Two small errors in ausearch-parse.c
Steve Grubb
sgrubb at redhat.com
Tue Oct 6 15:47:09 UTC 2015
On Saturday, October 03, 2015 06:13:16 PM Emily Ratliff wrote:
> While testing usage of some tools, I stumbled across two small errors in
> ausearch-parse.c. I have attached two patches
Thanks. Applied.
> end-fix.patch fixes the segfaults which can be found by running
> ausearch -m USER_AUTH,USER_ACCT --success no --if end-986-dump.log
> and
> ausearch -m USER_AUTH,USER_ACCT --success no --if error-ausearch.log
>
> term-segfault.patch fixes the errors that can be found by running
> aureport -if corrupt-log-for-aureport.log
> and
> ausearch -m USER_AUTH,USER_ACCT --success no --if
> corrupt-log-for-ausearch.log
>
> The erroneous log files were produced using zzuf. The corrupted log files
> are also attached. It is unlikely that a user will encounter corrupted
> audit log files in the wild, so these bugs aren't serious, but they are
> easy to fix.
I would agree. The fixes were in a place where an intial " was found and it was
looking for the terminating one. Its highly unlikely this would ever be
encountered in the wild because libaudit would typically handle the writing of
that ".
-Steve
More information about the Linux-audit
mailing list