PERFORCE change 135596 for review
Christian S.J. Peron
csjp at FreeBSD.org
Sun Feb 17 14:25:30 PST 2008
http://perforce.freebsd.org/chv.cgi?CH=135596
Change 135596 by csjp at ibm01 on 2008/02/17 22:24:43
Annotate limitation in read records from audit pipes.
Affected files ...
.. //depot/projects/trustedbsd/netauditd/netauditd.c#3 edit
Differences ...
==== //depot/projects/trustedbsd/netauditd/netauditd.c#3 (text+ko) ====
@@ -366,8 +366,10 @@
case NETAUDIT_DST_TRAIL:
au->ac_fd = open(au->ac_path, O_WRONLY | O_APPEND | \
O_CREAT, S_IRUSR | S_IWUSR);
- if (au->ac_fd == -1)
+ if (au->ac_fd == -1) {
+ warn("%s", au->ac_path);
continue;
+ }
au->ac_established = 1;
break;
case NETAUDIT_DST_NET:
@@ -378,6 +380,7 @@
continue;
if (connect(au->ac_fd, au->ac_ainfo->ai_addr,
au->ac_ainfo->ai_addrlen) == -1) {
+ warn("connect");
close(au->ac_fd);
continue;
}
@@ -463,6 +466,10 @@
exit(2);
if ((new->ar_sbuf = malloc(NETAUDIT_PIPE_BUFSIZE)) == NULL)
exit(2);
+ /*
+ * XXXCSJP: It is possible that the audit record will be greater then
+ * NETAUDIT_PIPE_BUFSIZE, in which case the pipe will truncate it.
+ */
new->ar_sbuflen = read(au->ac_fd, new->ar_sbuf, NETAUDIT_PIPE_BUFSIZE);
if (new->ar_sbuflen == -1) {
if (errno != EAGAIN)
More information about the p4-projects
mailing list