rpms/audit
5
0
Fork 0
Code Issues Pull Requests Releases Activity

auditctl: correct buffer in filter_supported_syscalls to avoid overflow

Browse Source 
Resolves: RHEL-59585
This commit is contained in:
Cropi 2025-02-11 09:44:28 +01:00
parent 62a7f6f867
commit 996c7a2a82
2 changed files with 64 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
audit.spec
View File

@ -2,7 +2,7 @@
Summary: User space tools for kernel auditing Summary: User space tools for kernel auditing
Name: audit Name: audit
Version: 3.1.5 Version: 3.1.5
Release: 3%{?dist} Release: 4%{?dist}
License: GPLv2+ License: GPLv2+
URL: http://people.redhat.com/sgrubb/audit/ URL: http://people.redhat.com/sgrubb/audit/
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
@ -15,6 +15,7 @@ Patch4: readonly.patch
Patch5: disable-protectkernmelmodules.patch Patch5: disable-protectkernmelmodules.patch
Patch6: remote-logging-ordering-cycle.patch Patch6: remote-logging-ordering-cycle.patch
Patch7: permtab-filter-unsupport.patch Patch7: permtab-filter-unsupport.patch
Patch8: auditctl-permtab.patch
BuildRequires: make gcc swig BuildRequires: make gcc swig
BuildRequires: openldap-devel BuildRequires: openldap-devel
@ -104,6 +105,7 @@ cp %{SOURCE1} .
%patch -P 5 -p1 %patch -P 5 -p1
%patch -P 6 -p1 %patch -P 6 -p1
%patch -P 7 -p1 %patch -P 7 -p1
%patch -P 8 -p1
autoreconf -fv --install autoreconf -fv --install
@ -292,6 +294,10 @@ fi
%attr(750,root,root) %{_sbindir}/audispd-zos-remote %attr(750,root,root) %{_sbindir}/audispd-zos-remote
%changelog %changelog
* Tue Feb 11 2025 Attila Lakatos <alakatos@redhat.com> - 3.1.5-4
- auditctl: correct buffer in filter_supported_syscalls to avoid overflow
Resolves: RHEL-59585
* Mon Feb 03 2025 Attila Lakatos <alakatos@redhat.com> - 3.1.5-3 * Mon Feb 03 2025 Attila Lakatos <alakatos@redhat.com> - 3.1.5-3
- Don't do "live" operations during rpm-ostree composes - Don't do "live" operations during rpm-ostree composes
Resolves: RHEL-69033 Resolves: RHEL-69033

57
auditctl-permtab.patch Normal file
View File

@ -0,0 +1,57 @@
diff -up audit-3.1.5/lib/libaudit.c.orig audit-3.1.5/lib/libaudit.c
--- audit-3.1.5/lib/libaudit.c.orig 2025-02-11 12:11:17.529016934 +0100
+++ audit-3.1.5/lib/libaudit.c 2025-02-11 12:13:51.206171338 +0100
@@ -1516,37 +1516,35 @@ static char* filter_supported_syscalls(c
return NULL;
}
- // Allocate memory for the filtered syscalls string
- char* filtered_syscalls = malloc(strlen(syscalls) + 1);
- if (filtered_syscalls == NULL) {
- return NULL;
- }
- filtered_syscalls[0] = '\0'; // Initialize as empty string
-
- // Tokenize the syscalls string and filter unsupported syscalls
+ char buf[512] = "";
+ char* ptr = buf;
const char* delimiter = ",";
+
char* syscalls_copy = strdup(syscalls);
- if (syscalls_copy == NULL) {
- free(filtered_syscalls);
+ if (syscalls_copy == NULL)
return NULL;
- }
+
char* token = strtok(syscalls_copy, delimiter);
+ int first = 1; // Track if this is the first syscall being added
+
while (token != NULL) {
if (audit_name_to_syscall(token, machine) != -1) {
- strcat(filtered_syscalls, token);
- strcat(filtered_syscalls, delimiter);
+ if (!first)
+ *ptr++ = ',';
+ ptr = stpcpy(ptr, token);
+ first = 0;
}
token = strtok(NULL, delimiter);
}
+
free(syscalls_copy);
- // Remove the trailing delimiter, if present
- size_t len = strlen(filtered_syscalls);
- if (len > 0 && filtered_syscalls[len - 1] == ',') {
- filtered_syscalls[len - 1] = '\0';
+ // If no valid syscalls were found, return NULL
+ if (ptr == buf) {
+ return NULL;
}
- return filtered_syscalls;
+ return strdup(buf);
}
static int audit_add_perm_syscalls(int perm, struct audit_rule_data *rule)