packages/audit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:43198023d9b790a2aad1185806f40a4397cb3872
Branches Tags
packages:main
...
compare: packages:3ac42501d9221a337bce482c265d278f4ab0c059
Branches Tags
packages:main

10 Commits
43198023d9 ... 3ac42501d9

Author SHA1 Message Date
openeuler-ci-bot
3ac42501d9
!164 remove copy audit.h in spec 
From: @xuraoqing 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001
 2025-05-16 02:41:23 +00:00
xuraoqing
3e44a6250f remove copy audit.h in spec 
copy /usr/include/linux/audit.h to lib/ do not needed,
while swig compile error with flex array has been fixed

Signed-off-by: xuraoqing <xuraoqing@huawei.com>
 2025-05-15 12:41:41 +08:00
openeuler-ci-bot
5ff992f171
!158 backport patches to fix bugs 
From: @xuraoqing 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001
 2025-02-27 02:12:20 +00:00
xuraoqing
3df60ccaad backport patches to fix bugs 
Signed-off-by: xuraoqing <xuraoqing@huawei.com>
 2025-02-26 12:55:36 +08:00
openeuler-ci-bot
f517345409
!152 backport patches to fix bug 
From: @fwo 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001
 2024-12-12 07:55:19 +00:00
wjiang
c0cb68b58c backport patches to fix bug 2024-12-11 14:32:21 +08:00
openeuler-ci-bot
5f33272f1b
!138 backport patches to fix display rules bug 
From: @fangxiuning 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001
 2024-09-03 01:54:39 +00:00
fangxiuning
6386972e4d y 2024-08-24 14:32:19 +08:00
openeuler-ci-bot
2024bedff5
!130 backport patches to fix bug 
From: @fangxiuning 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001
 2024-07-22 12:35:19 +00:00
fangxiuning
99c0f2a3ae change 2024-07-18 21:30:04 +08:00
17 changed files with 1559 additions and 45 deletions
Show Stats Expand all files Collapse all files

82
audit.spec
View File

@ -2,36 +2,51 @@ Summary: User space tools for kernel auditing
Name: audit
Epoch: 1
Version: 3.1.2
Release: 4
Release: 9
License: GPLv2+ and LGPLv2+
URL: https://people.redhat.com/sgrubb/audit/
Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
Patch0: bugfix-audit-support-armv7b.patch
Patch1: bugfix-audit-userspace-missing-syscalls-for-aarm64.patch
Patch2: bugfix-audit-reload-coredump.patch
Patch3: audit-Add-sw64-architecture.patch
Patch4: backport-Solve-issue-363-by-moving-check-to-after-load_config.patch
Patch5: backport-first-part-of-NULL-pointer-checks.patch
Patch6: backport-second-part-of-NULL-pointer-checks.patch
Patch7: backport-last-part-of-NULL-pointer-checks.patch
Patch8: backport-Fixed-NULL-checks.patch
Patch9: backport-update-error-messages-in-NULL-Checks.patch
Patch10: backport-adding-the-file-descriptor-closure.patch
Patch11: backport-correcting-memcmp-args-in-check_rule_mismatch-functi.patch
Patch12: backport-Use-atomic_int-if-available-for-signal-related-flags.patch
Patch13: backport-Use-atomic_uint-if-available-for-signal-related-flag.patch
Patch14: backport-avoiding-of-NULL-pointers-dereference-366.patch
Patch15: backport-Cleanup-code-in-LRU.patch
Patch16: backport-Fix-memory-leaks.patch
Patch17: backport-fix-one-more-leak.patch
Patch18: backport-Consolidate-end-of-event-detection-to-a-common-funct.patch
Patch19: backport-Issue343-Fix-checkpoint-issue-to-ensure-all-complete.patch
Patch20: backport-lib-avoid-UB-on-sequence-wrap-around-347.patch
Patch21: backport-Fix-deprecated-python-function.patch
Patch22: backport-Change-python-bindings-to-switch-from-PyEval_CallObj.patch
Patch23: backport-Cleanup-shell-script-warnings.patch
Patch0: bugfix-audit-support-armv7b.patch
Patch1: bugfix-audit-userspace-missing-syscalls-for-aarm64.patch
Patch2: bugfix-audit-reload-coredump.patch
Patch3: audit-Add-sw64-architecture.patch
Patch4: backport-Rewrite-legacy-service-functions-in-terms-of-systemc.patch
Patch5: backport-Error-out-if-required-zos-parameters-missing.patch
Patch6: backport-Fix-deprecated-python-function.patch
Patch7: backport-lib-close-audit-socket-in-load_feature_bitmap-334.patch
Patch8: backport-lib-enclose-macro-to-avoid-precedence-issues.patch
Patch9: backport-memory-allocation-updates-341.patch
Patch10: backport-lib-cast-to-unsigned-char-for-character-test-functio.patch
Patch11: backport-Make-session-id-consistently-typed-327.patch
Patch12: backport-Avoid-file-descriptor-leaks-in-multi-threaded-applic.patch
Patch13: backport-fix-the-use-of-isdigit-everywhere.patch
Patch14: backport-Fix-new-warnings-for-unused-results.patch
Patch15: backport-Change-the-first-iteration-test-so-static-analysis-b.patch
Patch16: backport-Consolidate-end-of-event-detection-to-a-common-funct.patch
Patch17: backport-Issue343-Fix-checkpoint-issue-to-ensure-all-complete.patch
Patch18: backport-lib-avoid-UB-on-sequence-wrap-around-347.patch
Patch19: backport-Change-python-bindings-to-switch-from-PyEval_CallObj.patch
Patch20: backport-Cleanup-shell-script-warnings.patch
Patch21: backport-Solve-issue-363-by-moving-check-to-after-load_config.patch
Patch22: backport-first-part-of-NULL-pointer-checks.patch
Patch23: backport-second-part-of-NULL-pointer-checks.patch
Patch24: backport-last-part-of-NULL-pointer-checks.patch
Patch25: backport-Fixed-NULL-checks.patch
Patch26: backport-update-error-messages-in-NULL-Checks.patch
Patch27: backport-adding-the-file-descriptor-closure.patch
Patch28: backport-correcting-memcmp-args-in-check_rule_mismatch-functi.patch
Patch29: backport-Use-atomic_int-if-available-for-signal-related-flags.patch
Patch30: backport-Use-atomic_uint-if-available-for-signal-related-flag.patch
Patch31: backport-avoiding-of-NULL-pointers-dereference-366.patch
Patch32: backport-Cleanup-code-in-LRU.patch
Patch33: backport-Fix-memory-leaks.patch
Patch34: backport-fix-one-more-leak.patch
Patch35: backport-Correct-output-when-displaying-rules-with-exe-path-d.patch
Patch36: backport-ausearch-format-Fix-display-of-renamed-file-411.patch
Patch37: backport-Fix-a-maybe-uninitialized-warning.patch
Patch38: backport-ausearch-parse-fix-parsing-for-success-uid-in-parse_.patch
BuildRequires: gcc swig libtool systemd kernel-headers >= 2.6.29
BuildRequires: openldap-devel krb5-devel libcap-ng-devel
@ -107,7 +122,6 @@ libauparse can be used by python3.
%prep
%autosetup -n %{name}-%{version} -p1
cp %{SOURCE1} .
cp /usr/include/linux/audit.h lib/
autoreconf -f -i
%build
@ -311,7 +325,6 @@ fi
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/rotate
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/state
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/stop
%attr(750,root,root) %{_libexecdir}/audit-functions
%ghost %{_localstatedir}/run/auditd.state
%attr(750,root,root) %dir %{_var}/log/audit
%attr(750,root,root) %dir /etc/audit
@ -375,6 +388,21 @@ fi
%attr(644,root,root) %{_mandir}/man8/*.8.gz
%changelog
* Thu May 15 2025 xuraoqing <xuraoqing@huawei.com> - 1:3.1.2-9
- copy audit.h do not needed, while swig compile error with flex array has been fixed
* Wed Feb 26 2025 xuraoqing <xuraoqing@huawei.com> - 1:3.1.2-8
- backport patches from upstream
* Wed Dec 11 2024 wangjiang <app@cameyan.coom> - 1:3.1.2-7
- backport patches to fix bug
* Sat Aug 24 2024 fangxiuning<fangxiuning@huawei.com> - 1:3.1.2-6
- backport patches to fix bug
* Thu Jul 18 2024 fangxiuning<fangxiuning@huawei.com> - 1:3.1.2-5
- backport patches to fix bugs
* Thu Jun 06 2024 fuanan <fuanan3@h-partners.com> - 1:3.1.2-4
- backport patches from upstream

137
backport-Avoid-file-descriptor-leaks-in-multi-threaded-applic.patch Normal file
View File

@ -0,0 +1,137 @@
From 2663987c5088924bce510fcf8e7891d6aae976ba Mon Sep 17 00:00:00 2001
From: cgzones <cgzones@googlemail.com>
Date: Sat, 4 Nov 2023 03:48:39 +0100
Subject: [PATCH] Avoid file descriptor leaks in multi-threaded applications
(#339)
* lib: set close-on-exec flag
libaudit may be called from a multi-threaded application.
Avoid leaking local file descriptors on a concurrent execve.
* lib: simplify SOCK_CLOEXEC
SOCK_CLOEXEC is supported since Linux 2.6.27.
Reference:https://github.com/linux-audit/audit-userspace/commit/2663987c5088924bce510fcf8e7891d6aae976ba
Conflict:lib/audit_logging.c,lib/netlink.c,lib/libaudit.c
---
lib/audit_logging.c | 2 +-
lib/libaudit.c | 14 +++++++-------
lib/netlink.c | 12 +-----------
3 files changed, 9 insertions(+), 19 deletions(-)
diff --git a/lib/audit_logging.c b/lib/audit_logging.c
index 302c242..08b53aa 100644
--- a/lib/audit_logging.c
+++ b/lib/audit_logging.c
@@ -177,7 +177,7 @@ static char *_get_commname(const char *comm, char *commname, unsigned int size)
if (comm == NULL) {
int len;
- int fd = open("/proc/self/comm", O_RDONLY);
+ int fd = open("/proc/self/comm", O_RDONLY|O_CLOEXEC);
if (fd < 0) {
strcpy(commname, "\"?\"");
return commname;
diff --git a/lib/libaudit.c b/lib/libaudit.c
index 2cc7afd..74fa2f3 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -221,7 +221,7 @@ static int load_libaudit_config(const char *path)
char buf[128];
/* open the file */
- rc = open(path, O_NOFOLLOW|O_RDONLY);
+ rc = open(path, O_NOFOLLOW|O_RDONLY|O_CLOEXEC);
if (rc < 0) {
if (errno != ENOENT) {
audit_msg(LOG_ERR, "Error opening %s (%s)",
@@ -261,7 +261,7 @@ static int load_libaudit_config(const char *path)
}
/* it's ok, read line by line */
- f = fdopen(fd, "rm");
+ f = fdopen(fd, "rme");
if (f == NULL) {
audit_msg(LOG_ERR, "Error - fdopen failed (%s)",
strerror(errno));
@@ -705,7 +705,7 @@ char *audit_format_signal_info(char *buf, int len, char *op,
char path[32], ses[16];
int rlen;
snprintf(path, sizeof(path), "/proc/%u", rep->signal_info->pid);
- int fd = open(path, O_RDONLY);
+ int fd = open(path, O_RDONLY|O_DIRECTORY|O_CLOEXEC);
if (fd >= 0) {
if (fstat(fd, &sb) < 0)
sb.st_uid = -1;
@@ -714,7 +714,7 @@ char *audit_format_signal_info(char *buf, int len, char *op,
sb.st_uid = -1;
snprintf(path, sizeof(path), "/proc/%u/sessionid",
rep->signal_info->pid);
- fd = open(path, O_RDONLY, rep->signal_info->pid);
+ fd = open(path, O_RDONLY|O_CLOEXEC, rep->signal_info->pid);
if (fd < 0)
strcpy(ses, "4294967295");
else {
@@ -918,7 +918,7 @@ uid_t audit_getloginuid(void)
char buf[16];
errno = 0;
- in = open("/proc/self/loginuid", O_NOFOLLOW|O_RDONLY);
+ in = open("/proc/self/loginuid", O_NOFOLLOW|O_RDONLY|O_CLOEXEC);
if (in < 0)
return -1;
do {
@@ -946,7 +946,7 @@ int audit_setloginuid(uid_t uid)
errno = 0;
count = snprintf(loginuid, sizeof(loginuid), "%u", uid);
- o = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC);
+ o = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC|O_CLOEXEC);
if (o >= 0) {
int block, offset = 0;
@@ -982,7 +982,7 @@ uint32_t audit_get_session(void)
char buf[16];
errno = 0;
- in = open("/proc/self/sessionid", O_NOFOLLOW|O_RDONLY);
+ in = open("/proc/self/sessionid", O_NOFOLLOW|O_RDONLY|O_CLOEXEC);
if (in < 0)
return -2;
do {
diff --git a/lib/netlink.c b/lib/netlink.c
index 66a1e7c..f862da4 100644
--- a/lib/netlink.c
+++ b/lib/netlink.c
@@ -47,7 +47,7 @@ static int check_ack(int fd);
int audit_open(void)
{
int saved_errno;
- int fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_AUDIT);
+ int fd = socket(PF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_AUDIT);
if (fd < 0) {
saved_errno = errno;
@@ -60,16 +60,6 @@ int audit_open(void)
"Error opening audit netlink socket (%s)",
strerror(errno));
errno = saved_errno;
- return fd;
- }
- if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) {
- saved_errno = errno;
- audit_msg(LOG_ERR,
- "Error setting audit netlink socket CLOEXEC flag (%s)",
- strerror(errno));
- close(fd);
- errno = saved_errno;
- return -1;
}
return fd;
}
--
2.33.0

39
backport-Change-the-first-iteration-test-so-static-analysis-b.patch Normal file
View File

@ -0,0 +1,39 @@
From b84b007cd0ef504e8c86b8cc73646f3119ed343c Mon Sep 17 00:00:00 2001
From: Steve Grubb <ausearch.1@gmail.com>
Date: Wed, 29 Nov 2023 15:49:21 -0500
Subject: [PATCH] Change the first iteration test so static analysis better
understands the code
Reference:https://github.com/linux-audit/audit-userspace/commit/b84b007cd0ef504e8c86b8cc73646f3119ed343c
Conflict:NA
---
tools/aulast/aulast-llist.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/tools/aulast/aulast-llist.c b/tools/aulast/aulast-llist.c
index 87638ebc..d7765ba4 100644
--- a/tools/aulast/aulast-llist.c
+++ b/tools/aulast/aulast-llist.c
@@ -140,11 +140,15 @@ int list_update_logout(llist* l, time_t t, unsigned long serial)
lnode *list_delete_cur(llist *l)
{
register lnode *cur, *prev;
-
- prev = cur = l->head; /* start at the beginning */
+
+ if (l == NULL || l->head == NULL)
+ return NULL;
+
+ prev = cur = l->head; /* start at the beginning */
while (cur) {
if (cur == l->cur) {
- if (cur == prev && cur == l->head) {
+ // If the first iteration
+ if (prev == l->head && cur == l->head) {
l->head = cur->next;
l->cur = cur->next;
free((void *)cur->name);
--
2.33.0

40
backport-Cleanup-shell-script-warnings.patch
View File

@ -4,7 +4,7 @@ Date: Fri, 23 Feb 2024 12:26:05 -0500
Subject: [PATCH] Cleanup shell script warnings
Reference:https://github.com/linux-audit/audit-userspace/commit/79c1212ff38254a961c27d8eb10bc766e412ffe9
Conflict:init.d/augenrules, init.d/auditd.state
Conflict:NA
---
init.d/auditd.reload | 2 +-
@ -12,11 +12,11 @@ Conflict:init.d/augenrules, init.d/auditd.state
init.d/auditd.rotate | 2 +-
init.d/auditd.state | 6 +++---
init.d/auditd.stop | 2 +-
init.d/augenrules | 4 ++--
6 files changed, 7 insertions(+), 7 deletions(-)
init.d/augenrules | 2 +-
6 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/init.d/auditd.reload b/init.d/auditd.reload
index 6db1bd74..b42fa6bf 100644
index 53ff2f4..4f09d00 100644
--- a/init.d/auditd.reload
+++ b/init.d/auditd.reload
@@ -3,7 +3,7 @@
@ -26,10 +26,10 @@ index 6db1bd74..b42fa6bf 100644
-test $(id -u) = 0 || exit 4
+test "$(id -u)" = "0" || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="auditd"
printf "Reconfiguring: "
/sbin/augenrules --load
diff --git a/init.d/auditd.resume b/init.d/auditd.resume
index 96189eb6..8193bea9 100644
index 96189eb..8193bea 100644
--- a/init.d/auditd.resume
+++ b/init.d/auditd.resume
@@ -3,7 +3,7 @@
@ -39,10 +39,10 @@ index 96189eb6..8193bea9 100644
-test $(id -u) = 0 || exit 4
+test "$(id -u)" = "0" || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="auditd"
printf "Resuming logging: "
/sbin/auditctl --signal resume
diff --git a/init.d/auditd.rotate b/init.d/auditd.rotate
index dcb12c26..8bb65530 100644
index dcb12c2..8bb6553 100644
--- a/init.d/auditd.rotate
+++ b/init.d/auditd.rotate
@@ -3,7 +3,7 @@
@ -52,10 +52,10 @@ index dcb12c26..8bb65530 100644
-test $(id -u) = 0 || exit 4
+test "$(id -u)" = "0" || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="auditd"
printf "Rotating logs: "
/sbin/auditctl --signal rotate
diff --git a/init.d/auditd.state b/init.d/auditd.state
index 6ae0845a..c59fe5a6 100644
index 6ae0845..c59fe5a 100644
--- a/init.d/auditd.state
+++ b/init.d/auditd.state
@@ -3,7 +3,7 @@
@ -66,18 +66,22 @@ index 6ae0845a..c59fe5a6 100644
+test "$(id -u)" = "0" || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="auditd"
@@ -15,7 +15,7 @@ killproc $prog -CONT
state_file="/var/run/auditd.state"
@@ -11,10 +11,10 @@ state_file="/var/run/auditd.state"
printf "Getting auditd internal state: "
/sbin/auditctl --signal state
RETVAL=$?
echo -e "\n"
-echo -e "\n"
sleep 1
-if [ $? -eq 0 ] ; then
+if [ $RETVAL -eq 0 ] ; then
if [ -e $state_file ] ; then
+ printf "\n\n"
cat $state_file
fi
fi
diff --git a/init.d/auditd.stop b/init.d/auditd.stop
index 4cfe88b1..79e53a59 100644
index 5049285..41c67d6 100644
--- a/init.d/auditd.stop
+++ b/init.d/auditd.stop
@@ -3,7 +3,7 @@
@ -90,7 +94,7 @@ index 4cfe88b1..79e53a59 100644
PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="auditd"
diff --git a/init.d/augenrules b/init.d/augenrules
index be6c9f5c..8c1a670b 100644
index ea96aa7..605cfef 100644
--- a/init.d/augenrules
+++ b/init.d/augenrules
@@ -35,7 +35,7 @@ RETVAL=0

52
backport-Correct-output-when-displaying-rules-with-exe-path-d.patch Normal file
View File

@ -0,0 +1,52 @@
From e5b0c9d74a54e0c6c83ba402807a53e4544b7898 Mon Sep 17 00:00:00 2001
From: Attila Lakatos <Cropi@users.noreply.github.com>
Date: Wed, 12 Jun 2024 18:22:00 +0200
Subject: [PATCH] Correct output when displaying rules with exe/path/dir (#379)
Some audit operators were not displayed properly
because auditctl used the "=" operator in all
the scenarios mentioned above.
Reference:https://github.com/linux-audit/audit-userspace/commit/e5b0c9d74a54e0c6c83ba402807a53e4544b7898
Conflict:NA
---
src/auditctl-listing.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/auditctl-listing.c b/src/auditctl-listing.c
index 57ae1837..9c322670 100644
--- a/src/auditctl-listing.c
+++ b/src/auditctl-listing.c
@@ -380,7 +380,9 @@ static void print_rule(const struct audit_rule_data *r)
printf("-w %.*s", r->values[i],
&r->buf[boffset]);
else
- printf(" -F path=%.*s", r->values[i],
+ printf(" -F path%s%.*s",
+ audit_operator_to_symbol(op),
+ r->values[i],
&r->buf[boffset]);
boffset += r->values[i];
} else if (field == AUDIT_DIR) {
@@ -388,12 +390,15 @@ static void print_rule(const struct audit_rule_data *r)
printf("-w %.*s", r->values[i],
&r->buf[boffset]);
else
- printf(" -F dir=%.*s", r->values[i],
+ printf(" -F dir%s%.*s",
+ audit_operator_to_symbol(op),
+ r->values[i],
&r->buf[boffset]);
boffset += r->values[i];
} else if (field == AUDIT_EXE) {
- printf(" -F exe=%.*s",
+ printf(" -F exe%s%.*s",
+ audit_operator_to_symbol(op),
r->values[i], &r->buf[boffset]);
boffset += r->values[i];
} else if (field == AUDIT_FILTERKEY) {
--
2.33.0

41
backport-Error-out-if-required-zos-parameters-missing.patch Normal file
View File

@ -0,0 +1,41 @@
From bbe96f9798451129ae2555f92e2f698f842f7833 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Tue, 10 Oct 2023 08:22:49 -0400
Subject: [PATCH] Error out if required zos parameters missing
Reference:https://github.com/linux-audit/audit-userspace/commit/bbe96f9798451129ae2555f92e2f698f842f7833
Conflict:NA
---
audisp/plugins/zos-remote/zos-remote-ldap.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/audisp/plugins/zos-remote/zos-remote-ldap.c b/audisp/plugins/zos-remote/zos-remote-ldap.c
index 7dd1424f..7e27eda4 100644
--- a/audisp/plugins/zos-remote/zos-remote-ldap.c
+++ b/audisp/plugins/zos-remote/zos-remote-ldap.c
@@ -134,14 +134,18 @@ retry:
int zos_remote_init(ZOS_REMOTE *zos_remote, const char *server, int port,
const char *user, const char *password, int timeout)
-{
+{
+ if (server == NULL || user == NULL || password == NULL) {
+ log_err("Error: required parameters are not present in config file");
+ return ICTX_E_FATAL;
+ }
zos_remote->server = strdup(server);
zos_remote->port = port;
zos_remote->user = strdup(user);
zos_remote->password = strdup(password);
zos_remote->timeout = timeout;
zos_remote->connected = 0;
-
+
if (!zos_remote->server || !zos_remote->user || !zos_remote->password) {
log_err("Error allocating memory for session members");
return ICTX_E_FATAL;
--
2.33.0

53
backport-Fix-a-maybe-uninitialized-warning.patch Normal file
View File

@ -0,0 +1,53 @@
From 25d5458a396a07e56f36f651da2c51b528fb293a Mon Sep 17 00:00:00 2001
From: Steve Grubb <ausearch.1@gmail.com>
Date: Thu, 2 Jan 2025 16:32:34 -0500
Subject: [PATCH] Fix a maybe uninitialized warning
Reference:https://github.com/linux-audit/audit-userspace/commit/25d5458a396a07e56f36f651da2c51b528fb293a
Conflict:NA
---
src/ausearch-parse.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
index e15396d7..68e2b29e 100644
--- a/src/ausearch-parse.c
+++ b/src/ausearch-parse.c
@@ -1556,7 +1556,7 @@ static int parse_daemon1(const lnode *n, search_items *s)
if (str) {
ptr = str + 5;
term = strchr(ptr, ' ');
- if (term == NULL)
+ if (term == NULL)
return 7;
saved = *term;
*term = 0;
@@ -1565,13 +1565,11 @@ static int parse_daemon1(const lnode *n, search_items *s)
if (errno)
return 8;
*term = saved;
- } else
- term = ptr;
+ }
}
// ses - optional
if (event_session_id != -2) {
- ptr = term;
str = strstr(term, "ses=");
if (str) {
ptr = str + 4;
@@ -1585,8 +1583,7 @@ static int parse_daemon1(const lnode *n, search_items *s)
if (errno)
return 10;
*term = saved;
- } else
- term = ptr;
+ }
}
if (event_subject) {
--
2.33.0

107
backport-Fix-new-warnings-for-unused-results.patch Normal file
View File

@ -0,0 +1,107 @@
From a4e8b7e18f249fe5decdd2fe748a5068ffeaee57 Mon Sep 17 00:00:00 2001
From: Steve Grubb <ausearch.1@gmail.com>
Date: Mon, 20 Nov 2023 16:37:46 -0500
Subject: [PATCH] Fix new warnings for unused results
Reference:https://github.com/linux-audit/audit-userspace/commit/a4e8b7e18f249fe5decdd2fe748a5068ffeaee57
Conflict:NA
---
audisp/plugins/ids/ids.c | 5 +++--
audisp/plugins/ids/ids.h | 2 +-
audisp/plugins/statsd/audisp-statsd.c | 4 ++--
lib/libaudit.c | 3 ++-
lib/netlink.c | 3 ++-
src/auditd.c | 3 ++-
6 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/audisp/plugins/ids/ids.c b/audisp/plugins/ids/ids.c
index d28237e5..1446ca71 100644
--- a/audisp/plugins/ids/ids.c
+++ b/audisp/plugins/ids/ids.c
@@ -107,9 +107,10 @@ static void destroy_audit(void)
}
-void log_audit_event(int type, const char *text, int res)
+int log_audit_event(int type, const char *text, int res)
{
- audit_log_user_message(audit_fd, type, text, NULL, NULL, NULL, res);
+ return audit_log_user_message(audit_fd, type, text,
+ NULL, NULL, NULL, res);
}
diff --git a/audisp/plugins/ids/ids.h b/audisp/plugins/ids/ids.h
index f3710066..cb98cdba 100644
--- a/audisp/plugins/ids/ids.h
+++ b/audisp/plugins/ids/ids.h
@@ -15,6 +15,6 @@
extern int debug;
extern void my_printf(const char *fmt, ...)
__attribute__ (( format(printf, 1, 2) ));
-extern void log_audit_event(int type, const char *text, int res);
+extern int log_audit_event(int type, const char *text, int res);
#endif
diff --git a/audisp/plugins/statsd/audisp-statsd.c b/audisp/plugins/statsd/audisp-statsd.c
index db2c6111..912f9171 100644
--- a/audisp/plugins/statsd/audisp-statsd.c
+++ b/audisp/plugins/statsd/audisp-statsd.c
@@ -218,9 +218,9 @@ static void get_kernel_status(void)
struct audit_reply rep;
audit_request_status(audit_fd);
- audit_get_reply(audit_fd, &rep, GET_REPLY_BLOCKING, 0);
+ int rc = audit_get_reply(audit_fd, &rep, GET_REPLY_BLOCKING, 0);
- if (rep.type == AUDIT_GET) {
+ if (rc > 0 && rep.type == AUDIT_GET) {
// add info to global audit event struct
r.lost = rep.status->lost;
r.backlog = rep.status->backlog;
diff --git a/lib/libaudit.c b/lib/libaudit.c
index e5f2a7c5..3decff12 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -473,7 +473,8 @@ int audit_set_pid(int fd, uint32_t pid, rep_wait_t wmode)
rc = poll(pfd, 1, 100); /* .1 second */
} while (rc < 0 && errno == EINTR);
- (void)audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0);
+ if (audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0))
+ ; // intentionally empty
return 1;
}
diff --git a/lib/netlink.c b/lib/netlink.c
index eeeefc26..3381651a 100644
--- a/lib/netlink.c
+++ b/lib/netlink.c
@@ -280,7 +280,8 @@ retry:
else if (rc > 0 && rep.type == NLMSG_ERROR) {
int error = rep.error->error;
/* Eat the message */
- (void)audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0);
+ if (audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0))
+ ; // intentionally empty
/* NLMSG_ERROR can indicate success, only report nonzero */
if (error) {
diff --git a/src/auditd.c b/src/auditd.c
index 2dedf35b..54b407f3 100644
--- a/src/auditd.c
+++ b/src/auditd.c
@@ -1044,7 +1044,8 @@ static void clean_exit(void)
audit_msg(LOG_INFO, "The audit daemon is exiting.");
if (fd >= 0) {
if (!opt_aggregate_only)
- audit_set_pid(fd, 0, WAIT_NO);
+ if (audit_set_pid(fd, 0, WAIT_NO))
+ ; // intentionally empty
audit_close(fd);
}
if (pidfile)
--
2.33.0

62
backport-Make-session-id-consistently-typed-327.patch Normal file
View File

@ -0,0 +1,62 @@
From 8359a7004de5e22c5a9b85c01c56e3b376d84a81 Mon Sep 17 00:00:00 2001
From: Michael Tautschnig <mt@debian.org>
Date: Thu, 2 Nov 2023 21:53:29 +0100
Subject: [PATCH] Make session id consistently typed (#327)
This fixes type-conflicting definitions and declarations.
Reference:https://github.com/linux-audit/audit-userspace/commit/8359a7004de5e22c5a9b85c01c56e3b376d84a81
Conflict:NA
---
src/aureport-options.c | 3 ++-
src/ausearch-options.c | 10 ++++++----
2 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/src/aureport-options.c b/src/aureport-options.c
index 93621e25..76a4b9f1 100644
--- a/src/aureport-options.c
+++ b/src/aureport-options.c
@@ -61,7 +61,8 @@ const char *event_uuid = NULL;
const char *event_vmname = NULL;
long long event_exit = 0;
int event_exit_is_set = 0;
-int event_ppid = -1, event_session_id = -2;
+pid_t event_ppid = -1;
+uint32_t event_session_id = -2;
int event_debug = 0, event_machine = -1;
time_t arg_eoe_timeout = (time_t)0;
diff --git a/src/ausearch-options.c b/src/ausearch-options.c
index 8a1f4772..499c2aa3 100644
--- a/src/ausearch-options.c
+++ b/src/ausearch-options.c
@@ -895,19 +895,21 @@ int check_params(int count, char *vars[])
size_t len = strlen(optarg);
if (isdigit(optarg[0])) {
errno = 0;
- event_session_id = strtoul(optarg,NULL,10);
- if (errno)
+ unsigned long optval = strtoul(optarg,NULL,10);
+ if (errno || optval >= (1ul << 32))
retval = -1;
+ event_session_id = optval;
c++;
} else if (len >= 2 && *(optarg)=='-' &&
(isdigit(optarg[1]))) {
errno = 0;
- event_session_id = strtoul(optarg, NULL, 0);
- if (errno) {
+ long optval = strtol(optarg, NULL, 0);
+ if (errno || optval < INT_MIN || optval > INT_MAX) {
retval = -1;
fprintf(stderr, "Error converting %s\n",
optarg);
}
+ event_session_id = optval;
c++;
} else {
fprintf(stderr,
--
2.33.0

214
backport-Rewrite-legacy-service-functions-in-terms-of-systemc.patch Normal file
View File

@ -0,0 +1,214 @@
From 38572e7eead76015b388723038f03e2ef0b1e3c1 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Fri, 25 Aug 2023 10:41:20 -0400
Subject: [PATCH] Rewrite legacy service functions in terms of systemctl
Reference:https://github.com/linux-audit/audit-userspace/commit/38572e7eead76015b388723038f03e2ef0b1e3c1
Conflict:init.d/Makefile.am,ChangeLog
---
init.d/Makefile.am | 3 +--
init.d/audit-functions | 52 ---------------------------------------
init.d/auditd.condrestart | 7 +++---
init.d/auditd.reload | 6 +----
init.d/auditd.resume | 6 +----
init.d/auditd.rotate | 6 +----
init.d/auditd.state | 4 +--
init.d/auditd.stop | 3 +--
8 files changed, 10 insertions(+), 77 deletions(-)
delete mode 100644 init.d/audit-functions
diff --git a/init.d/Makefile.am b/init.d/Makefile.am
index fdbf81c..3a73697 100644
--- a/init.d/Makefile.am
+++ b/init.d/Makefile.am
@@ -26,7 +26,7 @@ EXTRA_DIST = auditd.init auditd.service auditd.sysconfig auditd.conf \
auditd.cron libaudit.conf auditd.condrestart \
auditd.reload auditd.restart auditd.resume \
auditd.rotate auditd.state auditd.stop \
- audit-stop.rules augenrules audit-functions
+ audit-stop.rules augenrules
libconfig = libaudit.conf
if ENABLE_SYSTEMD
initdir = /usr/lib/systemd/system
@@ -61,7 +61,6 @@ if ENABLE_SYSTEMD
$(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.stop ${DESTDIR}${legacydir}/stop
$(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.restart ${DESTDIR}${legacydir}/restart
$(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.condrestart ${DESTDIR}${legacydir}/condrestart
- $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/audit-functions ${DESTDIR}${libexecdir}
else
$(INSTALL_SCRIPT) -D ${srcdir}/auditd.init ${DESTDIR}${initdir}/auditd
endif
diff --git a/init.d/audit-functions b/init.d/audit-functions
deleted file mode 100644
index 12f5023..0000000
--- a/init.d/audit-functions
+++ /dev/null
@@ -1,52 +0,0 @@
-# -*-Shell-script-*-
-
-# Make sure umask is sane
-umask 022
-
-#/usr/libexec/audit/audit-functions
-
-# killproc {program} [-signal]
-killproc ()
-{
- local daemon="$1"
- local sig=
- [ -n "${2:-}" ] && sig=$2
-
- # This matches src/auditd.c
- local pid_file="/var/run/auditd.pid"
- local pid_dir=$(dirname $pid_file)
-
- if [ ! -d "$pid_dir" ] ; then
- return 4
- fi
-
- local pid=
- if [ -f "$pid_file" ] ; then
- # pid file exists, use it
- while : ; do
- read line
- [ -z "$line" ] && break
- for p in $line ; do
- # pid is numeric and corresponds to a process
- if [ -z "${p//[0-9]/}" ] && [ -d "/proc/$p" ] ; then
- d=$(cat "/proc/$p/comm")
- if [ "$d" = "$daemon" ] ; then
- pid="$p"
- break
- fi
- fi
- done
- done < "$pid_file"
- else
- # need to search /proc
- p=$(pidof "$daemon")
- if [ -n "$p" ] ; then
- pid="$p"
- fi
- fi
-
- # At this point we should have a pid or the process is dead
- if [ -n "$pid" ] && [ -n "$sig" ] ; then
- kill "$sig" "$pid" >/dev/null 2>&1
- fi
-}
diff --git a/init.d/auditd.condrestart b/init.d/auditd.condrestart
index d86e5e4..c5803ff 100644
--- a/init.d/auditd.condrestart
+++ b/init.d/auditd.condrestart
@@ -2,9 +2,10 @@
# Helper script to provide legacy auditd service options not
# directly supported by systemd.
-state=`service auditd status | awk '/^ Active/ { print $2 }'`
-if [ $state = "active" ] ; then
- /usr/libexec/initscripts/legacy-actions/auditd/restart
+state=$(systemctl status auditd | awk '/Active:/ { print $2 }')
+if [ "$state" = "active" ] ; then
+ /usr/libexec/initscripts/legacy-actions/auditd/stop
+ /bin/systemctl start auditd
RETVAL="$?"
exit $RETVAL
fi
diff --git a/init.d/auditd.reload b/init.d/auditd.reload
index e689534..53ff2f4 100644
--- a/init.d/auditd.reload
+++ b/init.d/auditd.reload
@@ -5,13 +5,9 @@
# Check that we are root ... so non-root users stop here
test $(id -u) = 0 || exit 4
-PATH=/sbin:/bin:/usr/bin:/usr/sbin
-prog="auditd"
-. /usr/libexec/audit-functions
-
printf "Reconfiguring: "
/sbin/augenrules --load
-killproc $prog -HUP
+/sbin/auditctl --signal reload
RETVAL=$?
echo
exit $RETVAL
diff --git a/init.d/auditd.resume b/init.d/auditd.resume
index 6852fd6..96189eb 100644
--- a/init.d/auditd.resume
+++ b/init.d/auditd.resume
@@ -5,12 +5,8 @@
# Check that we are root ... so non-root users stop here
test $(id -u) = 0 || exit 4
-PATH=/sbin:/bin:/usr/bin:/usr/sbin
-prog="auditd"
-. /usr/libexec/audit-functions
-
printf "Resuming logging: "
-killproc $prog -USR2
+/sbin/auditctl --signal resume
RETVAL=$?
echo
exit $RETVAL
diff --git a/init.d/auditd.rotate b/init.d/auditd.rotate
index 643b935..dcb12c2 100644
--- a/init.d/auditd.rotate
+++ b/init.d/auditd.rotate
@@ -5,12 +5,8 @@
# Check that we are root ... so non-root users stop here
test $(id -u) = 0 || exit 4
-PATH=/sbin:/bin:/usr/bin:/usr/sbin
-prog="auditd"
-. /usr/libexec/audit-functions
-
printf "Rotating logs: "
-killproc $prog -USR1
+/sbin/auditctl --signal rotate
RETVAL=$?
echo
exit $RETVAL
diff --git a/init.d/auditd.state b/init.d/auditd.state
index 4724c4f..6ae0845 100644
--- a/init.d/auditd.state
+++ b/init.d/auditd.state
@@ -6,12 +6,10 @@
test $(id -u) = 0 || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin
-prog="auditd"
state_file="/var/run/auditd.state"
-. /usr/libexec/audit-functions
printf "Getting auditd internal state: "
-killproc $prog -CONT
+/sbin/auditctl --signal state
RETVAL=$?
echo -e "\n"
sleep 1
diff --git a/init.d/auditd.stop b/init.d/auditd.stop
index d3fbc79..5049285 100644
--- a/init.d/auditd.stop
+++ b/init.d/auditd.stop
@@ -7,7 +7,6 @@ test $(id -u) = 0 || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="auditd"
-. /usr/libexec/audit-functions
pid=
p=$(pidof "$prog")
if [ -n "$p" ] ; then
@@ -15,7 +14,7 @@ if [ -n "$p" ] ; then
fi
printf "Stopping logging: "
-killproc $prog -TERM
+/sbin/auditctl --signal stop
RETVAL=$?
if [ -n "$pid" ] ; then
# Wait up to 20 seconds for auditd to shutdown
--
2.33.0

48
backport-ausearch-format-Fix-display-of-renamed-file-411.patch Normal file
View File

@ -0,0 +1,48 @@
From 7cdcfd30c6122acc6b2e54e1ad8cd1a12dd537d2 Mon Sep 17 00:00:00 2001
From: Attila Lakatos <Cropi@users.noreply.github.com>
Date: Mon, 21 Oct 2024 04:25:37 +0200
Subject: [PATCH] ausearch format: Fix display of renamed file (#411)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In some cases, ausearch was not correctly showing
the new name of a renamed file when searching for
audit events. If the target file didnt exist prior
to the rename, ausearch was unable to parse the new
file name. This occurred because ausearch attempted
to retrieve this information from the 7th record,
which is absent when the target file does not exist.
---
auparse/normalize.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/auparse/normalize.c b/auparse/normalize.c
index 036c0b86..f1a07d18 100644
--- a/auparse/normalize.c
+++ b/auparse/normalize.c
@@ -693,7 +693,20 @@ static int normalize_syscall(auparse_state_t *au, const char *syscall)
case NORM_FILE_RENAME:
act = "renamed";
D.thing.what = NORM_WHAT_FILE; // this gets overridden
- set_prime_object2(au, "name", 4);
+ /* A sucessfull syscall from the rename family will provide
+ * the following items:
+ * 0 - new dir, in which the file will be located
+ * 1 - old dir, in which the file was located
+ * 2 - old name, the name of the original file
+ * if the file was already present in the new dir:
+ * 3 - removal of the new file
+ * 4 - creation of the new file
+ * otherwise:
+ * 3 - creation of the new file
+ */
+
+ // The 3rd record will always contain the name of the new file
+ set_prime_object2(au, "name", 3);
set_file_object(au, 2); // Thing renamed is 2 after
simple_file_attr(au);
break;
--
2.33.0

43
backport-ausearch-parse-fix-parsing-for-success-uid-in-parse_.patch Normal file
View File

@ -0,0 +1,43 @@
From f97f0579fafcd9fc58d892699a22ae7ee68aeff3 Mon Sep 17 00:00:00 2001
From: Sergio Correia <scorreia@redhat.com>
Date: Mon, 16 Dec 2024 09:06:13 +0000
Subject: [PATCH] ausearch-parse: fix parsing for success/uid in
parse_daemon1() (#394)
In parse_daemon1(), we may have the uid= field appear both before and
after pid=, which may cause our parsing of it to fail, as we may have
skipped past it. For uid=, let us search from the beginning.
Example for this case:
type=DAEMON_END msg=audit(1709723032.140:753): op=terminate auid=0 uid=0 ses=8 pid=107086 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=success
ausearch -if sample.log -a 753 -m DAEMON_END -ui 0 --session 8 -p 107086 --success yes
Signed-off-by: Sergio Correia <scorreia@redhat.com>
Reference:https://github.com/linux-audit/audit-userspace/commit/f97f0579fafcd9fc58d892699a22ae7ee68aeff3
Conflict:NA
---
src/ausearch-parse.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
index 4c9bef0d..e15396d7 100644
--- a/src/ausearch-parse.c
+++ b/src/ausearch-parse.c
@@ -1549,7 +1549,9 @@ static int parse_daemon1(const lnode *n, search_items *s)
// uid - optional
if (event_uid != -1) {
- ptr = term;
+ // As the uid= field may happen in different orders, e.g. both before
+ // and after pid=, let us search for the uid from the beginning.
+ term = mptr;
str = strstr(term, " uid=");
if (str) {
ptr = str + 5;
--
2.33.0

401
backport-fix-the-use-of-isdigit-everywhere.patch Normal file
View File

@ -0,0 +1,401 @@
From 149a3464ef35fbaa98c57e2775a7a4ab20c2ee75 Mon Sep 17 00:00:00 2001
From: Steve Grubb <ausearch.1@gmail.com>
Date: Sun, 5 Nov 2023 14:24:49 -0500
Subject: [PATCH] fix the use of isdigit everywhere
Reference:https://github.com/linux-audit/audit-userspace/commit/149a3464ef35fbaa98c57e2775a7a4ab20c2ee75
Conflict:NA
---
audisp/plugins/af_unix/audisp-af_unix.c | 2 +-
audisp/plugins/ids/ids_config.c | 2 +-
audisp/plugins/remote/remote-config.c | 2 +-
audisp/plugins/zos-remote/zos-remote-config.c | 6 ++--
auparse/auditd-config.c | 2 +-
auparse/interpret.c | 6 ++--
src/auditctl.c | 6 ++--
src/aureport-options.c | 4 +--
src/aureport-output.c | 2 +-
src/ausearch-options.c | 36 +++++++++----------
src/ausearch-parse.c | 2 +-
tools/ausyscall/ausyscall.c | 4 +--
12 files changed, 37 insertions(+), 37 deletions(-)
diff --git a/audisp/plugins/af_unix/audisp-af_unix.c b/audisp/plugins/af_unix/audisp-af_unix.c
index ffcc7603..ffbf2ac0 100644
--- a/audisp/plugins/af_unix/audisp-af_unix.c
+++ b/audisp/plugins/af_unix/audisp-af_unix.c
@@ -126,7 +126,7 @@ int setup_socket(int argc, char *argv[])
} else {
int i;
for (i=1; i < 3; i++) {
- if (isdigit(argv[i][0])) {
+ if (isdigit((unsigned char)argv[i][0])) {
errno = 0;
mode = strtoul(argv[i], NULL, 8);
if (errno) {
diff --git a/audisp/plugins/ids/ids_config.c b/audisp/plugins/ids/ids_config.c
index 4da5ca93..f773794a 100644
--- a/audisp/plugins/ids/ids_config.c
+++ b/audisp/plugins/ids/ids_config.c
@@ -345,7 +345,7 @@ static int unsigned_int_parser(struct nv_pair *nv, int line, unsigned int *val)
/* check that all chars are numbers */
for (i=0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
+ if (!isdigit((unsigned char)ptr[i])) {
syslog(LOG_ERR,
"Value %s should only be numbers - line %d",
nv->value, line);
diff --git a/audisp/plugins/remote/remote-config.c b/audisp/plugins/remote/remote-config.c
index 02b51337..8de7b27f 100644
--- a/audisp/plugins/remote/remote-config.c
+++ b/audisp/plugins/remote/remote-config.c
@@ -484,7 +484,7 @@ static int parse_uint (const struct nv_pair *nv, int line, unsigned int *valp,
/* check that all chars are numbers */
for (i=0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
+ if (!isdigit((unsigned char)ptr[i])) {
syslog(LOG_ERR,
"Value %s should only be numbers - line %d",
nv->value, line);
diff --git a/audisp/plugins/zos-remote/zos-remote-config.c b/audisp/plugins/zos-remote/zos-remote-config.c
index b92dc778..2f7e42f5 100644
--- a/audisp/plugins/zos-remote/zos-remote-config.c
+++ b/audisp/plugins/zos-remote/zos-remote-config.c
@@ -301,7 +301,7 @@ static int port_parser(struct nv_pair *nv, int line, plugin_conf_t * c)
/* check that all chars are numbers */
for (i = 0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
+ if (!isdigit((unsigned char)ptr[i])) {
log_err("Value %s should only be numbers - line %d", nv->value, line);
return 1;
}
@@ -327,7 +327,7 @@ static int timeout_parser(struct nv_pair *nv, int line, plugin_conf_t * c)
/* check that all chars are numbers */
for (i = 0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
+ if (!isdigit((unsigned char)ptr[i])) {
log_err("Value %s should only be numbers - line %d", nv->value, line);
return 1;
}
@@ -376,7 +376,7 @@ static int q_depth_parser(struct nv_pair *nv, int line, plugin_conf_t * c)
/* check that all chars are numbers */
for (i = 0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
+ if (!isdigit((unsigned char)ptr[i])) {
log_err("Value %s should only be numbers - line %d", nv->value, line);
return 1;
}
diff --git a/auparse/auditd-config.c b/auparse/auditd-config.c
index 9a6a6a71..6e5c86a8 100644
--- a/auparse/auditd-config.c
+++ b/auparse/auditd-config.c
@@ -340,7 +340,7 @@ static int eoe_timeout_parser(auparse_state_t *au, const char *val, int line,
/* check that all chars are numbers */
for (i=0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
+ if (!isdigit((unsigned char)ptr[i])) {
audit_msg(au, LOG_ERR,
"Value %s should only be numbers - line %d",
val, line);
diff --git a/auparse/interpret.c b/auparse/interpret.c
index f13723b6..77c96468 100644
--- a/auparse/interpret.c
+++ b/auparse/interpret.c
@@ -325,7 +325,7 @@ static void key_escape(const char *orig, char *dest, auparse_esc_t escape_mode)
static int is_int_string(const char *str)
{
while (*str) {
- if (!isdigit(*str))
+ if (!isdigit((unsigned char)*str))
return 0;
str++;
}
@@ -1485,7 +1485,7 @@ static const char *print_success(const char *val)
{
int res;
- if (isdigit(*val)) {
+ if (isdigit((unsigned char)*val)) {
errno = 0;
res = strtoul(val, NULL, 10);
if (errno) {
@@ -2319,7 +2319,7 @@ static const char *print_fanotify(const char *val)
{
int res;
- if (isdigit(*val)) {
+ if (isdigit((unsigned char)*val)) {
errno = 0;
res = strtoul(val, NULL, 10);
if (errno) {
diff --git a/src/auditctl.c b/src/auditctl.c
index ccd62bc3..e1ca0f83 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -680,7 +680,7 @@ static int setopt(int count, int lineno, char *vars[])
}
break;
case 'r':
- if (optarg && isdigit(optarg[0])) {
+ if (optarg && isdigit((unsigned char)optarg[0])) {
uint32_t rate;
errno = 0;
rate = strtoul(optarg,NULL,0);
@@ -699,7 +699,7 @@ static int setopt(int count, int lineno, char *vars[])
}
break;
case 'b':
- if (optarg && isdigit(optarg[0])) {
+ if (optarg && isdigit((unsigned char)optarg[0])) {
uint32_t limit;
errno = 0;
limit = strtoul(optarg,NULL,0);
@@ -1134,7 +1134,7 @@ process_keys:
case 2:
#if HAVE_DECL_AUDIT_VERSION_BACKLOG_WAIT_TIME == 1 || \
HAVE_DECL_AUDIT_STATUS_BACKLOG_WAIT_TIME == 1
- if (optarg && isdigit(optarg[0])) {
+ if (optarg && isdigit((unsigned char)optarg[0])) {
uint32_t bwt;
errno = 0;
bwt = strtoul(optarg,NULL,0);
diff --git a/src/aureport-options.c b/src/aureport-options.c
index 203c3880..7480c8a9 100644
--- a/src/aureport-options.c
+++ b/src/aureport-options.c
@@ -385,7 +385,7 @@ int check_params(int count, char *vars[])
// } else {
// UNIMPLEMENTED;
// set_detail(D_SPECIFIC);
-// if (isdigit(optarg[0])) {
+// if (isdigit((unsigned char)optarg[0])) {
// errno = 0;
// event_id = strtoul(optarg,
// NULL, 10);
@@ -764,7 +764,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
arg_eoe_timeout = (time_t)strtoul(optarg, NULL, 10);
if (errno || arg_eoe_timeout == 0) {
diff --git a/src/aureport-output.c b/src/aureport-output.c
index a635d536..27a2ce25 100644
--- a/src/aureport-output.c
+++ b/src/aureport-output.c
@@ -976,7 +976,7 @@ static void do_user_summary_output(slist *sptr)
long uid;
char name[64];
- if (sn->str[0] == '-' || isdigit(sn->str[0])) {
+ if (sn->str[0] == '-' || isdigit((unsigned char)sn->str[0])) {
uid = strtol(sn->str, NULL, 10);
printf("%u ", sn->hits);
safe_print_string(aulookup_uid(uid, name,
diff --git a/src/ausearch-options.c b/src/ausearch-options.c
index 53d0db64..1c653648 100644
--- a/src/ausearch-options.c
+++ b/src/ausearch-options.c
@@ -253,7 +253,7 @@ static int convert_str_to_msg(const char *optarg)
{
int tmp, retval = 0;
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
tmp = strtoul(optarg, NULL, 10);
if (errno) {
@@ -335,7 +335,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_id = strtoul(optarg, NULL, 10);
if (errno) {
@@ -357,7 +357,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
arg_eoe_timeout = (time_t)strtoul(optarg, NULL, 10);
if (errno || arg_eoe_timeout == 0) {
@@ -463,7 +463,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_gid = strtoul(optarg,NULL,10);
if (errno) {
@@ -497,7 +497,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_egid = strtoul(optarg,NULL,10);
if (errno) {
@@ -529,7 +529,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_gid = strtoul(optarg,NULL,10);
if (errno) {
@@ -655,7 +655,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_ppid = strtol(optarg,NULL,10);
if (errno)
@@ -676,7 +676,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_pid = strtol(optarg,NULL,10);
if (errno)
@@ -794,7 +794,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_syscall = (int)strtoul(optarg, NULL, 10);
if (errno) {
@@ -893,7 +893,7 @@ int check_params(int count, char *vars[])
}
{
size_t len = strlen(optarg);
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
unsigned long optval = strtoul(optarg,NULL,10);
if (errno || optval >= (1ul << 32))
@@ -901,7 +901,7 @@ int check_params(int count, char *vars[])
event_session_id = optval;
c++;
} else if (len >= 2 && *(optarg)=='-' &&
- (isdigit(optarg[1]))) {
+ (isdigit((unsigned char)optarg[1]))) {
errno = 0;
long optval = strtol(optarg, NULL, 0);
if (errno || optval < INT_MIN || optval > INT_MAX) {
@@ -933,7 +933,7 @@ int check_params(int count, char *vars[])
}
{
size_t len = strlen(optarg);
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_exit = strtoll(optarg, NULL, 0);
if (errno) {
@@ -942,7 +942,7 @@ int check_params(int count, char *vars[])
optarg);
}
} else if (len >= 2 && *(optarg)=='-' &&
- (isdigit(optarg[1]))) {
+ (isdigit((unsigned char)optarg[1]))) {
errno = 0;
event_exit = strtoll(optarg, NULL, 0);
if (errno) {
@@ -1074,7 +1074,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_uid = strtoul(optarg,NULL,10);
if (errno) {
@@ -1107,7 +1107,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_euid = strtoul(optarg,NULL,10);
if (errno) {
@@ -1140,7 +1140,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_uid = strtoul(optarg,NULL,10);
if (errno) {
@@ -1184,7 +1184,7 @@ int check_params(int count, char *vars[])
}
{
size_t len = strlen(optarg);
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_loginuid = strtoul(optarg,NULL,10);
if (errno) {
@@ -1194,7 +1194,7 @@ int check_params(int count, char *vars[])
retval = -1;
}
} else if (len >= 2 && *(optarg)=='-' &&
- (isdigit(optarg[1]))) {
+ (isdigit((unsigned char)optarg[1]))) {
errno = 0;
event_loginuid = strtol(optarg, NULL, 0);
if (errno) {
diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
index e6868c6e..1a5b047f 100644
--- a/src/ausearch-parse.c
+++ b/src/ausearch-parse.c
@@ -1128,7 +1128,7 @@ try_again:
return 25;
ptr = str + 4;
term = ptr;
- while (isdigit(*term))
+ while (isdigit((unsigned char)*term))
term++;
if (term == ptr)
return 14;
diff --git a/tools/ausyscall/ausyscall.c b/tools/ausyscall/ausyscall.c
index bf751f17..489b1095 100644
--- a/tools/ausyscall/ausyscall.c
+++ b/tools/ausyscall/ausyscall.c
@@ -47,9 +47,9 @@ int main(int argc, char *argv[])
usage();
} else if (argc < 2)
usage();
-
+
for (i=1; i<argc; i++) {
- if (isdigit(argv[i][0])) {
+ if (isdigit((unsigned char)argv[i][0])) {
if (syscall_num != -1) {
fputs("Two syscall numbers not allowed\n",
stderr);
--
2.33.0

165
backport-lib-cast-to-unsigned-char-for-character-test-functio.patch Normal file
View File

@ -0,0 +1,165 @@
From 3aa3ccb2bb1c8804fbf43b260c93b65e831242c1 Mon Sep 17 00:00:00 2001
From: cgzones <cgzones@googlemail.com>
Date: Thu, 2 Nov 2023 21:20:40 +0100
Subject: [PATCH] lib: cast to unsigned char for character test functions
(#338)
Passing a value not representable by unsigned char is undefined
behavior.
Reference:https://github.com/linux-audit/audit-userspace/commit/3aa3ccb2bb1c8804fbf43b260c93b65e831242c1
Conflict:NA
---
lib/libaudit.c | 32 ++++++++++++++++----------------
lib/lookup_table.c | 2 +-
2 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/lib/libaudit.c b/lib/libaudit.c
index 960525a..abcdf4a 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -1031,7 +1031,7 @@ int audit_rule_syscallbyname_data(struct audit_rule_data *rule,
return -2;
nr = audit_name_to_syscall(scall, machine);
if (nr < 0) {
- if (isdigit(scall[0]))
+ if (isdigit((unsigned char)scall[0]))
nr = strtol(scall, NULL, 0);
}
if (nr >= 0)
@@ -1056,7 +1056,7 @@ int audit_rule_io_uringbyname_data(struct audit_rule_data *rule,
}
nr = audit_name_to_uringop(scall);
if (nr < 0) {
- if (isdigit(scall[0]))
+ if (isdigit((unsigned char)scall[0]))
nr = strtol(scall, NULL, 0);
}
if (nr >= 0)
@@ -1585,11 +1585,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
case AUDIT_OBJ_UID:
// Do positive & negative separate for 32 bit systems
vlen = strlen(v);
- if (isdigit((char)*(v)))
+ if (isdigit((unsigned char)*(v)))
rule->values[rule->field_count] =
strtoul(v, NULL, 0);
else if (vlen >= 2 && *(v)=='-' &&
- (isdigit((char)*(v+1))))
+ (isdigit((unsigned char)*(v+1))))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else {
@@ -1609,7 +1609,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
case AUDIT_SGID:
case AUDIT_FSGID:
case AUDIT_OBJ_GID:
- if (isdigit((char)*(v)))
+ if (isdigit((unsigned char)*(v)))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else {
@@ -1625,11 +1625,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
if (flags != AUDIT_FILTER_EXIT)
return -EAU_EXITONLY;
vlen = strlen(v);
- if (isdigit((char)*(v)))
+ if (isdigit((unsigned char)*(v)))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else if (vlen >= 2 && *(v)=='-' &&
- (isdigit((char)*(v+1))))
+ (isdigit((unsigned char)*(v+1))))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else {
@@ -1644,7 +1644,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
flags != AUDIT_FILTER_USER)
return -EAU_MSGTYPEEXCLUDEUSER;
- if (isdigit((char)*(v)))
+ if (isdigit((unsigned char)*(v)))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else
@@ -1715,7 +1715,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
return -EAU_ARCHMISPLACED;
if (!(op == AUDIT_NOT_EQUAL || op == AUDIT_EQUAL))
return -EAU_OPEQNOTEQ;
- if (isdigit((char)*(v))) {
+ if (isdigit((unsigned char)*(v))) {
int machine;
errno = 0;
@@ -1757,7 +1757,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
return -EAU_STRTOOLONG;
for (i = 0; i < len; i++) {
- switch (tolower(v[i])) {
+ switch (tolower((unsigned char)v[i])) {
case 'r':
val |= AUDIT_PERM_READ;
break;
@@ -1791,7 +1791,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
return -EAU_FIELDUNAVAIL;
if (!(op == AUDIT_NOT_EQUAL || op == AUDIT_EQUAL))
return -EAU_OPEQNOTEQ;
- if (isdigit((char)*(v)))
+ if (isdigit((unsigned char)*(v)))
rule->values[rule->field_count] =
strtoul(v, NULL, 0);
else
@@ -1804,11 +1804,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
break;
case AUDIT_ARG0...AUDIT_ARG3:
vlen = strlen(v);
- if (isdigit((char)*(v)))
+ if (isdigit((unsigned char)*(v)))
rule->values[rule->field_count] =
strtoul(v, NULL, 0);
else if (vlen >= 2 && *(v)=='-' &&
- (isdigit((char)*(v+1))))
+ (isdigit((unsigned char)*(v+1))))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else
@@ -1824,11 +1824,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
return -EAU_FIELDNOFILTER;
// Do positive & negative separate for 32 bit systems
vlen = strlen(v);
- if (isdigit((char)*(v)))
+ if (isdigit((unsigned char)*(v)))
rule->values[rule->field_count] =
strtoul(v, NULL, 0);
else if (vlen >= 2 && *(v)=='-' &&
- (isdigit((char)*(v+1))))
+ (isdigit((unsigned char)*(v+1))))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else if (strcmp(v, "unset") == 0)
@@ -1854,7 +1854,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
if (field == AUDIT_PPID && !(flags==AUDIT_FILTER_EXIT))
return -EAU_EXITONLY;
- if (!isdigit((char)*(v)))
+ if (!isdigit((unsigned char)*(v)))
return -EAU_FIELDVALNUM;
if (field == AUDIT_INODE)
diff --git a/lib/lookup_table.c b/lib/lookup_table.c
index 2f5e6cd..d839205 100644
--- a/lib/lookup_table.c
+++ b/lib/lookup_table.c
@@ -255,7 +255,7 @@ int audit_name_to_msg_type(const char *msg_type)
strncpy(buf, msg_type + 8, len);
errno = 0;
return strtol(buf, NULL, 10);
- } else if (isdigit(*msg_type)) {
+ } else if (isdigit((unsigned char)*msg_type)) {
errno = 0;
return strtol(msg_type, NULL, 10);
}
--
2.33.0

35
backport-lib-close-audit-socket-in-load_feature_bitmap-334.patch Normal file
View File

@ -0,0 +1,35 @@
From 3f928b21486369c495d9eaca46eb9d506ae576b3 Mon Sep 17 00:00:00 2001
From: cgzones <cgzones@googlemail.com>
Date: Wed, 1 Nov 2023 20:35:40 +0100
Subject: [PATCH] lib: close audit socket in load_feature_bitmap() (#334)
Reference:https://github.com/linux-audit/audit-userspace/commit/3f928b21486369c495d9eaca46eb9d506ae576b3
Conflict:NA
---
lib/libaudit.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/libaudit.c b/lib/libaudit.c
index ded3ab47..4c317c87 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -657,12 +657,14 @@ static void load_feature_bitmap(void)
/* Found it... */
features_bitmap = rep.status->feature_bitmap;
+ audit_close(fd);
return;
}
}
}
#endif
features_bitmap = AUDIT_FEATURES_UNSUPPORTED;
+ audit_close(fd);
}
uint32_t audit_get_features(void)
--
2.33.0

29
backport-lib-enclose-macro-to-avoid-precedence-issues.patch Normal file
View File

@ -0,0 +1,29 @@
From e97c79260a2e7bdbf02c5162b0c40451c9555111 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 31 Oct 2023 16:49:10 +0100
Subject: [PATCH] lib: enclose macro to avoid precedence issues
Reference:https://github.com/linux-audit/audit-userspace/commit/e97c79260a2e7bdbf02c5162b0c40451c9555111
Conflict:NA
---
lib/audit_logging.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/audit_logging.c b/lib/audit_logging.c
index 8b8b6207..e8b79d3e 100644
--- a/lib/audit_logging.c
+++ b/lib/audit_logging.c
@@ -38,7 +38,7 @@
#include "private.h"
#define TTY_PATH 32
-#define MAX_USER (UT_NAMESIZE * 2) + 8
+#define MAX_USER ((UT_NAMESIZE * 2) + 8)
// NOTE: The kernel fills in pid, uid, and loginuid of sender. Therefore,
// these routines do not need to send them.
--
2.33.0

56
backport-memory-allocation-updates-341.patch Normal file
View File

@ -0,0 +1,56 @@
From b92027ac9e29659483a5e920e548fe74126f72af Mon Sep 17 00:00:00 2001
From: cgzones <cgzones@googlemail.com>
Date: Wed, 1 Nov 2023 22:15:40 +0100
Subject: [PATCH] memory allocation updates (#341)
* Check memory allocation
Avoid later NULL dereference.
* Check memory allocation and merge zeroing
Avoid later NULL dereference.
Reference:https://github.com/linux-audit/audit-userspace/commit/b92027ac9e29659483a5e920e548fe74126f72af
Conflict:NA
---
auparse/interpret.c | 2 ++
lib/libaudit.c | 7 +++++--
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/auparse/interpret.c b/auparse/interpret.c
index ecde07ae..76ca2814 100644
--- a/auparse/interpret.c
+++ b/auparse/interpret.c
@@ -366,6 +366,8 @@ char *au_unescape(char *buf)
// strlen(buf) / 2.
olen = strlen(buf);
str = malloc(olen+1);
+ if (!str)
+ return NULL;
saved = *ptr;
*ptr = 0;
diff --git a/lib/libaudit.c b/lib/libaudit.c
index 6a42871b..d90d83b8 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -891,9 +891,12 @@ int audit_make_equivalent(int fd, const char *mount_point,
struct {
uint32_t sizes[2];
unsigned char buf[];
- } *cmd = malloc(sizeof(*cmd) + len1 + len2);
+ } *cmd = calloc(1, sizeof(*cmd) + len1 + len2);
- memset(cmd, 0, sizeof(*cmd) + len1 + len2);
+ if (!cmd) {
+ audit_msg(LOG_ERR, "Cannot allocate memory!");
+ return -ENOMEM;
+ }
cmd->sizes[0] = len1;
cmd->sizes[1] = len2;
--
2.33.0