packages/audit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

change

Browse Source
This commit is contained in:
fangxiuning 2024-07-18 21:25:46 +08:00
parent 43198023d9
commit 99c0f2a3ae
13 changed files with 1347 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
audit.spec
View File

@ -2,36 +2,47 @@ Summary: User space tools for kernel auditing
Name: audit Name: audit
Epoch: 1 Epoch: 1
Version: 3.1.2 Version: 3.1.2
Release: 4 Release: 5
License: GPLv2+ and LGPLv2+ License: GPLv2+ and LGPLv2+
URL: https://people.redhat.com/sgrubb/audit/ URL: https://people.redhat.com/sgrubb/audit/
Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
Patch0: bugfix-audit-support-armv7b.patch Patch0: bugfix-audit-support-armv7b.patch
Patch1: bugfix-audit-userspace-missing-syscalls-for-aarm64.patch Patch1: bugfix-audit-userspace-missing-syscalls-for-aarm64.patch
Patch2: bugfix-audit-reload-coredump.patch Patch2: bugfix-audit-reload-coredump.patch
Patch3: audit-Add-sw64-architecture.patch Patch3: audit-Add-sw64-architecture.patch
Patch4: backport-Solve-issue-363-by-moving-check-to-after-load_config.patch Patch4: backport-Rewrite-legacy-service-functions-in-terms-of-systemc.patch
Patch5: backport-first-part-of-NULL-pointer-checks.patch Patch5: backport-Error-out-if-required-zos-parameters-missing.patch
Patch6: backport-second-part-of-NULL-pointer-checks.patch Patch6: backport-Fix-deprecated-python-function.patch
Patch7: backport-last-part-of-NULL-pointer-checks.patch Patch7: backport-lib-close-audit-socket-in-load_feature_bitmap-334.patch
Patch8: backport-Fixed-NULL-checks.patch Patch8: backport-lib-enclose-macro-to-avoid-precedence-issues.patch
Patch9: backport-update-error-messages-in-NULL-Checks.patch Patch9: backport-memory-allocation-updates-341.patch
Patch10: backport-adding-the-file-descriptor-closure.patch Patch10: backport-lib-cast-to-unsigned-char-for-character-test-functio.patch
Patch11: backport-correcting-memcmp-args-in-check_rule_mismatch-functi.patch Patch11: backport-Make-session-id-consistently-typed-327.patch
Patch12: backport-Use-atomic_int-if-available-for-signal-related-flags.patch Patch12: backport-Avoid-file-descriptor-leaks-in-multi-threaded-applic.patch
Patch13: backport-Use-atomic_uint-if-available-for-signal-related-flag.patch Patch13: backport-fix-the-use-of-isdigit-everywhere.patch
Patch14: backport-avoiding-of-NULL-pointers-dereference-366.patch Patch14: backport-Fix-new-warnings-for-unused-results.patch
Patch15: backport-Cleanup-code-in-LRU.patch Patch15: backport-Change-the-first-iteration-test-so-static-analysis-b.patch
Patch16: backport-Fix-memory-leaks.patch Patch16: backport-Consolidate-end-of-event-detection-to-a-common-funct.patch
Patch17: backport-fix-one-more-leak.patch Patch17: backport-Issue343-Fix-checkpoint-issue-to-ensure-all-complete.patch
Patch18: backport-Consolidate-end-of-event-detection-to-a-common-funct.patch Patch18: backport-lib-avoid-UB-on-sequence-wrap-around-347.patch
Patch19: backport-Issue343-Fix-checkpoint-issue-to-ensure-all-complete.patch Patch19: backport-Change-python-bindings-to-switch-from-PyEval_CallObj.patch
Patch20: backport-lib-avoid-UB-on-sequence-wrap-around-347.patch Patch20: backport-Cleanup-shell-script-warnings.patch
Patch21: backport-Fix-deprecated-python-function.patch Patch21: backport-Solve-issue-363-by-moving-check-to-after-load_config.patch
Patch22: backport-Change-python-bindings-to-switch-from-PyEval_CallObj.patch Patch22: backport-first-part-of-NULL-pointer-checks.patch
Patch23: backport-Cleanup-shell-script-warnings.patch Patch23: backport-second-part-of-NULL-pointer-checks.patch
Patch24: backport-last-part-of-NULL-pointer-checks.patch
Patch25: backport-Fixed-NULL-checks.patch
Patch26: backport-update-error-messages-in-NULL-Checks.patch
Patch27: backport-adding-the-file-descriptor-closure.patch
Patch28: backport-correcting-memcmp-args-in-check_rule_mismatch-functi.patch
Patch29: backport-Use-atomic_int-if-available-for-signal-related-flags.patch
Patch30: backport-Use-atomic_uint-if-available-for-signal-related-flag.patch
Patch31: backport-avoiding-of-NULL-pointers-dereference-366.patch
Patch32: backport-Cleanup-code-in-LRU.patch
Patch33: backport-Fix-memory-leaks.patch
Patch34: backport-fix-one-more-leak.patch
BuildRequires: gcc swig libtool systemd kernel-headers >= 2.6.29 BuildRequires: gcc swig libtool systemd kernel-headers >= 2.6.29
BuildRequires: openldap-devel krb5-devel libcap-ng-devel BuildRequires: openldap-devel krb5-devel libcap-ng-devel
@ -311,7 +322,6 @@ fi
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/rotate %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/rotate
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/state %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/state
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/stop %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/stop
%attr(750,root,root) %{_libexecdir}/audit-functions
%ghost %{_localstatedir}/run/auditd.state %ghost %{_localstatedir}/run/auditd.state
%attr(750,root,root) %dir %{_var}/log/audit %attr(750,root,root) %dir %{_var}/log/audit
%attr(750,root,root) %dir /etc/audit %attr(750,root,root) %dir /etc/audit
@ -375,6 +385,9 @@ fi
%attr(644,root,root) %{_mandir}/man8/*.8.gz %attr(644,root,root) %{_mandir}/man8/*.8.gz
%changelog %changelog
* Thu Jul 18 2024 fangxiuning<fangxiuning@huawei.com> - 1:3.1.2-5
- backport patches to fix bugs
* Thu Jun 06 2024 fuanan <fuanan3@h-partners.com> - 1:3.1.2-4 * Thu Jun 06 2024 fuanan <fuanan3@h-partners.com> - 1:3.1.2-4
- backport patches from upstream - backport patches from upstream

137
backport-Avoid-file-descriptor-leaks-in-multi-threaded-applic.patch Normal file
View File

@ -0,0 +1,137 @@
From 2663987c5088924bce510fcf8e7891d6aae976ba Mon Sep 17 00:00:00 2001
From: cgzones <cgzones@googlemail.com>
Date: Sat, 4 Nov 2023 03:48:39 +0100
Subject: [PATCH] Avoid file descriptor leaks in multi-threaded applications
(#339)
* lib: set close-on-exec flag
libaudit may be called from a multi-threaded application.
Avoid leaking local file descriptors on a concurrent execve.
* lib: simplify SOCK_CLOEXEC
SOCK_CLOEXEC is supported since Linux 2.6.27.
Reference:https://github.com/linux-audit/audit-userspace/commit/2663987c5088924bce510fcf8e7891d6aae976ba
Conflict:lib/audit_logging.c,lib/netlink.c,lib/libaudit.c
---
lib/audit_logging.c | 2 +-
lib/libaudit.c | 14 +++++++-------
lib/netlink.c | 12 +-----------
3 files changed, 9 insertions(+), 19 deletions(-)
diff --git a/lib/audit_logging.c b/lib/audit_logging.c
index 302c242..08b53aa 100644
--- a/lib/audit_logging.c
+++ b/lib/audit_logging.c
@@ -177,7 +177,7 @@ static char *_get_commname(const char *comm, char *commname, unsigned int size)
if (comm == NULL) {
int len;
- int fd = open("/proc/self/comm", O_RDONLY);
+ int fd = open("/proc/self/comm", O_RDONLY|O_CLOEXEC);
if (fd < 0) {
strcpy(commname, "\"?\"");
return commname;
diff --git a/lib/libaudit.c b/lib/libaudit.c
index 2cc7afd..74fa2f3 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -221,7 +221,7 @@ static int load_libaudit_config(const char *path)
char buf[128];
/* open the file */
- rc = open(path, O_NOFOLLOW|O_RDONLY);
+ rc = open(path, O_NOFOLLOW|O_RDONLY|O_CLOEXEC);
if (rc < 0) {
if (errno != ENOENT) {
audit_msg(LOG_ERR, "Error opening %s (%s)",
@@ -261,7 +261,7 @@ static int load_libaudit_config(const char *path)
}
/* it's ok, read line by line */
- f = fdopen(fd, "rm");
+ f = fdopen(fd, "rme");
if (f == NULL) {
audit_msg(LOG_ERR, "Error - fdopen failed (%s)",
strerror(errno));
@@ -705,7 +705,7 @@ char *audit_format_signal_info(char *buf, int len, char *op,
char path[32], ses[16];
int rlen;
snprintf(path, sizeof(path), "/proc/%u", rep->signal_info->pid);
- int fd = open(path, O_RDONLY);
+ int fd = open(path, O_RDONLY|O_DIRECTORY|O_CLOEXEC);
if (fd >= 0) {
if (fstat(fd, &sb) < 0)
sb.st_uid = -1;
@@ -714,7 +714,7 @@ char *audit_format_signal_info(char *buf, int len, char *op,
sb.st_uid = -1;
snprintf(path, sizeof(path), "/proc/%u/sessionid",
rep->signal_info->pid);
- fd = open(path, O_RDONLY, rep->signal_info->pid);
+ fd = open(path, O_RDONLY|O_CLOEXEC, rep->signal_info->pid);
if (fd < 0)
strcpy(ses, "4294967295");
else {
@@ -918,7 +918,7 @@ uid_t audit_getloginuid(void)
char buf[16];
errno = 0;
- in = open("/proc/self/loginuid", O_NOFOLLOW|O_RDONLY);
+ in = open("/proc/self/loginuid", O_NOFOLLOW|O_RDONLY|O_CLOEXEC);
if (in < 0)
return -1;
do {
@@ -946,7 +946,7 @@ int audit_setloginuid(uid_t uid)
errno = 0;
count = snprintf(loginuid, sizeof(loginuid), "%u", uid);
- o = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC);
+ o = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC|O_CLOEXEC);
if (o >= 0) {
int block, offset = 0;
@@ -982,7 +982,7 @@ uint32_t audit_get_session(void)
char buf[16];
errno = 0;
- in = open("/proc/self/sessionid", O_NOFOLLOW|O_RDONLY);
+ in = open("/proc/self/sessionid", O_NOFOLLOW|O_RDONLY|O_CLOEXEC);
if (in < 0)
return -2;
do {
diff --git a/lib/netlink.c b/lib/netlink.c
index 66a1e7c..f862da4 100644
--- a/lib/netlink.c
+++ b/lib/netlink.c
@@ -47,7 +47,7 @@ static int check_ack(int fd);
int audit_open(void)
{
int saved_errno;
- int fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_AUDIT);
+ int fd = socket(PF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_AUDIT);
if (fd < 0) {
saved_errno = errno;
@@ -60,16 +60,6 @@ int audit_open(void)
"Error opening audit netlink socket (%s)",
strerror(errno));
errno = saved_errno;
- return fd;
- }
- if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) {
- saved_errno = errno;
- audit_msg(LOG_ERR,
- "Error setting audit netlink socket CLOEXEC flag (%s)",
- strerror(errno));
- close(fd);
- errno = saved_errno;
- return -1;
}
return fd;
}
--
2.33.0

39
backport-Change-the-first-iteration-test-so-static-analysis-b.patch Normal file
View File

@ -0,0 +1,39 @@
From b84b007cd0ef504e8c86b8cc73646f3119ed343c Mon Sep 17 00:00:00 2001
From: Steve Grubb <ausearch.1@gmail.com>
Date: Wed, 29 Nov 2023 15:49:21 -0500
Subject: [PATCH] Change the first iteration test so static analysis better
understands the code
Reference:https://github.com/linux-audit/audit-userspace/commit/b84b007cd0ef504e8c86b8cc73646f3119ed343c
Conflict:NA
---
tools/aulast/aulast-llist.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/tools/aulast/aulast-llist.c b/tools/aulast/aulast-llist.c
index 87638ebc..d7765ba4 100644
--- a/tools/aulast/aulast-llist.c
+++ b/tools/aulast/aulast-llist.c
@@ -140,11 +140,15 @@ int list_update_logout(llist* l, time_t t, unsigned long serial)
lnode *list_delete_cur(llist *l)
{
register lnode *cur, *prev;
-
- prev = cur = l->head; /* start at the beginning */
+
+ if (l == NULL || l->head == NULL)
+ return NULL;
+
+ prev = cur = l->head; /* start at the beginning */
while (cur) {
if (cur == l->cur) {
- if (cur == prev && cur == l->head) {
+ // If the first iteration
+ if (prev == l->head && cur == l->head) {
l->head = cur->next;
l->cur = cur->next;
free((void *)cur->name);
--
2.33.0

40
backport-Cleanup-shell-script-warnings.patch
View File

@ -4,7 +4,7 @@ Date: Fri, 23 Feb 2024 12:26:05 -0500
Subject: [PATCH] Cleanup shell script warnings Subject: [PATCH] Cleanup shell script warnings
Reference:https://github.com/linux-audit/audit-userspace/commit/79c1212ff38254a961c27d8eb10bc766e412ffe9 Reference:https://github.com/linux-audit/audit-userspace/commit/79c1212ff38254a961c27d8eb10bc766e412ffe9
Conflict:init.d/augenrules, init.d/auditd.state Conflict:NA
--- ---
init.d/auditd.reload | 2 +- init.d/auditd.reload | 2 +-
@ -12,11 +12,11 @@ Conflict:init.d/augenrules, init.d/auditd.state
init.d/auditd.rotate | 2 +- init.d/auditd.rotate | 2 +-
init.d/auditd.state | 6 +++--- init.d/auditd.state | 6 +++---
init.d/auditd.stop | 2 +- init.d/auditd.stop | 2 +-
init.d/augenrules | 4 ++-- init.d/augenrules | 2 +-
6 files changed, 7 insertions(+), 7 deletions(-) 6 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/init.d/auditd.reload b/init.d/auditd.reload diff --git a/init.d/auditd.reload b/init.d/auditd.reload
index 6db1bd74..b42fa6bf 100644 index 53ff2f4..4f09d00 100644
--- a/init.d/auditd.reload --- a/init.d/auditd.reload
+++ b/init.d/auditd.reload +++ b/init.d/auditd.reload
@@ -3,7 +3,7 @@ @@ -3,7 +3,7 @@
@ -26,10 +26,10 @@ index 6db1bd74..b42fa6bf 100644
-test $(id -u) = 0 || exit 4 -test $(id -u) = 0 || exit 4
+test "$(id -u)" = "0" || exit 4 +test "$(id -u)" = "0" || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin printf "Reconfiguring: "
prog="auditd" /sbin/augenrules --load
diff --git a/init.d/auditd.resume b/init.d/auditd.resume diff --git a/init.d/auditd.resume b/init.d/auditd.resume
index 96189eb6..8193bea9 100644 index 96189eb..8193bea 100644
--- a/init.d/auditd.resume --- a/init.d/auditd.resume
+++ b/init.d/auditd.resume +++ b/init.d/auditd.resume
@@ -3,7 +3,7 @@ @@ -3,7 +3,7 @@
@ -39,10 +39,10 @@ index 96189eb6..8193bea9 100644
-test $(id -u) = 0 || exit 4 -test $(id -u) = 0 || exit 4
+test "$(id -u)" = "0" || exit 4 +test "$(id -u)" = "0" || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin printf "Resuming logging: "
prog="auditd" /sbin/auditctl --signal resume
diff --git a/init.d/auditd.rotate b/init.d/auditd.rotate diff --git a/init.d/auditd.rotate b/init.d/auditd.rotate
index dcb12c26..8bb65530 100644 index dcb12c2..8bb6553 100644
--- a/init.d/auditd.rotate --- a/init.d/auditd.rotate
+++ b/init.d/auditd.rotate +++ b/init.d/auditd.rotate
@@ -3,7 +3,7 @@ @@ -3,7 +3,7 @@
@ -52,10 +52,10 @@ index dcb12c26..8bb65530 100644
-test $(id -u) = 0 || exit 4 -test $(id -u) = 0 || exit 4
+test "$(id -u)" = "0" || exit 4 +test "$(id -u)" = "0" || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin printf "Rotating logs: "
prog="auditd" /sbin/auditctl --signal rotate
diff --git a/init.d/auditd.state b/init.d/auditd.state diff --git a/init.d/auditd.state b/init.d/auditd.state
index 6ae0845a..c59fe5a6 100644 index 6ae0845..c59fe5a 100644
--- a/init.d/auditd.state --- a/init.d/auditd.state
+++ b/init.d/auditd.state +++ b/init.d/auditd.state
@@ -3,7 +3,7 @@ @@ -3,7 +3,7 @@
@ -66,18 +66,22 @@ index 6ae0845a..c59fe5a6 100644
+test "$(id -u)" = "0" || exit 4 +test "$(id -u)" = "0" || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="auditd" state_file="/var/run/auditd.state"
@@ -15,7 +15,7 @@ killproc $prog -CONT @@ -11,10 +11,10 @@ state_file="/var/run/auditd.state"
printf "Getting auditd internal state: "
/sbin/auditctl --signal state
RETVAL=$? RETVAL=$?
echo -e "\n" -echo -e "\n"
sleep 1 sleep 1
-if [ $? -eq 0 ] ; then -if [ $? -eq 0 ] ; then
+if [ $RETVAL -eq 0 ] ; then +if [ $RETVAL -eq 0 ] ; then
if [ -e $state_file ] ; then if [ -e $state_file ] ; then
+ printf "\n\n"
cat $state_file cat $state_file
fi fi
fi
diff --git a/init.d/auditd.stop b/init.d/auditd.stop diff --git a/init.d/auditd.stop b/init.d/auditd.stop
index 4cfe88b1..79e53a59 100644 index 5049285..41c67d6 100644
--- a/init.d/auditd.stop --- a/init.d/auditd.stop
+++ b/init.d/auditd.stop +++ b/init.d/auditd.stop
@@ -3,7 +3,7 @@ @@ -3,7 +3,7 @@
@ -90,7 +94,7 @@ index 4cfe88b1..79e53a59 100644
PATH=/sbin:/bin:/usr/bin:/usr/sbin PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="auditd" prog="auditd"
diff --git a/init.d/augenrules b/init.d/augenrules diff --git a/init.d/augenrules b/init.d/augenrules
index be6c9f5c..8c1a670b 100644 index ea96aa7..605cfef 100644
--- a/init.d/augenrules --- a/init.d/augenrules
+++ b/init.d/augenrules +++ b/init.d/augenrules
@@ -35,7 +35,7 @@ RETVAL=0 @@ -35,7 +35,7 @@ RETVAL=0

41
backport-Error-out-if-required-zos-parameters-missing.patch Normal file
View File

@ -0,0 +1,41 @@
From bbe96f9798451129ae2555f92e2f698f842f7833 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Tue, 10 Oct 2023 08:22:49 -0400
Subject: [PATCH] Error out if required zos parameters missing
Reference:https://github.com/linux-audit/audit-userspace/commit/bbe96f9798451129ae2555f92e2f698f842f7833
Conflict:NA
---
audisp/plugins/zos-remote/zos-remote-ldap.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/audisp/plugins/zos-remote/zos-remote-ldap.c b/audisp/plugins/zos-remote/zos-remote-ldap.c
index 7dd1424f..7e27eda4 100644
--- a/audisp/plugins/zos-remote/zos-remote-ldap.c
+++ b/audisp/plugins/zos-remote/zos-remote-ldap.c
@@ -134,14 +134,18 @@ retry:
int zos_remote_init(ZOS_REMOTE *zos_remote, const char *server, int port,
const char *user, const char *password, int timeout)
-{
+{
+ if (server == NULL || user == NULL || password == NULL) {
+ log_err("Error: required parameters are not present in config file");
+ return ICTX_E_FATAL;
+ }
zos_remote->server = strdup(server);
zos_remote->port = port;
zos_remote->user = strdup(user);
zos_remote->password = strdup(password);
zos_remote->timeout = timeout;
zos_remote->connected = 0;
-
+
if (!zos_remote->server || !zos_remote->user || !zos_remote->password) {
log_err("Error allocating memory for session members");
return ICTX_E_FATAL;
--
2.33.0

107
backport-Fix-new-warnings-for-unused-results.patch Normal file
View File

@ -0,0 +1,107 @@
From a4e8b7e18f249fe5decdd2fe748a5068ffeaee57 Mon Sep 17 00:00:00 2001
From: Steve Grubb <ausearch.1@gmail.com>
Date: Mon, 20 Nov 2023 16:37:46 -0500
Subject: [PATCH] Fix new warnings for unused results
Reference:https://github.com/linux-audit/audit-userspace/commit/a4e8b7e18f249fe5decdd2fe748a5068ffeaee57
Conflict:NA
---
audisp/plugins/ids/ids.c | 5 +++--
audisp/plugins/ids/ids.h | 2 +-
audisp/plugins/statsd/audisp-statsd.c | 4 ++--
lib/libaudit.c | 3 ++-
lib/netlink.c | 3 ++-
src/auditd.c | 3 ++-
6 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/audisp/plugins/ids/ids.c b/audisp/plugins/ids/ids.c
index d28237e5..1446ca71 100644
--- a/audisp/plugins/ids/ids.c
+++ b/audisp/plugins/ids/ids.c
@@ -107,9 +107,10 @@ static void destroy_audit(void)
}
-void log_audit_event(int type, const char *text, int res)
+int log_audit_event(int type, const char *text, int res)
{
- audit_log_user_message(audit_fd, type, text, NULL, NULL, NULL, res);
+ return audit_log_user_message(audit_fd, type, text,
+ NULL, NULL, NULL, res);
}
diff --git a/audisp/plugins/ids/ids.h b/audisp/plugins/ids/ids.h
index f3710066..cb98cdba 100644
--- a/audisp/plugins/ids/ids.h
+++ b/audisp/plugins/ids/ids.h
@@ -15,6 +15,6 @@
extern int debug;
extern void my_printf(const char *fmt, ...)
__attribute__ (( format(printf, 1, 2) ));
-extern void log_audit_event(int type, const char *text, int res);
+extern int log_audit_event(int type, const char *text, int res);
#endif
diff --git a/audisp/plugins/statsd/audisp-statsd.c b/audisp/plugins/statsd/audisp-statsd.c
index db2c6111..912f9171 100644
--- a/audisp/plugins/statsd/audisp-statsd.c
+++ b/audisp/plugins/statsd/audisp-statsd.c
@@ -218,9 +218,9 @@ static void get_kernel_status(void)
struct audit_reply rep;
audit_request_status(audit_fd);
- audit_get_reply(audit_fd, &rep, GET_REPLY_BLOCKING, 0);
+ int rc = audit_get_reply(audit_fd, &rep, GET_REPLY_BLOCKING, 0);
- if (rep.type == AUDIT_GET) {
+ if (rc > 0 && rep.type == AUDIT_GET) {
// add info to global audit event struct
r.lost = rep.status->lost;
r.backlog = rep.status->backlog;
diff --git a/lib/libaudit.c b/lib/libaudit.c
index e5f2a7c5..3decff12 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -473,7 +473,8 @@ int audit_set_pid(int fd, uint32_t pid, rep_wait_t wmode)
rc = poll(pfd, 1, 100); /* .1 second */
} while (rc < 0 && errno == EINTR);
- (void)audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0);
+ if (audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0))
+ ; // intentionally empty
return 1;
}
diff --git a/lib/netlink.c b/lib/netlink.c
index eeeefc26..3381651a 100644
--- a/lib/netlink.c
+++ b/lib/netlink.c
@@ -280,7 +280,8 @@ retry:
else if (rc > 0 && rep.type == NLMSG_ERROR) {
int error = rep.error->error;
/* Eat the message */
- (void)audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0);
+ if (audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0))
+ ; // intentionally empty
/* NLMSG_ERROR can indicate success, only report nonzero */
if (error) {
diff --git a/src/auditd.c b/src/auditd.c
index 2dedf35b..54b407f3 100644
--- a/src/auditd.c
+++ b/src/auditd.c
@@ -1044,7 +1044,8 @@ static void clean_exit(void)
audit_msg(LOG_INFO, "The audit daemon is exiting.");
if (fd >= 0) {
if (!opt_aggregate_only)
- audit_set_pid(fd, 0, WAIT_NO);
+ if (audit_set_pid(fd, 0, WAIT_NO))
+ ; // intentionally empty
audit_close(fd);
}
if (pidfile)
--
2.33.0

62
backport-Make-session-id-consistently-typed-327.patch Normal file
View File

@ -0,0 +1,62 @@
From 8359a7004de5e22c5a9b85c01c56e3b376d84a81 Mon Sep 17 00:00:00 2001
From: Michael Tautschnig <mt@debian.org>
Date: Thu, 2 Nov 2023 21:53:29 +0100
Subject: [PATCH] Make session id consistently typed (#327)
This fixes type-conflicting definitions and declarations.
Reference:https://github.com/linux-audit/audit-userspace/commit/8359a7004de5e22c5a9b85c01c56e3b376d84a81
Conflict:NA
---
src/aureport-options.c | 3 ++-
src/ausearch-options.c | 10 ++++++----
2 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/src/aureport-options.c b/src/aureport-options.c
index 93621e25..76a4b9f1 100644
--- a/src/aureport-options.c
+++ b/src/aureport-options.c
@@ -61,7 +61,8 @@ const char *event_uuid = NULL;
const char *event_vmname = NULL;
long long event_exit = 0;
int event_exit_is_set = 0;
-int event_ppid = -1, event_session_id = -2;
+pid_t event_ppid = -1;
+uint32_t event_session_id = -2;
int event_debug = 0, event_machine = -1;
time_t arg_eoe_timeout = (time_t)0;
diff --git a/src/ausearch-options.c b/src/ausearch-options.c
index 8a1f4772..499c2aa3 100644
--- a/src/ausearch-options.c
+++ b/src/ausearch-options.c
@@ -895,19 +895,21 @@ int check_params(int count, char *vars[])
size_t len = strlen(optarg);
if (isdigit(optarg[0])) {
errno = 0;
- event_session_id = strtoul(optarg,NULL,10);
- if (errno)
+ unsigned long optval = strtoul(optarg,NULL,10);
+ if (errno || optval >= (1ul << 32))
retval = -1;
+ event_session_id = optval;
c++;
} else if (len >= 2 && *(optarg)=='-' &&
(isdigit(optarg[1]))) {
errno = 0;
- event_session_id = strtoul(optarg, NULL, 0);
- if (errno) {
+ long optval = strtol(optarg, NULL, 0);
+ if (errno || optval < INT_MIN || optval > INT_MAX) {
retval = -1;
fprintf(stderr, "Error converting %s\n",
optarg);
}
+ event_session_id = optval;
c++;
} else {
fprintf(stderr,
--
2.33.0

214
backport-Rewrite-legacy-service-functions-in-terms-of-systemc.patch Normal file
View File

@ -0,0 +1,214 @@
From 38572e7eead76015b388723038f03e2ef0b1e3c1 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Fri, 25 Aug 2023 10:41:20 -0400
Subject: [PATCH] Rewrite legacy service functions in terms of systemctl
Reference:https://github.com/linux-audit/audit-userspace/commit/38572e7eead76015b388723038f03e2ef0b1e3c1
Conflict:init.d/Makefile.am,ChangeLog
---
init.d/Makefile.am | 3 +--
init.d/audit-functions | 52 ---------------------------------------
init.d/auditd.condrestart | 7 +++---
init.d/auditd.reload | 6 +----
init.d/auditd.resume | 6 +----
init.d/auditd.rotate | 6 +----
init.d/auditd.state | 4 +--
init.d/auditd.stop | 3 +--
8 files changed, 10 insertions(+), 77 deletions(-)
delete mode 100644 init.d/audit-functions
diff --git a/init.d/Makefile.am b/init.d/Makefile.am
index fdbf81c..3a73697 100644
--- a/init.d/Makefile.am
+++ b/init.d/Makefile.am
@@ -26,7 +26,7 @@ EXTRA_DIST = auditd.init auditd.service auditd.sysconfig auditd.conf \
auditd.cron libaudit.conf auditd.condrestart \
auditd.reload auditd.restart auditd.resume \
auditd.rotate auditd.state auditd.stop \
- audit-stop.rules augenrules audit-functions
+ audit-stop.rules augenrules
libconfig = libaudit.conf
if ENABLE_SYSTEMD
initdir = /usr/lib/systemd/system
@@ -61,7 +61,6 @@ if ENABLE_SYSTEMD
$(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.stop ${DESTDIR}${legacydir}/stop
$(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.restart ${DESTDIR}${legacydir}/restart
$(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.condrestart ${DESTDIR}${legacydir}/condrestart
- $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/audit-functions ${DESTDIR}${libexecdir}
else
$(INSTALL_SCRIPT) -D ${srcdir}/auditd.init ${DESTDIR}${initdir}/auditd
endif
diff --git a/init.d/audit-functions b/init.d/audit-functions
deleted file mode 100644
index 12f5023..0000000
--- a/init.d/audit-functions
+++ /dev/null
@@ -1,52 +0,0 @@
-# -*-Shell-script-*-
-
-# Make sure umask is sane
-umask 022
-
-#/usr/libexec/audit/audit-functions
-
-# killproc {program} [-signal]
-killproc ()
-{
- local daemon="$1"
- local sig=
- [ -n "${2:-}" ] && sig=$2
-
- # This matches src/auditd.c
- local pid_file="/var/run/auditd.pid"
- local pid_dir=$(dirname $pid_file)
-
- if [ ! -d "$pid_dir" ] ; then
- return 4
- fi
-
- local pid=
- if [ -f "$pid_file" ] ; then
- # pid file exists, use it
- while : ; do
- read line
- [ -z "$line" ] && break
- for p in $line ; do
- # pid is numeric and corresponds to a process
- if [ -z "${p//[0-9]/}" ] && [ -d "/proc/$p" ] ; then
- d=$(cat "/proc/$p/comm")
- if [ "$d" = "$daemon" ] ; then
- pid="$p"
- break
- fi
- fi
- done
- done < "$pid_file"
- else
- # need to search /proc
- p=$(pidof "$daemon")
- if [ -n "$p" ] ; then
- pid="$p"
- fi
- fi
-
- # At this point we should have a pid or the process is dead
- if [ -n "$pid" ] && [ -n "$sig" ] ; then
- kill "$sig" "$pid" >/dev/null 2>&1
- fi
-}
diff --git a/init.d/auditd.condrestart b/init.d/auditd.condrestart
index d86e5e4..c5803ff 100644
--- a/init.d/auditd.condrestart
+++ b/init.d/auditd.condrestart
@@ -2,9 +2,10 @@
# Helper script to provide legacy auditd service options not
# directly supported by systemd.
-state=`service auditd status | awk '/^ Active/ { print $2 }'`
-if [ $state = "active" ] ; then
- /usr/libexec/initscripts/legacy-actions/auditd/restart
+state=$(systemctl status auditd | awk '/Active:/ { print $2 }')
+if [ "$state" = "active" ] ; then
+ /usr/libexec/initscripts/legacy-actions/auditd/stop
+ /bin/systemctl start auditd
RETVAL="$?"
exit $RETVAL
fi
diff --git a/init.d/auditd.reload b/init.d/auditd.reload
index e689534..53ff2f4 100644
--- a/init.d/auditd.reload
+++ b/init.d/auditd.reload
@@ -5,13 +5,9 @@
# Check that we are root ... so non-root users stop here
test $(id -u) = 0 || exit 4
-PATH=/sbin:/bin:/usr/bin:/usr/sbin
-prog="auditd"
-. /usr/libexec/audit-functions
-
printf "Reconfiguring: "
/sbin/augenrules --load
-killproc $prog -HUP
+/sbin/auditctl --signal reload
RETVAL=$?
echo
exit $RETVAL
diff --git a/init.d/auditd.resume b/init.d/auditd.resume
index 6852fd6..96189eb 100644
--- a/init.d/auditd.resume
+++ b/init.d/auditd.resume
@@ -5,12 +5,8 @@
# Check that we are root ... so non-root users stop here
test $(id -u) = 0 || exit 4
-PATH=/sbin:/bin:/usr/bin:/usr/sbin
-prog="auditd"
-. /usr/libexec/audit-functions
-
printf "Resuming logging: "
-killproc $prog -USR2
+/sbin/auditctl --signal resume
RETVAL=$?
echo
exit $RETVAL
diff --git a/init.d/auditd.rotate b/init.d/auditd.rotate
index 643b935..dcb12c2 100644
--- a/init.d/auditd.rotate
+++ b/init.d/auditd.rotate
@@ -5,12 +5,8 @@
# Check that we are root ... so non-root users stop here
test $(id -u) = 0 || exit 4
-PATH=/sbin:/bin:/usr/bin:/usr/sbin
-prog="auditd"
-. /usr/libexec/audit-functions
-
printf "Rotating logs: "
-killproc $prog -USR1
+/sbin/auditctl --signal rotate
RETVAL=$?
echo
exit $RETVAL
diff --git a/init.d/auditd.state b/init.d/auditd.state
index 4724c4f..6ae0845 100644
--- a/init.d/auditd.state
+++ b/init.d/auditd.state
@@ -6,12 +6,10 @@
test $(id -u) = 0 || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin
-prog="auditd"
state_file="/var/run/auditd.state"
-. /usr/libexec/audit-functions
printf "Getting auditd internal state: "
-killproc $prog -CONT
+/sbin/auditctl --signal state
RETVAL=$?
echo -e "\n"
sleep 1
diff --git a/init.d/auditd.stop b/init.d/auditd.stop
index d3fbc79..5049285 100644
--- a/init.d/auditd.stop
+++ b/init.d/auditd.stop
@@ -7,7 +7,6 @@ test $(id -u) = 0 || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="auditd"
-. /usr/libexec/audit-functions
pid=
p=$(pidof "$prog")
if [ -n "$p" ] ; then
@@ -15,7 +14,7 @@ if [ -n "$p" ] ; then
fi
printf "Stopping logging: "
-killproc $prog -TERM
+/sbin/auditctl --signal stop
RETVAL=$?
if [ -n "$pid" ] ; then
# Wait up to 20 seconds for auditd to shutdown
--
2.33.0

401
backport-fix-the-use-of-isdigit-everywhere.patch Normal file
View File

@ -0,0 +1,401 @@
From 149a3464ef35fbaa98c57e2775a7a4ab20c2ee75 Mon Sep 17 00:00:00 2001
From: Steve Grubb <ausearch.1@gmail.com>
Date: Sun, 5 Nov 2023 14:24:49 -0500
Subject: [PATCH] fix the use of isdigit everywhere
Reference:https://github.com/linux-audit/audit-userspace/commit/149a3464ef35fbaa98c57e2775a7a4ab20c2ee75
Conflict:NA
---
audisp/plugins/af_unix/audisp-af_unix.c | 2 +-
audisp/plugins/ids/ids_config.c | 2 +-
audisp/plugins/remote/remote-config.c | 2 +-
audisp/plugins/zos-remote/zos-remote-config.c | 6 ++--
auparse/auditd-config.c | 2 +-
auparse/interpret.c | 6 ++--
src/auditctl.c | 6 ++--
src/aureport-options.c | 4 +--
src/aureport-output.c | 2 +-
src/ausearch-options.c | 36 +++++++++----------
src/ausearch-parse.c | 2 +-
tools/ausyscall/ausyscall.c | 4 +--
12 files changed, 37 insertions(+), 37 deletions(-)
diff --git a/audisp/plugins/af_unix/audisp-af_unix.c b/audisp/plugins/af_unix/audisp-af_unix.c
index ffcc7603..ffbf2ac0 100644
--- a/audisp/plugins/af_unix/audisp-af_unix.c
+++ b/audisp/plugins/af_unix/audisp-af_unix.c
@@ -126,7 +126,7 @@ int setup_socket(int argc, char *argv[])
} else {
int i;
for (i=1; i < 3; i++) {
- if (isdigit(argv[i][0])) {
+ if (isdigit((unsigned char)argv[i][0])) {
errno = 0;
mode = strtoul(argv[i], NULL, 8);
if (errno) {
diff --git a/audisp/plugins/ids/ids_config.c b/audisp/plugins/ids/ids_config.c
index 4da5ca93..f773794a 100644
--- a/audisp/plugins/ids/ids_config.c
+++ b/audisp/plugins/ids/ids_config.c
@@ -345,7 +345,7 @@ static int unsigned_int_parser(struct nv_pair *nv, int line, unsigned int *val)
/* check that all chars are numbers */
for (i=0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
+ if (!isdigit((unsigned char)ptr[i])) {
syslog(LOG_ERR,
"Value %s should only be numbers - line %d",
nv->value, line);
diff --git a/audisp/plugins/remote/remote-config.c b/audisp/plugins/remote/remote-config.c
index 02b51337..8de7b27f 100644
--- a/audisp/plugins/remote/remote-config.c
+++ b/audisp/plugins/remote/remote-config.c
@@ -484,7 +484,7 @@ static int parse_uint (const struct nv_pair *nv, int line, unsigned int *valp,
/* check that all chars are numbers */
for (i=0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
+ if (!isdigit((unsigned char)ptr[i])) {
syslog(LOG_ERR,
"Value %s should only be numbers - line %d",
nv->value, line);
diff --git a/audisp/plugins/zos-remote/zos-remote-config.c b/audisp/plugins/zos-remote/zos-remote-config.c
index b92dc778..2f7e42f5 100644
--- a/audisp/plugins/zos-remote/zos-remote-config.c
+++ b/audisp/plugins/zos-remote/zos-remote-config.c
@@ -301,7 +301,7 @@ static int port_parser(struct nv_pair *nv, int line, plugin_conf_t * c)
/* check that all chars are numbers */
for (i = 0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
+ if (!isdigit((unsigned char)ptr[i])) {
log_err("Value %s should only be numbers - line %d", nv->value, line);
return 1;
}
@@ -327,7 +327,7 @@ static int timeout_parser(struct nv_pair *nv, int line, plugin_conf_t * c)
/* check that all chars are numbers */
for (i = 0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
+ if (!isdigit((unsigned char)ptr[i])) {
log_err("Value %s should only be numbers - line %d", nv->value, line);
return 1;
}
@@ -376,7 +376,7 @@ static int q_depth_parser(struct nv_pair *nv, int line, plugin_conf_t * c)
/* check that all chars are numbers */
for (i = 0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
+ if (!isdigit((unsigned char)ptr[i])) {
log_err("Value %s should only be numbers - line %d", nv->value, line);
return 1;
}
diff --git a/auparse/auditd-config.c b/auparse/auditd-config.c
index 9a6a6a71..6e5c86a8 100644
--- a/auparse/auditd-config.c
+++ b/auparse/auditd-config.c
@@ -340,7 +340,7 @@ static int eoe_timeout_parser(auparse_state_t *au, const char *val, int line,
/* check that all chars are numbers */
for (i=0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
+ if (!isdigit((unsigned char)ptr[i])) {
audit_msg(au, LOG_ERR,
"Value %s should only be numbers - line %d",
val, line);
diff --git a/auparse/interpret.c b/auparse/interpret.c
index f13723b6..77c96468 100644
--- a/auparse/interpret.c
+++ b/auparse/interpret.c
@@ -325,7 +325,7 @@ static void key_escape(const char *orig, char *dest, auparse_esc_t escape_mode)
static int is_int_string(const char *str)
{
while (*str) {
- if (!isdigit(*str))
+ if (!isdigit((unsigned char)*str))
return 0;
str++;
}
@@ -1485,7 +1485,7 @@ static const char *print_success(const char *val)
{
int res;
- if (isdigit(*val)) {
+ if (isdigit((unsigned char)*val)) {
errno = 0;
res = strtoul(val, NULL, 10);
if (errno) {
@@ -2319,7 +2319,7 @@ static const char *print_fanotify(const char *val)
{
int res;
- if (isdigit(*val)) {
+ if (isdigit((unsigned char)*val)) {
errno = 0;
res = strtoul(val, NULL, 10);
if (errno) {
diff --git a/src/auditctl.c b/src/auditctl.c
index ccd62bc3..e1ca0f83 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -680,7 +680,7 @@ static int setopt(int count, int lineno, char *vars[])
}
break;
case 'r':
- if (optarg && isdigit(optarg[0])) {
+ if (optarg && isdigit((unsigned char)optarg[0])) {
uint32_t rate;
errno = 0;
rate = strtoul(optarg,NULL,0);
@@ -699,7 +699,7 @@ static int setopt(int count, int lineno, char *vars[])
}
break;
case 'b':
- if (optarg && isdigit(optarg[0])) {
+ if (optarg && isdigit((unsigned char)optarg[0])) {
uint32_t limit;
errno = 0;
limit = strtoul(optarg,NULL,0);
@@ -1134,7 +1134,7 @@ process_keys:
case 2:
#if HAVE_DECL_AUDIT_VERSION_BACKLOG_WAIT_TIME == 1 || \
HAVE_DECL_AUDIT_STATUS_BACKLOG_WAIT_TIME == 1
- if (optarg && isdigit(optarg[0])) {
+ if (optarg && isdigit((unsigned char)optarg[0])) {
uint32_t bwt;
errno = 0;
bwt = strtoul(optarg,NULL,0);
diff --git a/src/aureport-options.c b/src/aureport-options.c
index 203c3880..7480c8a9 100644
--- a/src/aureport-options.c
+++ b/src/aureport-options.c
@@ -385,7 +385,7 @@ int check_params(int count, char *vars[])
// } else {
// UNIMPLEMENTED;
// set_detail(D_SPECIFIC);
-// if (isdigit(optarg[0])) {
+// if (isdigit((unsigned char)optarg[0])) {
// errno = 0;
// event_id = strtoul(optarg,
// NULL, 10);
@@ -764,7 +764,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
arg_eoe_timeout = (time_t)strtoul(optarg, NULL, 10);
if (errno || arg_eoe_timeout == 0) {
diff --git a/src/aureport-output.c b/src/aureport-output.c
index a635d536..27a2ce25 100644
--- a/src/aureport-output.c
+++ b/src/aureport-output.c
@@ -976,7 +976,7 @@ static void do_user_summary_output(slist *sptr)
long uid;
char name[64];
- if (sn->str[0] == '-' || isdigit(sn->str[0])) {
+ if (sn->str[0] == '-' || isdigit((unsigned char)sn->str[0])) {
uid = strtol(sn->str, NULL, 10);
printf("%u ", sn->hits);
safe_print_string(aulookup_uid(uid, name,
diff --git a/src/ausearch-options.c b/src/ausearch-options.c
index 53d0db64..1c653648 100644
--- a/src/ausearch-options.c
+++ b/src/ausearch-options.c
@@ -253,7 +253,7 @@ static int convert_str_to_msg(const char *optarg)
{
int tmp, retval = 0;
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
tmp = strtoul(optarg, NULL, 10);
if (errno) {
@@ -335,7 +335,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_id = strtoul(optarg, NULL, 10);
if (errno) {
@@ -357,7 +357,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
arg_eoe_timeout = (time_t)strtoul(optarg, NULL, 10);
if (errno || arg_eoe_timeout == 0) {
@@ -463,7 +463,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_gid = strtoul(optarg,NULL,10);
if (errno) {
@@ -497,7 +497,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_egid = strtoul(optarg,NULL,10);
if (errno) {
@@ -529,7 +529,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_gid = strtoul(optarg,NULL,10);
if (errno) {
@@ -655,7 +655,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_ppid = strtol(optarg,NULL,10);
if (errno)
@@ -676,7 +676,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_pid = strtol(optarg,NULL,10);
if (errno)
@@ -794,7 +794,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_syscall = (int)strtoul(optarg, NULL, 10);
if (errno) {
@@ -893,7 +893,7 @@ int check_params(int count, char *vars[])
}
{
size_t len = strlen(optarg);
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
unsigned long optval = strtoul(optarg,NULL,10);
if (errno || optval >= (1ul << 32))
@@ -901,7 +901,7 @@ int check_params(int count, char *vars[])
event_session_id = optval;
c++;
} else if (len >= 2 && *(optarg)=='-' &&
- (isdigit(optarg[1]))) {
+ (isdigit((unsigned char)optarg[1]))) {
errno = 0;
long optval = strtol(optarg, NULL, 0);
if (errno || optval < INT_MIN || optval > INT_MAX) {
@@ -933,7 +933,7 @@ int check_params(int count, char *vars[])
}
{
size_t len = strlen(optarg);
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_exit = strtoll(optarg, NULL, 0);
if (errno) {
@@ -942,7 +942,7 @@ int check_params(int count, char *vars[])
optarg);
}
} else if (len >= 2 && *(optarg)=='-' &&
- (isdigit(optarg[1]))) {
+ (isdigit((unsigned char)optarg[1]))) {
errno = 0;
event_exit = strtoll(optarg, NULL, 0);
if (errno) {
@@ -1074,7 +1074,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_uid = strtoul(optarg,NULL,10);
if (errno) {
@@ -1107,7 +1107,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_euid = strtoul(optarg,NULL,10);
if (errno) {
@@ -1140,7 +1140,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_uid = strtoul(optarg,NULL,10);
if (errno) {
@@ -1184,7 +1184,7 @@ int check_params(int count, char *vars[])
}
{
size_t len = strlen(optarg);
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_loginuid = strtoul(optarg,NULL,10);
if (errno) {
@@ -1194,7 +1194,7 @@ int check_params(int count, char *vars[])
retval = -1;
}
} else if (len >= 2 && *(optarg)=='-' &&
- (isdigit(optarg[1]))) {
+ (isdigit((unsigned char)optarg[1]))) {
errno = 0;
event_loginuid = strtol(optarg, NULL, 0);
if (errno) {
diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
index e6868c6e..1a5b047f 100644
--- a/src/ausearch-parse.c
+++ b/src/ausearch-parse.c
@@ -1128,7 +1128,7 @@ try_again:
return 25;
ptr = str + 4;
term = ptr;
- while (isdigit(*term))
+ while (isdigit((unsigned char)*term))
term++;
if (term == ptr)
return 14;
diff --git a/tools/ausyscall/ausyscall.c b/tools/ausyscall/ausyscall.c
index bf751f17..489b1095 100644
--- a/tools/ausyscall/ausyscall.c
+++ b/tools/ausyscall/ausyscall.c
@@ -47,9 +47,9 @@ int main(int argc, char *argv[])
usage();
} else if (argc < 2)
usage();
-
+
for (i=1; i<argc; i++) {
- if (isdigit(argv[i][0])) {
+ if (isdigit((unsigned char)argv[i][0])) {
if (syscall_num != -1) {
fputs("Two syscall numbers not allowed\n",
stderr);
--
2.33.0

165
backport-lib-cast-to-unsigned-char-for-character-test-functio.patch Normal file
View File

@ -0,0 +1,165 @@
From 3aa3ccb2bb1c8804fbf43b260c93b65e831242c1 Mon Sep 17 00:00:00 2001
From: cgzones <cgzones@googlemail.com>
Date: Thu, 2 Nov 2023 21:20:40 +0100
Subject: [PATCH] lib: cast to unsigned char for character test functions
(#338)
Passing a value not representable by unsigned char is undefined
behavior.
Reference:https://github.com/linux-audit/audit-userspace/commit/3aa3ccb2bb1c8804fbf43b260c93b65e831242c1
Conflict:NA
---
lib/libaudit.c | 32 ++++++++++++++++----------------
lib/lookup_table.c | 2 +-
2 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/lib/libaudit.c b/lib/libaudit.c
index 960525a..abcdf4a 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -1031,7 +1031,7 @@ int audit_rule_syscallbyname_data(struct audit_rule_data *rule,
return -2;
nr = audit_name_to_syscall(scall, machine);
if (nr < 0) {
- if (isdigit(scall[0]))
+ if (isdigit((unsigned char)scall[0]))
nr = strtol(scall, NULL, 0);
}
if (nr >= 0)
@@ -1056,7 +1056,7 @@ int audit_rule_io_uringbyname_data(struct audit_rule_data *rule,
}
nr = audit_name_to_uringop(scall);
if (nr < 0) {
- if (isdigit(scall[0]))
+ if (isdigit((unsigned char)scall[0]))
nr = strtol(scall, NULL, 0);
}
if (nr >= 0)
@@ -1585,11 +1585,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
case AUDIT_OBJ_UID:
// Do positive & negative separate for 32 bit systems
vlen = strlen(v);
- if (isdigit((char)*(v)))
+ if (isdigit((unsigned char)*(v)))
rule->values[rule->field_count] =
strtoul(v, NULL, 0);
else if (vlen >= 2 && *(v)=='-' &&
- (isdigit((char)*(v+1))))
+ (isdigit((unsigned char)*(v+1))))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else {
@@ -1609,7 +1609,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
case AUDIT_SGID:
case AUDIT_FSGID:
case AUDIT_OBJ_GID:
- if (isdigit((char)*(v)))
+ if (isdigit((unsigned char)*(v)))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else {
@@ -1625,11 +1625,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
if (flags != AUDIT_FILTER_EXIT)
return -EAU_EXITONLY;
vlen = strlen(v);
- if (isdigit((char)*(v)))
+ if (isdigit((unsigned char)*(v)))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else if (vlen >= 2 && *(v)=='-' &&
- (isdigit((char)*(v+1))))
+ (isdigit((unsigned char)*(v+1))))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else {
@@ -1644,7 +1644,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
flags != AUDIT_FILTER_USER)
return -EAU_MSGTYPEEXCLUDEUSER;
- if (isdigit((char)*(v)))
+ if (isdigit((unsigned char)*(v)))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else
@@ -1715,7 +1715,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
return -EAU_ARCHMISPLACED;
if (!(op == AUDIT_NOT_EQUAL || op == AUDIT_EQUAL))
return -EAU_OPEQNOTEQ;
- if (isdigit((char)*(v))) {
+ if (isdigit((unsigned char)*(v))) {
int machine;
errno = 0;
@@ -1757,7 +1757,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
return -EAU_STRTOOLONG;
for (i = 0; i < len; i++) {
- switch (tolower(v[i])) {
+ switch (tolower((unsigned char)v[i])) {
case 'r':
val |= AUDIT_PERM_READ;
break;
@@ -1791,7 +1791,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
return -EAU_FIELDUNAVAIL;
if (!(op == AUDIT_NOT_EQUAL || op == AUDIT_EQUAL))
return -EAU_OPEQNOTEQ;
- if (isdigit((char)*(v)))
+ if (isdigit((unsigned char)*(v)))
rule->values[rule->field_count] =
strtoul(v, NULL, 0);
else
@@ -1804,11 +1804,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
break;
case AUDIT_ARG0...AUDIT_ARG3:
vlen = strlen(v);
- if (isdigit((char)*(v)))
+ if (isdigit((unsigned char)*(v)))
rule->values[rule->field_count] =
strtoul(v, NULL, 0);
else if (vlen >= 2 && *(v)=='-' &&
- (isdigit((char)*(v+1))))
+ (isdigit((unsigned char)*(v+1))))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else
@@ -1824,11 +1824,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
return -EAU_FIELDNOFILTER;
// Do positive & negative separate for 32 bit systems
vlen = strlen(v);
- if (isdigit((char)*(v)))
+ if (isdigit((unsigned char)*(v)))
rule->values[rule->field_count] =
strtoul(v, NULL, 0);
else if (vlen >= 2 && *(v)=='-' &&
- (isdigit((char)*(v+1))))
+ (isdigit((unsigned char)*(v+1))))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else if (strcmp(v, "unset") == 0)
@@ -1854,7 +1854,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
if (field == AUDIT_PPID && !(flags==AUDIT_FILTER_EXIT))
return -EAU_EXITONLY;
- if (!isdigit((char)*(v)))
+ if (!isdigit((unsigned char)*(v)))
return -EAU_FIELDVALNUM;
if (field == AUDIT_INODE)
diff --git a/lib/lookup_table.c b/lib/lookup_table.c
index 2f5e6cd..d839205 100644
--- a/lib/lookup_table.c
+++ b/lib/lookup_table.c
@@ -255,7 +255,7 @@ int audit_name_to_msg_type(const char *msg_type)
strncpy(buf, msg_type + 8, len);
errno = 0;
return strtol(buf, NULL, 10);
- } else if (isdigit(*msg_type)) {
+ } else if (isdigit((unsigned char)*msg_type)) {
errno = 0;
return strtol(msg_type, NULL, 10);
}
--
2.33.0

35
backport-lib-close-audit-socket-in-load_feature_bitmap-334.patch Normal file
View File

@ -0,0 +1,35 @@
From 3f928b21486369c495d9eaca46eb9d506ae576b3 Mon Sep 17 00:00:00 2001
From: cgzones <cgzones@googlemail.com>
Date: Wed, 1 Nov 2023 20:35:40 +0100
Subject: [PATCH] lib: close audit socket in load_feature_bitmap() (#334)
Reference:https://github.com/linux-audit/audit-userspace/commit/3f928b21486369c495d9eaca46eb9d506ae576b3
Conflict:NA
---
lib/libaudit.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/libaudit.c b/lib/libaudit.c
index ded3ab47..4c317c87 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -657,12 +657,14 @@ static void load_feature_bitmap(void)
/* Found it... */
features_bitmap = rep.status->feature_bitmap;
+ audit_close(fd);
return;
}
}
}
#endif
features_bitmap = AUDIT_FEATURES_UNSUPPORTED;
+ audit_close(fd);
}
uint32_t audit_get_features(void)
--
2.33.0

29
backport-lib-enclose-macro-to-avoid-precedence-issues.patch Normal file
View File

@ -0,0 +1,29 @@
From e97c79260a2e7bdbf02c5162b0c40451c9555111 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 31 Oct 2023 16:49:10 +0100
Subject: [PATCH] lib: enclose macro to avoid precedence issues
Reference:https://github.com/linux-audit/audit-userspace/commit/e97c79260a2e7bdbf02c5162b0c40451c9555111
Conflict:NA
---
lib/audit_logging.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/audit_logging.c b/lib/audit_logging.c
index 8b8b6207..e8b79d3e 100644
--- a/lib/audit_logging.c
+++ b/lib/audit_logging.c
@@ -38,7 +38,7 @@
#include "private.h"
#define TTY_PATH 32
-#define MAX_USER (UT_NAMESIZE * 2) + 8
+#define MAX_USER ((UT_NAMESIZE * 2) + 8)
// NOTE: The kernel fills in pid, uid, and loginuid of sender. Therefore,
// these routines do not need to send them.
--
2.33.0

56
backport-memory-allocation-updates-341.patch Normal file
View File

@ -0,0 +1,56 @@
From b92027ac9e29659483a5e920e548fe74126f72af Mon Sep 17 00:00:00 2001
From: cgzones <cgzones@googlemail.com>
Date: Wed, 1 Nov 2023 22:15:40 +0100
Subject: [PATCH] memory allocation updates (#341)
* Check memory allocation
Avoid later NULL dereference.
* Check memory allocation and merge zeroing
Avoid later NULL dereference.
Reference:https://github.com/linux-audit/audit-userspace/commit/b92027ac9e29659483a5e920e548fe74126f72af
Conflict:NA
---
auparse/interpret.c | 2 ++
lib/libaudit.c | 7 +++++--
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/auparse/interpret.c b/auparse/interpret.c
index ecde07ae..76ca2814 100644
--- a/auparse/interpret.c
+++ b/auparse/interpret.c
@@ -366,6 +366,8 @@ char *au_unescape(char *buf)
// strlen(buf) / 2.
olen = strlen(buf);
str = malloc(olen+1);
+ if (!str)
+ return NULL;
saved = *ptr;
*ptr = 0;
diff --git a/lib/libaudit.c b/lib/libaudit.c
index 6a42871b..d90d83b8 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -891,9 +891,12 @@ int audit_make_equivalent(int fd, const char *mount_point,
struct {
uint32_t sizes[2];
unsigned char buf[];
- } *cmd = malloc(sizeof(*cmd) + len1 + len2);
+ } *cmd = calloc(1, sizeof(*cmd) + len1 + len2);
- memset(cmd, 0, sizeof(*cmd) + len1 + len2);
+ if (!cmd) {
+ audit_msg(LOG_ERR, "Cannot allocate memory!");
+ return -ENOMEM;
+ }
cmd->sizes[0] = len1;
cmd->sizes[1] = len2;
--
2.33.0