diff -up audit-3.1.5/lib/libaudit.c.orig audit-3.1.5/lib/libaudit.c --- audit-3.1.5/lib/libaudit.c.orig 2025-02-11 12:11:17.529016934 +0100 +++ audit-3.1.5/lib/libaudit.c 2025-02-11 12:13:51.206171338 +0100 @@ -1516,37 +1516,35 @@ static char* filter_supported_syscalls(c return NULL; } - // Allocate memory for the filtered syscalls string - char* filtered_syscalls = malloc(strlen(syscalls) + 1); - if (filtered_syscalls == NULL) { - return NULL; - } - filtered_syscalls[0] = '\0'; // Initialize as empty string - - // Tokenize the syscalls string and filter unsupported syscalls + char buf[512] = ""; + char* ptr = buf; const char* delimiter = ","; + char* syscalls_copy = strdup(syscalls); - if (syscalls_copy == NULL) { - free(filtered_syscalls); + if (syscalls_copy == NULL) return NULL; - } + char* token = strtok(syscalls_copy, delimiter); + int first = 1; // Track if this is the first syscall being added + while (token != NULL) { if (audit_name_to_syscall(token, machine) != -1) { - strcat(filtered_syscalls, token); - strcat(filtered_syscalls, delimiter); + if (!first) + *ptr++ = ','; + ptr = stpcpy(ptr, token); + first = 0; } token = strtok(NULL, delimiter); } + free(syscalls_copy); - // Remove the trailing delimiter, if present - size_t len = strlen(filtered_syscalls); - if (len > 0 && filtered_syscalls[len - 1] == ',') { - filtered_syscalls[len - 1] = '\0'; + // If no valid syscalls were found, return NULL + if (ptr == buf) { + return NULL; } - return filtered_syscalls; + return strdup(buf); } static int audit_add_perm_syscalls(int perm, struct audit_rule_data *rule)