[userspace PATCH] Prevent free() of stack buffer with NOLOG format
George McCollister
george.mccollister at gmail.com
Tue Dec 6 13:57:33 UTC 2016
On Mon, Dec 5, 2016 at 6:30 PM, Steve Grubb <sgrubb at redhat.com> wrote:
> On Monday, December 5, 2016 6:01:02 PM EST George McCollister wrote:
>> When the NOLOG format is used replace_event_msg() doesn't change
>> e->reply.message so the message located on the stack is left and later is
>> free()'d in cleanup_event() resulting in the following:
>
> Hmm...thanks for reporting this. Which version of audit are you using?
I'm using 2.6.6 but I reproduced the problem and made the change
against the HEAD of the master branch (using this mirror
https://github.com/linux-audit/audit-userspace).
-George
More information about the Linux-audit
mailing list