[PATCH 4/5] Fix the bug of AUDIT_PERM field added without a watch

[Zhang Xiliang]

Hello Steve, 

AUDIT_PERM field should used after a watch given. 

For example,
auditctl -a exit,always -F perm=r

No error message is outputed.
I think we should add checking for it.


Signed-off-by: Zhang Xiliang <zhangxiliang at cn.fujitsu.com>
---
 lib/libaudit.c |    2 ++
 src/auditctl.c |    5 +++++
 2 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/lib/libaudit.c b/lib/libaudit.c
index 3e2e28f..fd2c41b 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -1046,6 +1046,8 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
 				return -7;
 			else if (op != AUDIT_EQUAL)
 				return -13;
+			else if (audit_permadded != 1)
+				return -22;
 			else {
 				unsigned int i, len, val = 0;
 
diff --git a/src/auditctl.c b/src/auditctl.c
index 1455ee6..b356faa 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -857,6 +857,11 @@ static int setopt(int count, char *vars[])
 					"-F value should be number for %s\n", optarg);
 				retval = -1;
 				break;
+			case -22:
+				fprintf(stderr,
+					"permission option needs a watch given prior to it\n");
+				retval = -1;
+				break;
 			default:
 				retval = -1;
 				break;