From c7215bd3fbde74c36e0afec52ac3f3031c6a1646 Mon Sep 17 00:00:00 2001 From: sgrubb Date: Fri, 8 Jul 2016 17:44:51 -0400 Subject: [PATCH] Correct size information of dispatched event --- audit-2.6.5-disp-hdr.patch | 60 ++++++++++++++++++++++++++++++++++++++ audit.spec | 7 ++++- 2 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 audit-2.6.5-disp-hdr.patch diff --git a/audit-2.6.5-disp-hdr.patch b/audit-2.6.5-disp-hdr.patch new file mode 100644 index 0000000..882fb64 --- /dev/null +++ b/audit-2.6.5-disp-hdr.patch @@ -0,0 +1,60 @@ +diff -urp audit-2.6.5.orig/audisp/audispd.c audit-2.6.5/audisp/audispd.c +--- audit-2.6.5.orig/audisp/audispd.c 2016-07-08 12:17:53.000000000 -0400 ++++ audit-2.6.5/audisp/audispd.c 2016-07-08 17:11:18.659015835 -0400 +@@ -825,13 +825,25 @@ static void process_inbound_event(int fd + + if (rc > 0) { + /* Sanity check */ +- if (!(e->hdr.ver == AUDISP_PROTOCOL_VER || +- e->hdr.ver == AUDISP_PROTOCOL_VER2) || +- e->hdr.hlen != sizeof(e->hdr) || +- e->hdr.size > MAX_AUDIT_MESSAGE_LENGTH) { ++ if ((e->hdr.ver != AUDISP_PROTOCOL_VER && ++ e->hdr.ver != AUDISP_PROTOCOL_VER2)) { ++ syslog(LOG_ERR, ++ "Unknown dispatcher protocol %u, exiting", ++ e->hdr.ver); + free(e); ++ exit(1); ++ } ++ if (e->hdr.hlen != sizeof(e->hdr)) { + syslog(LOG_ERR, +- "Dispatcher protocol mismatch, exiting"); ++ "Header length mismatch %u %lu, exiting", ++ e->hdr.hlen, sizeof(e->hdr)); ++ free(e); ++ exit(1); ++ } ++ if (e->hdr.size > MAX_AUDIT_MESSAGE_LENGTH) { ++ syslog(LOG_ERR, "Header size mismatch %d, exiting", ++ e->hdr.size); ++ free(e); + exit(1); + } + +diff -urp audit-2.6.5.orig/src/auditd-dispatch.c audit-2.6.5/src/auditd-dispatch.c +--- audit-2.6.5.orig/src/auditd-dispatch.c 2016-07-08 12:17:53.000000000 -0400 ++++ audit-2.6.5/src/auditd-dispatch.c 2016-07-08 17:00:58.081896384 -0400 +@@ -183,17 +183,19 @@ int dispatch_event(const struct audit_re + hdr.ver = protocol_ver; + hdr.hlen = sizeof(struct audit_dispatcher_header); + hdr.type = rep->type; +- hdr.size = rep->len; + + vec[0].iov_base = (void*)&hdr; + vec[0].iov_len = sizeof(hdr); + if (protocol_ver == AUDISP_PROTOCOL_VER) { ++ hdr.size = rep->msg.nlh.nlmsg_len; + vec[1].iov_base = (void*)rep->message; + vec[1].iov_len = rep->msg.nlh.nlmsg_len; +- } else { ++ } else if (protocol_ver == AUDISP_PROTOCOL_VER2) { ++ hdr.size = rep->len; + vec[1].iov_base = (void*)rep->msg.data; + vec[1].iov_len = rep->len; +- } ++ } else ++ return 0; + + do { + rc = writev(disp_pipe[1], vec, 2); diff --git a/audit.spec b/audit.spec index 95ac98d..327e6a8 100644 --- a/audit.spec +++ b/audit.spec @@ -3,12 +3,13 @@ Summary: User space tools for 2.6 kernel auditing Name: audit Version: 2.6.4 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ Group: System Environment/Daemons URL: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source1: https://www.gnu.org/licenses/lgpl-2.1.txt +Patch1: audit-2.6.5-disp-hdr.patch BuildRequires: openldap-devel BuildRequires: swig BuildRequires: python-devel @@ -113,6 +114,7 @@ Management Facility) database, through an IBM Tivoli Directory Server %prep %setup -q cp %{SOURCE1} . +%patch1 -p1 %build %configure --sbindir=/sbin --libdir=/%{_lib} --with-python=yes \ @@ -308,6 +310,9 @@ fi %attr(750,root,root) /sbin/audispd-zos-remote %changelog +* Fri Jul 08 2016 Steve Grubb 2.6.4-2 +- Correct size information of dispatched event + * Fri Jul 08 2016 Steve Grubb 2.6.4-1 - New upstream bugfix release