diff --git a/audit.spec b/audit.spec index 94a43a4..ca54644 100644 --- a/audit.spec +++ b/audit.spec @@ -2,7 +2,7 @@ Summary: User space tools for kernel auditing Name: audit Version: 3.1.5 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2+ URL: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz @@ -15,6 +15,7 @@ Patch4: readonly.patch Patch5: disable-protectkernmelmodules.patch Patch6: remote-logging-ordering-cycle.patch Patch7: permtab-filter-unsupport.patch +Patch8: auditctl-permtab.patch BuildRequires: make gcc swig BuildRequires: openldap-devel @@ -104,6 +105,7 @@ cp %{SOURCE1} . %patch -P 5 -p1 %patch -P 6 -p1 %patch -P 7 -p1 +%patch -P 8 -p1 autoreconf -fv --install @@ -292,6 +294,10 @@ fi %attr(750,root,root) %{_sbindir}/audispd-zos-remote %changelog +* Tue Feb 11 2025 Attila Lakatos - 3.1.5-4 +- auditctl: correct buffer in filter_supported_syscalls to avoid overflow + Resolves: RHEL-59585 + * Mon Feb 03 2025 Attila Lakatos - 3.1.5-3 - Don't do "live" operations during rpm-ostree composes Resolves: RHEL-69033 diff --git a/auditctl-permtab.patch b/auditctl-permtab.patch new file mode 100644 index 0000000..b39f058 --- /dev/null +++ b/auditctl-permtab.patch @@ -0,0 +1,57 @@ +diff -up audit-3.1.5/lib/libaudit.c.orig audit-3.1.5/lib/libaudit.c +--- audit-3.1.5/lib/libaudit.c.orig 2025-02-11 12:11:17.529016934 +0100 ++++ audit-3.1.5/lib/libaudit.c 2025-02-11 12:13:51.206171338 +0100 +@@ -1516,37 +1516,35 @@ static char* filter_supported_syscalls(c + return NULL; + } + +- // Allocate memory for the filtered syscalls string +- char* filtered_syscalls = malloc(strlen(syscalls) + 1); +- if (filtered_syscalls == NULL) { +- return NULL; +- } +- filtered_syscalls[0] = '\0'; // Initialize as empty string +- +- // Tokenize the syscalls string and filter unsupported syscalls ++ char buf[512] = ""; ++ char* ptr = buf; + const char* delimiter = ","; ++ + char* syscalls_copy = strdup(syscalls); +- if (syscalls_copy == NULL) { +- free(filtered_syscalls); ++ if (syscalls_copy == NULL) + return NULL; +- } ++ + char* token = strtok(syscalls_copy, delimiter); ++ int first = 1; // Track if this is the first syscall being added ++ + while (token != NULL) { + if (audit_name_to_syscall(token, machine) != -1) { +- strcat(filtered_syscalls, token); +- strcat(filtered_syscalls, delimiter); ++ if (!first) ++ *ptr++ = ','; ++ ptr = stpcpy(ptr, token); ++ first = 0; + } + token = strtok(NULL, delimiter); + } ++ + free(syscalls_copy); + +- // Remove the trailing delimiter, if present +- size_t len = strlen(filtered_syscalls); +- if (len > 0 && filtered_syscalls[len - 1] == ',') { +- filtered_syscalls[len - 1] = '\0'; ++ // If no valid syscalls were found, return NULL ++ if (ptr == buf) { ++ return NULL; + } + +- return filtered_syscalls; ++ return strdup(buf); + } + + static int audit_add_perm_syscalls(int perm, struct audit_rule_data *rule)