<div> </div>
<div><strong>Conditions</strong>:</div>
<div>
<p>In /openbsm/libbsm/bsm_flags.c, function getauditflagschar() converts the au_mask_t fields into a string value. There are codes followed as:</p>
<p><font face="courier new,monospace">1: for (setauclass(); (c = getauclassent()) != NULL;<br>2: free_au_class_ent(c)) {<br> <br>3: ... ...<br> <br>4: }</font></p>
<p>In /openbsm/libbsm/bsm_flags.c, function getauclassent() returns the next au_class_ent structure from the file. There are codes followed as: </p>
<p><font face="courier new,monospace"> 5: /* Parse tokptr to au_class_ent components. */<br> 6: if (classfromstr(tokptr, delim, c) == NULL) {<br> 7: ... ...<br> 8: return (NULL);<br> 9: }</font></p>
<p><strong>If </strong></p>
<p>(1) there are lines in /etc/security/audit_class :</p>
<p><font face="courier new,monospace">#<br># This file must match audit.h<br>#<br>0x00000080:pc:process</font></p>
<p>(2) in my own program, there are</p>
<p><font face="courier new,monospace"> char flags[256];<br> au_mask_t pmask;<br> pmask.am_failure=pmask.am_failure = 128;<br> (void) getauditflagschar(flags, &pmask, 0);<br> printf("flags=%s",flags);
</font><br></p>
<p>The wantted result should be:<br><font face="courier new,monospace"> flags=pc</font><br><strong></strong></p>
<p><strong>BUG</strong>:</p>
<p>The result now is:<br><font face="courier new,monospace"> flags=</font></p>
<p><strong>Reason</strong>:</p>
<p>The function getauclassent() will always return NULL in line 8, when reading "#" from configure file /etc/security/audit_class. So the function getauditflagschar() will always return in line 1. </p>
<p>In my opinion, the for{} statement should loop until file is ended. </p>
<p>Any problems in my opinion? And how to patch it?</p></div>