<div dir="ltr">Hello,<div>I found a memory leak problem  when the the ”log_format = NOLOG“ is set in auditd.conf.</div><div>See the code in function "void enqueue_event(struct auditd_reply_list *rep)" in "/src/auditd-event.c",</div>
<div>If it comes into the case LF_NOLOG, then there is no chance to free the rep->reply.message because it returns so that the message cannot be dequeued in function "static void *event_thread_main(void *arg) " to free it.</div>
<div><br></div><div>The same problem may occurs in case "default:" below the case LF_NOLOG.</div><div><br></div><div>When the message type is between AUDIT_FIRST_DAEMON and AUDIT_LAST_DAEMON, the  rep->reply.message will be malloced in function　"int send_audit_event(int type, const char *str)" in "/src/auditd.c".</div>
<div>So I write a patch below, but I'm not sure whether this is the correct way to submit a patch because this is my first submmition. So please tell me if I'm wrong.</div><div><br></div><div><div>--- a/src/auditd-event.c</div>
<div>+++ b/src/auditd-event.c</div><div><div>@@ -172,6 +172,11 @@ void enqueue_event(struct auditd_reply_list *rep)</div><div> <span class="" style="white-space:pre">           </span>case LF_NOLOG:</div><div> <span class="" style="white-space:pre">                   </span>// We need the rotate event to get enqueued</div>
<div> <span class="" style="white-space:pre">                  </span>if (rep->reply.type != AUDIT_DAEMON_ROTATE ) {</div><div>+<span class="" style="white-space:pre">                         </span>/* Internal DAEMON messages should be free'd */</div>
<div>+<span class="" style="white-space:pre">                           </span>if (rep->reply.type >= AUDIT_FIRST_DAEMON &&</div><div>+<span class="" style="white-space:pre">                                                </span>rep->reply.type <= AUDIT_LAST_DAEMON) {</div>
<div>+<span class="" style="white-space:pre">                                   </span>free((void *)rep->reply.message);</div><div>+<span class="" style="white-space:pre">                              </span>}</div><div> <span class="" style="white-space:pre">                                </span>free(rep);</div>
<div> <span class="" style="white-space:pre">                          </span>return;</div><div> <span class="" style="white-space:pre">                  </span>}</div><div>@@ -180,6 +185,11 @@ void enqueue_event(struct auditd_reply_list *rep)</div><div> <span class="" style="white-space:pre">                   </span>audit_msg(LOG_ERR, </div>
<div> <span class="" style="white-space:pre">                          </span>  "Illegal log format detected %d", </div><div> <span class="" style="white-space:pre">                         </span>  consumer_data.config->log_format);</div><div>+<span class="" style="white-space:pre">                  </span>/* Internal DAEMON messages should be free'd */</div>
<div>+<span class="" style="white-space:pre">                   </span>if (rep->reply.type >= AUDIT_FIRST_DAEMON &&</div><div>+<span class="" style="white-space:pre">                                        </span>rep->reply.type <= AUDIT_LAST_DAEMON) {</div>
<div>+<span class="" style="white-space:pre">                           </span>free((void *)rep->reply.message);</div><div>+<span class="" style="white-space:pre">                      </span>}<span class="" style="white-space:pre">                 </span>  </div><div> <span class="" style="white-space:pre">                      </span>free(rep);</div>
<div> <span class="" style="white-space:pre">                  </span>return;</div><div> <span class="" style="white-space:pre">          </span>}</div></div></div><div><br></div></div>