diff --git a/aide-0.15-syslog-format.patch b/aide-0.15-syslog-format.patch new file mode 100644 index 0000000..0361434 --- /dev/null +++ b/aide-0.15-syslog-format.patch @@ -0,0 +1,496 @@ +diff -up ./doc/aide.conf.5.in.syslog_format ./doc/aide.conf.5.in +--- ./doc/aide.conf.5.in.syslog_format 2016-07-25 22:58:12.000000000 +0200 ++++ ./doc/aide.conf.5.in 2018-09-27 19:09:09.697371212 +0200 +@@ -57,6 +57,25 @@ inclusive. This parameter can only be gi + occurrence is used. If \-\-verbose or \-V is used then the value from that + is used. The default is 5. If verbosity is 20 then additional report + output is written when doing \-\-check, \-\-update or \-\-compare. ++.IP "syslog_format" ++Valid values are yes,true,no and false. This option enables new syslog format ++which is suitable for logging. Every change is logged as one simple line. This option ++changes verbose level to 0 and prints everything that was changed. It is suggested ++to use this option with "report_url=syslog:...". Default value is "false/no". ++Maximum size of message is 1KB which is limitation of syslog call. If message is ++greater than limit, message will be truncated. ++Option summarize_changes has no impact for this format. ++.nf ++.eo ++ ++Output always starts with: ++"AIDE found differences between database and filesystem!!" ++And it is followed by summary: ++summary;total_number_of_files=1000;added_files=0;removed_files=0;changed_files=1 ++And finally there are logs about changes: ++dir=/usr/sbin;Mtime_old=0000-00-00 00:00:00;Mtime_new=0000-00-00 00:00:00;... ++.ec ++.fi + .IP "report_url" + The url that the output is written to. There can be multiple instances + of this parameter. Output is written to all of them. The default is +diff -up ./include/db_config.h.syslog_format ./include/db_config.h +--- ./include/db_config.h.syslog_format 2016-07-25 22:56:55.000000000 +0200 ++++ ./include/db_config.h 2018-09-27 19:09:09.697371212 +0200 +@@ -311,6 +311,7 @@ typedef struct db_config { + FILE* db_out; + + int config_check; ++ int syslog_format; + + struct md_container *mdc_in; + struct md_container *mdc_out; +diff -up ./src/aide.c.syslog_format ./src/aide.c +--- ./src/aide.c.syslog_format 2018-09-27 19:09:09.695371197 +0200 ++++ ./src/aide.c 2018-09-27 19:09:09.698371220 +0200 +@@ -283,6 +283,7 @@ static void setdefaults_before_config() + } + + /* Setting some defaults */ ++ conf->syslog_format=0; + conf->report_db=0; + conf->tree=NULL; + conf->config_check=0; +@@ -495,6 +496,10 @@ static void setdefaults_after_config() + if(conf->verbose_level==-1){ + conf->verbose_level=5; + } ++ if(conf->syslog_format==1){ ++ conf->verbose_level=0; ++ } ++ + } + + +diff -up ./src/compare_db.c.syslog_format ./src/compare_db.c +--- ./src/compare_db.c.syslog_format 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/compare_db.c 2018-09-27 19:09:09.698371220 +0200 +@@ -110,7 +110,7 @@ const DB_ATTR_TYPE details_attributes[] + #endif + }; + +-const char* details_string[] = { _("File type") , _("Lname"), _("Size"), _("Size (>)"), _("Bcount"), _("Perm"), _("Uid"), _("Gid"), _("Atime"), _("Mtime"), _("Ctime"), _("Inode"), _("Linkcount"), _("MD5"), _("SHA1"), _("RMD160"), _("TIGER"), _("SHA256"), _("SHA512") ++const char* details_string[] = { _("File type") , _("Lname"), _("Size"), _("Size"), _("Bcount"), _("Perm"), _("Uid"), _("Gid"), _("Atime"), _("Mtime"), _("Ctime"), _("Inode"), _("Linkcount"), _("MD5"), _("SHA1"), _("RMD160"), _("TIGER"), _("SHA256"), _("SHA512") + #ifdef WITH_MHASH + , _("CRC32"), _("HAVAL"), _("GOST"), _("CRC32B"), _("WHIRLPOOL") + #endif +@@ -269,12 +269,19 @@ static int xattrs2array(xattrs_type* xat + if ((len == xattrs->ents[num - 1].vsz) || ((len == (xattrs->ents[num - 1].vsz - 1)) && !val[len])) { + length = 8 + width + strlen(xattrs->ents[num - 1].key) + strlen(val); + (*values)[num]=malloc(length *sizeof(char)); +- snprintf((*values)[num], length , "[%.*zd] %s = %s", width, num, xattrs->ents[num - 1].key, val); ++ ++ char * fmt = "[%.*zd] %s = %s"; ++ if (conf->syslog_format) fmt = "[%.*zd]%s=%s"; // its smaller so it has to be enough space allocated. ++ snprintf((*values)[num], length , fmt, width, num, xattrs->ents[num - 1].key, val); ++ + } else { + val = encode_base64(xattrs->ents[num - 1].val, xattrs->ents[num - 1].vsz); + length = 10 + width + strlen(xattrs->ents[num - 1].key) + strlen(val); + (*values)[num]=malloc( length *sizeof(char)); +- snprintf((*values)[num], length , "[%.*zd] %s <=> %s", width, num, xattrs->ents[num - 1].key, val); ++ ++ char * fmt = "[%.*zd] %s <=> %s"; ++ if (conf->syslog_format) fmt = "[%.*zd]%s<=>%s"; // its smaller so it has to be enough space allocated. ++ snprintf((*values)[num], length , fmt, width, num, xattrs->ents[num - 1].key, val); + free(val); + } + } +@@ -302,6 +309,26 @@ static int acl2array(acl_type* acl, char + } + if (acl->acl_a || acl->acl_d) { + int j, k, i; ++ if (conf->syslog_format) { ++ *values = malloc(2 * sizeof(char*)); ++ ++ char *A, *D = ""; ++ ++ if (acl->acl_a) { A = acl->acl_a; } ++ if (acl->acl_d) { D = acl->acl_d; } ++ ++ (*values)[0] = (char*) malloc(strlen(A) + 3); // "A:" and \0 ++ snprintf((*values)[0], strlen(A) + 3, "A:%s", A); ++ ++ (*values)[1] = (char*) malloc(strlen(D) + 3); // "D:" and \0 ++ snprintf((*values)[1], strlen(D) + 3, "D:%s", D); ++ ++ i = 0; while ( (*values)[0][i] ) { if ( (*values)[0][i]=='\n') { (*values)[0][i] = ' '; } i++; } ++ i = 0; while ( (*values)[1][i] ) { if ( (*values)[1][i]=='\n') { (*values)[1][i] = ' '; } i++; } ++ ++ return 2; ++ } ++ + if (acl->acl_a) { i = 0; while (acl->acl_a[i]) { if (acl->acl_a[i++]=='\n') { n++; } } } + if (acl->acl_d) { i = 0; while (acl->acl_d[i]) { if (acl->acl_d[i++]=='\n') { n++; } } } + *values = malloc(n * sizeof(char*)); +@@ -338,25 +365,25 @@ static char* e2fsattrs2string(unsigned l + + static char* get_file_type_string(mode_t mode) { + switch (mode & S_IFMT) { +- case S_IFREG: return _("File"); +- case S_IFDIR: return _("Directory"); ++ case S_IFREG: return conf->syslog_format ? "file" : _("File"); ++ case S_IFDIR: return conf->syslog_format ? "dir" : _("Directory"); + #ifdef S_IFIFO +- case S_IFIFO: return _("FIFO"); ++ case S_IFIFO: return conf->syslog_format ? "fifo" : _("FIFO"); + #endif +- case S_IFLNK: return _("Link"); +- case S_IFBLK: return _("Block device"); +- case S_IFCHR: return _("Character device"); ++ case S_IFLNK: return conf->syslog_format ? "link" : _("Link"); ++ case S_IFBLK: return conf->syslog_format ? "blockd" : _("Block device"); ++ case S_IFCHR: return conf->syslog_format ? "chard" : _("Character device"); + #ifdef S_IFSOCK +- case S_IFSOCK: return _("Socket"); ++ case S_IFSOCK: return conf->syslog_format ? "socket" : _("Socket"); + #endif + #ifdef S_IFDOOR +- case S_IFDOOR: return _("Door"); ++ case S_IFDOOR: return conf->syslog_format ? "door" : _("Door"); + #endif + #ifdef S_IFPORT +- case S_IFPORT: return _("Port"); ++ case S_IFPORT: return conf->syslog_format ? "port" : _("Port"); + #endif + case 0: return NULL; +- default: return _("Unknown file type"); ++ default: return conf->syslog_format ? "unknown" : _("Unknown file type"); + } + } + +@@ -554,6 +581,51 @@ static void print_dbline_attributes(db_l + } + } + ++ ++static void print_dbline_attributes_syslog(db_line* oline, db_line* nline, DB_ATTR_TYPE ++ changed_attrs, DB_ATTR_TYPE force_attrs) { ++ char **ovalue, **nvalue; ++ int onumber, nnumber, i, j; ++ int length = sizeof(details_attributes)/sizeof(DB_ATTR_TYPE); ++ DB_ATTR_TYPE attrs; ++ char *file_type = get_file_type_string((nline==NULL?oline:nline)->perm); ++ if (file_type) { ++ error(0,"%s=", file_type); ++ } ++ error(0,"%s", (nline==NULL?oline:nline)->filename); ++ attrs=force_attrs|(~(ignored_changed_attrs)&changed_attrs); ++ for (j=0; j < length; ++j) { ++ if (details_attributes[j]&attrs) { ++ onumber=get_attribute_values(details_attributes[j], oline, &ovalue); ++ nnumber=get_attribute_values(details_attributes[j], nline, &nvalue); ++ ++ if (details_attributes[j] == DB_ACL || details_attributes[j] == DB_XATTRS) { ++ ++ error(0, ";%s_old=|", details_string[j]); ++ ++ for (i = 0 ; i < onumber ; i++) { ++ error(0, "%s|", ovalue[i]); ++ } ++ ++ error(0, ";%s_new=|", details_string[j]); ++ ++ for (i = 0 ; i < nnumber ; i++) { ++ error(0, "%s|", nvalue[i]); ++ } ++ ++ } else { ++ ++ error(0, ";%s_old=%s;%s_new=%s", details_string[j], *ovalue, details_string[j], *nvalue); ++ ++ } ++ ++ for(i=0; i < onumber; ++i) { free(ovalue[i]); ovalue[i]=NULL; } free(ovalue); ovalue=NULL; ++ for(i=0; i < nnumber; ++i) { free(nvalue[i]); nvalue[i]=NULL; } free(nvalue); nvalue=NULL; ++ } ++ } ++ error(0, "\n"); ++} ++ + static void print_attributes_added_node(db_line* line) { + print_dbline_attributes(NULL, line, 0, line->attr); + } +@@ -562,6 +634,26 @@ static void print_attributes_removed_nod + print_dbline_attributes(line, NULL, 0, line->attr); + } + ++static void print_attributes_added_node_syslog(db_line* line) { ++ ++ char *file_type = get_file_type_string(line->perm); ++ if (file_type) { ++ error(0,"%s=", file_type); ++ } ++ error(0,"%s; added\n", line->filename); ++ ++} ++ ++static void print_attributes_removed_node_syslog(db_line* line) { ++ ++ char *file_type = get_file_type_string(line->perm); ++ if (file_type) { ++ error(0,"%s=", file_type); ++ } ++ error(0,"%s; removed\n", line->filename); ++ ++} ++ + static void terse_report(seltree* node) { + list* r=NULL; + if ((node->checked&(DB_OLD|DB_NEW)) != 0) { +@@ -626,6 +718,26 @@ static void print_report_details(seltree + } + } + ++static void print_syslog_format(seltree* node) { ++ list* r=NULL; ++ ++ if (node->checked&NODE_CHANGED) { ++ print_dbline_attributes_syslog(node->old_data, node->new_data, node->changed_attrs, forced_attrs); ++ } ++ ++ if (node->checked&NODE_ADDED) { ++ print_attributes_added_node_syslog(node->new_data); ++ } ++ ++ if (node->checked&NODE_REMOVED) { ++ print_attributes_removed_node_syslog(node->old_data); ++ } ++ ++ for(r=node->childs;r;r=r->next){ ++ print_syslog_format((seltree*)r->data); ++ } ++} ++ + static void print_report_header() { + char *time; + int first = 1; +@@ -747,39 +859,53 @@ int gen_report(seltree* node) { + send_audit_report(); + #endif + if ((nadd|nrem|nchg) > 0 || conf->report_quiet == 0) { +- print_report_header(); +- if(conf->action&(DO_COMPARE|DO_DIFF) || (conf->action&DO_INIT && conf->report_detailed_init) ) { +- if (conf->grouped) { +- if (nadd) { +- error(2,(char*)report_top_format,_("Added entries")); +- print_report_list(node, NODE_ADDED); +- } +- if (nrem) { +- error(2,(char*)report_top_format,_("Removed entries")); +- print_report_list(node, NODE_REMOVED); +- } +- if (nchg) { +- error(2,(char*)report_top_format,_("Changed entries")); +- print_report_list(node, NODE_CHANGED); +- } +- } else if (nadd || nrem || nchg) { +- if (nadd && nrem && nchg) { error(2,(char*)report_top_format,_("Added, removed and changed entries")); } +- else if (nadd && nrem) { error(2,(char*)report_top_format,_("Added and removed entries")); } +- else if (nadd && nchg) { error(2,(char*)report_top_format,_("Added and changed entries")); } +- else if (nrem && nchg) { error(2,(char*)report_top_format,_("Removed and changed entries")); } +- else if (nadd) { error(2,(char*)report_top_format,_("Added entries")); } +- else if (nrem) { error(2,(char*)report_top_format,_("Removed entries")); } +- else if (nchg) { error(2,(char*)report_top_format,_("Changed entries")); } +- print_report_list(node, NODE_ADDED|NODE_REMOVED|NODE_CHANGED); +- } +- if (nadd || nrem || nchg) { +- error(nchg?5:7,(char*)report_top_format,_("Detailed information about changes")); +- print_report_details(node); +- } +- } +- print_report_databases(); +- conf->end_time=time(&(conf->end_time)); +- print_report_footer(); ++ ++ if (!conf->syslog_format) { ++ print_report_header(); ++ } ++ ++ if(conf->action&(DO_COMPARE|DO_DIFF) || (conf->action&DO_INIT && conf->report_detailed_init) ) { ++ if (!conf->syslog_format && conf->grouped) { ++ if (nadd) { ++ error(2,(char*)report_top_format,_("Added entries")); ++ print_report_list(node, NODE_ADDED); ++ } ++ if (nrem) { ++ error(2,(char*)report_top_format,_("Removed entries")); ++ print_report_list(node, NODE_REMOVED); ++ } ++ if (nchg) { ++ error(2,(char*)report_top_format,_("Changed entries")); ++ print_report_list(node, NODE_CHANGED); ++ } ++ } else if (!conf->syslog_format && ( nadd || nrem || nchg ) ) { ++ if (nadd && nrem && nchg) { error(2,(char*)report_top_format,_("Added, removed and changed entries")); } ++ else if (nadd && nrem) { error(2,(char*)report_top_format,_("Added and removed entries")); } ++ else if (nadd && nchg) { error(2,(char*)report_top_format,_("Added and changed entries")); } ++ else if (nrem && nchg) { error(2,(char*)report_top_format,_("Removed and changed entries")); } ++ else if (nadd) { error(2,(char*)report_top_format,_("Added entries")); } ++ else if (nrem) { error(2,(char*)report_top_format,_("Removed entries")); } ++ else if (nchg) { error(2,(char*)report_top_format,_("Changed entries")); } ++ print_report_list(node, NODE_ADDED|NODE_REMOVED|NODE_CHANGED); ++ } ++ if (nadd || nrem || nchg) { ++ if (!conf->syslog_format) { ++ error(nchg?5:7,(char*)report_top_format,_("Detailed information about changes")); ++ print_report_details(node); ++ } else { ++ /* Syslog Format */ ++ error(0, "AIDE found differences between database and filesystem!!\n"); ++ error(0, "summary;total_number_of_files=%ld;added_files=%ld;" ++ "removed_files=%ld;changed_files=%ld\n",ntotal,nadd,nrem,nchg); ++ print_syslog_format(node); ++ } ++ } ++ } ++ if (!conf->syslog_format) { ++ print_report_databases(); ++ conf->end_time=time(&(conf->end_time)); ++ print_report_footer(); ++ } + } + + return conf->action&(DO_COMPARE|DO_DIFF) ? (nadd!=0)*1+(nrem!=0)*2+(nchg!=0)*4 : 0; +diff -up ./src/conf_lex.l.syslog_format ./src/conf_lex.l +--- ./src/conf_lex.l.syslog_format 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/conf_lex.l 2018-09-27 19:09:09.698371220 +0200 +@@ -401,6 +401,12 @@ int var_in_conflval=0; + return (TROOT_PREFIX); + } + ++^[\t\ ]*"syslog_format"{E} { ++ error(230,"%li:syslog_format =\n",conf_lineno); ++ BEGIN CONFVALHUNT; ++ return (SYSLOG_FORMAT); ++} ++ + ^[\t\ ]*"recstop"{E} { + error(230,"%li:recstop =\n",conf_lineno); + BEGIN CONFVALHUNT; +diff -up ./src/conf_yacc.y.syslog_format ./src/conf_yacc.y +--- ./src/conf_yacc.y.syslog_format 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/conf_yacc.y 2018-09-27 19:09:09.699371228 +0200 +@@ -89,6 +89,7 @@ extern long conf_lineno; + %token TREPORT_URL + %token TGZIPDBOUT + %token TROOT_PREFIX ++%token SYSLOG_FORMAT + %token TUMASK + %token TTRUE + %token TFALSE +@@ -160,7 +161,7 @@ line : rule | equrule | negrule | define + | ifdefstmt | ifndefstmt | ifhoststmt | ifnhoststmt + | groupdef | db_in | db_out | db_new | db_attrs | verbose | report_detailed_init | config_version + | database_add_metadata | report | gzipdbout | root_prefix | report_base16 | report_quiet +- | report_ignore_e2fsattrs | recursion_stopper | warn_dead_symlinks | grouped ++ | report_ignore_e2fsattrs | syslogformat | recursion_stopper | warn_dead_symlinks | grouped + | summarize_changes | acl_no_symlink_follow | beginconfigstmt | endconfigstmt + | TEOF { + newlinelastinconfig=1; +@@ -408,6 +409,15 @@ conf->gzip_dbout=0; + #endif + } ; + ++syslogformat : SYSLOG_FORMAT TTRUE { ++conf->syslog_format=1; ++} | ++ SYSLOG_FORMAT TFALSE { ++conf->syslog_format=0; ++} ; ++ ++ ++ + recursion_stopper : TRECSTOP TSTRING { + /* FIXME implement me */ + +diff -up ./src/error.c.syslog_format ./src/error.c +--- ./src/error.c.syslog_format 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/error.c 2018-09-27 19:13:40.312416750 +0200 +@@ -38,6 +38,9 @@ + /*for locale support*/ + #include "util.h" + ++#define MAX_BUFFER_SIZE 1024 ++static char syslog_buffer[MAX_BUFFER_SIZE+1]; ++ + int cmp_url(url_t* url1,url_t* url2){ + + return ((url1->type==url2->type)&&(strcmp(url1->value,url2->value)==0)); +@@ -48,7 +51,9 @@ int error_init(url_t* url,int initial) + { + list* r=NULL; + FILE* fh=NULL; +- int sfac; ++ int sfac; ++ ++ memset(syslog_buffer, 0, MAX_BUFFER_SIZE+1); + + if (url->type==url_database) { + conf->report_db++; +@@ -163,13 +168,24 @@ void error(int errorlevel,char* error_ms + } + #ifdef HAVE_SYSLOG + if(conf->initial_report_url->type==url_syslog){ +-#ifdef HAVE_VSYSLOG +- vsyslog(SYSLOG_PRIORITY,error_msg,ap); +-#else +- char buf[1024]; +- vsnprintf(buf,1024,error_msg,ap); +- syslog(SYSLOG_PRIORITY,"%s",buf); +-#endif ++ ++ char buff[MAX_BUFFER_SIZE+1]; ++ vsnprintf(buff,MAX_BUFFER_SIZE,error_msg,ap); ++ size_t buff_len = strlen(buff); ++ ++ char result_buff[MAX_BUFFER_SIZE+1]; ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wformat-truncation" ++ snprintf(result_buff, MAX_BUFFER_SIZE, "%s%s", syslog_buffer, buff); ++#pragma GCC diagnostic pop ++ ++ if(buff[buff_len-1] == '\n'){ ++ syslog(SYSLOG_PRIORITY,"%s",result_buff); ++ memset(syslog_buffer, 0, MAX_BUFFER_SIZE+1); ++ } else { ++ memcpy(syslog_buffer, result_buff, MAX_BUFFER_SIZE); ++ } ++ + va_end(ap); + return; + } +@@ -181,17 +197,25 @@ void error(int errorlevel,char* error_ms + + #ifdef HAVE_SYSLOG + if (conf->report_syslog!=0) { +-#ifdef HAVE_VSYSLOG +- va_start(ap,error_msg); +- vsyslog(SYSLOG_PRIORITY,error_msg,ap); +- va_end(ap); +-#else +- char buf[1024]; +- va_start(ap,error_msg); +- vsnprintf(buf,1024,error_msg,ap); ++ va_start(ap, error_msg); ++ ++ char buff[MAX_BUFFER_SIZE+1]; ++ vsnprintf(buff,MAX_BUFFER_SIZE,error_msg,ap); ++ size_t buff_len = strlen(buff); ++ ++ char result_buff[MAX_BUFFER_SIZE+1]; ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wformat-truncation" ++ snprintf(result_buff, MAX_BUFFER_SIZE, "%s%s", syslog_buffer, buff); ++#pragma GCC diagnostic pop ++ ++ if(buff[buff_len-1] == '\n'){ ++ syslog(SYSLOG_PRIORITY,"%s",result_buff); ++ memset(syslog_buffer, 0, MAX_BUFFER_SIZE+1); ++ } else { ++ memcpy(syslog_buffer, result_buff, MAX_BUFFER_SIZE); ++ } + va_end(ap); +- syslog(SYSLOG_PRIORITY,"%s",buf); +-#endif + } + #endif + diff --git a/aide-0.16-crash-elf.patch b/aide-0.16-crash-elf.patch new file mode 100644 index 0000000..5aa3472 --- /dev/null +++ b/aide-0.16-crash-elf.patch @@ -0,0 +1,17 @@ +--- ./src/do_md.c 2018-03-19 05:10:19.994957024 -0400 ++++ ./src/do_md.c 2018-03-19 05:19:05.829957024 -0400 +@@ -135,8 +135,13 @@ + continue; + + while (!bingo && (data = elf_getdata (scn, data)) != NULL) { +- int maxndx = data->d_size / shdr.sh_entsize; ++ int maxndx; + int ndx; ++ ++ if (shdr.sh_entsize != 0) ++ maxndx = data->d_size / shdr.sh_entsize; ++ else ++ continue; + + for (ndx = 0; ndx < maxndx; ++ndx) { + (void) gelf_getdyn (data, ndx, &dyn); diff --git a/aide-0.16-crypto-disable-haval-and-others.patch b/aide-0.16-crypto-disable-haval-and-others.patch new file mode 100644 index 0000000..a066fd9 --- /dev/null +++ b/aide-0.16-crypto-disable-haval-and-others.patch @@ -0,0 +1,153 @@ +diff -up ./include/md.h.crypto ./include/md.h +--- ./include/md.h.crypto 2016-07-25 22:56:55.000000000 +0200 ++++ ./include/md.h 2018-08-29 15:00:30.827491299 +0200 +@@ -149,6 +149,7 @@ int init_md(struct md_container*); + int update_md(struct md_container*,void*,ssize_t); + int close_md(struct md_container*); + void md2line(struct md_container*,struct db_line*); ++DB_ATTR_TYPE get_available_crypto(); + + + #endif /*_MD_H_INCLUDED*/ +diff -up ./src/aide.c.crypto ./src/aide.c +--- ./src/aide.c.crypto 2018-08-29 15:00:30.825491309 +0200 ++++ ./src/aide.c 2018-08-29 15:00:30.827491299 +0200 +@@ -349,7 +349,7 @@ static void setdefaults_before_config() + + conf->db_attrs = 0; + #if defined(WITH_MHASH) || defined(WITH_GCRYPT) +- conf->db_attrs |= DB_MD5|DB_TIGER|DB_HAVAL|DB_CRC32|DB_SHA1|DB_RMD160|DB_SHA256|DB_SHA512; ++ conf->db_attrs |= get_available_crypto(); + #ifdef WITH_MHASH + conf->db_attrs |= DB_GOST; + #ifdef HAVE_MHASH_WHIRLPOOL +diff -up ./src/md.c.crypto ./src/md.c +--- ./src/md.c.crypto 2018-08-29 15:00:30.823491319 +0200 ++++ ./src/md.c 2018-08-29 15:02:28.013903479 +0200 +@@ -78,6 +78,49 @@ DB_ATTR_TYPE hash_gcrypt2attr(int i) { + return r; + } + ++const char * hash_gcrypt2str(int i) { ++ char * r = "?"; ++#ifdef WITH_GCRYPT ++ switch (i) { ++ case GCRY_MD_MD5: { ++ r = "MD5"; ++ break; ++ } ++ case GCRY_MD_SHA1: { ++ r = "SHA1"; ++ break; ++ } ++ case GCRY_MD_RMD160: { ++ r = "RMD160"; ++ break; ++ } ++ case GCRY_MD_TIGER: { ++ r = "TIGER"; ++ break; ++ } ++ case GCRY_MD_HAVAL: { ++ r = "HAVAL"; ++ break; ++ } ++ case GCRY_MD_SHA256: { ++ r = "SHA256"; ++ break; ++ } ++ case GCRY_MD_SHA512: { ++ r = "SHA512"; ++ break; ++ } ++ case GCRY_MD_CRC32: { ++ r = "CRC32"; ++ break; ++ } ++ default: ++ break; ++ } ++#endif ++ return r; ++} ++ + DB_ATTR_TYPE hash_mhash2attr(int i) { + DB_ATTR_TYPE r=0; + #ifdef WITH_MHASH +@@ -163,6 +206,44 @@ DB_ATTR_TYPE hash_mhash2attr(int i) { + Initialise md_container according it's todo_attr field + */ + ++DB_ATTR_TYPE get_available_crypto() { ++ ++ DB_ATTR_TYPE ret = 0; ++ ++/* ++ * This function is usually called before config processing ++ * and default verbose level is 5 ++ */ ++#define lvl 255 ++ ++ error(lvl, "get_available_crypto called\n"); ++ ++#ifdef WITH_GCRYPT ++ ++ /* ++ * some initialization for FIPS ++ */ ++ gcry_check_version(NULL); ++ error(lvl, "Found algos:"); ++ ++ for(int i=0;i<=HASH_GCRYPT_COUNT;i++) { ++ ++ if ( (hash_gcrypt2attr(i) & HASH_USE_GCRYPT) == 0 ) ++ continue; ++ ++ if (gcry_md_algo_info(i, GCRYCTL_TEST_ALGO, NULL, NULL) == 0) { ++ ret |= hash_gcrypt2attr(i); ++ error(lvl, " %s", hash_gcrypt2str(i)); ++ } ++ } ++ error(lvl, "\n"); ++ ++#endif ++ ++ error(lvl, "get_available_crypto_returned with %lld\n", ret); ++ return ret; ++} ++ + int init_md(struct md_container* md) { + + int i; +@@ -201,18 +282,27 @@ int init_md(struct md_container* md) { + } + #endif + #ifdef WITH_GCRYPT +- if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){ ++ if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){ + error(0,"gcrypt_md_open failed\n"); + exit(IO_ERROR); + } + for(i=0;i<=HASH_GCRYPT_COUNT;i++) { ++ ++ + if (((hash_gcrypt2attr(i)&HASH_USE_GCRYPT)&md->todo_attr)!=0) { +- DB_ATTR_TYPE h=hash_gcrypt2attr(i); +- error(255,"inserting %llu\n",h); ++ ++ DB_ATTR_TYPE h=hash_gcrypt2attr(i); ++ ++ if (gcry_md_algo_info(i, GCRYCTL_TEST_ALGO, NULL, NULL) != 0) { ++ error(0,"Algo %s is not available\n", hash_gcrypt2str(i)); ++ exit(-1); ++ } ++ ++ error(255,"inserting %llu\n",h); + if(gcry_md_enable(md->mdh,i)==GPG_ERR_NO_ERROR){ + md->calc_attr|=h; + } else { +- error(0,"gcry_md_enable %i failed",i); ++ error(0,"gcry_md_enable %i failed\n",i); + md->todo_attr&=~h; + } + } diff --git a/aide.spec b/aide.spec index e7209d9..1294ccc 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.16 -Release: 11%{?dist} +Release: 12%{?dist} URL: http://sourceforge.net/projects/aide License: GPLv2+ @@ -32,6 +32,11 @@ Patch2: aide-0.16b1-fipsfix.patch # Bug 1674637 - aide: FTBFS in Fedora rawhide/f30 Patch3: aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch +Patch4: aide-0.15-syslog-format.patch +Patch5: aide-0.16-crypto-disable-haval-and-others.patch +Patch6: coverity.patch +Patch7: aide-0.16-crash-elf.patch + %description AIDE (Advanced Intrusion Detection Environment) is a file integrity checker and intrusion detection program. @@ -75,6 +80,10 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Wed Jul 31 2019 Radovan Sroka - 0.16-12 +- backport some patches + Resolves: rhbz#1717140 + * Wed Jul 24 2019 Fedora Release Engineering - 0.16-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild @@ -109,7 +118,7 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide * Tue Apr 04 2017 Radovan Sroka - 0.16-1 - rebase to stable v0.16 - specfile cleanup -- make doc readable +- make doc readable resolves: #1421355 - make aide binary runable for any user resolves: #1421351 @@ -298,4 +307,3 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide * Sun Sep 07 2003 Michael Schwendt - 0:0.9-0.fdr.0.1.20030902 - Initial package version. - diff --git a/coverity.patch b/coverity.patch new file mode 100644 index 0000000..21535d6 --- /dev/null +++ b/coverity.patch @@ -0,0 +1,642 @@ +diff -up ./include/be.h.coverity ./include/be.h +--- ./include/be.h.coverity 2016-07-25 22:56:55.000000000 +0200 ++++ ./include/be.h 2018-10-10 19:27:18.680632681 +0200 +@@ -22,6 +22,6 @@ + #define _BE_H_INCLUDED + #include "db_config.h" + +-FILE* be_init(int inout,url_t* u,int iszipped); ++void* be_init(int inout,url_t* u,int iszipped); + + #endif /* _BE_H_INCLUDED */ +diff -up ./include/db_config.h.coverity ./include/db_config.h +--- ./include/db_config.h.coverity 2018-10-10 19:27:18.672632611 +0200 ++++ ./include/db_config.h 2018-10-10 19:27:18.681632689 +0200 +@@ -376,7 +376,7 @@ typedef struct db_config { + #endif + + url_t* initial_report_url; +- FILE* initial_report_fd; ++ void* initial_report_fd; + + /* report_url is a list of url_t*s */ + list* report_url; +diff -up ./src/aide.c.coverity ./src/aide.c +--- ./src/aide.c.coverity 2018-10-10 19:27:18.678632663 +0200 ++++ ./src/aide.c 2018-10-10 19:27:18.681632689 +0200 +@@ -278,7 +278,7 @@ static void setdefaults_before_config() + error(0,_("Couldn't get hostname")); + free(s); + } else { +- s=(char*)realloc((void*)s,strlen(s)+1); ++ // s=(char*)realloc((void*)s,strlen(s)+1); + do_define("HOSTNAME",s); + } + +@@ -506,8 +506,6 @@ static void setdefaults_after_config() + int main(int argc,char**argv) + { + int errorno=0; +- byte* dig=NULL; +- char* digstr=NULL; + + #ifdef USE_LOCALE + setlocale(LC_ALL,""); +@@ -544,6 +542,10 @@ int main(int argc,char**argv) + } + + errorno=commandconf('C',conf->config_file); ++ if (errorno==RETFAIL){ ++ error(0,_("Configuration error\n")); ++ exit(INVALID_CONFIGURELINE_ERROR); ++ } + + errorno=commandconf('D',""); + if (errorno==RETFAIL){ +@@ -594,6 +596,9 @@ int main(int argc,char**argv) + } + } + #ifdef WITH_MHASH ++ byte* dig=NULL; ++ char* digstr=NULL; ++ + if(conf->config_check&&FORCECONFIGMD){ + error(0,"Can't give config checksum when compiled with --enable-forced_configmd\n"); + exit(INVALID_ARGUMENT_ERROR); +diff -up ./src/base64.c.coverity ./src/base64.c +--- ./src/base64.c.coverity 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/base64.c 2018-10-10 19:27:18.681632689 +0200 +@@ -209,6 +209,7 @@ byte* decode_base64(char* src,size_t ssi + case FAIL: + error(3, "decode_base64: Illegal character: %c\n", *inb); + error(230, "decode_base64: Illegal line:\n%s\n", src); ++ free(outbuf); + return NULL; + break; + case SKIP: +@@ -260,7 +261,7 @@ size_t length_base64(char* src,size_t ss + int l; + int left; + size_t pos; +- unsigned long triple; ++ //unsigned long triple; + + error(235, "decode base64\n"); + /* Exit on empty input */ +@@ -273,7 +274,7 @@ size_t length_base64(char* src,size_t ss + inb = src; + + l = 0; +- triple = 0; ++ //triple = 0; + pos=0; + left = ssize; + /* +@@ -293,7 +294,7 @@ size_t length_base64(char* src,size_t ss + case SKIP: + break; + default: +- triple = triple<<6 | (0x3f & i); ++ //triple = triple<<6 | (0x3f & i); + l++; + break; + } +@@ -302,10 +303,10 @@ size_t length_base64(char* src,size_t ss + switch(l) + { + case 2: +- triple = triple>>4; ++ //triple = triple>>4; + break; + case 3: +- triple = triple>>2; ++ //triple = triple>>2; + break; + default: + break; +@@ -314,7 +315,7 @@ size_t length_base64(char* src,size_t ss + { + pos++; + } +- triple = 0; ++ //triple = 0; + l = 0; + } + inb++; +diff -up ./src/be.c.coverity ./src/be.c +--- ./src/be.c.coverity 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/be.c 2018-10-10 19:27:18.681632689 +0200 +@@ -117,9 +117,9 @@ static char* get_first_value(char** in){ + + #endif + +-FILE* be_init(int inout,url_t* u,int iszipped) ++void* be_init(int inout,url_t* u,int iszipped) + { +- FILE* fh=NULL; ++ void* fh=NULL; + long a=0; + char* err=NULL; + int fd; +diff -up ./src/commandconf.c.coverity ./src/commandconf.c +--- ./src/commandconf.c.coverity 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/commandconf.c 2018-10-10 19:27:18.682632698 +0200 +@@ -106,7 +106,7 @@ int commandconf(const char mode,const ch + rv=0; + } else { + +- rv=access(config,R_OK); ++ if (config != NULL) rv=access(config,R_OK); + if(rv==-1){ + error(0,_("Cannot access config file: %s: %s\n"),config,strerror(errno)); + } +@@ -166,14 +166,11 @@ int commandconf(const char mode,const ch + int conf_input_wrapper(char* buf, int max_size, FILE* in) + { + int retval=0; +- int c=0; +- char* tmp=NULL; +- void* key=NULL; +- int keylen=0; + + /* FIXME Add support for gzipped config. :) */ + #ifdef WITH_MHASH + /* Read a character at a time until we are doing md */ ++ int c=0; + if(conf->do_configmd){ + retval=fread(buf,1,max_size,in); + }else { +@@ -185,6 +182,9 @@ int conf_input_wrapper(char* buf, int ma + #endif + + #ifdef WITH_MHASH ++ char* tmp=NULL; ++ void* key=NULL; ++ int keylen=0; + if(conf->do_configmd||conf->config_check){ + if(((conf->do_configmd==1)&&conf->config_check)||!conf->confmd){ + if(conf->do_configmd==1){ +@@ -276,6 +276,9 @@ int db_input_wrapper(char* buf, int max_ + #endif + break; + } ++ default: { ++ return 0; ++ } + } + + #ifdef WITH_CURL +@@ -651,7 +654,6 @@ int handle_endif(int doit,int allow_else + case 0 : { + conferror("@@endif or @@else expected"); + return -1; +- count=0; + } + + default : { +@@ -816,6 +818,7 @@ void do_dbdef(int dbtype,char* val) + if(u==NULL||u->type==url_unknown||u->type==url_stdout + ||u->type==url_stderr) { + error(0,_("Unsupported input URL-type:%s\n"),val); ++ free(u); + } + else { + *conf_db_url=u; +@@ -825,6 +828,7 @@ void do_dbdef(int dbtype,char* val) + case DB_WRITE: { + if(u==NULL||u->type==url_unknown||u->type==url_stdin){ + error(0,_("Unsupported output URL-type:%s\n"),val); ++ free(u); + } + else{ + conf->db_out_url=u; +@@ -848,6 +852,7 @@ void do_dbindef(char* val) + if(u==NULL||u->type==url_unknown||u->type==url_stdout + ||u->type==url_stderr) { + error(0,_("Unsupported input URL-type:%s\n"),val); ++ free(u); + } + else { + conf->db_in_url=u; +@@ -869,6 +874,7 @@ void do_dboutdef(char* val) + * both input and output urls */ + if(u==NULL||u->type==url_unknown||u->type==url_stdin){ + error(0,_("Unsupported output URL-type:%s\n"),val); ++ free(u); + } + else{ + conf->db_out_url=u; +@@ -894,7 +900,8 @@ void do_repurldef(char* val) + } else { + error_init(u,0); + } +- ++ ++ free(u); + } + + void do_verbdef(char* val) +@@ -984,7 +991,7 @@ void do_report_ignore_e2fsattrs(char* va + break; + } + } +- *val++; ++ (*val)++; + } + } + #endif +diff -up ./src/compare_db.c.coverity ./src/compare_db.c +--- ./src/compare_db.c.coverity 2018-10-10 19:27:18.673632619 +0200 ++++ ./src/compare_db.c 2018-10-10 19:27:18.682632698 +0200 +@@ -312,7 +312,7 @@ static int acl2array(acl_type* acl, char + if (conf->syslog_format) { + *values = malloc(2 * sizeof(char*)); + +- char *A, *D = ""; ++ char *A= "", *D = ""; + + if (acl->acl_a) { A = acl->acl_a; } + if (acl->acl_d) { D = acl->acl_d; } +diff -up ./src/conf_lex.l.coverity ./src/conf_lex.l +--- ./src/conf_lex.l.coverity 2018-10-10 19:27:18.673632619 +0200 ++++ ./src/conf_lex.l 2018-10-10 19:27:18.682632698 +0200 +@@ -133,7 +133,7 @@ int var_in_conflval=0; + [\ \t]*\n { + conf_lineno++; + return (TNEWLINE); +- BEGIN 0; ++// BEGIN 0; + } + + \+ { +diff -up ./src/db.c.coverity ./src/db.c +--- ./src/db.c.coverity 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/db.c 2018-10-10 19:27:18.683632707 +0200 +@@ -27,6 +27,7 @@ + #include "db_file.h" + #include "db_disk.h" + #include "md.h" ++#include "fopen.h" + + #ifdef WITH_PSQL + #include "db_sql.h" +@@ -269,6 +270,9 @@ db_line* db_readline(int db){ + db_order=&(conf->db_new_order); + break; + } ++ default: { ++ return NULL; ++ } + } + + switch (db_url->type) { +@@ -368,7 +372,7 @@ db_line* db_char2line(char** ss,int db){ + + int i; + db_line* line=(db_line*)malloc(sizeof(db_line)*1); +- int* db_osize=0; ++ int* db_osize=NULL; + DB_FIELD** db_order=NULL; + + switch (db) { +@@ -382,6 +386,10 @@ db_line* db_char2line(char** ss,int db){ + db_order=&(conf->db_new_order); + break; + } ++ default: { ++ free(line); ++ return NULL; ++ } + } + + +@@ -601,7 +609,9 @@ db_line* db_char2line(char** ss,int db){ + size_t vsz = 0; + + tval = strtok(NULL, ","); +- line->xattrs->ents[num].key = db_readchar(strdup(tval)); ++ char * tmp = strdup(tval); ++ line->xattrs->ents[num].key = db_readchar(tmp); ++ free(tmp); + tval = strtok(NULL, ","); + val = base64tobyte(tval, strlen(tval), &vsz); + line->xattrs->ents[num].val = val; +@@ -648,6 +658,8 @@ db_line* db_char2line(char** ss,int db){ + + default : { + error(0,_("Not implemented in db_char2line %i \n"),(*db_order)[i]); ++ free_db_line(line); ++ free(line); + return NULL; + } + +@@ -826,7 +838,7 @@ void db_close() { + case url_ftp: + { + if (conf->db_out!=NULL) { +- url_fclose(conf->db_out); ++ url_fclose((URL_FILE*)conf->db_out); + } + break; + } +diff -up ./src/db_disk.c.coverity ./src/db_disk.c +--- ./src/db_disk.c.coverity 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/db_disk.c 2018-10-10 19:28:00.108995089 +0200 +@@ -79,9 +79,15 @@ static DIR *open_dir(char* path) { + + static void next_in_dir (void) + { ++ + #ifdef HAVE_READDIR_R +- if (dirh != NULL) ++ if (dirh != NULL) { ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wdeprecated-declarations" + rdres = AIDE_READDIR_R_FUNC (dirh, entp, resp); ++#pragma GCC diagnostic pop ++ } ++ + #else + #ifdef HAVE_READDIR + if (dirh != NULL) { +diff -up ./src/db_file.c.coverity ./src/db_file.c +--- ./src/db_file.c.coverity 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/db_file.c 2018-10-10 19:27:18.683632707 +0200 +@@ -171,7 +171,7 @@ int dofprintf( const char* s,...) + int db_file_read_spec(int db){ + + int i=0; +- int* db_osize=0; ++ int* db_osize=NULL; + DB_FIELD** db_order=NULL; + + switch (db) { +@@ -187,6 +187,9 @@ int db_file_read_spec(int db){ + db_lineno=&db_new_lineno; + break; + } ++ default: { ++ return RETFAIL; ++ } + } + + *db_order=(DB_FIELD*) malloc(1*sizeof(DB_FIELD)); +@@ -198,13 +201,10 @@ int db_file_read_spec(int db){ + int l; + + +- /* Yes... we do not check if realloc returns nonnull */ +- +- *db_order=(DB_FIELD*) +- realloc((void*)*db_order, ++ void * tmp = realloc((void*)*db_order, + ((*db_osize)+1)*sizeof(DB_FIELD)); +- +- if(*db_order==NULL){ ++ if (tmp != NULL) *db_order=(DB_FIELD*) tmp; ++ else { + return RETFAIL; + } + +@@ -291,8 +291,8 @@ char** db_readline_file(int db){ + int* domd=NULL; + #ifdef WITH_MHASH + MHASH* md=NULL; +-#endif + char** oldmdstr=NULL; ++#endif + int* db_osize=0; + DB_FIELD** db_order=NULL; + FILE** db_filep=NULL; +@@ -302,9 +302,9 @@ char** db_readline_file(int db){ + case DB_OLD: { + #ifdef WITH_MHASH + md=&(conf->dboldmd); ++ oldmdstr=&(conf->old_dboldmdstr); + #endif + domd=&(conf->do_dboldmd); +- oldmdstr=&(conf->old_dboldmdstr); + + db_osize=&(conf->db_in_size); + db_order=&(conf->db_in_order); +@@ -316,9 +316,9 @@ char** db_readline_file(int db){ + case DB_NEW: { + #ifdef WITH_MHASH + md=&(conf->dbnewmd); ++ oldmdstr=&(conf->old_dbnewmdstr); + #endif + domd=&(conf->do_dbnewmd); +- oldmdstr=&(conf->old_dbnewmdstr); + + db_osize=&(conf->db_new_size); + db_order=&(conf->db_new_order); +@@ -328,7 +328,9 @@ char** db_readline_file(int db){ + break; + } + } +- ++ ++ if (db_osize == NULL) return NULL; ++ + if (*db_osize==0) { + db_buff(db,*db_filep); + +@@ -737,8 +739,6 @@ int db_writespec_file(db_config* dbconf) + int i=0; + int j=0; + int retval=1; +- void*key=NULL; +- int keylen=0; + struct tm* st; + time_t tim=time(&tim); + st=localtime(&tim); +@@ -750,6 +750,8 @@ int db_writespec_file(db_config* dbconf) + + #ifdef WITH_MHASH + /* From hereon everything must MD'd before write to db */ ++ void*key=NULL; ++ int keylen=0; + if((key=get_db_key())!=NULL){ + keylen=get_db_key_len(); + dbconf->do_dbnewmd=1; +diff -up ./src/do_md.c.coverity ./src/do_md.c +--- ./src/do_md.c.coverity 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/do_md.c 2018-10-10 19:27:18.683632707 +0200 +@@ -202,7 +202,6 @@ void calc_md(struct AIDE_STAT_TYPE* old_ + and we don't read from a pipe :) + */ + struct AIDE_STAT_TYPE fs; +- int sres=0; + int stat_diff,filedes; + #ifdef WITH_PRELINK + pid_t pid; +@@ -237,7 +236,7 @@ void calc_md(struct AIDE_STAT_TYPE* old_ + return; + } + +- sres=AIDE_FSTAT_FUNC(filedes,&fs); ++ AIDE_FSTAT_FUNC(filedes,&fs); + if(!(line->attr&DB_RDEV)) + fs.st_rdev=0; + +@@ -331,7 +330,7 @@ void calc_md(struct AIDE_STAT_TYPE* old_ + } + #endif + #endif /* not HAVE_MMAP */ +- buf=malloc(READ_BLOCK_SIZE); ++// buf=malloc(READ_BLOCK_SIZE); + #if READ_BLOCK_SIZE>SSIZE_MAX + #error "READ_BLOCK_SIZE" is too large. Max value is SSIZE_MAX, and current is READ_BLOCK_SIZE + #endif +diff -up ./src/gen_list.c.coverity ./src/gen_list.c +--- ./src/gen_list.c.coverity 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/gen_list.c 2018-10-10 19:27:18.684632716 +0200 +@@ -843,15 +843,15 @@ static void add_file_to_tree(seltree* tr + DB_ATTR_TYPE localignorelist=0; + DB_ATTR_TYPE ignored_added_attrs, ignored_removed_attrs, ignored_changed_attrs; + ++ if(file==NULL){ ++ error(0, "add_file_to_tree was called with NULL db_line\n"); ++ } ++ + node=get_seltree_node(tree,file->filename); + + if(!node){ + node=new_seltree_node(tree,file->filename,0,NULL); + } +- +- if(file==NULL){ +- error(0, "add_file_to_tree was called with NULL db_line\n"); +- } + + /* add note to this node which db has modified it */ + node->checked|=db; +diff -up ./src/md.c.coverity ./src/md.c +--- ./src/md.c.coverity 2018-10-10 19:27:18.679632672 +0200 ++++ ./src/md.c 2018-10-10 19:27:18.684632716 +0200 +@@ -36,8 +36,8 @@ + */ + + DB_ATTR_TYPE hash_gcrypt2attr(int i) { +- DB_ATTR_TYPE r=0; + #ifdef WITH_GCRYPT ++ DB_ATTR_TYPE r=0; + switch (i) { + case GCRY_MD_MD5: { + r=DB_MD5; +@@ -74,13 +74,15 @@ DB_ATTR_TYPE hash_gcrypt2attr(int i) { + default: + break; + } +-#endif + return r; ++#else /* !WITH_GCRYPT */ ++ return 0; ++#endif + } + + const char * hash_gcrypt2str(int i) { +- char * r = "?"; + #ifdef WITH_GCRYPT ++ char * r = "?"; + switch (i) { + case GCRY_MD_MD5: { + r = "MD5"; +@@ -117,13 +119,17 @@ const char * hash_gcrypt2str(int i) { + default: + break; + } +-#endif + return r; ++#else /* !WITH_GCRYPT */ ++ return "?"; ++#endif + } + ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wunused-parameter" + DB_ATTR_TYPE hash_mhash2attr(int i) { +- DB_ATTR_TYPE r=0; + #ifdef WITH_MHASH ++ DB_ATTR_TYPE r=0; + switch (i) { + case MHASH_CRC32: { + r=DB_CRC32; +@@ -198,10 +204,15 @@ DB_ATTR_TYPE hash_mhash2attr(int i) { + default: + break; + } +-#endif ++ + return r; ++#else /*!WITH_MHASH */ ++ return 0; ++#endif + } + ++#pragma GCC diagnostic pop ++ + /* + Initialise md_container according it's todo_attr field + */ +@@ -317,7 +328,6 @@ int init_md(struct md_container* md) { + */ + + int update_md(struct md_container* md,void* data,ssize_t size) { +- int i; + + error(255,"update_md called\n"); + +@@ -328,6 +338,7 @@ int update_md(struct md_container* md,vo + #endif + + #ifdef WITH_MHASH ++ int i; + + for(i=0;i<=HASH_MHASH_COUNT;i++) { + if (md->mhash_mdh[i]!=MHASH_FAILED) { +@@ -348,7 +359,6 @@ int update_md(struct md_container* md,vo + */ + + int close_md(struct md_container* md) { +- int i; + #ifdef _PARAMETER_CHECK_ + if (md==NULL) { + return RETFAIL; +@@ -356,6 +366,7 @@ int close_md(struct md_container* md) { + #endif + error(255,"close_md called \n"); + #ifdef WITH_MHASH ++ int i; + for(i=0;i<=HASH_MHASH_COUNT;i++) { + if (md->mhash_mdh[i]!=MHASH_FAILED) { + mhash (md->mhash_mdh[i], NULL, 0); +diff -up ./src/util.c.coverity ./src/util.c +--- ./src/util.c.coverity 2018-10-10 19:27:18.670632593 +0200 ++++ ./src/util.c 2018-10-10 19:27:18.684632716 +0200 +@@ -105,13 +105,15 @@ url_t* parse_url(char* val) + for(i=0;r[0]!='/'&&r[0]!='\0';r++,i++); + if(r[0]=='\0'){ + error(0,"Invalid file-URL,no path after hostname: file:%s\n",t); ++ free(hostname); + return NULL; + } + u->value=strdup(r); + r[0]='\0'; + if(gethostname(hostname,MAXHOSTNAMELEN)==-1){ +- strncpy(hostname,"localhost", 10); ++ strncpy(hostname,"localhost", 10); + } ++ + if( (strcmp(t,"localhost")==0)||(strcmp(t,hostname)==0)){ + free(hostname); + break; +@@ -120,7 +122,7 @@ url_t* parse_url(char* val) + free(hostname); + return NULL; + } +- free(hostname); ++ + break; + } + u->value=strdup(r); diff --git a/coverity2.patch b/coverity2.patch new file mode 100644 index 0000000..5052ba3 --- /dev/null +++ b/coverity2.patch @@ -0,0 +1,31 @@ +diff --up ./src/compare_db.c ./src/compare_db.c +--- ./src/compare_db.c ++++ ./src/compare_db.c +@@ -438,7 +438,11 @@ snprintf(*values[0], l, "%s",s); + } else { + *values = malloc(1 * sizeof (char*)); + if (DB_FTYPE&attr) { +- easy_string(get_file_type_string(line->perm)) ++ char *file_type = get_file_type_string(line->perm); ++ if (!file_type) { ++ error(2,"%s: ", file_type); ++ } ++ easy_string(file_type) + } else if (DB_LINKNAME&attr) { + easy_string(line->linkname) + easy_number((DB_SIZE|DB_SIZEG),size,"%li") +diff -up ./src/db_file.c ./src/db_file.c +--- ./src/db_file.c ++++ ./src/db_file.c +@@ -194,6 +194,10 @@ int db_file_read_spec(int db){ + + *db_order=(DB_FIELD*) malloc(1*sizeof(DB_FIELD)); + ++ if (*db_order == NULL){ ++ error(1,"malloc for *db_order failed in %s", __func__); ++ } ++ + while ((i=db_scan())!=TNEWLINE){ + switch (i) { + +