packages/audit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update audit to 2.8.5

Browse Source
This commit is contained in:
wangchen2020 2020-07-29 11:58:15 +08:00
parent 46b4865a7b
commit 1322107cb8
10 changed files with 19 additions and 532 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
0067-Fix-minor-memory-leak-in-auditd-kerberos-credentials.patch
View File

@ -1,43 +0,0 @@
From c34481d21c51241e571873627a8da17556e153d2 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Tue, 22 Jan 2019 08:10:30 +0100
Subject: [PATCH 67/99] Fix minor memory leak in auditd kerberos credentials
code
---
src/auditd-listen.c | 11 +++++++++--
1 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/auditd-listen.c b/src/auditd-listen.c
index 613cae6..bce8ca0 100644
--- a/src/auditd-listen.c
+++ b/src/auditd-listen.c
@@ -1107,7 +1107,11 @@ next_try:
}
}
- server_acquire_creds(princ, &server_creds);
+ if (server_acquire_creds(princ, &server_creds)) {
+ free(my_service_name);
+ my_service_name = NULL;
+ return -1;
+ }
}
#endif
@@ -1127,8 +1131,11 @@ void auditd_tcp_listen_uninit(struct ev_loop *loop, struct daemon_conf *config)
}
#ifdef USE_GSSAPI
- if (USE_GSS)
+ if (USE_GSS) {
gss_release_cred(&status, &server_creds);
+ free(my_service_name);
+ my_service_name = NULL;
+ }
#endif
while (client_chain) {
--
1.8.3.1

43
Fix-a-couple-more-fuzzer-induced-bugs.patch
View File

@ -1,43 +0,0 @@
From bbbebbef926376a7bec116a2cc3aadd86af75bb4 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Sat, 15 Dec 2018 14:12:56 -0500
Subject: [PATCH 209/217] Fix a couple more fuzzer induced bugs
---
src/ausearch-parse.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
index 44499c7..311f699 100644
--- a/src/ausearch-parse.c
+++ b/src/ausearch-parse.c
@@ -603,6 +603,8 @@ static int parse_syscall(lnode *n, search_items *s)
if (s->key) {
char *saved;
char *keyptr = unescape(str);
+ if (keyptr == NULL)
+ return 45;
char *kptr = strtok_r(keyptr,
key_sep, &saved);
while (kptr) {
@@ -1599,6 +1601,8 @@ static int parse_sockaddr(const lnode *n, search_items *s)
str += 6;
len = strlen(str)/2;
s->hostname = unescape(str);
+ if (s->hostname == NULL)
+ return 4;
saddr = (struct sockaddr *)s->hostname;
if (saddr->sa_family == AF_INET) {
if (len < sizeof(struct sockaddr_in)) {
@@ -2300,6 +2304,8 @@ static int parse_simple_message(const lnode *n, search_items *s)
if (s->key) {
char *saved;
char *keyptr = unescape(ptr);
+ if (keyptr == NULL)
+ return 8;
char *kptr = strtok_r(keyptr,
key_sep, &saved);
while (kptr) {
--
1.8.3.1

29
Fix-memory-leak-when-logs-are-corrupted.patch
View File

@ -1,29 +0,0 @@
From cc434ad723bba5c7da4d8e440130f55a9437961c Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Sat, 15 Dec 2018 09:55:29 -0500
Subject: [PATCH 206/217] Fix memory leak when logs are corrupted
---
auparse/ellist.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/auparse/ellist.c b/auparse/ellist.c
index 90a0524..fd45fac 100644
--- a/auparse/ellist.c
+++ b/auparse/ellist.c
@@ -331,8 +331,11 @@ int aup_list_append(event_list_t *l, char *record, int list_idx,
// Then parse the record up into nvlist
rc = parse_up_record(r);
- if (r->cwd)
+ if (r->cwd) {
+ // Should never be 2 cwd records unless log is corrupted
+ free(l->cwd);
l->cwd = r->cwd;
+ }
return rc;
}
--
1.8.3.1

56
More-fuzzer-induced-bug-fixes.patch
View File

@ -1,56 +0,0 @@
From c218a04655b2426b46d303d711863f9038f15917 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Sat, 15 Dec 2018 14:58:31 -0500
Subject: [PATCH 210/217] More fuzzer induced bug fixes
---
auparse/normalize.c | 10 +++++-----
src/ausearch-parse.c | 4 +++-
2 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/auparse/normalize.c b/auparse/normalize.c
index 45d8821..5f15712 100644
--- a/auparse/normalize.c
+++ b/auparse/normalize.c
@@ -44,11 +44,11 @@
* Both record and field are 0 based. Simple records are always 0. Compound
* records start at 0 and go up.
*/
-#define UNSET 0xFFFF
-#define get_record(y) ((y >> 16) & 0x0000FFFF)
-#define set_record(y, x) (((x & 0x0000FFFF) << 16) | (y & 0x0000FFFF))
-#define get_field(y) (y & 0x0000FFFF)
-#define set_field(y, x) ((y & 0xFFFF0000) | (x & 0x0000FFFF))
+#define UNSET 0xFFFFU
+#define get_record(y) ((y >> 16) & 0x0000FFFFU)
+#define set_record(y, x) (((x & 0x0000FFFFU) << 16) | (y & 0x0000FFFFU))
+#define get_field(y) (y & 0x0000FFFFU)
+#define set_field(y, x) ((y & 0xFFFF0000U) | (x & 0x0000FFFFU))
#define is_unset(y) (get_record(y) == UNSET)
#define D au->norm_data
diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
index 311f699..cc2a06c 100644
--- a/src/ausearch-parse.c
+++ b/src/ausearch-parse.c
@@ -40,7 +40,7 @@
#include "ausearch-parse.h"
#include "auparse-idata.h"
-#define NAME_OFFSET 36
+#define NAME_OFFSET 28
static const char key_sep[2] = { AUDIT_KEY_SEPARATOR, 0 };
static int parse_task_info(lnode *n, search_items *s);
@@ -714,6 +714,8 @@ static int common_path_parser(search_items *s, char *path)
sn.str = unescape(path);
*term = ' ';
}
+ if (sn.str == NULL)
+ return 7;
// Attempt to rebuild path if relative
if ((sn.str[0] == '.') && ((sn.str[1] == '.') ||
(sn.str[1] == '/')) && s->cwd) {
--
1.8.3.1

279
Port-af_unix-plugin-to-libev.patch
View File

@ -1,279 +0,0 @@
From 6d6c65e8e374ce31037e20b1cdc314808efd0e3c Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Sat, 24 Nov 2018 10:06:08 -0500
Subject: [PATCH] Port af_unix plugin to libev
---
audisp/Makefile.am | 3 ++-
audisp/audispd-builtins.c | 42 +++++++++++++++++++++++++++++++--------
audisp/audispd-builtins.h | 9 ++-------
audisp/audispd.c | 38 -----------------------------------
src/auditd.c | 18 ++++++++---------
5 files changed, 47 insertions(+), 63 deletions(-)
diff --git a/audisp/Makefile.am b/audisp/Makefile.am
index 5aa1d09..852169e 100644
--- a/audisp/Makefile.am
+++ b/audisp/Makefile.am
@@ -22,7 +22,7 @@
SUBDIRS = plugins
CONFIG_CLEAN_FILES = *.rej *.orig
-AM_CPPFLAGS = -D_GNU_SOURCE -fPIC -DPIC -I${top_srcdir} -I${top_srcdir}/lib -I${top_srcdir}/src
+AM_CPPFLAGS = -D_GNU_SOURCE -fPIC -DPIC -I${top_srcdir} -I${top_srcdir}/lib -I${top_srcdir}/src -I${top_srcdir}/src/libev
LIBS = -L${top_builddir}/lib -laudit
LDADD = -lpthread
@@ -30,5 +30,6 @@ noinst_HEADERS = audispd-pconfig.h audispd-llist.h audispd-config.h \
queue.h audispd-builtins.h libdisp.h
libdisp_a_SOURCES = audispd.c audispd-pconfig.c queue.c \
audispd-llist.c audispd-builtins.c
+libdisp_a_CFLAGS = -fno-strict-aliasing
noinst_LIBRARIES = libdisp.a
diff --git a/audisp/audispd-builtins.c b/audisp/audispd-builtins.c
index 1fbe680..024faec 100644
--- a/audisp/audispd-builtins.c
+++ b/audisp/audispd-builtins.c
@@ -1,6 +1,6 @@
/*
* audispd-builtins.c - some common builtin plugins
-* Copyright (c) 2007,2010,2013 Red Hat Inc., Durham, North Carolina.
+* Copyright (c) 2007,2010,2013,2018 Red Hat Inc., Durham, North Carolina.
* All Rights Reserved.
*
* This software may be freely redistributed and/or modified under the
@@ -35,12 +35,17 @@
#include <sys/uio.h> // writev
#include <fcntl.h>
#include <stdio.h>
+#include "ev.h"
#include "audispd-pconfig.h"
#include "audispd-builtins.h"
+// Global data
+extern struct ev_loop *loop;
+
// Local data
static volatile int sock = -1, conn = -1;
static char *path = NULL;
+static struct ev_io af_unix_watcher;
// Local prototypes
static void init_af_unix(const plugin_conf_t *conf);
@@ -63,21 +68,37 @@ void stop_builtin(plugin_conf_t *conf)
syslog(LOG_ERR, "Unknown builtin %s", conf->path);
}
-static void af_unix_accept(int fd)
+static int watching = 0;
+static void stop_watching(void)
+{
+ if (watching) {
+ ev_io_stop(loop, &af_unix_watcher);
+ watching = 0;
+ }
+}
+
+static void af_unix_accept(struct ev_loop *l, struct ev_io *_io, int revents)
{
int cmd;
do {
- conn = accept(fd, NULL, NULL);
+ conn = accept(_io->fd, NULL, NULL);
} while (conn < 0 && errno == EINTR);
// De-register since this is intended to be one listener
if (conn >= 0)
- remove_event(fd);
+ stop_watching();
cmd = fcntl(conn, F_GETFD);
fcntl(conn, F_SETFD, cmd|FD_CLOEXEC);
}
+static void start_watching(void)
+{
+ ev_io_init(&af_unix_watcher, af_unix_accept, sock, EV_READ);
+ ev_io_start(loop, &af_unix_watcher);
+ watching = 1;
+}
+
static int create_af_unix_socket(const char *path, int mode)
{
struct sockaddr_un addr;
@@ -122,8 +143,8 @@ static int create_af_unix_socket(const char *path, int mode)
// Make socket listening...won't block
(void)listen(sock, 5);
- // Register socket with poll
- add_event(sock, af_unix_accept);
+ // Register socket with libev
+ start_watching();
return 0;
}
@@ -213,7 +234,8 @@ void send_af_unix_string(const char *s, unsigned int len)
if (rc < 0 && errno == EPIPE) {
close(conn);
conn = -1;
- add_event(sock, af_unix_accept);
+ stop_watching();
+ start_watching();
}
}
}
@@ -237,7 +259,8 @@ void send_af_unix_binary(event_t *e)
if (rc < 0 && errno == EPIPE) {
close(conn);
conn = -1;
- add_event(sock, af_unix_accept);
+ stop_watching();
+ start_watching();
}
}
}
@@ -250,10 +273,13 @@ void destroy_af_unix(void)
conn = -1;
did_something = 1;
}
+ stop_watching();
if (sock >= 0) {
+
close(sock);
sock = -1;
did_something = 1;
+
}
if (path) {
unlink(path);
diff --git a/audisp/audispd-builtins.h b/audisp/audispd-builtins.h
index 2083775..2d344ea 100644
--- a/audisp/audispd-builtins.h
+++ b/audisp/audispd-builtins.h
@@ -1,6 +1,6 @@
/*
-* audispd-builtins.h - Minimal linked list library
-* Copyright (c) 2007,2013 Red Hat Inc., Durham, North Carolina.
+* audispd-builtins.h - Interface to builtin plugins
+* Copyright (c) 2007,2013,2018 Red Hat Inc., Durham, North Carolina.
* All Rights Reserved.
*
* This software may be freely redistributed and/or modified under the
@@ -33,10 +33,5 @@ void send_af_unix_string(const char *s, unsigned int len);
void send_af_unix_binary(event_t *e);
void destroy_af_unix(void);
-typedef void (*poll_callback_ptr)(int fd);
-int add_event(int fd, poll_callback_ptr cb);
-int remove_event(int fd);
-
-
#endif
diff --git a/audisp/audispd.c b/audisp/audispd.c
index e9584b7..9c3a118 100644
--- a/audisp/audispd.c
+++ b/audisp/audispd.c
@@ -31,7 +31,6 @@
#include <pthread.h>
#include <dirent.h>
#include <fcntl.h>
-#include <sys/poll.h>
#include <netdb.h>
#include <arpa/inet.h>
#include <limits.h>
@@ -578,43 +577,6 @@ static int event_loop(void)
return 1;
}
-static struct pollfd pfd[4];
-static poll_callback_ptr pfd_cb[4];
-static volatile int pfd_cnt=0;
-int add_event(int fd, poll_callback_ptr cb)
-{
- if (pfd_cnt > 3)
- return -1;
-
- pfd[pfd_cnt].fd = fd;
- pfd[pfd_cnt].events = POLLIN;
- pfd[pfd_cnt].revents = 0;
- pfd_cb[pfd_cnt] = cb;
- pfd_cnt++;
- return 0;
-}
-
-int remove_event(int fd)
-{
- int start, i;
- if (pfd_cnt == 0)
- return -1;
-
- for (start=0; start < pfd_cnt; start++) {
- if (pfd[start].fd == fd)
- break;
- }
- for (i=start; i<(pfd_cnt-1); i++) {
- pfd[i].events = pfd[i+1].events;
- pfd[i].revents = pfd[i+1].revents;
- pfd[i].fd = pfd[i+1].fd;
- pfd_cb[i] = pfd_cb[i+1];
- }
-
- pfd_cnt--;
- return 0;
-}
-
/* returns > 0 if plugins and 0 if none */
int libdisp_active(void)
{
diff --git a/src/auditd.c b/src/auditd.c
index bd7e3b8..22bdc9b 100644
--- a/src/auditd.c
+++ b/src/auditd.c
@@ -581,6 +581,7 @@ static void close_pipes(void)
close(pipefds[1]);
}
+struct ev_loop *loop;
int main(int argc, char *argv[])
{
struct sigaction sa;
@@ -598,7 +599,6 @@ int main(int argc, char *argv[])
enum startup_state opt_startup = startup_enable;
extern char *optarg;
extern int optind;
- struct ev_loop *loop;
struct ev_io netlink_watcher;
struct ev_io pipe_watcher;
struct ev_signal sigterm_watcher;
@@ -749,14 +749,6 @@ int main(int argc, char *argv[])
return 1;
}
- if (init_dispatcher(&config)) {
- if (pidfile)
- unlink(pidfile);
- tell_parent(FAILURE);
- free_config(&config);
- return 1;
- }
-
/* Get machine name ready for use */
if (resolve_node(&config)) {
if (pidfile)
@@ -892,6 +884,14 @@ int main(int argc, char *argv[])
/* Depending on value of opt_startup (-s) set initial audit state */
loop = ev_default_loop (EVFLAG_NOENV);
+ if (init_dispatcher(&config)) {
+ if (pidfile)
+ unlink(pidfile);
+ tell_parent(FAILURE);
+ free_config(&config);
+ return 1;
+ }
+
if (!opt_aggregate_only) {
ev_io_init (&netlink_watcher, netlink_handler, fd, EV_READ);
ev_io_start (loop, &netlink_watcher);

BIN
audit-2.8.5.tar.gz Normal file
View File

Binary file not shown.

BIN
audit-3.0-alpha5.tar.gz
View File

Binary file not shown.

43
audit.spec
View File

@ -2,25 +2,17 @@
Summary: User space tools for kernel auditing
Name: audit
Version: 3.0
Release: 5
Version: 2.8.5
Release: 1
License: GPLv2+ and LGPLv2+
URL: http://people.redhat.com/sgrubb/audit/
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}-alpha5.tar.gz
URL: https://people.redhat.com/sgrubb/audit/
Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
Patch6000: bindings-swig-src-auditswig.i-Do-not-hardcode-the-pa.patch
Patch6001: Fix-memory-leak-when-logs-are-corrupted.patch
Patch6002: fix-out-of-bound-read-on-shutdown.patch
Patch6003: Fix-a-couple-more-fuzzer-induced-bugs.patch
Patch6004: More-fuzzer-induced-bug-fixes.patch
Patch6005: Fix-memleak-in-auparse-caused-by-corrected-event-ordering.patch
Patch6006: Port-af_unix-plugin-to-libev.patch
Patch6007: 0067-Fix-minor-memory-leak-in-auditd-kerberos-credentials.patch
Patch9000: bugfix-audit-support-armv7b.patch
Patch9001: bugfix-audit-userspace-missing-syscalls-for-aarm64.patch
Patch9002: bugfix-audit-reload-coredump.patch
Patch0: Fix-memleak-in-auparse-caused-by-corrected-event-ordering.patch
Patch1: bugfix-audit-support-armv7b.patch
Patch2: bugfix-audit-userspace-missing-syscalls-for-aarm64.patch
Patch3: bugfix-audit-reload-coredump.patch
BuildRequires: gcc swig libtool systemd kernel-headers >= 2.6.29
BuildRequires: openldap-devel krb5-devel libcap-ng-devel
@ -74,7 +66,6 @@ License: LGPLv2+
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: kernel-headers >= 2.6.29
Provides: audit-libs-devel audit-libs-static
Obsoletes: audit-libs-devel audit-libs-static
%description devel
The audit-libs-devel package contains the header files needed for developing
@ -196,6 +187,7 @@ fi
%attr(755,root,root) /sbin/ausearch
%attr(755,root,root) /sbin/aureport
%attr(750,root,root) /sbin/autrace
%attr(755,root,root) /sbin/audispd
%attr(755,root,root) /sbin/augenrules
%attr(755,root,root) %{_bindir}/aulast
%attr(755,root,root) %{_bindir}/aulastlog
@ -219,7 +211,8 @@ fi
%ghost %config(noreplace) %attr(600,root,root) /etc/audit/rules.d/audit.rules
%ghost %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules
%config(noreplace) %attr(640,root,root) /etc/audit/audit-stop.rules
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/af_unix.conf
%config(noreplace) %attr(640,root,root) /etc/audisp/audispd.conf
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/af_unix.conf
%files libs
/%{_lib}/libaudit.so.1*
@ -227,16 +220,15 @@ fi
%config(noreplace) %attr(640,root,root) /etc/libaudit.conf
%files -n audispd-plugins
%config(noreplace) %attr(640,root,root) /etc/audit/audisp-remote.conf
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/au-remote.conf
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/syslog.conf
%config(noreplace) %attr(640,root,root) /etc/audisp/audisp-remote.conf
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/au-remote.conf
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/syslog.conf
%attr(750,root,root) /sbin/audisp-remote
%attr(750,root,root) /sbin/audisp-syslog
%attr(700,root,root) %dir %{_var}/spool/audit
%files -n audispd-plugins-zos
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/audispd-zos-remote.conf
%config(noreplace) %attr(640,root,root) /etc/audit/zos-remote.conf
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/audispd-zos-remote.conf
%config(noreplace) %attr(640,root,root) /etc/audisp/zos-remote.conf
%attr(750,root,root) /sbin/audispd-zos-remote
%files devel
@ -276,6 +268,9 @@ fi
%attr(644,root,root) %{_mandir}/man8/*.8.gz
%changelog
* Wed Jul 29 2020 wangchen <wangchen137@huawei.com> - 2.8.5-1
- revert to 2.8.5
* Wed Jan 22 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.0-5
- add subpackages

33
bindings-swig-src-auditswig.i-Do-not-hardcode-the-pa.patch
View File

@ -1,33 +0,0 @@
From 5d206ce4ac545595170d1ed1490d4824b442bd19 Mon Sep 17 00:00:00 2001
From: Helmut Grohne <helmut@subdivi.de>
Date: Mon, 1 Oct 2018 07:48:54 +0200
Subject: [PATCH 177/217] bindings/swig/src/auditswig.i: Do not hardcode the
path of stdint.h
auditswig.i hard codes the path to stdint.h. That will fail to work with
non-glibc libcs and after moving glibc's headers (#798955). The path is
hard coded, because swig's %include does not search the standard header
search path. Rather than using %include here, we can use #include,
because stdint.h does not declare any functions. Thus swig entirely
ignores stdint.h and leaves the search to the C compiler.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909967
---
bindings/swig/src/auditswig.i | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i
index 356a5ab..7ebb373 100644
--- a/bindings/swig/src/auditswig.i
+++ b/bindings/swig/src/auditswig.i
@@ -41,6 +41,6 @@ typedef unsigned __u32;
typedef unsigned uid_t;
%include "/usr/include/linux/audit.h"
#define __extension__ /*nothing*/
-%include "/usr/include/stdint.h"
+#include <stdint.h>
%include "../lib/libaudit.h"
--
1.8.3.1

25
fix-out-of-bound-read-on-shutdown.patch
View File

@ -1,25 +0,0 @@
From 5b62b99bcdba4bf9cc3c03a0ffc26d6b9b7a56ce Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Sat, 15 Dec 2018 13:35:29 -0500
Subject: [PATCH 208/217] fix out of bound read on shutdown
---
src/auditd-listen.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/auditd-listen.c b/src/auditd-listen.c
index 9db5f35..a2560ad 100644
--- a/src/auditd-listen.c
+++ b/src/auditd-listen.c
@@ -1118,7 +1118,7 @@
#endif
ev_io_stop(loop, &tcp_listen_watcher);
- while (nlsocks >= 0) {
+ while (nlsocks > 0) {
nlsocks--;
close(listen_socket[nlsocks]);
}
--
1.8.3.1