rpms/audit
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix sockaddr event interpretation

Browse Source
This commit is contained in:
sgrubb 2016-07-05 17:15:37 -04:00
parent 671bfcf12c
commit da7ba83290
2 changed files with 92 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
audit-2.6.4-sockaddr.patch Normal file
View File

@ -0,0 +1,86 @@
diff -urp audit-2.6.4.orig/auparse/interpret.c audit-2.6.4/auparse/interpret.c
--- audit-2.6.4.orig/auparse/interpret.c 2016-07-05 16:14:50.000000000 -0400
+++ audit-2.6.4/auparse/interpret.c 2016-07-05 17:00:04.711844356 -0400
@@ -342,32 +342,42 @@ void init_interpretation_list(void)
int load_interpretation_list(const char *buffer)
{
char *saved = NULL, *ptr;
- char *buf;
+ char *buf, *val;
+ nvnode n;
if (buffer == NULL)
return 0;
buf = strdup(buffer);
- ptr = audit_strsplit_r(buf, &saved);
- if (ptr == NULL) {
+ if (strncmp(buf, "SADDR=", 6) == 0) {
+ // We have SOCKADDR record. It has no other values.
+ // Handle it by itself.
+ ptr = strchr(buf+6, '{');
+ if (ptr) {
+ val = ptr;
+ ptr = strchr(val, '}');
+ if (ptr) {
+ n.name = strdup("saddr");
+ n.val = strdup(val);
+ nvlist_append(&il, &n);
+ nvlist_interp_fixup(&il);
+ free(buf);
+ return 1;
+ }
+ }
free(buf);
return 0;
- }
+ } else {
+ // We handle everything else in this branch
+ ptr = audit_strsplit_r(buf, &saved);
+ if (ptr == NULL) {
+ free(buf);
+ return 0;
+ }
- do {
- nvnode n;
- char tmp, *val;
+ do {
+ char tmp;
- if (*ptr == '{') {
- val = ptr+1;
- ptr = strchr(val, '}');
- if (ptr) {
- tmp = *ptr;
- *ptr = 0;
- } else
- continue; // Malformed - skip
- n.name = strdup("saddr");
- } else {
val = strchr(ptr, '=');
if (val) {
*val = 0;
@@ -386,15 +396,14 @@ int load_interpretation_list(const char
*ptr = 0;
} else
tmp = 0;
- }
-
- n.val = strdup(val);
- nvlist_append(&il, &n);
- nvlist_interp_fixup(&il);
- if (ptr)
- *ptr = tmp;
- } while((ptr = audit_strsplit_r(NULL, &saved)));
+ n.val = strdup(val);
+ nvlist_append(&il, &n);
+ nvlist_interp_fixup(&il);
+ if (ptr)
+ *ptr = tmp;
+ } while((ptr = audit_strsplit_r(NULL, &saved)));
+ }
free(buf);
return 1;
}

7
audit.spec
View File

@ -3,12 +3,13 @@
Summary: User space tools for 2.6 kernel auditing Summary: User space tools for 2.6 kernel auditing
Name: audit Name: audit
Version: 2.6.3 Version: 2.6.3
Release: 1%{?dist} Release: 2%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Daemons Group: System Environment/Daemons
URL: http://people.redhat.com/sgrubb/audit/ URL: http://people.redhat.com/sgrubb/audit/
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
Patch1: audit-2.6.4-sockaddr.patch
BuildRequires: openldap-devel BuildRequires: openldap-devel
BuildRequires: swig BuildRequires: swig
BuildRequires: python-devel BuildRequires: python-devel
@ -113,6 +114,7 @@ Management Facility) database, through an IBM Tivoli Directory Server
%prep %prep
%setup -q %setup -q
cp %{SOURCE1} . cp %{SOURCE1} .
%patch1 -p1
%build %build
%configure --sbindir=/sbin --libdir=/%{_lib} --with-python=yes \ %configure --sbindir=/sbin --libdir=/%{_lib} --with-python=yes \
@ -308,6 +310,9 @@ fi
%attr(750,root,root) /sbin/audispd-zos-remote %attr(750,root,root) /sbin/audispd-zos-remote
%changelog %changelog
* Tue Jul 05 2016 Steve Grubb <sgrubb@redhat.com> 2.6.3-2
- Fix sockaddr event interpretation
* Tue Jul 05 2016 Steve Grubb <sgrubb@redhat.com> 2.6.3-1 * Tue Jul 05 2016 Steve Grubb <sgrubb@redhat.com> 2.6.3-1
- New upstream bugfix release - New upstream bugfix release