rpms/aide
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: rpms:c9s-update
Branches Tags
rpms:c8
rpms:c9
rpms:c10
rpms:c9s
rpms:c10s
rpms:c9-beta
rpms:c8s
rpms:c9s-update
rpms:c8-beta
rpms:imports/c9/aide-0.16-105.el9
rpms:imports/c10/aide-0.18.6-8.el10_1.2
rpms:imports/c10s/aide-0.19.2-4.el10
rpms:imports/c10s/aide-0.19.2-3.el10
rpms:imports/c10s/aide-0.19.2-2.el10
rpms:imports/c9-beta/aide-0.16-105.el9
rpms:imports/c10/aide-0.18.6-8.el10_0.2
rpms:imports/c9/aide-0.16-103.el9_6.2
rpms:imports/c8/aide-0.16-15.el8_10.2
rpms:imports/c10s/aide-0.18.6-8.el10.1
rpms:imports/c9-beta/aide-0.16-103.el9
rpms:imports/c10s/aide-0.18.6-8.el10
rpms:imports/c10s/aide-0.18.6-7.el10
rpms:imports/c9-beta/aide-0.16-102.el9
rpms:imports/c10s/aide-0.18.6-6.el10
rpms:imports/c8s/aide-0.16-14.el8_5.1
rpms:imports/c9/aide-0.16-100.el9
rpms:imports/c8-beta/aide-0.16-14.el8_5.1
rpms:imports/c9-beta/aide-0.16-100.el9
rpms:imports/c8/aide-0.16-14.el8_5.1
rpms:imports/c9-beta/aide-0.16-21.el9
rpms:imports/c8-beta/aide-0.16-14.el8
rpms:imports/c8-beta/aide-0.16-11.el8
rpms:imports/c8-beta/aide-0.16-8.el8
rpms:imports/c8s/aide-0.16-14.el8
rpms:imports/c8s/aide-0.16-13.el8
rpms:imports/c8s/aide-0.16-12.el8
rpms:imports/c8/aide-0.16-14.el8
rpms:imports/c8/aide-0.16-11.el8
rpms:imports/c8/aide-0.16-8.el8
..
compare: rpms:c8
Branches Tags
rpms:c9
rpms:c10
rpms:c9s
rpms:c10s
rpms:c9-beta
rpms:c8
rpms:c8s
rpms:c9s-update
rpms:c8-beta
rpms:imports/c9/aide-0.16-105.el9
rpms:imports/c10/aide-0.18.6-8.el10_1.2
rpms:imports/c10s/aide-0.19.2-4.el10
rpms:imports/c10s/aide-0.19.2-3.el10
rpms:imports/c10s/aide-0.19.2-2.el10
rpms:imports/c9-beta/aide-0.16-105.el9
rpms:imports/c10/aide-0.18.6-8.el10_0.2
rpms:imports/c9/aide-0.16-103.el9_6.2
rpms:imports/c8/aide-0.16-15.el8_10.2
rpms:imports/c10s/aide-0.18.6-8.el10.1
rpms:imports/c9-beta/aide-0.16-103.el9
rpms:imports/c10s/aide-0.18.6-8.el10
rpms:imports/c10s/aide-0.18.6-7.el10
rpms:imports/c9-beta/aide-0.16-102.el9
rpms:imports/c10s/aide-0.18.6-6.el10
rpms:imports/c8s/aide-0.16-14.el8_5.1
rpms:imports/c9/aide-0.16-100.el9
rpms:imports/c8-beta/aide-0.16-14.el8_5.1
rpms:imports/c9-beta/aide-0.16-100.el9
rpms:imports/c8/aide-0.16-14.el8_5.1
rpms:imports/c9-beta/aide-0.16-21.el9
rpms:imports/c8-beta/aide-0.16-14.el8
rpms:imports/c8-beta/aide-0.16-11.el8
rpms:imports/c8-beta/aide-0.16-8.el8
rpms:imports/c8s/aide-0.16-14.el8
rpms:imports/c8s/aide-0.16-13.el8
rpms:imports/c8s/aide-0.16-12.el8
rpms:imports/c8/aide-0.16-14.el8
rpms:imports/c8/aide-0.16-11.el8
rpms:imports/c8/aide-0.16-8.el8

No commits in common. "c9s-update" and "c8" have entirely different histories.
c9s-update ... c8

27 changed files with 302 additions and 1431 deletions
Show Stats Expand all files Collapse all files

1
.aide.metadata Normal file
View File

@ -0,0 +1 @@
b97f65bb12701a42baa2cce45b41ed6367a70734 SOURCES/aide-0.16.tar.gz

1
.fmf/version
View File

@ -1 +0,0 @@
1

16
.gitignore vendored
View File

@ -1,15 +1 @@
aide-0.13.1.tar.gz.asc SOURCES/aide-0.16.tar.gz
aide-0.13.1.tar.gz
aide-0.14-rc1.tar.gz
aide-0.14-rc1.tar.gz.asc
aide-0.14-rc2.tar.gz
aide-0.14-rc2.tar.gz.asc
aide-0.14-rc3.tar.gz
aide-0.14-rc3.tar.gz.asc
aide-0.14.tar.gz
aide-0.14.tar.gz.asc
/aide-0.15.1.tar.gz
/aide-0.15.1.tar.gz.asc
/aide-0.16b1.tar.gz
/aide-0.16rc1.tar.gz
/aide-0.16.tar.gz

0
README.quickstart → SOURCES/README.quickstart
View File

0
aide-0.15-syslog-format.patch → SOURCES/aide-0.15-syslog-format.patch
View File

0
aide-0.16-CVE-2021-45417.patch → SOURCES/aide-0.16-CVE-2021-45417.patch
View File

220
SOURCES/aide-0.16-CVE-2025-54389-part2.patch Normal file
View File

@ -0,0 +1,220 @@
diff -up aide-0.16/src/db_disk.c.orig aide-0.16/src/db_disk.c
--- aide-0.16/src/db_disk.c.orig 2025-08-21 09:58:21.271581589 +0200
+++ aide-0.16/src/db_disk.c 2025-08-21 10:01:26.310573141 +0200
@@ -139,7 +139,11 @@ void add_child (db_line * fil)
int i;
struct seltree *new_r;
- error (255, "Adding child %s\n", fil->filename);
+ {
+ char *fname_safe = stresc(fil->filename);
+ error (255, "Adding child %s\n", fname_safe);
+ free(fname_safe);
+ }
new_r = get_seltree_node (r, fil->filename);
if (new_r != NULL) {
@@ -182,9 +186,13 @@ static int get_file_status(char *filenam
if(sres == -1){
char* er = strerror(errno);
if (er == NULL) {
- error(0,"get_file_status: lstat() failed for %s. strerror() failed for %i\n", filename, errno);
+ char *filename_safe = stresc(filename);
+ error(0,"get_file_status: lstat() failed for %s. strerror() failed for %i\n", filename_safe, errno);
+ free(filename_safe);
} else {
- error(0,"get_file_status: lstat() failed for %s: %s\n", filename, er);
+ char *filename_safe = stresc(filename);
+ error(0,"get_file_status: lstat() failed for %s: %s\n", filename_safe, er);
+ free(filename_safe);
}
}
return sres;
@@ -220,7 +228,11 @@ db_line *db_readline_disk ()
error (240, "%s attr=%llu\n", &fullname[conf->root_prefix_length], attr);
if (fil != NULL) {
- error (240, "%s attr=%llu\n", fil->filename, fil->attr);
+ {
+ char *fname_safe = stresc(fil->filename);
+ error (240, "%s attr=%llu\n", fname_safe, fil->attr);
+ free(fname_safe);
+ }
return fil;
}
}
@@ -269,7 +281,11 @@ recursion:
error (240, "%s attr=%llu\n", &fullname[conf->root_prefix_length], attr);
if (fil != NULL) {
- error (240, "%s attr=%llu\n", fil->filename, fil->attr);
+ {
+ char *fname_safe = stresc(fil->filename);
+ error (240, "%s attr=%llu\n", fname_safe, fil->attr);
+ free(fname_safe);
+ }
} else {
/*
Something went wrong during read process ->
diff -up aide-0.16/src/gen_list.c.orig aide-0.16/src/gen_list.c
--- aide-0.16/src/gen_list.c.orig 2025-08-21 09:58:21.273581610 +0200
+++ aide-0.16/src/gen_list.c 2025-08-21 10:04:29.190502666 +0200
@@ -37,6 +37,7 @@
#include "list.h"
#include "gen_list.h"
#include "seltree.h"
+#include "util.h"
#include "db.h"
#include "db_config.h"
#include "commandconf.h"
@@ -993,16 +994,28 @@ int check_rxtree(char* filename,seltree*
if(conf->limit!=NULL) {
retval=pcre_exec(conf->limit_crx, NULL, filename, strlen(filename), 0, PCRE_PARTIAL_SOFT, NULL, 0);
if (retval >= 0) {
- error(220, "check_rxtree: %s does match limit: %s\n", filename, conf->limit);
+ char *fname_safe = stresc(filename);
+ char *limit_safe = conf->limit?stresc(conf->limit):NULL;
+ error(220, "check_rxtree: %s does match limit: %s\n", fname_safe, limit_safe?limit_safe:"");
+ free(fname_safe);
+ free(limit_safe);
} else if (retval == PCRE_ERROR_PARTIAL) {
- error(220, "check_rxtree: %s does PARTIAL match limit: %s\n", filename, conf->limit);
+ char *fname_safe = stresc(filename);
+ char *limit_safe = conf->limit?stresc(conf->limit):NULL;
+ error(220, "check_rxtree: %s does PARTIAL match limit: %s\n", fname_safe, limit_safe?limit_safe:"");
if(S_ISDIR(perm) && get_seltree_node(tree,filename)==NULL){
- error(220, "check_rxtree: creating new seltree node for '%s'\n", filename);
+ error(220, "check_rxtree: creating new seltree node for '%s'\n", fname_safe);
new_seltree_node(tree,filename,0,NULL);
}
+ free(fname_safe);
+ free(limit_safe);
return -1;
} else {
- error(220, "check_rxtree: %s does NOT match limit: %s\n", filename, conf->limit);
+ char *fname_safe = stresc(filename);
+ char *limit_safe = conf->limit?stresc(conf->limit):NULL;
+ error(220, "check_rxtree: %s does NOT match limit: %s\n", fname_safe, limit_safe?limit_safe:"");
+ free(fname_safe);
+ free(limit_safe);
return -2;
}
}
@@ -1039,13 +1052,25 @@ db_line* get_file_attrs(char* filename,D
} else {
if(fs->st_atime>cur_time){
- error(CLOCK_SKEW,_("%s atime in future\n"),filename);
+ {
+ char *fname_safe = stresc(filename);
+ error(CLOCK_SKEW,_("%s atime in future\n"),fname_safe);
+ free(fname_safe);
+ }
}
if(fs->st_mtime>cur_time){
- error(CLOCK_SKEW,_("%s mtime in future\n"),filename);
+ {
+ char *fname_safe = stresc(filename);
+ error(CLOCK_SKEW,_("%s mtime in future\n"),fname_safe);
+ free(fname_safe);
+ }
}
if(fs->st_ctime>cur_time){
- error(CLOCK_SKEW,_("%s ctime in future\n"),filename);
+ {
+ char *fname_safe = stresc(filename);
+ error(CLOCK_SKEW,_("%s ctime in future\n"),fname_safe);
+ free(fname_safe);
+ }
}
}
@@ -1220,7 +1245,11 @@ void hsymlnk(db_line* line) {
int sres;
sres=AIDE_STAT_FUNC(line->fullpath,&fs);
if (sres!=0 && sres!=EACCES) {
- error(4,"Dead symlink detected at %s\n",line->fullpath);
+ {
+ char *fp_safe = stresc(line->fullpath);
+ error(4,"Dead symlink detected at %s\n",fp_safe);
+ free(fp_safe);
+ }
}
if(!(line->attr&DB_RDEV))
fs.st_rdev=0;
diff -up aide-0.16/src/util.c.orig aide-0.16/src/util.c
--- aide-0.16/src/util.c.orig 2025-08-21 09:58:21.272581600 +0200
+++ aide-0.16/src/util.c 2025-08-21 10:07:50.157894133 +0200
@@ -104,9 +104,11 @@ url_t* parse_url(char* val)
r+=2;
for(i=0;r[0]!='/'&&r[0]!='\0';r++,i++);
if(r[0]=='\0'){
- error(0,"Invalid file-URL,no path after hostname: file:%s\n",t);
+ char *t_safe = stresc(t);
+ error(0,"Invalid file-URL,no path after hostname: file:%s\n",t_safe);
+ free(t_safe);
free(hostname);
- return NULL;
+ return NULL;
}
u->value=strdup(r);
r[0]='\0';
@@ -118,9 +120,11 @@ url_t* parse_url(char* val)
free(hostname);
break;
} else {
- error(0,"Invalid file-URL, cannot use hostname other than localhost or %s: file:%s\n",hostname,u->value);
- free(hostname);
- return NULL;
+ char *value_safe = stresc(u->value);
+ error(0,"Invalid file-URL, cannot use hostname other than localhost or %s: file:%s\n",hostname,value_safe);
+ free(value_safe);
+ free(hostname);
+ return NULL;
}
break;
@@ -150,6 +154,43 @@ url_t* parse_url(char* val)
return u;
}
+static size_t escape_str(const char *unescaped_str, char *str, size_t s) {
+ size_t n = 0;
+ size_t i = 0;
+ char c;
+ while (i < s && (c = unescaped_str[i])) {
+ if ((c >= 0 && (c < 0x1f || c == 0x7f)) ||
+ (c == '\\' && isdigit(unescaped_str[i+1])
+ && isdigit(unescaped_str[i+2])
+ && isdigit(unescaped_str[i+3]))) {
+ if (str) { snprintf(&str[n], 5, "\\%03o", c); }
+ n += 4;
+ } else {
+ if (str) { str[n] = c; }
+ n++;
+ }
+ i++;
+ }
+ if (str) { str[n] = '\0'; }
+ n++;
+ return n;
+}
+
+char *strnesc(const char *unescaped_str, size_t s) {
+ int n = escape_str(unescaped_str, NULL, s);
+ char *str = malloc(n);
+ if (str == NULL) {
+ error(0, "malloc: failed to allocate %d bytes of memory\n", n);
+ exit(1);
+ }
+ escape_str(unescaped_str, str, s);
+ return str;
+}
+
+char *stresc(const char *unescaped_str) {
+ return strnesc(unescaped_str, strlen(unescaped_str));
+}
+
/* Returns 1 if the string contains unsafe characters, 0 otherwise. */
int contains_unsafe (const char *s)
{

609
aide-0.16-CVE-2025-54389.patch → SOURCES/aide-0.16-CVE-2025-54389.patch
View File

@ -584,213 +584,6 @@ index c17828d3e8b732096e00253f21623339f2168ccf..41e216527a9b05b90f1b601a61279fd4
if (forced_attrs) { if (forced_attrs) {
error (2,_("Forced attributes: %s\n"),report_attrs(forced_attrs)); error (2,_("Forced attributes: %s\n"),report_attrs(forced_attrs));
} }
diff --git a/src/db_disk.c b/src/db_disk.c
index 6161af38010633cbc2c4519a76e997c992439562..11f0d1c348a097a4175640e0f554979f7c74f7c1 100644
--- a/src/db_disk.c
+++ b/src/db_disk.c
@@ -117,181 +117,197 @@ static char *name_construct (const char *s)
{
char *ret;
int len2 = strlen (r->path);
int len = len2 + strlen (s) + 2 + conf->root_prefix_length;
if (r->path[len2 - 1] != '/') {
len++;
}
ret = (char *) malloc (len);
ret[0] = (char) 0;
strcpy(ret, conf->root_prefix);
strcat (ret, r->path);
if (r->path[len2 - 1] != '/') {
strcat (ret, "/");
}
strcat (ret, s);
return ret;
}
void add_child (db_line * fil)
{
int i;
struct seltree *new_r;
- error (255, "Adding child %s\n", fil->filename);
+ {
+ char *fname_safe = stresc(fil->filename);
+ error (255, "Adding child %s\n", fname_safe);
+ free(fname_safe);
+ }
new_r = get_seltree_node (r, fil->filename);
if (new_r != NULL) {
if (S_ISDIR (fil->perm_o)) {
;
} else {
new_r->checked |= NODE_CHECKED;
new_r->checked |= NODE_TRAVERSE;
}
return;
}
new_r = malloc (sizeof (seltree));
new_r->attr = 0;
i = strlen (fil->filename);
new_r->path = malloc (i + 1);
strncpy(new_r->path, fil->filename, i+1);
new_r->childs = NULL;
new_r->sel_rx_lst = NULL;
new_r->neg_rx_lst = NULL;
new_r->equ_rx_lst = NULL;
new_r->parent = r;
new_r->checked = 0;
new_r->new_data = NULL;
new_r->old_data = NULL;
if (S_ISDIR (fil->perm_o)) {
;
} else {
new_r->checked |= NODE_CHECKED;
new_r->checked |= NODE_TRAVERSE;
}
r->childs = list_sorted_insert (r->childs, new_r, compare_node_by_path);
}
static int get_file_status(char *filename, struct AIDE_STAT_TYPE *fs) {
int sres = 0;
sres = AIDE_LSTAT_FUNC(filename,fs);
if(sres == -1){
char* er = strerror(errno);
if (er == NULL) {
- error(0,"get_file_status: lstat() failed for %s. strerror() failed for %i\n", filename, errno);
+ char *filename_safe = stresc(filename);
+ error(0,"get_file_status: lstat() failed for %s. strerror() failed for %i\n", filename_safe, errno);
+ free(filename_safe);
} else {
- error(0,"get_file_status: lstat() failed for %s: %s\n", filename, er);
+ char *filename_safe = stresc(filename);
+ error(0,"get_file_status: lstat() failed for %s: %s\n", filename_safe, er);
+ free(filename_safe);
}
}
return sres;
}
/*
It might be a good idea to make this non recursive.
Now implemented with goto-statement. Yeah, it's ugly and easy.
*/
db_line *db_readline_disk ()
{
db_line *fil = NULL;
DB_ATTR_TYPE attr;
char *fullname;
int add = 0;
struct AIDE_STAT_TYPE fs;
/* root needs special handling */
if (!root_handled) {
root_handled = 1;
fullname=malloc((conf->root_prefix_length+2)*sizeof(char));
strcpy(fullname, conf->root_prefix);
strcat (fullname, "/");
if (!get_file_status(fullname, &fs)) {
add = check_rxtree (&fullname[conf->root_prefix_length], conf->tree, &attr, fs.st_mode);
error (240, "%s match=%d, tree=%p, attr=%llu\n", &fullname[conf->root_prefix_length], add,
conf->tree, attr);
if (add > 0) {
fil = get_file_attrs (fullname, attr, &fs);
error (240, "%s attr=%llu\n", &fullname[conf->root_prefix_length], attr);
if (fil != NULL) {
- error (240, "%s attr=%llu\n", fil->filename, fil->attr);
+ {
+ char *fname_safe = stresc(fil->filename);
+ error (240, "%s attr=%llu\n", fname_safe, fil->attr);
+ free(fname_safe);
+ }
return fil;
}
}
}
free (fullname);
}
recursion:
next_in_dir ();
if (in_this ()) {
/*
Let's check if we have '.' or '..' entry.
If have, just skipit.
If don't do the 'normal' thing.
*/
if (strcmp (entp->d_name, ".") == 0 || strcmp (entp->d_name, "..") == 0) {
goto recursion; // return db_readline_disk(db);
}
/*
Now we know that we actually can do something.
*/
fullname = name_construct (entp->d_name);
/*
Now we have a filename, which we must remember to free if it is
not used.
Next thing is to see if we want to do something with it.
If not call, db_readline_disk again...
*/
if (get_file_status(fullname, &fs)) {
free (fullname);
goto recursion;
}
add = check_rxtree (&fullname[conf->root_prefix_length], conf->tree, &attr, fs.st_mode);
error (240, "%s match=%d, tree=%p, attr=%llu\n", &fullname[conf->root_prefix_length], add,
conf->tree, attr);
if (add > 0) {
fil = get_file_attrs (fullname, attr, &fs);
error (240, "%s attr=%llu\n", &fullname[conf->root_prefix_length], attr);
if (fil != NULL) {
- error (240, "%s attr=%llu\n", fil->filename, fil->attr);
+ {
+ char *fname_safe = stresc(fil->filename);
+ error (240, "%s attr=%llu\n", fname_safe, fil->attr);
+ free(fname_safe);
+ }
} else {
/*
Something went wrong during read process ->
Let's try next one.
*/
free (fullname);
goto recursion; // return db_readline_disk(db);
}
if (add == 1) {
/*
add_children -> if dir, then add to children list.
*/
/* If ee are adding a file that is not a dir */
/* add_child can make the determination and mark the tree
accordingly
*/
add_child (fil);
} else if (add == 2) {
/*
Don't add to children list.
*/
/*
Should we do something?
diff --git a/src/db_sql.c b/src/db_sql.c diff --git a/src/db_sql.c b/src/db_sql.c
index 154579070ccacb6e9b6b8393b989eb50c843e71d..09a32504c317607150174d2bec0fcddf47992995 100644 index 154579070ccacb6e9b6b8393b989eb50c843e71d..09a32504c317607150174d2bec0fcddf47992995 100644
--- a/src/db_sql.c --- a/src/db_sql.c
@ -1258,405 +1051,3 @@ index 77d2e15f5f9cdba5168a92feaf2f97128e705f36..4a648b6f5ff14edd553a3f8d94b11717
} }
} }
#endif #endif
diff --git a/src/gen_list.c b/src/gen_list.c
index ab257811485831b1db1b027a94b5c0447a92f923..5b4a93eef28e1930a52e8156df661ca999035f54 100644
--- a/src/gen_list.c
+++ b/src/gen_list.c
@@ -16,50 +16,51 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include "aide.h"
#include <string.h>
#include <assert.h>
#include <stdlib.h>
#include <dirent.h>
#include <unistd.h>
#include <limits.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <errno.h>
#include <time.h>
#include <pcre.h>
#include "report.h"
#include "list.h"
#include "gen_list.h"
#include "seltree.h"
#include "db.h"
+#include "util.h"
#include "db_config.h"
#include "commandconf.h"
#include "report.h"
/*for locale support*/
#include "locale-aide.h"
/*for locale support*/
#define CLOCK_SKEW 5
#ifdef WITH_MHASH
#include <mhash.h>
#endif
#include "md.h"
#include "do_md.h"
void hsymlnk(db_line* line);
void fs2db_line(struct AIDE_STAT_TYPE* fs,db_line* line);
void calc_md(struct AIDE_STAT_TYPE* old_fs,db_line* line);
void no_hash(db_line* line);
static DB_ATTR_TYPE get_special_report_group(char* group) {
DB_ATTR_TYPE attr = get_groupval(group);
return attr==DB_ATTR_UNDEF?0:attr;
}
@@ -971,103 +972,127 @@ static void add_file_to_tree(seltree* tree,db_line* file,int db,
}
}
int check_rxtree(char* filename,seltree* tree,DB_ATTR_TYPE* attr, mode_t perm)
{
int retval=0;
char * tmp=NULL;
char * parentname=NULL;
seltree* pnode=NULL;
parentname=strdup(filename);
tmp=strrchr(parentname,'/');
if(tmp!=parentname){
*tmp='\0';
}else {
if(parentname[1]!='\0'){
/* we are in the root dir */
parentname[1]='\0';
}
}
if(conf->limit!=NULL) {
retval=pcre_exec(conf->limit_crx, NULL, filename, strlen(filename), 0, PCRE_PARTIAL_SOFT, NULL, 0);
if (retval >= 0) {
- error(220, "check_rxtree: %s does match limit: %s\n", filename, conf->limit);
+ char *fname_safe = stresc(filename);
+ char *limit_safe = conf->limit?stresc(conf->limit):NULL;
+ error(220, "check_rxtree: %s does match limit: %s\n", fname_safe, limit_safe?limit_safe:"");
+ free(fname_safe);
+ free(limit_safe);
} else if (retval == PCRE_ERROR_PARTIAL) {
- error(220, "check_rxtree: %s does PARTIAL match limit: %s\n", filename, conf->limit);
+ char *fname_safe = stresc(filename);
+ char *limit_safe = conf->limit?stresc(conf->limit):NULL;
+ error(220, "check_rxtree: %s does PARTIAL match limit: %s\n", fname_safe, limit_safe?limit_safe:"");
if(S_ISDIR(perm) && get_seltree_node(tree,filename)==NULL){
- error(220, "check_rxtree: creating new seltree node for '%s'\n", filename);
+ error(220, "check_rxtree: creating new seltree node for '%s'\n", fname_safe);
new_seltree_node(tree,filename,0,NULL);
}
+ free(fname_safe);
+ free(limit_safe);
return -1;
} else {
- error(220, "check_rxtree: %s does NOT match limit: %s\n", filename, conf->limit);
+ char *fname_safe = stresc(filename);
+ char *limit_safe = conf->limit?stresc(conf->limit):NULL;
+ error(220, "check_rxtree: %s does NOT match limit: %s\n", fname_safe, limit_safe?limit_safe:"");
+ free(fname_safe);
+ free(limit_safe);
return -2;
}
}
pnode=get_seltree_node(tree,parentname);
*attr=0;
retval=check_node_for_match(pnode,filename, perm, 0,attr);
free(parentname);
return retval;
}
db_line* get_file_attrs(char* filename,DB_ATTR_TYPE attr, struct AIDE_STAT_TYPE *fs)
{
db_line* line=NULL;
time_t cur_time;
if(!(attr&DB_RDEV))
fs->st_rdev=0;
/*
Get current time for future time notification.
*/
cur_time=time(NULL);
if (cur_time==(time_t)-1) {
char* er=strerror(errno);
if (er==NULL) {
error(0,_("Can not get current time. strerror failed for %i\n"),errno);
} else {
error(0,_("Can not get current time with reason %s\n"),er);
}
} else {
if(fs->st_atime>cur_time){
- error(CLOCK_SKEW,_("%s atime in future\n"),filename);
+ {
+ char *fname_safe = stresc(filename);
+ error(CLOCK_SKEW,_("%s atime in future\n"),fname_safe);
+ free(fname_safe);
+ }
}
if(fs->st_mtime>cur_time){
- error(CLOCK_SKEW,_("%s mtime in future\n"),filename);
+ {
+ char *fname_safe = stresc(filename);
+ error(CLOCK_SKEW,_("%s mtime in future\n"),fname_safe);
+ free(fname_safe);
+ }
}
if(fs->st_ctime>cur_time){
- error(CLOCK_SKEW,_("%s ctime in future\n"),filename);
+ {
+ char *fname_safe = stresc(filename);
+ error(CLOCK_SKEW,_("%s ctime in future\n"),fname_safe);
+ free(fname_safe);
+ }
}
}
/*
Malloc if we have something to store..
*/
line=(db_line*)malloc(sizeof(db_line));
memset(line,0,sizeof(db_line));
/*
We want filename
*/
line->attr=attr|DB_FILENAME;
/*
Just copy some needed fields.
*/
line->fullpath=filename;
line->filename=&filename[conf->root_prefix_length];
line->perm_o=fs->st_mode;
line->size_o=fs->st_size;
@@ -1198,51 +1223,55 @@ void populate_tree(seltree* tree)
initdbwarningprinted=1;
}
}
}
}
if(conf->action&DO_INIT) {
write_tree(tree);
}
}
void hsymlnk(db_line* line) {
if((S_ISLNK(line->perm_o))){
int len=0;
#ifdef WITH_ACL
if(conf->no_acl_on_symlinks!=1) {
line->attr&=(~DB_ACL);
}
#endif
if(conf->warn_dead_symlinks==1) {
struct AIDE_STAT_TYPE fs;
int sres;
sres=AIDE_STAT_FUNC(line->fullpath,&fs);
if (sres!=0 && sres!=EACCES) {
- error(4,"Dead symlink detected at %s\n",line->fullpath);
+ {
+ char *fp_safe = stresc(line->fullpath);
+ error(4,"Dead symlink detected at %s\n",fp_safe);
+ free(fp_safe);
+ }
}
if(!(line->attr&DB_RDEV))
fs.st_rdev=0;
}
/*
Is this valid??
No, We should do this elsewhere.
*/
line->linkname=(char*)malloc(_POSIX_PATH_MAX+1);
if(line->linkname==NULL){
error(0,_("malloc failed in hsymlnk()\n"));
abort();
}
/*
Remember to nullify the buffer, because man page says
readlink places the contents of the symbolic link path in
the buffer buf, which has size bufsiz. readlink does not
append a NUL character to buf. It will truncate the con-
tents (to a length of bufsiz characters), in case the
buffer is too small to hold all of the contents.
*/
memset(line->linkname,0,_POSIX_PATH_MAX+1);
diff --git a/src/util.c b/src/util.c
index 21c75a2f176270f47f480c8143984e8a00ce8780..7e3da74a6acbf6e656b833591972be06fb1ae0f1 100644
--- a/src/util.c
+++ b/src/util.c
@@ -82,101 +82,142 @@ url_t* parse_url(char* val)
if(r[0]!='\0'){
r[0]='\0';
r++;
}
u->type=url_unknown;
for(i=0;i<url_ntypes;i++){
if(strcmp(val_copy,url_name[i])==0){
u->type=url_value[i];
break;
}
}
switch (u->type) {
case url_file : {
if(r[0]=='/'&&(r+1)[0]=='/'&&(r+2)[0]=='/'){
u->value=strdup(r+2);
break;
}
if(r[0]=='/'&&(r+1)[0]=='/'&&(r+2)[0]!='/'){
char*hostname=(char*)malloc(sizeof(char)*MAXHOSTNAMELEN);
char* t=r+2;
r+=2;
for(i=0;r[0]!='/'&&r[0]!='\0';r++,i++);
if(r[0]=='\0'){
- error(0,"Invalid file-URL,no path after hostname: file:%s\n",t);
+ char *t_safe = stresc(t);
+ error(0,"Invalid file-URL,no path after hostname: file:%s\n",t_safe);
+ free(t_safe);
free(u);
free(val_copy);
free(hostname);
- return NULL;
+ return NULL;
}
u->value=strdup(r);
r[0]='\0';
if(gethostname(hostname,MAXHOSTNAMELEN)==-1){
strncpy(hostname,"localhost",MAXHOSTNAMELEN);
}
if( (strcmp(t,"localhost")==0)||(strcmp(t,hostname)==0)){
free(hostname);
break;
} else {
- error(0,"Invalid file-URL, cannot use hostname other than localhost or %s: file:%s\n",hostname,u->value);
+ char *value_safe = stresc(u->value);
+ error(0,"Invalid file-URL, cannot use hostname other than localhost or %s: file:%s\n",hostname,value_safe);
+ free(value_safe);
free(u->value);
free(u);
free(val_copy);
- free(hostname);
- return NULL;
+ free(hostname);
+ return NULL;
}
break;
}
u->value=strdup(r);
break;
}
case url_https :
case url_http :
case url_ftp : {
u->value=strdup(val);
break;
}
case url_unknown : {
error(0,"Unknown URL-type:%s\n",val_copy);
break;
}
default : {
u->value=strdup(r);
break;
}
}
free(val_copy);
return u;
}
+static size_t escape_str(const char *unescaped_str, char *str, size_t s) {
+ size_t n = 0;
+ size_t i = 0;
+ char c;
+ while (i < s && (c = unescaped_str[i])) {
+ if ((c >= 0 && (c < 0x1f || c == 0x7f)) ||
+ (c == '\\' && isdigit(unescaped_str[i+1])
+ && isdigit(unescaped_str[i+2])
+ && isdigit(unescaped_str[i+3]))) {
+ if (str) { snprintf(&str[n], 5, "\\%03o", c); }
+ n += 4;
+ } else {
+ if (str) { str[n] = c; }
+ n++;
+ }
+ i++;
+ }
+ if (str) { str[n] = '\0'; }
+ n++;
+ return n;
+}
+
+char *strnesc(const char *unescaped_str, size_t s) {
+ int n = escape_str(unescaped_str, NULL, s);
+ char *str = malloc(n);
+ if (str == NULL) {
+ error(0, "malloc: failed to allocate %d bytes of memory\n", n);
+ exit(1);
+ }
+ escape_str(unescaped_str, str, s);
+ return str;
+}
+
+char *stresc(const char *unescaped_str) {
+ return strnesc(unescaped_str, strlen(unescaped_str));
+}
+
/* Returns 1 if the string contains unsafe characters, 0 otherwise. */
int contains_unsafe (const char *s)
{
for (; *s; s++)
if (strchr (URL_UNSAFE,(int) *s)||!ISPRINT((int)*s))
return 1;
return 0;
}
/* Decodes the forms %xy in a URL to the character the hexadecimal
code of which is xy. xy are hexadecimal digits from
[0123456789ABCDEF] (case-insensitive). If x or y are not
hex-digits or `%' precedes `\0', the sequence is inserted
literally. */
void decode_string (char* s)
{
char *p = s;
for (; *s; s++, p++)
{
if (*s != '%')
*p = *s;
else
{

0
aide-0.16-crash-elf.patch → SOURCES/aide-0.16-crash-elf.patch
View File

0
aide-0.16-crypto-disable-haval-and-others.patch → SOURCES/aide-0.16-crypto-disable-haval-and-others.patch
View File

0
aide-0.16b1-fipsfix.patch → SOURCES/aide-0.16b1-fipsfix.patch
View File

0
aide-0.16rc1-man.patch → SOURCES/aide-0.16rc1-man.patch
View File

17
aide.conf → SOURCES/aide.conf
View File

@ -93,7 +93,6 @@ DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha512
# Admins dot files constantly change, just check perms # Admins dot files constantly change, just check perms
/root/\..* PERMS /root/\..* PERMS
!/root/.xauth*
# Otherwise get all of /root. # Otherwise get all of /root.
/root CONTENT_EX /root CONTENT_EX
@ -127,6 +126,8 @@ DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha512
/etc/subuid$ CONTENT_EX /etc/subuid$ CONTENT_EX
/etc/security/opasswd$ CONTENT_EX /etc/security/opasswd$ CONTENT_EX
/etc/skel CONTENT_EX /etc/skel CONTENT_EX
/etc/subuid$ CONTENT_EX
/etc/subgid$ CONTENT_EX
/etc/sssd CONTENT_EX /etc/sssd CONTENT_EX
/etc/machine-id$ CONTENT_EX /etc/machine-id$ CONTENT_EX
/etc/swid CONTENT_EX /etc/swid CONTENT_EX
@ -135,7 +136,10 @@ DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha512
/etc/tmux.conf$ CONTENT_EX /etc/tmux.conf$ CONTENT_EX
/etc/xattr.conf$ CONTENT_EX /etc/xattr.conf$ CONTENT_EX
# networking # networking
/etc/hosts.allow$ CONTENT_EX
/etc/hosts.deny$ CONTENT_EX
/etc/firewalld CONTENT_EX /etc/firewalld CONTENT_EX
!/etc/NetworkManager/system-connections !/etc/NetworkManager/system-connections
/etc/NetworkManager CONTENT_EX /etc/NetworkManager CONTENT_EX
@ -233,8 +237,10 @@ DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha512
#### Daemons #### #### Daemons ####
# cron jobs # cron jobs
/var/spool/at CONTENT
/etc/at.allow$ CONTENT /etc/at.allow$ CONTENT
/etc/at.deny$ CONTENT /etc/at.deny$ CONTENT
/var/spool/anacron CONTENT
/etc/anacrontab$ CONTENT_EX /etc/anacrontab$ CONTENT_EX
/etc/cron.allow$ CONTENT_EX /etc/cron.allow$ CONTENT_EX
/etc/cron.deny$ CONTENT_EX /etc/cron.deny$ CONTENT_EX
@ -290,15 +296,22 @@ DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha512
/etc/usbguard CONTENT_EX /etc/usbguard CONTENT_EX
# Ignore some files # Ignore some files
!/boot/grub2/grubenv$
!/etc/mtab$ !/etc/mtab$
!/etc/.*~ !/etc/.*~
# Now everything else # Now everything else
/etc PERMS /etc PERMS
# With AIDE's default verbosity level of 5, these would give lots of # With AIDE's default verbosity level of 5, these would give lots of
# warnings upon tree traversal. It might change with future version. # warnings upon tree traversal. It might change with future version.
# #
#=/lost\+found DIR #=/lost\+found DIR
#=/home DIR #=/home DIR
# Ditto /var/log/sa reason...
!/var/log/and-httpd
# Admins dot files constantly change, just check perms
/root/\..* PERMS
!/root/.xauth*

0
aide.logrotate → SOURCES/aide.logrotate
View File

0
coverity.patch → SOURCES/coverity.patch
View File

0
coverity2.patch → SOURCES/coverity2.patch
View File

156
aide.spec → SPECS/aide.spec
View File

@ -1,11 +1,9 @@
Summary: Intrusion detection environment Summary: Intrusion detection environment
Name: aide Name: aide
Version: 0.16 Version: 0.16
Release: 105%{?dist} Release: 15%{?dist}.2
URL: http://sourceforge.net/projects/aide URL: http://sourceforge.net/projects/aide
License: GPLv2+ License: GPLv2+
Source0: %{url}/files/aide/%{version}/%{name}-%{version}.tar.gz Source0: %{url}/files/aide/%{version}/%{name}-%{version}.tar.gz
Source1: aide.conf Source1: aide.conf
Source2: README.quickstart Source2: README.quickstart
@ -22,26 +20,29 @@ BuildRequires: libacl-devel
BuildRequires: pkgconfig(libselinux) BuildRequires: pkgconfig(libselinux)
BuildRequires: libattr-devel BuildRequires: libattr-devel
BuildRequires: e2fsprogs-devel BuildRequires: e2fsprogs-devel
BuildRequires: audit-libs-devel Buildrequires: audit-libs-devel
BuildRequires: autoconf automake libtool
Requires: libgcrypt >= 1.8.5
# Customize the database file location in the man page. # Customize the database file location in the man page.
Patch1: aide-0.16rc1-man.patch Patch1: aide-0.16rc1-man.patch
# fix aide in FIPS mode # fix aide in FIPS mode
Patch2: aide-0.16b1-fipsfix.patch Patch2: aide-0.16b1-fipsfix.patch
# Bug 1674637 - aide: FTBFS in Fedora rawhide/f30
Patch3: aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch
Patch4: aide-0.15-syslog-format.patch Patch3: aide-0.15-syslog-format.patch
Patch5: aide-0.16-crypto-disable-haval-and-others.patch Patch4: aide-0.16-crypto-disable-haval-and-others.patch
Patch6: coverity.patch Patch5: coverity.patch
Patch7: aide-0.16-crash-elf.patch Patch6: aide-0.16-crash-elf.patch
Patch8: aide-configure.patch
Patch9: aide-static-analysis.patch # 1676487 - Null pointer dereference fix spotted by coverity
Patch10: aide-0.16-CVE-2021-45417.patch Patch7: coverity2.patch
Patch11: aide-db-problem.patch
Patch12: rootPrefix.patch # 2041957 - CVE-2021-45417 aide: heap-based buffer overflow on outputs larger than B64_BUF
Patch13: aide-0.16-CVE-2025-54389.patch Patch8: aide-0.16-CVE-2021-45417.patch
# CVE-2025-54389 aide: improper output neutralization enables bypassing
Patch9: aide-0.16-CVE-2025-54389.patch
Patch10: aide-0.16-CVE-2025-54389-part2.patch
%description %description
AIDE (Advanced Intrusion Detection Environment) is a file integrity AIDE (Advanced Intrusion Detection Environment) is a file integrity
@ -49,10 +50,10 @@ checker and intrusion detection program.
%prep %prep
%autosetup -p1 %autosetup -p1
cp -a %{S:2} . cp -a %{S:2} .
%build %build
autoreconf -ivf
%configure \ %configure \
--disable-static \ --disable-static \
--with-config_file=%{_sysconfdir}/aide.conf \ --with-config_file=%{_sysconfdir}/aide.conf \
@ -63,9 +64,8 @@ autoreconf -ivf
--with-selinux \ --with-selinux \
--with-xattr \ --with-xattr \
--with-e2fsattrs \ --with-e2fsattrs \
--with-audit \ --with-audit
--with-confighmactype=sha512 \
--with-dbhmactype=sha512
%make_build %make_build
%install %install
@ -88,87 +88,61 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide
%dir %attr(0700,root,root) %{_localstatedir}/log/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide
%changelog %changelog
* Wed Aug 20 2025 Attila Lakatos <alakatos@redhat.com> - 0.16-105 * Thu Aug 21 2025 Attila Lakatos <alakatos@redhat.com> - 0.16.15.2
RHEL 9.7 ERRATUM
- CVE-2025-54389 aide: improper output neutralization enables bypassing - CVE-2025-54389 aide: improper output neutralization enables bypassing
Resolves: RHEL-109912 resolves: RHEL-109907
* Wed Jan 15 2025 Radovan Sroka <rsroka@redhat.com> - 0.16-103 * Tue Jan 25 2022 Radovan Sroka <rsroka@redhat.com> - 0.16.15
RHEL 9.6.0 ERRATUM - backported fix for CVE-2021-45417
- /boot/grub2/grubenv's timestamp is getting modified continuously due to "boot_success" implementation resolves: rhbz#2041957
Resolves: RHEL-4331
* Fri May 17 2024 Radovan Sroka <rsroka@redhat.com> - 0.16-102 * Tue Jun 30 2020 Radovan Sroka <rsroka@redhat.com> = 0.16.14
RHEL 9.5.0 ERRATUM - strict require for libgcrypt
- aide fails with "Not enough parameters in db:15384. Trying to continue." unexpectedly resolves: rhbz#1852407
Resolves: RHEL-27606
- AIDE fails when using root_prefix option
Resolves: RHEL-28882
* Mon Jan 24 2022 Radovan Sroka <rsroka@redhat.com> - 0.16-100 * Tue May 19 2020 Attila Lakatos <alakatos@redhat.com> - 0.16-13
- backport fix for CVE-2021-45417 - RHEL 8.3
Resolves: rhbz#2041950 - minor edit of aide.conf to make it consistent
resolves: rhbz#1740754
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.16-21 * Mon Apr 06 2020 Attila Lakatos <alakatos@redhat.com> - 0.16-12
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - RHEL 8.3
Related: rhbz#1991688 - minor edit of aide.conf
resolves: rhbz#1740754
- do not generate false warnings when report_ignore_e2fsattrs is specified in aide.conf
resolves: rhbz#1806323
* Thu May 27 2021 Zoltan Fridrich <zfridric@redhat.com> - 0.16-20 * Wed Jul 24 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-11
- fix configuration option with-dbhmactype - rebuild
- do not use sha1 and md5 by default - minor edit of aide.conf
Resolves: rhbz#1935457
- fix important static analysis issues
Resolves: rhbz#1938676
* Mon May 10 2021 Zoltan Fridrich <zfridric@redhat.com> - 0.16-19 * Tue Jul 23 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-10
- use gating and config file from rhel-8.5 - respin
- remove check of periodically changing files - minor edit of aide.conf
Resolves: rhbz#1957656
- config cleanup
Resolves: rhbz#1957654
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 0.16-18 * Tue Jul 23 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-9
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Null pointer dereference fix spotted by coverity
resolves: rhbz#1676487
- aide.conf needs updates for RHEL 8
resolves: rhbz#1708015
* Mon Jan 25 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-17 * Tue Oct 09 2018 Radovan Sroka <rsroka@redhat.com> - 0.16-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - fixed wrong line wrapping of messages in the syslog format
resolves: rhbz#1628153
- fixed coverity issues
resolves: rhbz#1602441
- fixed crash when processing .dynamic section
resolves: rhbz#1597250
* Fri Jul 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-16 * Wed Aug 29 2018 Radovan Sroka <rsroka@redhat.com> - 0.16-7
- Second attempt - Rebuilt for - fixed crypto problem with libgcrypt (fips)
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - resolves: rhbz#1623045
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-15 * Wed Aug 22 2018 Radovan Sroka <rsroka@redhat.com> - 0.16-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - ported syslog format from rhel7
resolves: rhbz#1584136
* Wed Jun 24 2020 Radovan Sroka <rsroka@redhat.com> 0.16-14 - fixed crypto problem with libgcrypt
- AIDE breaks when setting report_ignore_e2fsattrs resolves: rhbz#1584120
Resolves: rhbz#1850276
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Jul 31 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-12
- backport some patches
Resolves: rhbz#1717140
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Wed Feb 20 2019 Daniel Kopecek <dkopecek@redhat.com> - 0.16-10
- Fix building with curl
Resolves: rhbz#1674637
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Tue Jul 31 2018 Florian Weimer <fweimer@redhat.com> - 0.16-8
- Rebuild with fixed binutils
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Feb 20 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.16-6
- Rebuild
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-5 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

292
aide-0.16-CVE-2025-54389-part1.patch
View File

@ -1,292 +0,0 @@
diff --git a/ChangeLog b/ChangeLog
index 263c438f4a2a38edc45f91c0d5a216112a8fa38c..6aa3de30b76ae98bebe89df49a7041bc6e50df25 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,27 +1,31 @@
+2025-08-07 Hannes von Haugwitz <hannes@vonhaugwitz.com>
+ * Escape control characters in report and log output (CVE-2025-54389),
+ thanks to Rajesh Pangare for reporting this issue
+
2016-07-25 Hannes von Haugwitz <hannes@vonhaugwitz.com>
- * Release version 0.16
+ * Release version 0.16
2016-07-11 Hannes von Haugwitz <hannes@vonhaugwitz.com>
* Fix example aide.conf (xattr -> xattrs)
* aide.conf.5: update "SELECTION LINES" section
* Released version 0.16rc1
2016-07-10 Hannes von Haugwitz <hannes@vonhaugwitz.com>
* Fix compilation with latest libaudit
* Use AC_PROG_CC_C99 instead of AC_PROG_CC
* Add AM_PROG_CC_C_O
* aide.conf.in: logfile -> file
* Update README
* Update manual pages (aide.1 and aide.conf.5)
2016-07-07 Hannes von Haugwitz <hannes@vonhaugwitz.com>
* Adapt manual to version 0.16
2016-06-08 Hannes von Haugwitz <hannes@vonhaugwitz.com>
* Add missing break statements
2016-04-15 Hannes von Haugwitz <hannes@vonhaugwitz.com>
* Released version 0.16b1
2016-04-13 Hannes von Haugwitz <hannes@vonhaugwitz.com>
* Fix spelling errors
diff --git a/include/util.h b/include/util.h
index 79988536c974ca83b14696380f6006031e0fa5e4..68e6ee2a905856bc7b73f1a67633585e0c1d814d 100644
--- a/include/util.h
+++ b/include/util.h
@@ -22,48 +22,51 @@
#ifndef _UTIL_H_INCLUDED
#define _UTIL_H_INCLUDED
#include <string.h>
#include <sys/types.h>
#include "db_config.h"
#define HEXD2ASC(x) (((x) < 10) ? ((x) + '0') : ((x) - 10 + 'A'))
#define ASC2HEXD(x) (((x) >= '0' && (x) <= '9') ? \
((x) - '0') : (toupper(x) - 'A' + 10))
#define ISXDIGIT(x) isxdigit ((unsigned char)(x))
#define CLEANDUP(x) (contains_unsafe (x) ? encode_string (x) : strdup (x))
#ifndef HAVE_STRICMP
# define stricmp(a,b) strcasecmp( (a), (b) )
#endif
int cmpurl(url_t*, url_t*);
url_t* parse_url(char*);
int contains_unsafe(const char*);
+char *strnesc(const char *, size_t);
+char *stresc(const char *);
+
void decode_string(char*);
char* encode_string(const char*);
char* perm_to_char(mode_t perm);
void sig_handler(int signal);
void init_sighandler(void);
char *expand_tilde(char * path);
#ifndef HAVE_STRNSTR
char* strnstr(char* haystack,char* needle,int n);
#endif
#ifndef HAVE_STRNLEN
size_t strnlen(const char *s, size_t maxlen);
#endif
int syslog_facility_lookup(char *);
#endif
diff --git a/src/aide.c b/src/aide.c
index f85c1b4b95301eb3e2cf9212093751f39ea49b10..b9b2e325cfffcd4f9f3ce4c0ae3d06dce7a6956b 100644
--- a/src/aide.c
+++ b/src/aide.c
@@ -164,54 +164,58 @@ static int read_param(int argc,char**argv)
error(0,_("-B must have a parameter\n"));
exit(INVALID_ARGUMENT_ERROR);
}
break;
}
case 'A': {
if (optarg!=NULL) {
int errorno=commandconf('A',optarg);
if (errorno!=0){
error(0,_("Configuration error in after statement:%s\n"),optarg);
exit(INVALID_CONFIGURELINE_ERROR);
}
} else {
error(0,_("-A must have a parameter\n"));
exit(INVALID_ARGUMENT_ERROR);
}
break;
}
case 'l': {
if (optarg!=NULL) {
const char* pcre_error;
int pcre_erroffset;
conf->limit=malloc(strlen(optarg)+1);
strcpy(conf->limit,optarg);
if((conf->limit_crx=pcre_compile(conf->limit, PCRE_ANCHORED, &pcre_error, &pcre_erroffset, NULL)) == NULL) {
- error(0,_("Error in limit regexp '%s' at %i: %s\n"), conf->limit, pcre_erroffset, pcre_error);
+ char *limit_safe = stresc(conf->limit);
+ error(0,_("Error in limit regexp '%s' at %i: %s\n"), limit_safe, pcre_erroffset, pcre_error);
+ free(limit_safe);
exit(INVALID_ARGUMENT_ERROR);
}
- error(200,_("Limit set to '%s'\n"), conf->limit);
+ char *limit_safe = stresc(conf->limit);
+ error(200,_("Limit set to '%s'\n"), limit_safe);
+ free(limit_safe);
} else {
error(0,_("-l must have an argument\n"));
exit(INVALID_ARGUMENT_ERROR);
}
break;
}
case 'r': {
if(optarg!=NULL) {
do_repurldef(optarg);
}else {
error(0,_("-r must have an argument\n"));
}
break;
}
case 'i': {
if(conf->action==0){
conf->action=DO_INIT;
}else {
error(0,
_("Cannot have multiple commands on a single commandline.\n"));
exit(INVALID_ARGUMENT_ERROR);
};
break;
}
case 'C': {
diff --git a/src/util.c b/src/util.c
index ea438273296fbac24fb5d83cd0f2661aa93c0c0a..c39ff352d7fd707471b6d6add8c099a3ca643b9d 100644
--- a/src/util.c
+++ b/src/util.c
@@ -2,89 +2,128 @@
*
* Copyright (C) 1999-2002,2004-2006,2010,2011,2013,2016 Rami Lehti, Pablo
* Virolainen, Mike Markley, Richard van den Berg, Hannes von Haugwitz
* $Header$
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include "aide.h"
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/stat.h>
+#include <stdio.h>
#include <signal.h>
#include <ctype.h>
#include <syslog.h>
/*for locale support*/
#include "locale-aide.h"
/*for locale support*/
#ifndef MAXHOSTNAMELEN
#define MAXHOSTNAMELEN 256
#endif
#include "report.h"
#include "db_config.h"
#include "util.h"
#define URL_UNSAFE " <>\"#%{}|\\^~[]`@:\033'"
#define ISPRINT(c) (isascii(c) && isprint(c))
static const char* url_name[] = {
"file", "stdin", "stdout", "stderr", "fd", "sql", "syslog", "database", "https", "http", "ftp" };
static const int url_value[] = {
url_file, url_stdin, url_stdout,url_stderr,url_fd, url_sql, url_syslog, url_database, url_https, url_http, url_ftp };
const int url_ntypes=sizeof(url_value)/sizeof(URL_TYPE);
int cmpurl(url_t* u1,url_t* u2)
{
if(u1->type!= u2->type){
return RETFAIL;
};
if(strcmp(u1->value,u2->value)!=0){
return RETFAIL;
}
return RETOK;
};
+static size_t escape_str(const char *unescaped_str, char *str, size_t s) {
+ size_t n = 0;
+ size_t i = 0;
+ char c;
+ while (i < s && (c = unescaped_str[i])) {
+ if ((c >= 0 && (c < 0x1f || c == 0x7f)) ||
+ (c == '\\' && isdigit(unescaped_str[i+1])
+ && isdigit(unescaped_str[i+2])
+ && isdigit(unescaped_str[i+3])
+ ) ) {
+ if (str) { snprintf(&str[n], 5, "\\%03o", c); }
+ n += 4;
+ } else {
+ if (str) { str[n] = c; }
+ n++;
+ }
+ i++;
+ }
+ if (str) { str[n] = '\0'; }
+ n++;
+ return n;
+}
+
+char *strnesc(const char *unescaped_str, size_t s) {
+ int n = escape_str(unescaped_str, NULL, s);
+ char *str = malloc(n);
+ if (str == NULL) {
+ error(0, "malloc: failed to allocate %d bytes of memory\n", n);
+ exit(EXIT_FAILURE);
+ }
+ escape_str(unescaped_str, str, s);
+ return str;
+}
+
+char *stresc(const char *unescaped_str) {
+ return strnesc(unescaped_str, strlen(unescaped_str));
+}
+
url_t* parse_url(char* val)
{
url_t* u=NULL;
char* r=NULL;
char* val_copy=NULL;
int i=0;
if(val==NULL){
return NULL;
}
u=(url_t*)malloc(sizeof(url_t));
/* We don't want to modify the original hence strdup(val) */
val_copy=strdup(val);
for(r=val_copy;r[0]!=':'&&r[0]!='\0';r++);
if(r[0]!='\0'){
r[0]='\0';
r++;
}
u->type=url_unknown;
for(i=0;i<url_ntypes;i++){
if(strcmp(val_copy,url_name[i])==0){
u->type=url_value[i];

91
aide-0.16-CVE-2025-54389-part2.patch
View File

@ -1,91 +0,0 @@
diff -U0 aide-0.16/ChangeLog.orig aide-0.16/ChangeLog
diff -up aide-0.16/doc/aide.1.in.orig aide-0.16/doc/aide.1.in
diff -up aide-0.16/doc/aide.1.orig aide-0.16/doc/aide.1
diff -up aide-0.16/include/util.h.orig aide-0.16/include/util.h
diff -up aide-0.16/src/aide.c.orig aide-0.16/src/aide.c
diff -up aide-0.16/src/compare_db.c.orig aide-0.16/src/compare_db.c
--- aide-0.16/src/compare_db.c.orig 2025-08-20 16:40:25.219559352 +0200
+++ aide-0.16/src/compare_db.c 2025-08-20 16:40:33.945999660 +0200
@@ -526,15 +526,24 @@ static void print_line(seltree* node) {
}
}
summary[length]='\0';
- error(2,"\n%s: %s", summary, (node->checked&NODE_REMOVED?node->old_data:node->new_data)->filename);
+ const char *rawname = (node->checked&NODE_REMOVED?node->old_data:node->new_data)->filename;
+ char *filename_safe = stresc(rawname);
+ error(2,"\n%s: %s", summary, filename_safe);
+ free(filename_safe);
free(summary); summary=NULL;
} else {
if (node->checked&NODE_ADDED) {
- error(2,"added: %s\n",(node->new_data)->filename);
+ char *filename_safe = stresc((node->new_data)->filename);
+ error(2,"added: %s\n",filename_safe);
+ free(filename_safe);
} else if (node->checked&NODE_REMOVED) {
- error(2,"removed: %s\n",(node->old_data)->filename);
+ char *filename_safe = stresc((node->old_data)->filename);
+ error(2,"removed: %s\n",filename_safe);
+ free(filename_safe);
} else if (node->checked&NODE_CHANGED) {
- error(2,"changed: %s\n",(node->new_data)->filename);
+ char *filename_safe = stresc((node->new_data)->filename);
+ error(2,"changed: %s\n",filename_safe);
+ free(filename_safe);
}
}
}
@@ -552,6 +561,9 @@ static void print_dbline_attributes(db_l
error(2,"%s: ", file_type);
}
error(2,"%s\n", (nline==NULL?oline:nline)->filename);
+ char *filename_safe = stresc((nline==NULL?oline:nline)->filename);
+ error(2,"%s\n", filename_safe);
+ free(filename_safe);
attrs=force_attrs|(~(ignored_changed_attrs)&changed_attrs);
for (j=0; j < length; ++j) {
if (details_attributes[j]&attrs) {
@@ -559,21 +571,35 @@ static void print_dbline_attributes(db_l
nnumber=get_attribute_values(details_attributes[j], nline, &nvalue);
i = 0;
while (i<onumber || i<nnumber) {
- olen = i<onumber?strlen(ovalue[i]):0;
- nlen = i<nnumber?strlen(nvalue[i]):0;
+ char *ovalue_safe = NULL;
+ char *nvalue_safe = NULL;
+ if (i<onumber) {
+ ovalue_safe = stresc(ovalue[i]);
+ olen = strlen(ovalue_safe);
+ } else {
+ olen = 0;
+ }
+ if (i<nnumber) {
+ nvalue_safe = stresc(nvalue[i]);
+ nlen = strlen(nvalue_safe);
+ } else {
+ nlen = 0;
+ }
k = 0;
while (olen-p*k >= 0 || nlen-p*k >= 0) {
c = k*(p-1);
if (!onumber) {
- error(2," %s%-9s%c %-*c %.*s\n", width_details%2?"":" ", i+k?"":details_string[j], i+k?' ':':', p, ' ', p-1, nlen-c>0?&nvalue[i][c]:"");
+ error(2," %s%-9s%c %-*c %.*s\n", width_details%2?"":" ", i+k?"":details_string[j], i+k?' ':':', p, ' ', p-1, nlen-c>0?&nvalue_safe[c]:"");
} else if (!nnumber) {
- error(2," %s%-9s%c %.*s\n", width_details%2?"":" ", i+k?"":details_string[j], i+k?' ':':', p-1, olen-c>0?&ovalue[i][c]:"");
+ error(2," %s%-9s%c %.*s\n", width_details%2?"":" ", i+k?"":details_string[j], i+k?' ':':', p-1, olen-c>0?&ovalue_safe[c]:"");
} else {
- error(2," %s%-9s%c %-*.*s| %.*s\n", width_details%2?"":" ", i+k?"":details_string[j], i+k?' ':':', p, p-1, olen-c>0?&ovalue[i][c]:"", p-1, nlen-c>0?&nvalue[i][c]:"");
+ error(2," %s%-9s%c %-*.*s| %.*s\n", width_details%2?"":" ", i+k?"":details_string[j], i+k?' ':':', p, p-1, olen-c>0?&ovalue_safe[c]:"", p-1, nlen-c>0?&nvalue_safe[c]:"");
}
k++;
}
++i;
+ free(ovalue_safe);
+ free(nvalue_safe);
}
for(i=0; i < onumber; ++i) { free(ovalue[i]); ovalue[i]=NULL; } free(ovalue); ovalue=NULL;
for(i=0; i < nnumber; ++i) { free(nvalue[i]); nvalue[i]=NULL; } free(nvalue); nvalue=NULL;
diff -up aide-0.16/src/error.c.orig aide-0.16/src/error.c
diff -up aide-0.16/src/gen_list.c.orig aide-0.16/src/gen_list.c
diff -up aide-0.16/src/util.c.orig aide-0.16/src/util.c

58
aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch
View File

@ -1,58 +0,0 @@
From c7caa6027c92b28aa11b8da74d56357e12f56d67 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Kope=C4=8Dek?= <dkopecek@redhat.com>
Date: Wed, 20 Feb 2019 12:00:56 +0100
Subject: [PATCH] Use LDADD for adding curl library to the linker command
---
Makefile.am | 2 +-
configure.ac | 5 +++--
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 4b05d7a..1541d56 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -55,7 +55,7 @@ if USE_CURL
aide_SOURCES += include/fopen.h src/fopen.c
endif
-aide_LDADD = -lm @PCRELIB@ @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@
+aide_LDADD = -lm @PCRELIB@ @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@ @CURLLIB@
AM_CFLAGS = @AIDE_DEFS@ -W -Wall -g
AM_CPPFLAGS = -I$(top_srcdir) \
-I$(top_srcdir)/include \
diff --git a/configure.ac b/configure.ac
index 3598ebe..0418c59 100644
--- a/configure.ac
+++ b/configure.ac
@@ -702,24 +702,25 @@ if test x$with_zlib = xyes; then
compoptionstring="${compoptionstring}WITH_ZLIB\\n"
fi
+CURLLIB=
if test x$with_curl = xyes; then
AC_PATH_PROG(curlconfig, "curl-config")
if test "_$curlconfig" != _ ; then
CURL_CFLAGS=`$curlconfig --cflags`
- CURL_LIBS=`$curlconfig --libs`
+ CURLLIB=`$curlconfig --libs`
else
AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])
fi
AC_CHECK_HEADERS(curl/curl.h,,
[AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])])
CFLAGS="$CFLAGS $CURL_CFLAGS"
- LDFLAGS="$LDFLAGS $CURL_LIBS"
AC_CHECK_LIB(curl,curl_easy_init,havecurl=yes,
[AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])]
)
AC_DEFINE(WITH_CURL,1,[use curl])
compoptionstring="${compoptionstring}WITH_CURL\\n"
fi
+AC_SUBST(CURLLIB)
AM_CONDITIONAL(USE_CURL, test x$havecurl = xyes)
AC_ARG_WITH(mhash,
--
2.20.1

51
aide-configure.patch
View File

@ -1,51 +0,0 @@
diff --color -ru a/configure.ac b/configure.ac
--- a/configure.ac 2021-05-20 09:31:11.686987129 +0200
+++ b/configure.ac 2021-05-20 09:39:43.369967457 +0200
@@ -784,11 +784,11 @@
[if test "x$withval" = "xmd5" ;then
CONFIGHMACTYPE="MHASH_MD5"
else if test "x$withval" = "xsha1" ;then
- CONFIGHMACTYPE="MHASH_SHA1"
+ CONFIGHMACTYPE="MHASH_SHA1"
else if test "x$withval" = "xsha256" ;then
- CONFIGHMACTYPE="MHASH_SHA256"
+ CONFIGHMACTYPE="MHASH_SHA256"
else if test "x$withval" = "xsha512" ;then
- CONFIGHMACTYPE="MHASH_SHA512"
+ CONFIGHMACTYPE="MHASH_SHA512"
else
echo "Valid parameters for --with-confighmactype are md5, sha1, sha256 and sha512"
exit 1
@@ -799,7 +799,6 @@
AC_DEFINE_UNQUOTED(CONFIGHMACTYPE,$CONFIGHMACTYPE,[hash type for config file check])],
[
AC_DEFINE_UNQUOTED(CONFIGHMACTYPE,MHASH_MD5,[hash type for config file check])]
-,
)
AC_ARG_WITH([confighmackey],
@@ -846,18 +845,18 @@
AC_ARG_WITH([dbhmactype],
AC_HELP_STRING([--with-dbhmactype=TYPE],
- [Hash type to use for checking db. Valid values are md5 and sha1.]),
+ [Hash type to use for checking db. Valid values are md5, sha1, sha256 and sha512.]),
[if test "x$withval" = "xmd5" ;then
DBHMACTYPE="MHASH_MD5"
else if test "x$withval" = "xsha1" ;then
- DBHMACTYPE="MHASH_SHA1"
+ DBHMACTYPE="MHASH_SHA1"
else if test "x$withval" = "xsha256" ;then
- CONFIGHMACTYPE="MHASH_SHA256"
+ DBHMACTYPE="MHASH_SHA256"
else if test "x$withval" = "xsha512" ;then
- CONFIGHMACTYPE="MHASH_SHA512"
+ DBHMACTYPE="MHASH_SHA512"
else
- echo "Valid parameters for --with-dbhmactype are md5, sha1, sha256 and sha512"
- exit 1
+ echo "Valid parameters for --with-dbhmactype are md5, sha1, sha256 and sha512"
+ exit 1
fi
fi
fi

11
aide-db-problem.patch
View File

@ -1,11 +0,0 @@
diff -up aide-0.16/src/commandconf.c.rhcase03736158 aide-0.16/src/commandconf.c
--- aide-0.16/src/commandconf.c.rhcase03736158 2024-03-01 11:06:35.305712992 +0100
+++ aide-0.16/src/commandconf.c 2024-03-01 11:08:07.726499878 +0100
@@ -306,6 +306,7 @@ int db_input_wrapper(char* buf, int max_
retval=0;
buf[0]='\0';
}else {
+ buf[0]='\0';
if((retval=gzread(*db_gzp,buf,max_size))<0){
error(0,_("gzread() failed: gzerr=%s!\n"),gzerror(*db_gzp,&err));
retval=0;

171
aide-static-analysis.patch
View File

@ -1,171 +0,0 @@
Only in b: config.log
diff --color -ru a/contrib/sshaide.sh b/contrib/sshaide.sh
--- a/contrib/sshaide.sh 2016-07-25 22:56:55.000000000 +0200
+++ b/contrib/sshaide.sh 2021-05-20 11:11:24.112542472 +0200
@@ -260,7 +260,7 @@
_randword=`grep -n . ${_wordlist} | grep "^${_linenum}:" | cut -d: -f2`
# If $_randword has anything other than lower-case chars, try again
- (echo ${_randword} | LC_ALL=C grep '[^a-z]' 2>&1 >> /dev/null \
+ ({ echo ${_randword} | LC_ALL=C grep '[^a-z]' 2>&1; } >> /dev/null \
&& gen_rand_word ) || \
# Return the word
diff --color -ru a/src/commandconf.c b/src/commandconf.c
--- a/src/commandconf.c 2021-05-20 10:37:53.842382143 +0200
+++ b/src/commandconf.c 2021-05-25 14:16:43.278526146 +0200
@@ -313,7 +313,7 @@
} else {
/* gzread returns 0 even if uncompressed bytes were read*/
error(240,"nread=%d,strlen(buf)=%lu,errno=%s,gzerr=%s\n",
- retval,(unsigned long)strnlen((char*)buf, max_size),
+ retval,(unsigned long)strnlen((char*)buf, retval),
strerror(errno),gzerror(*db_gzp,&err));
if(retval==0){
retval=strnlen((char*)buf, max_size);
@@ -836,6 +836,11 @@
}
break;
}
+ default: {
+ error(0,"Unsupported dbtype.\n");
+ free(u);
+ break;
+ }
}
}
free(val);
@@ -900,7 +905,7 @@
} else {
error_init(u,0);
}
-
+ free(u->value);
free(u);
}
diff --color -ru a/src/db_disk.c b/src/db_disk.c
--- a/src/db_disk.c 2021-05-20 10:37:53.842382143 +0200
+++ b/src/db_disk.c 2021-05-20 12:37:00.081493364 +0200
@@ -125,10 +125,10 @@
ret = (char *) malloc (len);
ret[0] = (char) 0;
- strncpy(ret, conf->root_prefix, conf->root_prefix_length+1);
- strncat (ret, r->path, len2);
+ strcpy(ret, conf->root_prefix);
+ strcat (ret, r->path);
if (r->path[len2 - 1] != '/') {
- strncat (ret, "/", 1);
+ strcat (ret, "/");
}
strcat (ret, s);
return ret;
@@ -207,8 +207,8 @@
if (!root_handled) {
root_handled = 1;
fullname=malloc((conf->root_prefix_length+2)*sizeof(char));
- strncpy(fullname, conf->root_prefix, conf->root_prefix_length+1);
- strncat (fullname, "/", 1);
+ strcpy(fullname, conf->root_prefix);
+ strcat (fullname, "/");
if (!get_file_status(&fullname[conf->root_prefix_length], &fs)) {
add = check_rxtree (&fullname[conf->root_prefix_length], conf->tree, &attr, fs.st_mode);
error (240, "%s match=%d, tree=%p, attr=%llu\n", &fullname[conf->root_prefix_length], add,
@@ -346,8 +346,8 @@
error (255, "r->childs %p, r->parent %p,r->checked %i\n",
r->childs, r->parent, r->checked);
fullname=malloc((conf->root_prefix_length+strlen(r->path)+1)*sizeof(char));
- strncpy(fullname, conf->root_prefix, conf->root_prefix_length+1);
- strncat(fullname, r->path, strlen(r->path));
+ strcpy(fullname, conf->root_prefix);
+ strcat(fullname, r->path);
dirh=open_dir(fullname);
if (! dirh) {
@@ -441,8 +441,8 @@
char* fullname=malloc((conf->root_prefix_length+2)*sizeof(char));
- strncpy(fullname, conf->root_prefix, conf->root_prefix_length+1);
- strncat (fullname, "/", 1);
+ strcpy(fullname, conf->root_prefix);
+ strcat (fullname, "/");
dirh=open_dir(fullname);
free(fullname);
diff --color -ru a/src/error.c b/src/error.c
--- a/src/error.c 2021-05-20 10:37:53.836382037 +0200
+++ b/src/error.c 2021-05-21 11:49:09.781313097 +0200
@@ -125,7 +125,7 @@
fh=be_init(0,url,0);
if(fh!=NULL) {
conf->report_fd=list_append(conf->report_fd,(void*)fh);
- conf->report_url=list_append(conf->report_url,(void*)url);
+ conf->report_url=list_append(conf->report_url,(void*)strdup(url));
return RETOK;
}
diff --color -ru a/src/util.c b/src/util.c
--- a/src/util.c 2021-05-20 10:37:53.843382160 +0200
+++ b/src/util.c 2021-05-25 11:04:39.507278771 +0200
@@ -105,13 +105,15 @@
for(i=0;r[0]!='/'&&r[0]!='\0';r++,i++);
if(r[0]=='\0'){
error(0,"Invalid file-URL,no path after hostname: file:%s\n",t);
+ free(u);
+ free(val_copy);
free(hostname);
return NULL;
}
u->value=strdup(r);
r[0]='\0';
if(gethostname(hostname,MAXHOSTNAMELEN)==-1){
- strncpy(hostname,"localhost", 10);
+ strncpy(hostname,"localhost",MAXHOSTNAMELEN);
}
if( (strcmp(t,"localhost")==0)||(strcmp(t,hostname)==0)){
@@ -119,6 +121,9 @@
break;
} else {
error(0,"Invalid file-URL, cannot use hostname other than localhost or %s: file:%s\n",hostname,u->value);
+ free(u->value);
+ free(u);
+ free(val_copy);
free(hostname);
return NULL;
}
@@ -229,6 +234,10 @@
int i=0;
pc=(char*)malloc(sizeof(char)*11);
+ if (!pc) {
+ error(0, "Memory allocation failed.\n");
+ return NULL;
+ }
for(i=0;i<10;i++){
pc[i]='-';
}
@@ -369,14 +378,17 @@
if (path != NULL) {
if (path[0] == '~') {
- if((homedir=getenv("HOME")) != NULL) {
+ if ((homedir=getenv("HOME")) != NULL) {
path_len = strlen(path+sizeof(char));
homedir_len = strlen(homedir);
full_len = homedir_len+path_len;
full = malloc(sizeof(char) * (full_len+1));
- strncpy(full, homedir, homedir_len);
- strncpy(full+homedir_len, path+sizeof(char), path_len);
- full[full_len] = '\0';
+ if (!full) {
+ error(0, "Memory allocation failed.\n");
+ return path;
+ }
+ strcpy(full, homedir);
+ strcat(full, path+sizeof(char));
free(path);
/* Don't free(homedir); because it is not safe on some platforms */
path = full;

11
ci_tests.fmf
View File

@ -1,11 +0,0 @@
/e2e:
plan:
import:
url: https://github.com/RedHat-SP-Security/aide-plans.git
name: /generic/e2e_ci
/rpmverify:
plan:
import:
url: https://github.com/RedHat-SP-Security/aide-plans.git
name: /generic/rpmverify

6
gating.yaml
View File

@ -1,6 +0,0 @@
--- !Policy
product_versions:
- rhel-9
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

21
rootPrefix.patch
View File

@ -1,21 +0,0 @@
diff -Naur aide-0.16.orig/src/db_disk.c aide-0.16/src/db_disk.c
--- aide-0.16.orig/src/db_disk.c 2024-03-11 16:45:06.594013966 -0400
+++ aide-0.16/src/db_disk.c 2024-03-11 16:45:06.584013966 -0400
@@ -209,7 +209,7 @@
fullname=malloc((conf->root_prefix_length+2)*sizeof(char));
strcpy(fullname, conf->root_prefix);
strcat (fullname, "/");
- if (!get_file_status(&fullname[conf->root_prefix_length], &fs)) {
+ if (!get_file_status(fullname, &fs)) {
add = check_rxtree (&fullname[conf->root_prefix_length], conf->tree, &attr, fs.st_mode);
error (240, "%s match=%d, tree=%p, attr=%llu\n", &fullname[conf->root_prefix_length], add,
conf->tree, attr);
@@ -255,7 +255,7 @@
If not call, db_readline_disk again...
*/
- if (get_file_status(&fullname[conf->root_prefix_length], &fs)) {
+ if (get_file_status(fullname, &fs)) {
free (fullname);
goto recursion;
}

1
sources
View File

@ -1 +0,0 @@
SHA512 (aide-0.16.tar.gz) = 29ad97756e3e2fb21dc332ed03b494a1c73e621266f8622ec80bdba23092a38ee975b97f3cff2330e4c16e64e2f672259eea9291ca706a4009e7399b4e14e6a7