Subject: [PATCH] Fix handling of duplicate database entries
* closes: #122
---
src/gen_list.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/gen_list.c b/src/gen_list.c
index bf5ce2e..a1467f3 100644
--- a/src/gen_list.c
+++ b/src/gen_list.c
@@ -352,7 +352,7 @@ static void add_file_to_tree(seltree* tree,db_line* file,int db_flags, const dat
if(!node){
node=new_seltree_node(tree,file->filename,0,NULL);
log_msg(LOG_LEVEL_DEBUG, "added new node '%s' (%p) for '%s' (reason: new entry)", node->path, node, file->filename);
- } else if (db && db_flags&DB_NEW?node->new_data:node->old_data) {
+ } else if (db && node->checked&db_flags) {
LOG_DB_FORMAT_LINE(LOG_LEVEL_WARNING, duplicate database entry found for '%s' (skip line), file->filename)
free_db_line(file);
free(file);
--
1.8.3.1

169
backport-Handle-malformed-database-lines.patch Normal file
View File

@ -0,0 +1,169 @@
From efaaba614c946118d731b542319b99a25a0a199c Mon Sep 17 00:00:00 2001
From: Hannes von Haugwitz <hannes@vonhaugwitz.com>
Date: Tue, 18 Jan 2022 21:20:07 +0100
Subject: [PATCH] Handle malformed database lines
* handle malformed path
* handle duplicate database entry
* closes: #122
---
src/db_file.c | 19 ++++++++++++-------
src/gen_list.c | 34 +++++++++++++++++++---------------
2 files changed, 31 insertions(+), 22 deletions(-)
diff --git a/src/db_file.c b/src/db_file.c
index 86d5b31..30324f2 100644
--- a/src/db_file.c
+++ b/src/db_file.c
@@ -1,7 +1,7 @@
/*
* AIDE (Advanced Intrusion Detection Environment)
*
- * Copyright (C) 1999-2007, 2010-2013, 2016, 2018-2021 Rami Lehti,
+ * Copyright (C) 1999-2007, 2010-2013, 2016, 2018-2022 Rami Lehti,
* Pablo Virolainen, Mike Markley, Richard van den Berg,
* Hannes von Haugwitz
*
@@ -249,13 +249,18 @@ char** db_readline_file(database* db) {
break;
}
case TPATH: {
- i = 0;
- s = checked_malloc(sizeof(char*)*num_attrs);
- for(ATTRIBUTE j=0; j<num_attrs; j++){
- s[j]=NULL;
+ if (*dbtext != '/') {
+ LOG_DB_FORMAT_LINE(LOG_LEVEL_WARNING, invalid path found: '%s' (skip line), dbtext);
+ skip_line(db);
+ } else {
+ i = 0;
+ s = checked_malloc(sizeof(char*)*num_attrs);
+ for(ATTRIBUTE j=0; j<num_attrs; j++){
+ s[j]=NULL;
+ }
+ s[i] = checked_strdup(dbtext);
+ LOG_DB_FORMAT_LINE(LOG_LEVEL_DEBUG, '%s' set field '%s' (position %d): '%s', s[0], attributes[db->fields[i]].db_name, i, dbtext);
}
- s[i] = checked_strdup(dbtext);
- LOG_DB_FORMAT_LINE(LOG_LEVEL_DEBUG, '%s' set field '%s' (position %d): '%s', s[0], attributes[db->fields[i]].db_name, i, dbtext);
break;
}
case TSTRING: {
diff --git a/src/gen_list.c b/src/gen_list.c
index 98b437c..bf5ce2e 100644
--- a/src/gen_list.c
+++ b/src/gen_list.c
@@ -1,7 +1,7 @@
/*
* AIDE (Advanced Intrusion Detection Environment)
*
- * Copyright (C) 1999-2006, 2009-2012, 2015-2016, 2019-2021 Rami Lehti,
+ * Copyright (C) 1999-2006, 2009-2012, 2015-2016, 2019-2022 Rami Lehti,
* Pablo Virolainen, Mike Markley, Richard van den Berg,
* Hannes von Haugwitz
*
@@ -342,9 +342,8 @@ void strip_dbline(db_line* line)
/*
* add_file_to_tree
- * db = which db this file belongs to
*/
-static void add_file_to_tree(seltree* tree,db_line* file,int db)
+static void add_file_to_tree(seltree* tree,db_line* file,int db_flags, const database *db)
{
seltree* node=NULL;
@@ -353,14 +352,19 @@ static void add_file_to_tree(seltree* tree,db_line* file,int db)
if(!node){
node=new_seltree_node(tree,file->filename,0,NULL);
log_msg(LOG_LEVEL_DEBUG, "added new node '%s' (%p) for '%s' (reason: new entry)", node->path, node, file->filename);
+ } else if (db && db_flags&DB_NEW?node->new_data:node->old_data) {
+ LOG_DB_FORMAT_LINE(LOG_LEVEL_WARNING, duplicate database entry found for '%s' (skip line), file->filename)
+ free_db_line(file);
+ free(file);
+ return;
}
/* add note to this node which db has modified it */
- node->checked|=db;
+ node->checked|=db_flags;
strip_dbline(file);
- switch (db) {
+ switch (db_flags) {
case DB_OLD: {
log_msg(LOG_LEVEL_DEBUG, "add old entry '%s' (%c) to node '%s' (%p) as old data", file->filename, get_file_type_char_from_perm(file->perm), node->path, node);
node->old_data=file;
@@ -430,9 +434,9 @@ static void add_file_to_tree(seltree* tree,db_line* file,int db)
db_line *newData;
seltree* moved_node;
- moved_node=get_seltree_inode(tree,file,db==DB_OLD?DB_NEW:DB_OLD);
+ moved_node=get_seltree_inode(tree,file,db_flags==DB_OLD?DB_NEW:DB_OLD);
if(!(moved_node == NULL || moved_node == node)) {
- if(db == DB_NEW) {
+ if(db_flags == DB_NEW) {
newData = node->new_data;
oldData = moved_node->old_data;
log_msg(LOG_LEVEL_DEBUG, "checking old data of node '%s' with new data of '%s'", moved_node->path, node->path);
@@ -453,8 +457,8 @@ static void add_file_to_tree(seltree* tree,db_line* file,int db)
/* Free the data if same else leave as is for report_tree */
DB_ATTR_TYPE changed_attr_moved_file = get_changed_attributes(oldData, newData);
if ((changed_attr_moved_file&~(ATTR(attr_ctime))) == RETOK) {
- node->checked |= db==DB_NEW ? NODE_MOVED_IN : NODE_MOVED_OUT;
- moved_node->checked |= db==DB_NEW ? NODE_MOVED_OUT : NODE_MOVED_IN;
+ node->checked |= db_flags==DB_NEW ? NODE_MOVED_IN : NODE_MOVED_OUT;
+ moved_node->checked |= db_flags==DB_NEW ? NODE_MOVED_OUT : NODE_MOVED_IN;
if (changed_attr_moved_file & (ATTR(attr_ctime))) {
log_msg(LOG_LEVEL_DEBUG,_(" ctime is ignored, due to filename change: '%s' => '%s'"), oldData->filename, newData->filename);
}
@@ -471,13 +475,13 @@ static void add_file_to_tree(seltree* tree,db_line* file,int db)
log_msg(LOG_LEVEL_DEBUG, "no moved file found for '%s'", file->filename);
}
}
- if( (db == DB_NEW) &&
+ if( (db_flags == DB_NEW) &&
(node->new_data!=NULL) &&
(file->attr & ATTR(attr_allownewfile)) ){
node->checked|=NODE_ALLOW_NEW;
log_msg(LOG_LEVEL_DEBUG,_(" mark node '%s' as NODE_ALLOW_NEW (reason: entry '%s' has ANF attribute set)"), node->path, file->filename);
}
- if( (db == DB_OLD) &&
+ if( (db_flags == DB_OLD) &&
(node->old_data!=NULL) &&
(file->attr & ATTR(attr_allowrmfile)) ){
node->checked|=NODE_ALLOW_RM;
@@ -677,7 +681,7 @@ void populate_tree(seltree* tree, bool dry_run)
db_lex_buffer(&(conf->database_new));
while((new=db_readline(&(conf->database_new))) != NULL){
if((add=check_rxtree(new->filename,tree, &rule, get_restriction_from_perm(new->perm), dry_run))>0){
- add_file_to_tree(tree,new,DB_NEW);
+ add_file_to_tree(tree,new,DB_NEW, &(conf->database_new));
} else {
free_db_line(new);
free(new);
@@ -692,7 +696,7 @@ void populate_tree(seltree* tree, bool dry_run)
new=NULL;
log_msg(LOG_LEVEL_INFO, "read new entries from disk (root: '%s', limit: '%s')", conf->root_prefix, conf->limit?conf->limit:"(none)");
while((new=db_readline_disk(dry_run)) != NULL) {
- add_file_to_tree(tree,new,DB_NEW);
+ add_file_to_tree(tree,new,DB_NEW, NULL);
}
}
if((conf->action&DO_COMPARE)||(conf->action&DO_DIFF)){
@@ -701,9 +705,9 @@ void populate_tree(seltree* tree, bool dry_run)
while((old=db_readline(&(conf->database_in))) != NULL) {
add=check_rxtree(old->filename,tree, &rule, get_restriction_from_perm(old->perm), dry_run);
if(add > 0) {
- add_file_to_tree(tree,old,DB_OLD);
+ add_file_to_tree(tree,old,DB_OLD, &(conf->database_in));
} else if (conf->limit!=NULL && add < 0) {
- add_file_to_tree(tree,old,DB_OLD|DB_NEW);
+ add_file_to_tree(tree,old,DB_OLD|DB_NEW, &(conf->database_in));
}else{
if(!initdbwarningprinted){
log_msg(LOG_LEVEL_WARNING, _("%s:%s: old database entry '%s' has no matching rule, run --init or --update (this warning is only shown once)"), get_url_type_string((conf->database_in.url)->type), (conf->database_in.url)->value, old->filename);
--
1.8.3.1