Is a bug in function getauditflagschar() of libbsm?!
Yuan MailList
yuan.maillist at gmail.com
Mon Nov 14 13:34:08 GMT 2005
*Conditions*:
In /openbsm/libbsm/bsm_flags.c, function getauditflagschar() converts the
au_mask_t fields into a string value. There are codes followed as:
1: for (setauclass(); (c = getauclassent()) != NULL;
2: free_au_class_ent(c)) {
3: ... ...
4: }
In /openbsm/libbsm/bsm_flags.c, function getauclassent() returns the next
au_class_ent structure from the file. There are codes followed as:
5: /* Parse tokptr to au_class_ent components. */
6: if (classfromstr(tokptr, delim, c) == NULL) {
7: ... ...
8: return (NULL);
9: }
*If *
(1) there are lines in /etc/security/audit_class :
#
# This file must match audit.h
#
0x00000080:pc:process
(2) in my own program, there are
char flags[256];
au_mask_t pmask;
pmask.am_failure=pmask.am_failure = 128;
(void) getauditflagschar(flags, &pmask, 0);
printf("flags=%s",flags);
The wantted result should be:
flags=pc
**
*BUG*:
The result now is:
flags=
*Reason*:
The function getauclassent() will always return NULL in line 8, when reading
"#" from configure file /etc/security/audit_class. So the function
getauditflagschar() will always return in line 1.
In my opinion, the for{} statement should loop until file is ended.
Any problems in my opinion? And how to patch it?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freebsd.org/pipermail/trustedbsd-audit/attachments/20051114/ff365410/attachment.html
More information about the trustedbsd-audit
mailing list