rpms/aide
6
0
Fork 0
Code Issues Pull Requests Releases Activity

RHEL 9.8.0 ERRATUM

Browse Source 
rebase to 0.19.2
Resolves: RHEL-110573
Switch to libnettle for hashing
prevent aide from crashing if database is a HTTPS URL
Resolves: RHEL-76014
prevent aide from exiting if a file is truncated during check
Resolves: RHEL-1569
This commit is contained in:
Cropi 2025-09-16 11:33:49 +02:00
parent 4638788abc
commit 0cc0108c29
20 changed files with 43 additions and 3474 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -13,3 +13,5 @@ aide-0.14.tar.gz.asc
/aide-0.16b1.tar.gz
/aide-0.16rc1.tar.gz
/aide-0.16.tar.gz
/aide-0.19.2.tar.gz
/aide-0.19.2.tar.gz.asc

123
aide-0.16-CVE-2021-45417.patch
View File

@ -1,123 +0,0 @@
diff --git a/include/base64.h b/include/base64.h
index 0ff7116..381ef5d 100644
--- a/include/base64.h
+++ b/include/base64.h
@@ -36,7 +36,6 @@
#include <assert.h>
#include "types.h"
-#define B64_BUF 16384
#define FAIL -1
#define SKIP -2
diff --git a/src/base64.c b/src/base64.c
index fd01bac..1b0f301 100644
--- a/src/base64.c
+++ b/src/base64.c
@@ -85,11 +85,9 @@ FAIL, FAIL, FAIL, FAIL, FAIL, FAIL, FAIL, FAIL
};
/* Returns NULL on error */
-/* FIXME Possible buffer overflow on outputs larger than B64_BUF */
char* encode_base64(byte* src,size_t ssize)
{
char* outbuf;
- char* retbuf;
int pos;
int i, l, left;
unsigned long triple;
@@ -101,7 +99,10 @@ char* encode_base64(byte* src,size_t ssize)
error(240,"\n");
return NULL;
}
- outbuf = (char *)malloc(sizeof(char)*B64_BUF);
+
+ /* length of encoded base64 string (padded) */
+ size_t length = sizeof(char)* ((ssize + 2) / 3) * 4;
+ outbuf = (char *)malloc(length + 1);
/* Initialize working pointers */
inb = src;
@@ -162,20 +163,14 @@ char* encode_base64(byte* src,size_t ssize)
inb++;
}
- /* outbuf is not completely used so we use retbuf */
- retbuf=(char*)malloc(sizeof(char)*(pos+1));
- memcpy(retbuf,outbuf,pos);
- retbuf[pos]='\0';
- free(outbuf);
+ outbuf[pos]='\0';
- return retbuf;
+ return outbuf;
}
-/* FIXME Possible buffer overflow on outputs larger than B64_BUF */
byte* decode_base64(char* src,size_t ssize, size_t *ret_len)
{
byte* outbuf;
- byte* retbuf;
char* inb;
int i;
int l;
@@ -188,10 +183,18 @@ byte* decode_base64(char* src,size_t ssize, size_t *ret_len)
if (!ssize||src==NULL)
return NULL;
+ /* exit on unpadded input */
+ if (ssize % 4) {
+ error(3, "decode_base64: '%s' has invalid length (missing padding characters?)", src);
+ return NULL;
+ }
+
+ /* calculate length of decoded string, substract padding chars if any (ssize is >= 4) */
+ size_t length = sizeof(byte) * ((ssize / 4) * 3)- (src[ssize-1] == '=') - (src[ssize-2] == '=');
/* Initialize working pointers */
inb = src;
- outbuf = (byte *)malloc(sizeof(byte)*B64_BUF);
+ outbuf = (byte *)malloc(length + 1);
l = 0;
triple = 0;
@@ -243,15 +246,11 @@ byte* decode_base64(char* src,size_t ssize, size_t *ret_len)
inb++;
}
- retbuf=(byte*)malloc(sizeof(byte)*(pos+1));
- memcpy(retbuf,outbuf,pos);
- retbuf[pos]='\0';
-
- free(outbuf);
+ outbuf[pos]='\0';
if (ret_len) *ret_len = pos;
- return retbuf;
+ return outbuf;
}
size_t length_base64(char* src,size_t ssize)
diff --git a/src/db.c b/src/db.c
index 858240d..62c4faa 100644
--- a/src/db.c
+++ b/src/db.c
@@ -664,13 +664,15 @@ db_line* db_char2line(char** ss,int db){
time_t base64totime_t(char* s){
+ if(strcmp(s,"0")==0){
+ return 0;
+ }
byte* b=decode_base64(s,strlen(s),NULL);
char* endp;
- if (b==NULL||strcmp(s,"0")==0) {
+ if (b==NULL) {
/* Should we print error here? */
- free(b);
return 0;
} else {

292
aide-0.16-CVE-2025-54389-part1.patch
View File

@ -1,292 +0,0 @@
diff --git a/ChangeLog b/ChangeLog
index 263c438f4a2a38edc45f91c0d5a216112a8fa38c..6aa3de30b76ae98bebe89df49a7041bc6e50df25 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,27 +1,31 @@
+2025-08-07 Hannes von Haugwitz <hannes@vonhaugwitz.com>
+ * Escape control characters in report and log output (CVE-2025-54389),
+ thanks to Rajesh Pangare for reporting this issue
+
2016-07-25 Hannes von Haugwitz <hannes@vonhaugwitz.com>
- * Release version 0.16
+ * Release version 0.16
2016-07-11 Hannes von Haugwitz <hannes@vonhaugwitz.com>
* Fix example aide.conf (xattr -> xattrs)
* aide.conf.5: update "SELECTION LINES" section
* Released version 0.16rc1
2016-07-10 Hannes von Haugwitz <hannes@vonhaugwitz.com>
* Fix compilation with latest libaudit
* Use AC_PROG_CC_C99 instead of AC_PROG_CC
* Add AM_PROG_CC_C_O
* aide.conf.in: logfile -> file
* Update README
* Update manual pages (aide.1 and aide.conf.5)
2016-07-07 Hannes von Haugwitz <hannes@vonhaugwitz.com>
* Adapt manual to version 0.16
2016-06-08 Hannes von Haugwitz <hannes@vonhaugwitz.com>
* Add missing break statements
2016-04-15 Hannes von Haugwitz <hannes@vonhaugwitz.com>
* Released version 0.16b1
2016-04-13 Hannes von Haugwitz <hannes@vonhaugwitz.com>
* Fix spelling errors
diff --git a/include/util.h b/include/util.h
index 79988536c974ca83b14696380f6006031e0fa5e4..68e6ee2a905856bc7b73f1a67633585e0c1d814d 100644
--- a/include/util.h
+++ b/include/util.h
@@ -22,48 +22,51 @@
#ifndef _UTIL_H_INCLUDED
#define _UTIL_H_INCLUDED
#include <string.h>
#include <sys/types.h>
#include "db_config.h"
#define HEXD2ASC(x) (((x) < 10) ? ((x) + '0') : ((x) - 10 + 'A'))
#define ASC2HEXD(x) (((x) >= '0' && (x) <= '9') ? \
((x) - '0') : (toupper(x) - 'A' + 10))
#define ISXDIGIT(x) isxdigit ((unsigned char)(x))
#define CLEANDUP(x) (contains_unsafe (x) ? encode_string (x) : strdup (x))
#ifndef HAVE_STRICMP
# define stricmp(a,b) strcasecmp( (a), (b) )
#endif
int cmpurl(url_t*, url_t*);
url_t* parse_url(char*);
int contains_unsafe(const char*);
+char *strnesc(const char *, size_t);
+char *stresc(const char *);
+
void decode_string(char*);
char* encode_string(const char*);
char* perm_to_char(mode_t perm);
void sig_handler(int signal);
void init_sighandler(void);
char *expand_tilde(char * path);
#ifndef HAVE_STRNSTR
char* strnstr(char* haystack,char* needle,int n);
#endif
#ifndef HAVE_STRNLEN
size_t strnlen(const char *s, size_t maxlen);
#endif
int syslog_facility_lookup(char *);
#endif
diff --git a/src/aide.c b/src/aide.c
index f85c1b4b95301eb3e2cf9212093751f39ea49b10..b9b2e325cfffcd4f9f3ce4c0ae3d06dce7a6956b 100644
--- a/src/aide.c
+++ b/src/aide.c
@@ -164,54 +164,58 @@ static int read_param(int argc,char**argv)
error(0,_("-B must have a parameter\n"));
exit(INVALID_ARGUMENT_ERROR);
}
break;
}
case 'A': {
if (optarg!=NULL) {
int errorno=commandconf('A',optarg);
if (errorno!=0){
error(0,_("Configuration error in after statement:%s\n"),optarg);
exit(INVALID_CONFIGURELINE_ERROR);
}
} else {
error(0,_("-A must have a parameter\n"));
exit(INVALID_ARGUMENT_ERROR);
}
break;
}
case 'l': {
if (optarg!=NULL) {
const char* pcre_error;
int pcre_erroffset;
conf->limit=malloc(strlen(optarg)+1);
strcpy(conf->limit,optarg);
if((conf->limit_crx=pcre_compile(conf->limit, PCRE_ANCHORED, &pcre_error, &pcre_erroffset, NULL)) == NULL) {
- error(0,_("Error in limit regexp '%s' at %i: %s\n"), conf->limit, pcre_erroffset, pcre_error);
+ char *limit_safe = stresc(conf->limit);
+ error(0,_("Error in limit regexp '%s' at %i: %s\n"), limit_safe, pcre_erroffset, pcre_error);
+ free(limit_safe);
exit(INVALID_ARGUMENT_ERROR);
}
- error(200,_("Limit set to '%s'\n"), conf->limit);
+ char *limit_safe = stresc(conf->limit);
+ error(200,_("Limit set to '%s'\n"), limit_safe);
+ free(limit_safe);
} else {
error(0,_("-l must have an argument\n"));
exit(INVALID_ARGUMENT_ERROR);
}
break;
}
case 'r': {
if(optarg!=NULL) {
do_repurldef(optarg);
}else {
error(0,_("-r must have an argument\n"));
}
break;
}
case 'i': {
if(conf->action==0){
conf->action=DO_INIT;
}else {
error(0,
_("Cannot have multiple commands on a single commandline.\n"));
exit(INVALID_ARGUMENT_ERROR);
};
break;
}
case 'C': {
diff --git a/src/util.c b/src/util.c
index ea438273296fbac24fb5d83cd0f2661aa93c0c0a..c39ff352d7fd707471b6d6add8c099a3ca643b9d 100644
--- a/src/util.c
+++ b/src/util.c
@@ -2,89 +2,128 @@
*
* Copyright (C) 1999-2002,2004-2006,2010,2011,2013,2016 Rami Lehti, Pablo
* Virolainen, Mike Markley, Richard van den Berg, Hannes von Haugwitz
* $Header$
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include "aide.h"
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/stat.h>
+#include <stdio.h>
#include <signal.h>
#include <ctype.h>
#include <syslog.h>
/*for locale support*/
#include "locale-aide.h"
/*for locale support*/
#ifndef MAXHOSTNAMELEN
#define MAXHOSTNAMELEN 256
#endif
#include "report.h"
#include "db_config.h"
#include "util.h"
#define URL_UNSAFE " <>\"#%{}|\\^~[]`@:\033'"
#define ISPRINT(c) (isascii(c) && isprint(c))
static const char* url_name[] = {
"file", "stdin", "stdout", "stderr", "fd", "sql", "syslog", "database", "https", "http", "ftp" };
static const int url_value[] = {
url_file, url_stdin, url_stdout,url_stderr,url_fd, url_sql, url_syslog, url_database, url_https, url_http, url_ftp };
const int url_ntypes=sizeof(url_value)/sizeof(URL_TYPE);
int cmpurl(url_t* u1,url_t* u2)
{
if(u1->type!= u2->type){
return RETFAIL;
};
if(strcmp(u1->value,u2->value)!=0){
return RETFAIL;
}
return RETOK;
};
+static size_t escape_str(const char *unescaped_str, char *str, size_t s) {
+ size_t n = 0;
+ size_t i = 0;
+ char c;
+ while (i < s && (c = unescaped_str[i])) {
+ if ((c >= 0 && (c < 0x1f || c == 0x7f)) ||
+ (c == '\\' && isdigit(unescaped_str[i+1])
+ && isdigit(unescaped_str[i+2])
+ && isdigit(unescaped_str[i+3])
+ ) ) {
+ if (str) { snprintf(&str[n], 5, "\\%03o", c); }
+ n += 4;
+ } else {
+ if (str) { str[n] = c; }
+ n++;
+ }
+ i++;
+ }
+ if (str) { str[n] = '\0'; }
+ n++;
+ return n;
+}
+
+char *strnesc(const char *unescaped_str, size_t s) {
+ int n = escape_str(unescaped_str, NULL, s);
+ char *str = malloc(n);
+ if (str == NULL) {
+ error(0, "malloc: failed to allocate %d bytes of memory\n", n);
+ exit(EXIT_FAILURE);
+ }
+ escape_str(unescaped_str, str, s);
+ return str;
+}
+
+char *stresc(const char *unescaped_str) {
+ return strnesc(unescaped_str, strlen(unescaped_str));
+}
+
url_t* parse_url(char* val)
{
url_t* u=NULL;
char* r=NULL;
char* val_copy=NULL;
int i=0;
if(val==NULL){
return NULL;
}
u=(url_t*)malloc(sizeof(url_t));
/* We don't want to modify the original hence strdup(val) */
val_copy=strdup(val);
for(r=val_copy;r[0]!=':'&&r[0]!='\0';r++);
if(r[0]!='\0'){
r[0]='\0';
r++;
}
u->type=url_unknown;
for(i=0;i<url_ntypes;i++){
if(strcmp(val_copy,url_name[i])==0){
u->type=url_value[i];

91
aide-0.16-CVE-2025-54389-part2.patch
View File

@ -1,91 +0,0 @@
diff -U0 aide-0.16/ChangeLog.orig aide-0.16/ChangeLog
diff -up aide-0.16/doc/aide.1.in.orig aide-0.16/doc/aide.1.in
diff -up aide-0.16/doc/aide.1.orig aide-0.16/doc/aide.1
diff -up aide-0.16/include/util.h.orig aide-0.16/include/util.h
diff -up aide-0.16/src/aide.c.orig aide-0.16/src/aide.c
diff -up aide-0.16/src/compare_db.c.orig aide-0.16/src/compare_db.c
--- aide-0.16/src/compare_db.c.orig 2025-08-20 16:40:25.219559352 +0200
+++ aide-0.16/src/compare_db.c 2025-08-20 16:40:33.945999660 +0200
@@ -526,15 +526,24 @@ static void print_line(seltree* node) {
}
}
summary[length]='\0';
- error(2,"\n%s: %s", summary, (node->checked&NODE_REMOVED?node->old_data:node->new_data)->filename);
+ const char *rawname = (node->checked&NODE_REMOVED?node->old_data:node->new_data)->filename;
+ char *filename_safe = stresc(rawname);
+ error(2,"\n%s: %s", summary, filename_safe);
+ free(filename_safe);
free(summary); summary=NULL;
} else {
if (node->checked&NODE_ADDED) {
- error(2,"added: %s\n",(node->new_data)->filename);
+ char *filename_safe = stresc((node->new_data)->filename);
+ error(2,"added: %s\n",filename_safe);
+ free(filename_safe);
} else if (node->checked&NODE_REMOVED) {
- error(2,"removed: %s\n",(node->old_data)->filename);
+ char *filename_safe = stresc((node->old_data)->filename);
+ error(2,"removed: %s\n",filename_safe);
+ free(filename_safe);
} else if (node->checked&NODE_CHANGED) {
- error(2,"changed: %s\n",(node->new_data)->filename);
+ char *filename_safe = stresc((node->new_data)->filename);
+ error(2,"changed: %s\n",filename_safe);
+ free(filename_safe);
}
}
}
@@ -552,6 +561,9 @@ static void print_dbline_attributes(db_l
error(2,"%s: ", file_type);
}
error(2,"%s\n", (nline==NULL?oline:nline)->filename);
+ char *filename_safe = stresc((nline==NULL?oline:nline)->filename);
+ error(2,"%s\n", filename_safe);
+ free(filename_safe);
attrs=force_attrs|(~(ignored_changed_attrs)&changed_attrs);
for (j=0; j < length; ++j) {
if (details_attributes[j]&attrs) {
@@ -559,21 +571,35 @@ static void print_dbline_attributes(db_l
nnumber=get_attribute_values(details_attributes[j], nline, &nvalue);
i = 0;
while (i<onumber || i<nnumber) {
- olen = i<onumber?strlen(ovalue[i]):0;
- nlen = i<nnumber?strlen(nvalue[i]):0;
+ char *ovalue_safe = NULL;
+ char *nvalue_safe = NULL;
+ if (i<onumber) {
+ ovalue_safe = stresc(ovalue[i]);
+ olen = strlen(ovalue_safe);
+ } else {
+ olen = 0;
+ }
+ if (i<nnumber) {
+ nvalue_safe = stresc(nvalue[i]);
+ nlen = strlen(nvalue_safe);
+ } else {
+ nlen = 0;
+ }
k = 0;
while (olen-p*k >= 0 || nlen-p*k >= 0) {
c = k*(p-1);
if (!onumber) {
- error(2," %s%-9s%c %-*c %.*s\n", width_details%2?"":" ", i+k?"":details_string[j], i+k?' ':':', p, ' ', p-1, nlen-c>0?&nvalue[i][c]:"");
+ error(2," %s%-9s%c %-*c %.*s\n", width_details%2?"":" ", i+k?"":details_string[j], i+k?' ':':', p, ' ', p-1, nlen-c>0?&nvalue_safe[c]:"");
} else if (!nnumber) {
- error(2," %s%-9s%c %.*s\n", width_details%2?"":" ", i+k?"":details_string[j], i+k?' ':':', p-1, olen-c>0?&ovalue[i][c]:"");
+ error(2," %s%-9s%c %.*s\n", width_details%2?"":" ", i+k?"":details_string[j], i+k?' ':':', p-1, olen-c>0?&ovalue_safe[c]:"");
} else {
- error(2," %s%-9s%c %-*.*s| %.*s\n", width_details%2?"":" ", i+k?"":details_string[j], i+k?' ':':', p, p-1, olen-c>0?&ovalue[i][c]:"", p-1, nlen-c>0?&nvalue[i][c]:"");
+ error(2," %s%-9s%c %-*.*s| %.*s\n", width_details%2?"":" ", i+k?"":details_string[j], i+k?' ':':', p, p-1, olen-c>0?&ovalue_safe[c]:"", p-1, nlen-c>0?&nvalue_safe[c]:"");
}
k++;
}
++i;
+ free(ovalue_safe);
+ free(nvalue_safe);
}
for(i=0; i < onumber; ++i) { free(ovalue[i]); ovalue[i]=NULL; } free(ovalue); ovalue=NULL;
for(i=0; i < nnumber; ++i) { free(nvalue[i]); nvalue[i]=NULL; } free(nvalue); nvalue=NULL;
diff -up aide-0.16/src/error.c.orig aide-0.16/src/error.c
diff -up aide-0.16/src/gen_list.c.orig aide-0.16/src/gen_list.c
diff -up aide-0.16/src/util.c.orig aide-0.16/src/util.c

1662
aide-0.16-CVE-2025-54389.patch
View File

File diff suppressed because it is too large Load Diff

58
aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch
View File

@ -1,58 +0,0 @@
From c7caa6027c92b28aa11b8da74d56357e12f56d67 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Kope=C4=8Dek?= <dkopecek@redhat.com>
Date: Wed, 20 Feb 2019 12:00:56 +0100
Subject: [PATCH] Use LDADD for adding curl library to the linker command
---
Makefile.am | 2 +-
configure.ac | 5 +++--
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 4b05d7a..1541d56 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -55,7 +55,7 @@ if USE_CURL
aide_SOURCES += include/fopen.h src/fopen.c
endif
-aide_LDADD = -lm @PCRELIB@ @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@
+aide_LDADD = -lm @PCRELIB@ @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@ @CURLLIB@
AM_CFLAGS = @AIDE_DEFS@ -W -Wall -g
AM_CPPFLAGS = -I$(top_srcdir) \
-I$(top_srcdir)/include \
diff --git a/configure.ac b/configure.ac
index 3598ebe..0418c59 100644
--- a/configure.ac
+++ b/configure.ac
@@ -702,24 +702,25 @@ if test x$with_zlib = xyes; then
compoptionstring="${compoptionstring}WITH_ZLIB\\n"
fi
+CURLLIB=
if test x$with_curl = xyes; then
AC_PATH_PROG(curlconfig, "curl-config")
if test "_$curlconfig" != _ ; then
CURL_CFLAGS=`$curlconfig --cflags`
- CURL_LIBS=`$curlconfig --libs`
+ CURLLIB=`$curlconfig --libs`
else
AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])
fi
AC_CHECK_HEADERS(curl/curl.h,,
[AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])])
CFLAGS="$CFLAGS $CURL_CFLAGS"
- LDFLAGS="$LDFLAGS $CURL_LIBS"
AC_CHECK_LIB(curl,curl_easy_init,havecurl=yes,
[AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])]
)
AC_DEFINE(WITH_CURL,1,[use curl])
compoptionstring="${compoptionstring}WITH_CURL\\n"
fi
+AC_SUBST(CURLLIB)
AM_CONDITIONAL(USE_CURL, test x$havecurl = xyes)
AC_ARG_WITH(mhash,
--
2.20.1

17
aide-0.16-crash-elf.patch
View File

@ -1,17 +0,0 @@
--- ./src/do_md.c 2018-03-19 05:10:19.994957024 -0400
+++ ./src/do_md.c 2018-03-19 05:19:05.829957024 -0400
@@ -135,8 +135,13 @@
continue;
while (!bingo && (data = elf_getdata (scn, data)) != NULL) {
- int maxndx = data->d_size / shdr.sh_entsize;
+ int maxndx;
int ndx;
+
+ if (shdr.sh_entsize != 0)
+ maxndx = data->d_size / shdr.sh_entsize;
+ else
+ continue;
for (ndx = 0; ndx < maxndx; ++ndx) {
(void) gelf_getdyn (data, ndx, &dyn);

153
aide-0.16-crypto-disable-haval-and-others.patch
View File

@ -1,153 +0,0 @@
diff -up ./include/md.h.crypto ./include/md.h
--- ./include/md.h.crypto 2016-07-25 22:56:55.000000000 +0200
+++ ./include/md.h 2018-08-29 15:00:30.827491299 +0200
@@ -149,6 +149,7 @@ int init_md(struct md_container*);
int update_md(struct md_container*,void*,ssize_t);
int close_md(struct md_container*);
void md2line(struct md_container*,struct db_line*);
+DB_ATTR_TYPE get_available_crypto();
#endif /*_MD_H_INCLUDED*/
diff -up ./src/aide.c.crypto ./src/aide.c
--- ./src/aide.c.crypto 2018-08-29 15:00:30.825491309 +0200
+++ ./src/aide.c 2018-08-29 15:00:30.827491299 +0200
@@ -349,7 +349,7 @@ static void setdefaults_before_config()
conf->db_attrs = 0;
#if defined(WITH_MHASH) || defined(WITH_GCRYPT)
- conf->db_attrs |= DB_MD5|DB_TIGER|DB_HAVAL|DB_CRC32|DB_SHA1|DB_RMD160|DB_SHA256|DB_SHA512;
+ conf->db_attrs |= get_available_crypto();
#ifdef WITH_MHASH
conf->db_attrs |= DB_GOST;
#ifdef HAVE_MHASH_WHIRLPOOL
diff -up ./src/md.c.crypto ./src/md.c
--- ./src/md.c.crypto 2018-08-29 15:00:30.823491319 +0200
+++ ./src/md.c 2018-08-29 15:02:28.013903479 +0200
@@ -78,6 +78,49 @@ DB_ATTR_TYPE hash_gcrypt2attr(int i) {
return r;
}
+const char * hash_gcrypt2str(int i) {
+ char * r = "?";
+#ifdef WITH_GCRYPT
+ switch (i) {
+ case GCRY_MD_MD5: {
+ r = "MD5";
+ break;
+ }
+ case GCRY_MD_SHA1: {
+ r = "SHA1";
+ break;
+ }
+ case GCRY_MD_RMD160: {
+ r = "RMD160";
+ break;
+ }
+ case GCRY_MD_TIGER: {
+ r = "TIGER";
+ break;
+ }
+ case GCRY_MD_HAVAL: {
+ r = "HAVAL";
+ break;
+ }
+ case GCRY_MD_SHA256: {
+ r = "SHA256";
+ break;
+ }
+ case GCRY_MD_SHA512: {
+ r = "SHA512";
+ break;
+ }
+ case GCRY_MD_CRC32: {
+ r = "CRC32";
+ break;
+ }
+ default:
+ break;
+ }
+#endif
+ return r;
+}
+
DB_ATTR_TYPE hash_mhash2attr(int i) {
DB_ATTR_TYPE r=0;
#ifdef WITH_MHASH
@@ -163,6 +206,44 @@ DB_ATTR_TYPE hash_mhash2attr(int i) {
Initialise md_container according it's todo_attr field
*/
+DB_ATTR_TYPE get_available_crypto() {
+
+ DB_ATTR_TYPE ret = 0;
+
+/*
+ * This function is usually called before config processing
+ * and default verbose level is 5
+ */
+#define lvl 255
+
+ error(lvl, "get_available_crypto called\n");
+
+#ifdef WITH_GCRYPT
+
+ /*
+ * some initialization for FIPS
+ */
+ gcry_check_version(NULL);
+ error(lvl, "Found algos:");
+
+ for(int i=0;i<=HASH_GCRYPT_COUNT;i++) {
+
+ if ( (hash_gcrypt2attr(i) & HASH_USE_GCRYPT) == 0 )
+ continue;
+
+ if (gcry_md_algo_info(i, GCRYCTL_TEST_ALGO, NULL, NULL) == 0) {
+ ret |= hash_gcrypt2attr(i);
+ error(lvl, " %s", hash_gcrypt2str(i));
+ }
+ }
+ error(lvl, "\n");
+
+#endif
+
+ error(lvl, "get_available_crypto_returned with %lld\n", ret);
+ return ret;
+}
+
int init_md(struct md_container* md) {
int i;
@@ -201,18 +282,27 @@ int init_md(struct md_container* md) {
}
#endif
#ifdef WITH_GCRYPT
- if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){
+ if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){
error(0,"gcrypt_md_open failed\n");
exit(IO_ERROR);
}
for(i=0;i<=HASH_GCRYPT_COUNT;i++) {
+
+
if (((hash_gcrypt2attr(i)&HASH_USE_GCRYPT)&md->todo_attr)!=0) {
- DB_ATTR_TYPE h=hash_gcrypt2attr(i);
- error(255,"inserting %llu\n",h);
+
+ DB_ATTR_TYPE h=hash_gcrypt2attr(i);
+
+ if (gcry_md_algo_info(i, GCRYCTL_TEST_ALGO, NULL, NULL) != 0) {
+ error(0,"Algo %s is not available\n", hash_gcrypt2str(i));
+ exit(-1);
+ }
+
+ error(255,"inserting %llu\n",h);
if(gcry_md_enable(md->mdh,i)==GPG_ERR_NO_ERROR){
md->calc_attr|=h;
} else {
- error(0,"gcry_md_enable %i failed",i);
+ error(0,"gcry_md_enable %i failed\n",i);
md->todo_attr&=~h;
}
}

103
aide-0.16b1-fipsfix.patch
View File

@ -1,103 +0,0 @@
diff -up ./src/aide.c.orig ./aide-0.16b1/src/aide.c
--- ./src/aide.c.orig 2016-07-12 11:10:08.013158385 +0200
+++ ./src/aide.c 2016-07-12 11:30:54.867833064 +0200
@@ -511,9 +511,28 @@ int main(int argc,char**argv)
#endif
umask(0177);
init_sighandler();
-
setdefaults_before_config();
+#if WITH_GCRYPT
+ error(255,"Gcrypt library initialization\n");
+ /*
+ * Initialize libgcrypt as per
+ * http://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html
+ *
+ *
+ */
+ gcry_control(GCRYCTL_SET_ENFORCED_FIPS_FLAG, 0);
+ gcry_control(GCRYCTL_INIT_SECMEM, 1);
+
+ if(!gcry_check_version(GCRYPT_VERSION)) {
+ error(0,"libgcrypt version mismatch\n");
+ exit(VERSION_MISMATCH_ERROR);
+ }
+
+ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+#endif /* WITH_GCRYPT */
+
+
if(read_param(argc,argv)==RETFAIL){
error(0, _("Invalid argument\n") );
exit(INVALID_ARGUMENT_ERROR);
@@ -646,6 +665,9 @@ int main(int argc,char**argv)
}
#endif
}
+#ifdef WITH_GCRYPT
+ gcry_control(GCRYCTL_TERM_SECMEM, 0);
+#endif /* WITH_GCRYPT */
return RETOK;
}
const char* aide_key_3=CONFHMACKEY_03;
diff -up ./src/md.c.orig ./aide-0.16b1/src/md.c
--- ./src/md.c.orig 2016-04-15 23:30:16.000000000 +0200
+++ ./src/md.c 2016-07-12 11:35:04.007675329 +0200
@@ -201,14 +201,7 @@ int init_md(struct md_container* md) {
}
#endif
#ifdef WITH_GCRYPT
- error(255,"Gcrypt library initialization\n");
- if(!gcry_check_version(GCRYPT_VERSION)) {
- error(0,"libgcrypt version mismatch\n");
- exit(VERSION_MISMATCH_ERROR);
- }
- gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
- gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
- if(gcry_md_open(&md->mdh,0,0)!=GPG_ERR_NO_ERROR){
+ if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){
error(0,"gcrypt_md_open failed\n");
exit(IO_ERROR);
}
@@ -299,7 +292,7 @@ int close_md(struct md_container* md) {
/*. There might be more hashes in the library. Add those here.. */
- gcry_md_reset(md->mdh);
+ gcry_md_close(md->mdh);
#endif
#ifdef WITH_MHASH
diff -up ./src/util.c.orig ./aide-0.16b1/src/util.c
--- ./src/util.c.orig 2016-07-12 11:39:17.023437355 +0200
+++ ./src/util.c 2016-07-12 11:39:51.618721157 +0200
@@ -519,28 +519,5 @@ int syslog_facility_lookup(char *s)
return(AIDE_SYSLOG_FACILITY);
}
-/* We need these dummy stubs to fool the linker into believing that
- we do not need them at link time */
-
-void* dlopen(char*filename,int flag)
-{
- return NULL;
-}
-
-void* dlsym(void*handle,char*symbol)
-{
- return NULL;
-}
-
-void* dlclose(void*handle)
-{
- return NULL;
-}
-
-const char* dlerror(void)
-{
- return NULL;
-}
-
const char* aide_key_2=CONFHMACKEY_02;
const char* db_key_2=DBHMACKEY_02;

15
aide-0.16rc1-man.patch
View File

@ -1,15 +0,0 @@
diff -up ./doc/aide.1.in.orig ./doc/aide.1.in
--- ./doc/aide.1.in.orig 2016-07-12 16:10:01.724595895 +0200
+++ ./doc/aide.1.in 2016-07-12 16:06:21.968639822 +0200
@@ -103,9 +103,9 @@ echo <encoded_checksum> | base64 \-d | h
.SH FILES
.IP \fB@sysconfdir@/aide.conf\fR
Default aide configuration file.
-.IP \fB@sysconfdir@/aide.db\fR
+.IP \fB@localstatedir@/lib/aide/aide.db\fR
Default aide database.
-.IP \fB@sysconfdir@/aide.db.new\fR
+.IP \fB@localstatedir@/lib/aide/aide.db.new\fR
Default aide output database.
.SH SEE ALSO
.BR aide.conf (5)

51
aide-configure.patch
View File

@ -1,51 +0,0 @@
diff --color -ru a/configure.ac b/configure.ac
--- a/configure.ac 2021-05-20 09:31:11.686987129 +0200
+++ b/configure.ac 2021-05-20 09:39:43.369967457 +0200
@@ -784,11 +784,11 @@
[if test "x$withval" = "xmd5" ;then
CONFIGHMACTYPE="MHASH_MD5"
else if test "x$withval" = "xsha1" ;then
- CONFIGHMACTYPE="MHASH_SHA1"
+ CONFIGHMACTYPE="MHASH_SHA1"
else if test "x$withval" = "xsha256" ;then
- CONFIGHMACTYPE="MHASH_SHA256"
+ CONFIGHMACTYPE="MHASH_SHA256"
else if test "x$withval" = "xsha512" ;then
- CONFIGHMACTYPE="MHASH_SHA512"
+ CONFIGHMACTYPE="MHASH_SHA512"
else
echo "Valid parameters for --with-confighmactype are md5, sha1, sha256 and sha512"
exit 1
@@ -799,7 +799,6 @@
AC_DEFINE_UNQUOTED(CONFIGHMACTYPE,$CONFIGHMACTYPE,[hash type for config file check])],
[
AC_DEFINE_UNQUOTED(CONFIGHMACTYPE,MHASH_MD5,[hash type for config file check])]
-,
)
AC_ARG_WITH([confighmackey],
@@ -846,18 +845,18 @@
AC_ARG_WITH([dbhmactype],
AC_HELP_STRING([--with-dbhmactype=TYPE],
- [Hash type to use for checking db. Valid values are md5 and sha1.]),
+ [Hash type to use for checking db. Valid values are md5, sha1, sha256 and sha512.]),
[if test "x$withval" = "xmd5" ;then
DBHMACTYPE="MHASH_MD5"
else if test "x$withval" = "xsha1" ;then
- DBHMACTYPE="MHASH_SHA1"
+ DBHMACTYPE="MHASH_SHA1"
else if test "x$withval" = "xsha256" ;then
- CONFIGHMACTYPE="MHASH_SHA256"
+ DBHMACTYPE="MHASH_SHA256"
else if test "x$withval" = "xsha512" ;then
- CONFIGHMACTYPE="MHASH_SHA512"
+ DBHMACTYPE="MHASH_SHA512"
else
- echo "Valid parameters for --with-dbhmactype are md5, sha1, sha256 and sha512"
- exit 1
+ echo "Valid parameters for --with-dbhmactype are md5, sha1, sha256 and sha512"
+ exit 1
fi
fi
fi

11
aide-db-problem.patch
View File

@ -1,11 +0,0 @@
diff -up aide-0.16/src/commandconf.c.rhcase03736158 aide-0.16/src/commandconf.c
--- aide-0.16/src/commandconf.c.rhcase03736158 2024-03-01 11:06:35.305712992 +0100
+++ aide-0.16/src/commandconf.c 2024-03-01 11:08:07.726499878 +0100
@@ -306,6 +306,7 @@ int db_input_wrapper(char* buf, int max_
retval=0;
buf[0]='\0';
}else {
+ buf[0]='\0';
if((retval=gzread(*db_gzp,buf,max_size))<0){
error(0,_("gzread() failed: gzerr=%s!\n"),gzerror(*db_gzp,&err));
retval=0;

171
aide-static-analysis.patch
View File

@ -1,171 +0,0 @@
Only in b: config.log
diff --color -ru a/contrib/sshaide.sh b/contrib/sshaide.sh
--- a/contrib/sshaide.sh 2016-07-25 22:56:55.000000000 +0200
+++ b/contrib/sshaide.sh 2021-05-20 11:11:24.112542472 +0200
@@ -260,7 +260,7 @@
_randword=`grep -n . ${_wordlist} | grep "^${_linenum}:" | cut -d: -f2`
# If $_randword has anything other than lower-case chars, try again
- (echo ${_randword} | LC_ALL=C grep '[^a-z]' 2>&1 >> /dev/null \
+ ({ echo ${_randword} | LC_ALL=C grep '[^a-z]' 2>&1; } >> /dev/null \
&& gen_rand_word ) || \
# Return the word
diff --color -ru a/src/commandconf.c b/src/commandconf.c
--- a/src/commandconf.c 2021-05-20 10:37:53.842382143 +0200
+++ b/src/commandconf.c 2021-05-25 14:16:43.278526146 +0200
@@ -313,7 +313,7 @@
} else {
/* gzread returns 0 even if uncompressed bytes were read*/
error(240,"nread=%d,strlen(buf)=%lu,errno=%s,gzerr=%s\n",
- retval,(unsigned long)strnlen((char*)buf, max_size),
+ retval,(unsigned long)strnlen((char*)buf, retval),
strerror(errno),gzerror(*db_gzp,&err));
if(retval==0){
retval=strnlen((char*)buf, max_size);
@@ -836,6 +836,11 @@
}
break;
}
+ default: {
+ error(0,"Unsupported dbtype.\n");
+ free(u);
+ break;
+ }
}
}
free(val);
@@ -900,7 +905,7 @@
} else {
error_init(u,0);
}
-
+ free(u->value);
free(u);
}
diff --color -ru a/src/db_disk.c b/src/db_disk.c
--- a/src/db_disk.c 2021-05-20 10:37:53.842382143 +0200
+++ b/src/db_disk.c 2021-05-20 12:37:00.081493364 +0200
@@ -125,10 +125,10 @@
ret = (char *) malloc (len);
ret[0] = (char) 0;
- strncpy(ret, conf->root_prefix, conf->root_prefix_length+1);
- strncat (ret, r->path, len2);
+ strcpy(ret, conf->root_prefix);
+ strcat (ret, r->path);
if (r->path[len2 - 1] != '/') {
- strncat (ret, "/", 1);
+ strcat (ret, "/");
}
strcat (ret, s);
return ret;
@@ -207,8 +207,8 @@
if (!root_handled) {
root_handled = 1;
fullname=malloc((conf->root_prefix_length+2)*sizeof(char));
- strncpy(fullname, conf->root_prefix, conf->root_prefix_length+1);
- strncat (fullname, "/", 1);
+ strcpy(fullname, conf->root_prefix);
+ strcat (fullname, "/");
if (!get_file_status(&fullname[conf->root_prefix_length], &fs)) {
add = check_rxtree (&fullname[conf->root_prefix_length], conf->tree, &attr, fs.st_mode);
error (240, "%s match=%d, tree=%p, attr=%llu\n", &fullname[conf->root_prefix_length], add,
@@ -346,8 +346,8 @@
error (255, "r->childs %p, r->parent %p,r->checked %i\n",
r->childs, r->parent, r->checked);
fullname=malloc((conf->root_prefix_length+strlen(r->path)+1)*sizeof(char));
- strncpy(fullname, conf->root_prefix, conf->root_prefix_length+1);
- strncat(fullname, r->path, strlen(r->path));
+ strcpy(fullname, conf->root_prefix);
+ strcat(fullname, r->path);
dirh=open_dir(fullname);
if (! dirh) {
@@ -441,8 +441,8 @@
char* fullname=malloc((conf->root_prefix_length+2)*sizeof(char));
- strncpy(fullname, conf->root_prefix, conf->root_prefix_length+1);
- strncat (fullname, "/", 1);
+ strcpy(fullname, conf->root_prefix);
+ strcat (fullname, "/");
dirh=open_dir(fullname);
free(fullname);
diff --color -ru a/src/error.c b/src/error.c
--- a/src/error.c 2021-05-20 10:37:53.836382037 +0200
+++ b/src/error.c 2021-05-21 11:49:09.781313097 +0200
@@ -125,7 +125,7 @@
fh=be_init(0,url,0);
if(fh!=NULL) {
conf->report_fd=list_append(conf->report_fd,(void*)fh);
- conf->report_url=list_append(conf->report_url,(void*)url);
+ conf->report_url=list_append(conf->report_url,(void*)strdup(url));
return RETOK;
}
diff --color -ru a/src/util.c b/src/util.c
--- a/src/util.c 2021-05-20 10:37:53.843382160 +0200
+++ b/src/util.c 2021-05-25 11:04:39.507278771 +0200
@@ -105,13 +105,15 @@
for(i=0;r[0]!='/'&&r[0]!='\0';r++,i++);
if(r[0]=='\0'){
error(0,"Invalid file-URL,no path after hostname: file:%s\n",t);
+ free(u);
+ free(val_copy);
free(hostname);
return NULL;
}
u->value=strdup(r);
r[0]='\0';
if(gethostname(hostname,MAXHOSTNAMELEN)==-1){
- strncpy(hostname,"localhost", 10);
+ strncpy(hostname,"localhost",MAXHOSTNAMELEN);
}
if( (strcmp(t,"localhost")==0)||(strcmp(t,hostname)==0)){
@@ -119,6 +121,9 @@
break;
} else {
error(0,"Invalid file-URL, cannot use hostname other than localhost or %s: file:%s\n",hostname,u->value);
+ free(u->value);
+ free(u);
+ free(val_copy);
free(hostname);
return NULL;
}
@@ -229,6 +234,10 @@
int i=0;
pc=(char*)malloc(sizeof(char)*11);
+ if (!pc) {
+ error(0, "Memory allocation failed.\n");
+ return NULL;
+ }
for(i=0;i<10;i++){
pc[i]='-';
}
@@ -369,14 +378,17 @@
if (path != NULL) {
if (path[0] == '~') {
- if((homedir=getenv("HOME")) != NULL) {
+ if ((homedir=getenv("HOME")) != NULL) {
path_len = strlen(path+sizeof(char));
homedir_len = strlen(homedir);
full_len = homedir_len+path_len;
full = malloc(sizeof(char) * (full_len+1));
- strncpy(full, homedir, homedir_len);
- strncpy(full+homedir_len, path+sizeof(char), path_len);
- full[full_len] = '\0';
+ if (!full) {
+ error(0, "Memory allocation failed.\n");
+ return path;
+ }
+ strcpy(full, homedir);
+ strcat(full, path+sizeof(char));
free(path);
/* Don't free(homedir); because it is not safe on some platforms */
path = full;

2
aide-tmpfiles.conf Normal file
View File

@ -0,0 +1,2 @@
d /var/log/aide 0700 root root -
d /var/lib/aide 0700 root root -

69
aide.spec
View File

@ -1,21 +1,26 @@
Summary: Intrusion detection environment
Name: aide
Version: 0.16
Release: 105%{?dist}
URL: http://sourceforge.net/projects/aide
Version: 0.19.2
Release: 1%{?dist}
URL: https://github.com/aide/aide
License: GPLv2+
Source0: %{url}/files/aide/%{version}/%{name}-%{version}.tar.gz
Source1: aide.conf
Source2: README.quickstart
Source3: aide.logrotate
Source0: %{url}/releases/download/v%{version}/%{name}-%{version}.tar.gz
Source1: %{url}/releases/download/v%{version}/%{name}-%{version}.tar.gz.asc
# gpg2 --recv-keys 2BBBD30FAAB29B3253BCFBA6F6947DAB68E7B931
# gpg2 --export --export-options export-minimal 2BBBD30FAAB29B3253BCFBA6F6947DAB68E7B931 >gpgkey-aide.gpg
Source2: gpgkey-aide.gpg
Source3: aide.conf
Source4: README.quickstart
Source5: aide.logrotate
Source6: aide-tmpfiles.conf
BuildRequires: gcc
BuildRequires: make
BuildRequires: bison flex
BuildRequires: pcre-devel
BuildRequires: libgpg-error-devel libgcrypt-devel
BuildRequires: libgpg-error-devel nettle-devel
BuildRequires: zlib-devel
BuildRequires: libcurl-devel
BuildRequires: libacl-devel
@ -23,40 +28,27 @@ BuildRequires: pkgconfig(libselinux)
BuildRequires: libattr-devel
BuildRequires: e2fsprogs-devel
BuildRequires: audit-libs-devel
BuildRequires: autoconf automake libtool
# Customize the database file location in the man page.
Patch1: aide-0.16rc1-man.patch
# fix aide in FIPS mode
Patch2: aide-0.16b1-fipsfix.patch
# Bug 1674637 - aide: FTBFS in Fedora rawhide/f30
Patch3: aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch
Patch4: aide-0.15-syslog-format.patch
Patch5: aide-0.16-crypto-disable-haval-and-others.patch
Patch6: coverity.patch
Patch7: aide-0.16-crash-elf.patch
Patch8: aide-configure.patch
Patch9: aide-static-analysis.patch
Patch10: aide-0.16-CVE-2021-45417.patch
Patch11: aide-db-problem.patch
Patch12: rootPrefix.patch
Patch13: aide-0.16-CVE-2025-54389.patch
BuildRequires: autoconf automake libtool autoconf-archive
BuildRequires: systemd-rpm-macros
# For verifying signatures
BuildRequires: gnupg2
%description
AIDE (Advanced Intrusion Detection Environment) is a file integrity
checker and intrusion detection program.
%prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%autosetup -p1
cp -a %{S:2} .
cp -a %{SOURCE4} .
%build
autoreconf -ivf
%configure \
--disable-static \
--with-config_file=%{_sysconfdir}/aide.conf \
--with-gcrypt \
--without-gcrypt \
--with-nettle \
--with-zlib \
--with-curl \
--with-posix-acl \
@ -70,14 +62,16 @@ autoreconf -ivf
%install
%make_install bindir=%{_sbindir}
install -Dpm0644 -t %{buildroot}%{_sysconfdir} %{S:1}
install -Dpm0644 %{S:3} %{buildroot}%{_sysconfdir}/logrotate.d/aide
install -Dpm0644 -t %{buildroot}%{_sysconfdir} %{SOURCE3}
install -Dpm0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/logrotate.d/aide
mkdir -p %{buildroot}%{_localstatedir}/log/aide
mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide
# Install tmpfiles config
install -Dpm0644 %{SOURCE6} %{buildroot}%{_tmpfilesdir}/aide.conf
%files
%license COPYING
%doc AUTHORS ChangeLog NEWS README doc/manual.html contrib/
%doc AUTHORS ChangeLog NEWS README
%doc README.quickstart
%{_sbindir}/aide
%{_mandir}/man1/*.1*
@ -86,8 +80,19 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide
%config(noreplace) %{_sysconfdir}/logrotate.d/aide
%dir %attr(0700,root,root) %{_localstatedir}/lib/aide
%dir %attr(0700,root,root) %{_localstatedir}/log/aide
%{_tmpfilesdir}/aide.conf
%changelog
* Tue Sep 16 2025 Attila Lakatos <alakatos@redhat.com> - 0.19.2-1
RHEL 9.8.0 ERRATUM
- rebase to 0.19.2
Resolves: RHEL-110573
- Switch to libnettle for hashing
- prevent aide from crashing if database is a HTTPS URL
Resolves: RHEL-76014
- prevent aide from exiting if a file is truncated during check
Resolves: RHEL-1569
* Wed Aug 20 2025 Attila Lakatos <alakatos@redhat.com> - 0.16-105
RHEL 9.7 ERRATUM
- CVE-2025-54389 aide: improper output neutralization enables bypassing

642
coverity.patch
View File

@ -1,642 +0,0 @@
diff -up ./include/be.h.coverity ./include/be.h
--- ./include/be.h.coverity 2016-07-25 22:56:55.000000000 +0200
+++ ./include/be.h 2018-10-10 19:27:18.680632681 +0200
@@ -22,6 +22,6 @@
#define _BE_H_INCLUDED
#include "db_config.h"
-FILE* be_init(int inout,url_t* u,int iszipped);
+void* be_init(int inout,url_t* u,int iszipped);
#endif /* _BE_H_INCLUDED */
diff -up ./include/db_config.h.coverity ./include/db_config.h
--- ./include/db_config.h.coverity 2018-10-10 19:27:18.672632611 +0200
+++ ./include/db_config.h 2018-10-10 19:27:18.681632689 +0200
@@ -376,7 +376,7 @@ typedef struct db_config {
#endif
url_t* initial_report_url;
- FILE* initial_report_fd;
+ void* initial_report_fd;
/* report_url is a list of url_t*s */
list* report_url;
diff -up ./src/aide.c.coverity ./src/aide.c
--- ./src/aide.c.coverity 2018-10-10 19:27:18.678632663 +0200
+++ ./src/aide.c 2018-10-10 19:27:18.681632689 +0200
@@ -278,7 +278,7 @@ static void setdefaults_before_config()
error(0,_("Couldn't get hostname"));
free(s);
} else {
- s=(char*)realloc((void*)s,strlen(s)+1);
+ // s=(char*)realloc((void*)s,strlen(s)+1);
do_define("HOSTNAME",s);
}
@@ -506,8 +506,6 @@ static void setdefaults_after_config()
int main(int argc,char**argv)
{
int errorno=0;
- byte* dig=NULL;
- char* digstr=NULL;
#ifdef USE_LOCALE
setlocale(LC_ALL,"");
@@ -544,6 +542,10 @@ int main(int argc,char**argv)
}
errorno=commandconf('C',conf->config_file);
+ if (errorno==RETFAIL){
+ error(0,_("Configuration error\n"));
+ exit(INVALID_CONFIGURELINE_ERROR);
+ }
errorno=commandconf('D',"");
if (errorno==RETFAIL){
@@ -594,6 +596,9 @@ int main(int argc,char**argv)
}
}
#ifdef WITH_MHASH
+ byte* dig=NULL;
+ char* digstr=NULL;
+
if(conf->config_check&&FORCECONFIGMD){
error(0,"Can't give config checksum when compiled with --enable-forced_configmd\n");
exit(INVALID_ARGUMENT_ERROR);
diff -up ./src/base64.c.coverity ./src/base64.c
--- ./src/base64.c.coverity 2016-07-25 22:56:55.000000000 +0200
+++ ./src/base64.c 2018-10-10 19:27:18.681632689 +0200
@@ -209,6 +209,7 @@ byte* decode_base64(char* src,size_t ssi
case FAIL:
error(3, "decode_base64: Illegal character: %c\n", *inb);
error(230, "decode_base64: Illegal line:\n%s\n", src);
+ free(outbuf);
return NULL;
break;
case SKIP:
@@ -260,7 +261,7 @@ size_t length_base64(char* src,size_t ss
int l;
int left;
size_t pos;
- unsigned long triple;
+ //unsigned long triple;
error(235, "decode base64\n");
/* Exit on empty input */
@@ -273,7 +274,7 @@ size_t length_base64(char* src,size_t ss
inb = src;
l = 0;
- triple = 0;
+ //triple = 0;
pos=0;
left = ssize;
/*
@@ -293,7 +294,7 @@ size_t length_base64(char* src,size_t ss
case SKIP:
break;
default:
- triple = triple<<6 | (0x3f & i);
+ //triple = triple<<6 | (0x3f & i);
l++;
break;
}
@@ -302,10 +303,10 @@ size_t length_base64(char* src,size_t ss
switch(l)
{
case 2:
- triple = triple>>4;
+ //triple = triple>>4;
break;
case 3:
- triple = triple>>2;
+ //triple = triple>>2;
break;
default:
break;
@@ -314,7 +315,7 @@ size_t length_base64(char* src,size_t ss
{
pos++;
}
- triple = 0;
+ //triple = 0;
l = 0;
}
inb++;
diff -up ./src/be.c.coverity ./src/be.c
--- ./src/be.c.coverity 2016-07-25 22:56:55.000000000 +0200
+++ ./src/be.c 2018-10-10 19:27:18.681632689 +0200
@@ -117,9 +117,9 @@ static char* get_first_value(char** in){
#endif
-FILE* be_init(int inout,url_t* u,int iszipped)
+void* be_init(int inout,url_t* u,int iszipped)
{
- FILE* fh=NULL;
+ void* fh=NULL;
long a=0;
char* err=NULL;
int fd;
diff -up ./src/commandconf.c.coverity ./src/commandconf.c
--- ./src/commandconf.c.coverity 2016-07-25 22:56:55.000000000 +0200
+++ ./src/commandconf.c 2018-10-10 19:27:18.682632698 +0200
@@ -106,7 +106,7 @@ int commandconf(const char mode,const ch
rv=0;
} else {
- rv=access(config,R_OK);
+ if (config != NULL) rv=access(config,R_OK);
if(rv==-1){
error(0,_("Cannot access config file: %s: %s\n"),config,strerror(errno));
}
@@ -166,14 +166,11 @@ int commandconf(const char mode,const ch
int conf_input_wrapper(char* buf, int max_size, FILE* in)
{
int retval=0;
- int c=0;
- char* tmp=NULL;
- void* key=NULL;
- int keylen=0;
/* FIXME Add support for gzipped config. :) */
#ifdef WITH_MHASH
/* Read a character at a time until we are doing md */
+ int c=0;
if(conf->do_configmd){
retval=fread(buf,1,max_size,in);
}else {
@@ -185,6 +182,9 @@ int conf_input_wrapper(char* buf, int ma
#endif
#ifdef WITH_MHASH
+ char* tmp=NULL;
+ void* key=NULL;
+ int keylen=0;
if(conf->do_configmd||conf->config_check){
if(((conf->do_configmd==1)&&conf->config_check)||!conf->confmd){
if(conf->do_configmd==1){
@@ -276,6 +276,9 @@ int db_input_wrapper(char* buf, int max_
#endif
break;
}
+ default: {
+ return 0;
+ }
}
#ifdef WITH_CURL
@@ -651,7 +654,6 @@ int handle_endif(int doit,int allow_else
case 0 : {
conferror("@@endif or @@else expected");
return -1;
- count=0;
}
default : {
@@ -816,6 +818,7 @@ void do_dbdef(int dbtype,char* val)
if(u==NULL||u->type==url_unknown||u->type==url_stdout
||u->type==url_stderr) {
error(0,_("Unsupported input URL-type:%s\n"),val);
+ free(u);
}
else {
*conf_db_url=u;
@@ -825,6 +828,7 @@ void do_dbdef(int dbtype,char* val)
case DB_WRITE: {
if(u==NULL||u->type==url_unknown||u->type==url_stdin){
error(0,_("Unsupported output URL-type:%s\n"),val);
+ free(u);
}
else{
conf->db_out_url=u;
@@ -848,6 +852,7 @@ void do_dbindef(char* val)
if(u==NULL||u->type==url_unknown||u->type==url_stdout
||u->type==url_stderr) {
error(0,_("Unsupported input URL-type:%s\n"),val);
+ free(u);
}
else {
conf->db_in_url=u;
@@ -869,6 +874,7 @@ void do_dboutdef(char* val)
* both input and output urls */
if(u==NULL||u->type==url_unknown||u->type==url_stdin){
error(0,_("Unsupported output URL-type:%s\n"),val);
+ free(u);
}
else{
conf->db_out_url=u;
@@ -894,7 +900,8 @@ void do_repurldef(char* val)
} else {
error_init(u,0);
}
-
+
+ free(u);
}
void do_verbdef(char* val)
@@ -984,7 +991,7 @@ void do_report_ignore_e2fsattrs(char* va
break;
}
}
- *val++;
+ val++;
}
}
#endif
diff -up ./src/compare_db.c.coverity ./src/compare_db.c
--- ./src/compare_db.c.coverity 2018-10-10 19:27:18.673632619 +0200
+++ ./src/compare_db.c 2018-10-10 19:27:18.682632698 +0200
@@ -312,7 +312,7 @@ static int acl2array(acl_type* acl, char
if (conf->syslog_format) {
*values = malloc(2 * sizeof(char*));
- char *A, *D = "<NONE>";
+ char *A= "<NONE>", *D = "<NONE>";
if (acl->acl_a) { A = acl->acl_a; }
if (acl->acl_d) { D = acl->acl_d; }
diff -up ./src/conf_lex.l.coverity ./src/conf_lex.l
--- ./src/conf_lex.l.coverity 2018-10-10 19:27:18.673632619 +0200
+++ ./src/conf_lex.l 2018-10-10 19:27:18.682632698 +0200
@@ -133,7 +133,7 @@ int var_in_conflval=0;
<EXPR>[\ \t]*\n {
conf_lineno++;
return (TNEWLINE);
- BEGIN 0;
+// BEGIN 0;
}
<EXPR>\+ {
diff -up ./src/db.c.coverity ./src/db.c
--- ./src/db.c.coverity 2016-07-25 22:56:55.000000000 +0200
+++ ./src/db.c 2018-10-10 19:27:18.683632707 +0200
@@ -27,6 +27,7 @@
#include "db_file.h"
#include "db_disk.h"
#include "md.h"
+#include "fopen.h"
#ifdef WITH_PSQL
#include "db_sql.h"
@@ -269,6 +270,9 @@ db_line* db_readline(int db){
db_order=&(conf->db_new_order);
break;
}
+ default: {
+ return NULL;
+ }
}
switch (db_url->type) {
@@ -368,7 +372,7 @@ db_line* db_char2line(char** ss,int db){
int i;
db_line* line=(db_line*)malloc(sizeof(db_line)*1);
- int* db_osize=0;
+ int* db_osize=NULL;
DB_FIELD** db_order=NULL;
switch (db) {
@@ -382,6 +386,10 @@ db_line* db_char2line(char** ss,int db){
db_order=&(conf->db_new_order);
break;
}
+ default: {
+ free(line);
+ return NULL;
+ }
}
@@ -601,7 +609,9 @@ db_line* db_char2line(char** ss,int db){
size_t vsz = 0;
tval = strtok(NULL, ",");
- line->xattrs->ents[num].key = db_readchar(strdup(tval));
+ char * tmp = strdup(tval);
+ line->xattrs->ents[num].key = db_readchar(tmp);
+ free(tmp);
tval = strtok(NULL, ",");
val = base64tobyte(tval, strlen(tval), &vsz);
line->xattrs->ents[num].val = val;
@@ -648,6 +658,8 @@ db_line* db_char2line(char** ss,int db){
default : {
error(0,_("Not implemented in db_char2line %i \n"),(*db_order)[i]);
+ free_db_line(line);
+ free(line);
return NULL;
}
@@ -826,7 +838,7 @@ void db_close() {
case url_ftp:
{
if (conf->db_out!=NULL) {
- url_fclose(conf->db_out);
+ url_fclose((URL_FILE*)conf->db_out);
}
break;
}
diff -up ./src/db_disk.c.coverity ./src/db_disk.c
--- ./src/db_disk.c.coverity 2016-07-25 22:56:55.000000000 +0200
+++ ./src/db_disk.c 2018-10-10 19:28:00.108995089 +0200
@@ -79,9 +79,15 @@ static DIR *open_dir(char* path) {
static void next_in_dir (void)
{
+
#ifdef HAVE_READDIR_R
- if (dirh != NULL)
+ if (dirh != NULL) {
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
rdres = AIDE_READDIR_R_FUNC (dirh, entp, resp);
+#pragma GCC diagnostic pop
+ }
+
#else
#ifdef HAVE_READDIR
if (dirh != NULL) {
diff -up ./src/db_file.c.coverity ./src/db_file.c
--- ./src/db_file.c.coverity 2016-07-25 22:56:55.000000000 +0200
+++ ./src/db_file.c 2018-10-10 19:27:18.683632707 +0200
@@ -171,7 +171,7 @@ int dofprintf( const char* s,...)
int db_file_read_spec(int db){
int i=0;
- int* db_osize=0;
+ int* db_osize=NULL;
DB_FIELD** db_order=NULL;
switch (db) {
@@ -187,6 +187,9 @@ int db_file_read_spec(int db){
db_lineno=&db_new_lineno;
break;
}
+ default: {
+ return RETFAIL;
+ }
}
*db_order=(DB_FIELD*) malloc(1*sizeof(DB_FIELD));
@@ -198,13 +201,10 @@ int db_file_read_spec(int db){
int l;
- /* Yes... we do not check if realloc returns nonnull */
-
- *db_order=(DB_FIELD*)
- realloc((void*)*db_order,
+ void * tmp = realloc((void*)*db_order,
((*db_osize)+1)*sizeof(DB_FIELD));
-
- if(*db_order==NULL){
+ if (tmp != NULL) *db_order=(DB_FIELD*) tmp;
+ else {
return RETFAIL;
}
@@ -291,8 +291,8 @@ char** db_readline_file(int db){
int* domd=NULL;
#ifdef WITH_MHASH
MHASH* md=NULL;
-#endif
char** oldmdstr=NULL;
+#endif
int* db_osize=0;
DB_FIELD** db_order=NULL;
FILE** db_filep=NULL;
@@ -302,9 +302,9 @@ char** db_readline_file(int db){
case DB_OLD: {
#ifdef WITH_MHASH
md=&(conf->dboldmd);
+ oldmdstr=&(conf->old_dboldmdstr);
#endif
domd=&(conf->do_dboldmd);
- oldmdstr=&(conf->old_dboldmdstr);
db_osize=&(conf->db_in_size);
db_order=&(conf->db_in_order);
@@ -316,9 +316,9 @@ char** db_readline_file(int db){
case DB_NEW: {
#ifdef WITH_MHASH
md=&(conf->dbnewmd);
+ oldmdstr=&(conf->old_dbnewmdstr);
#endif
domd=&(conf->do_dbnewmd);
- oldmdstr=&(conf->old_dbnewmdstr);
db_osize=&(conf->db_new_size);
db_order=&(conf->db_new_order);
@@ -328,7 +328,9 @@ char** db_readline_file(int db){
break;
}
}
-
+
+ if (db_osize == NULL) return NULL;
+
if (*db_osize==0) {
db_buff(db,*db_filep);
@@ -737,8 +739,6 @@ int db_writespec_file(db_config* dbconf)
int i=0;
int j=0;
int retval=1;
- void*key=NULL;
- int keylen=0;
struct tm* st;
time_t tim=time(&tim);
st=localtime(&tim);
@@ -750,6 +750,8 @@ int db_writespec_file(db_config* dbconf)
#ifdef WITH_MHASH
/* From hereon everything must MD'd before write to db */
+ void*key=NULL;
+ int keylen=0;
if((key=get_db_key())!=NULL){
keylen=get_db_key_len();
dbconf->do_dbnewmd=1;
diff -up ./src/do_md.c.coverity ./src/do_md.c
--- ./src/do_md.c.coverity 2016-07-25 22:56:55.000000000 +0200
+++ ./src/do_md.c 2018-10-10 19:27:18.683632707 +0200
@@ -202,7 +202,6 @@ void calc_md(struct AIDE_STAT_TYPE* old_
and we don't read from a pipe :)
*/
struct AIDE_STAT_TYPE fs;
- int sres=0;
int stat_diff,filedes;
#ifdef WITH_PRELINK
pid_t pid;
@@ -237,7 +236,7 @@ void calc_md(struct AIDE_STAT_TYPE* old_
return;
}
- sres=AIDE_FSTAT_FUNC(filedes,&fs);
+ AIDE_FSTAT_FUNC(filedes,&fs);
if(!(line->attr&DB_RDEV))
fs.st_rdev=0;
@@ -331,7 +330,7 @@ void calc_md(struct AIDE_STAT_TYPE* old_
}
#endif
#endif /* not HAVE_MMAP */
- buf=malloc(READ_BLOCK_SIZE);
+// buf=malloc(READ_BLOCK_SIZE);
#if READ_BLOCK_SIZE>SSIZE_MAX
#error "READ_BLOCK_SIZE" is too large. Max value is SSIZE_MAX, and current is READ_BLOCK_SIZE
#endif
diff -up ./src/gen_list.c.coverity ./src/gen_list.c
--- ./src/gen_list.c.coverity 2016-07-25 22:56:55.000000000 +0200
+++ ./src/gen_list.c 2018-10-10 19:27:18.684632716 +0200
@@ -843,15 +843,15 @@ static void add_file_to_tree(seltree* tr
DB_ATTR_TYPE localignorelist=0;
DB_ATTR_TYPE ignored_added_attrs, ignored_removed_attrs, ignored_changed_attrs;
+ if(file==NULL){
+ error(0, "add_file_to_tree was called with NULL db_line\n");
+ }
+
node=get_seltree_node(tree,file->filename);
if(!node){
node=new_seltree_node(tree,file->filename,0,NULL);
}
-
- if(file==NULL){
- error(0, "add_file_to_tree was called with NULL db_line\n");
- }
/* add note to this node which db has modified it */
node->checked|=db;
diff -up ./src/md.c.coverity ./src/md.c
--- ./src/md.c.coverity 2018-10-10 19:27:18.679632672 +0200
+++ ./src/md.c 2018-10-10 19:27:18.684632716 +0200
@@ -36,8 +36,8 @@
*/
DB_ATTR_TYPE hash_gcrypt2attr(int i) {
- DB_ATTR_TYPE r=0;
#ifdef WITH_GCRYPT
+ DB_ATTR_TYPE r=0;
switch (i) {
case GCRY_MD_MD5: {
r=DB_MD5;
@@ -74,13 +74,15 @@ DB_ATTR_TYPE hash_gcrypt2attr(int i) {
default:
break;
}
-#endif
return r;
+#else /* !WITH_GCRYPT */
+ return 0;
+#endif
}
const char * hash_gcrypt2str(int i) {
- char * r = "?";
#ifdef WITH_GCRYPT
+ char * r = "?";
switch (i) {
case GCRY_MD_MD5: {
r = "MD5";
@@ -117,13 +119,17 @@ const char * hash_gcrypt2str(int i) {
default:
break;
}
-#endif
return r;
+#else /* !WITH_GCRYPT */
+ return "?";
+#endif
}
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wunused-parameter"
DB_ATTR_TYPE hash_mhash2attr(int i) {
- DB_ATTR_TYPE r=0;
#ifdef WITH_MHASH
+ DB_ATTR_TYPE r=0;
switch (i) {
case MHASH_CRC32: {
r=DB_CRC32;
@@ -198,10 +204,15 @@ DB_ATTR_TYPE hash_mhash2attr(int i) {
default:
break;
}
-#endif
+
return r;
+#else /*!WITH_MHASH */
+ return 0;
+#endif
}
+#pragma GCC diagnostic pop
+
/*
Initialise md_container according it's todo_attr field
*/
@@ -317,7 +328,6 @@ int init_md(struct md_container* md) {
*/
int update_md(struct md_container* md,void* data,ssize_t size) {
- int i;
error(255,"update_md called\n");
@@ -328,6 +338,7 @@ int update_md(struct md_container* md,vo
#endif
#ifdef WITH_MHASH
+ int i;
for(i=0;i<=HASH_MHASH_COUNT;i++) {
if (md->mhash_mdh[i]!=MHASH_FAILED) {
@@ -348,7 +359,6 @@ int update_md(struct md_container* md,vo
*/
int close_md(struct md_container* md) {
- int i;
#ifdef _PARAMETER_CHECK_
if (md==NULL) {
return RETFAIL;
@@ -356,6 +366,7 @@ int close_md(struct md_container* md) {
#endif
error(255,"close_md called \n");
#ifdef WITH_MHASH
+ int i;
for(i=0;i<=HASH_MHASH_COUNT;i++) {
if (md->mhash_mdh[i]!=MHASH_FAILED) {
mhash (md->mhash_mdh[i], NULL, 0);
diff -up ./src/util.c.coverity ./src/util.c
--- ./src/util.c.coverity 2018-10-10 19:27:18.670632593 +0200
+++ ./src/util.c 2018-10-10 19:27:18.684632716 +0200
@@ -105,13 +105,15 @@ url_t* parse_url(char* val)
for(i=0;r[0]!='/'&&r[0]!='\0';r++,i++);
if(r[0]=='\0'){
error(0,"Invalid file-URL,no path after hostname: file:%s\n",t);
+ free(hostname);
return NULL;
}
u->value=strdup(r);
r[0]='\0';
if(gethostname(hostname,MAXHOSTNAMELEN)==-1){
- strncpy(hostname,"localhost", 10);
+ strncpy(hostname,"localhost", 10);
}
+
if( (strcmp(t,"localhost")==0)||(strcmp(t,hostname)==0)){
free(hostname);
break;
@@ -120,7 +122,7 @@ url_t* parse_url(char* val)
free(hostname);
return NULL;
}
- free(hostname);
+
break;
}
u->value=strdup(r);

31
coverity2.patch
View File

@ -1,31 +0,0 @@
diff --up ./src/compare_db.c ./src/compare_db.c
--- ./src/compare_db.c
+++ ./src/compare_db.c
@@ -438,7 +438,11 @@ snprintf(*values[0], l, "%s",s);
} else {
*values = malloc(1 * sizeof (char*));
if (DB_FTYPE&attr) {
- easy_string(get_file_type_string(line->perm))
+ char *file_type = get_file_type_string(line->perm);
+ if (!file_type) {
+ error(2,"%s: ", file_type);
+ }
+ easy_string(file_type)
} else if (DB_LINKNAME&attr) {
easy_string(line->linkname)
easy_number((DB_SIZE|DB_SIZEG),size,"%li")
diff -up ./src/db_file.c ./src/db_file.c
--- ./src/db_file.c
+++ ./src/db_file.c
@@ -194,6 +194,10 @@ int db_file_read_spec(int db){
*db_order=(DB_FIELD*) malloc(1*sizeof(DB_FIELD));
+ if (*db_order == NULL){
+ error(1,"malloc for *db_order failed in %s", __func__);
+ }
+
while ((i=db_scan())!=TNEWLINE){
switch (i) {

BIN
gpgkey-aide.gpg Normal file
View File

Binary file not shown.

21
rootPrefix.patch
View File

@ -1,21 +0,0 @@
diff -Naur aide-0.16.orig/src/db_disk.c aide-0.16/src/db_disk.c
--- aide-0.16.orig/src/db_disk.c 2024-03-11 16:45:06.594013966 -0400
+++ aide-0.16/src/db_disk.c 2024-03-11 16:45:06.584013966 -0400
@@ -209,7 +209,7 @@
fullname=malloc((conf->root_prefix_length+2)*sizeof(char));
strcpy(fullname, conf->root_prefix);
strcat (fullname, "/");
- if (!get_file_status(&fullname[conf->root_prefix_length], &fs)) {
+ if (!get_file_status(fullname, &fs)) {
add = check_rxtree (&fullname[conf->root_prefix_length], conf->tree, &attr, fs.st_mode);
error (240, "%s match=%d, tree=%p, attr=%llu\n", &fullname[conf->root_prefix_length], add,
conf->tree, attr);
@@ -255,7 +255,7 @@
If not call, db_readline_disk again...
*/
- if (get_file_status(&fullname[conf->root_prefix_length], &fs)) {
+ if (get_file_status(fullname, &fs)) {
free (fullname);
goto recursion;
}

3
sources
View File

@ -1 +1,2 @@
SHA512 (aide-0.16.tar.gz) = 29ad97756e3e2fb21dc332ed03b494a1c73e621266f8622ec80bdba23092a38ee975b97f3cff2330e4c16e64e2f672259eea9291ca706a4009e7399b4e14e6a7
SHA512 (aide-0.19.2.tar.gz) = 08506c2302e34794fa08a27caaa1e714ba736d46351c577234f2c3d2623ea82b243b3318061a369a46d6961a782f42fbb8edd42d1d4de6949e7fc30c87865830
SHA512 (aide-0.19.2.tar.gz.asc) = ebc04f22a49ec6b378dca4930574edcd46919281297bc1d5e09f5839a6fab3a38762462b7d852a82b7045313f9c24208bfff49a561d8afd04e9116be7096169a