rpms/audit
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix timestamp parsing

Browse Source 
Related: rhbz#1938680
This commit is contained in:
Sergio Correia 2021-08-17 23:09:17 -03:00
parent 136e6e981a
commit c6ac0d1842
No known key found for this signature in database
GPG Key ID: D0D219ED1F7E762C
2 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
0002-audit-3.0.6-time.patch Normal file
View File

@ -0,0 +1,34 @@
---
auparse/auparse.c | 2 +-
src/ausearch-lol.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/auparse/auparse.c b/auparse/auparse.c
index cc7ba5c..75ad8e7 100644
--- a/auparse/auparse.c
+++ b/auparse/auparse.c
@@ -1202,7 +1202,7 @@ static int extract_timestamp(const char *b, au_event_t *e)
// at this point we have type=
ptr = audit_strsplit(NULL);
// strlen is for fuzzers that make invalid lines
- if (ptr && strnlen(ptr, 28) > 24) {
+ if (ptr && strnlen(ptr, 20) > 18) {
if (*(ptr+9) == '(')
ptr+=9;
else
diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
index bb596a2..4a7e5fd 100644
--- a/src/ausearch-lol.c
+++ b/src/ausearch-lol.c
@@ -194,7 +194,7 @@ static int extract_timestamp(const char *b, event *e)
// Now should be pointing to msg=
ptr = audit_strsplit(NULL);
// strlen is for fuzzers that make invalid lines
- if (ptr && strlen(ptr) > 24) {
+ if (ptr && strnlen(ptr, 20) > 18) {
if (*(ptr+9) == '(')
ptr+=9;
else
--
2.31.1

8
audit.spec
View File

@ -2,13 +2,14 @@
Summary: User space tools for kernel auditing
Name: audit
Version: 3.0.5
Release: 1%{?dist}
Release: 2%{?dist}
License: GPLv2+
URL: http://people.redhat.com/sgrubb/audit/
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
Patch1: 0001-Add-ausysrulevalidate.patch
Patch2: 0002-audit-3.0.6-time.patch
BuildRequires: make gcc swig
BuildRequires: openldap-devel
@ -90,6 +91,7 @@ Management Facility) database, through an IBM Tivoli Directory Server
%setup -q
cp %{SOURCE1} .
%patch1 -p1
%patch2 -p1
# Remove the ids code, its not ready
sed -i 's/ ids / /' audisp/plugins/Makefile.in
@ -254,6 +256,10 @@ fi
%attr(750,root,root) %{_sbindir}/audispd-zos-remote
%changelog
* Tue Aug 17 2021 Sergio Correia <scorreia@redhat.com> - 3.0.5-2
- Fix timestamp parsing
Related: rhbz#1938680
* Mon Aug 16 2021 Sergio Correia <scorreia@redhat.com> - 3.0.5-1
- New upstream release, 3.0.5
Related: rhbz#1938680