[Bug 229983] Incorrect logical operator while verifying the feasibility of setting auditpipe queue limit
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Jul 23 16:20:46 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229983
Bug ID: 229983
Summary: Incorrect logical operator while verifying the
feasibility of setting auditpipe queue limit
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: bugs at FreeBSD.org
Reporter: aniketp at iitk.ac.in
The logical operator which verifies that the desired limit of auditpipe queue
length to be set is between QLIMIT_MIN and QLIMIT_MAX is wrong.
case AUDITPIPE_SET_QLIMIT:
/* Lockless integer write. */
if (*(u_int *)data >= AUDIT_PIPE_QLIMIT_MIN ||
*(u_int *)data <= AUDIT_PIPE_QLIMIT_MAX) {
should be
case AUDITPIPE_SET_QLIMIT:
/* Lockless integer write. */
if (*(u_int *)data >= AUDIT_PIPE_QLIMIT_MIN &&
*(u_int *)data <= AUDIT_PIPE_QLIMIT_MAX) {
Steps to reproduce the bug: (On 12-CURRENT)
#include <stdio.h>
#include <fcntl.h>
#include <unistd.h>
#include <sys/ioctl.h>
#include <security/audit/audit_ioctl.h>
void main() {
int fd = open("/dev/auditpipe", O_RDWR);
if (fd < 0)
perror("auditpipe");
int qlimit_min;
ioctl(fd, AUDITPIPE_GET_QLIMIT_MIN, &qlimit_min);
qlimit_min -= 5; \* Not allowed since it is less than QLIMIT_MIN *\
ioctl(fd, AUDITPIPE_SET_QLIMIT, &qlimit_min);
perror("set qlimit");
close(fd);
}
Output: "set qlimit: No error: 0"
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list