A memory leak problem when the the ”log_format = NOLOG“ is set in auditd.conf
崔捷
cuijiego at gmail.com
Thu Aug 21 13:32:16 UTC 2014
Hello,
I found a memory leak problem when the the ”log_format = NOLOG“ is set in
auditd.conf.
See the code in function "void enqueue_event(struct auditd_reply_list
*rep)" in "/src/auditd-event.c",
If it comes into the case LF_NOLOG, then there is no chance to free the
rep->reply.message because it returns so that the message cannot be
dequeued in function "static void *event_thread_main(void *arg) " to free
it.
The same problem may occurs in case "default:" below the case LF_NOLOG.
When the message type is between AUDIT_FIRST_DAEMON and AUDIT_LAST_DAEMON,
the rep->reply.message will be malloced in function "int
send_audit_event(int type, const char *str)" in "/src/auditd.c".
So I write a patch below, but I'm not sure whether this is the correct way
to submit a patch because this is my first submmition. So please tell me if
I'm wrong.
--- a/src/auditd-event.c
+++ b/src/auditd-event.c
@@ -172,6 +172,11 @@ void enqueue_event(struct auditd_reply_list *rep)
case LF_NOLOG:
// We need the rotate event to get enqueued
if (rep->reply.type != AUDIT_DAEMON_ROTATE ) {
+ /* Internal DAEMON messages should be free'd */
+ if (rep->reply.type >= AUDIT_FIRST_DAEMON &&
+ rep->reply.type <= AUDIT_LAST_DAEMON) {
+ free((void *)rep->reply.message);
+ }
free(rep);
return;
}
@@ -180,6 +185,11 @@ void enqueue_event(struct auditd_reply_list *rep)
audit_msg(LOG_ERR,
"Illegal log format detected %d",
consumer_data.config->log_format);
+ /* Internal DAEMON messages should be free'd */
+ if (rep->reply.type >= AUDIT_FIRST_DAEMON &&
+ rep->reply.type <= AUDIT_LAST_DAEMON) {
+ free((void *)rep->reply.message);
+ }
free(rep);
return;
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20140821/84b2b75d/attachment.htm>
More information about the Linux-audit
mailing list