[PATCH] Fix audispd crash on ARM 32-Bits
Javier Tiá
javier.tia at hpe.com
Sat Dec 12 02:10:50 UTC 2020
On ARM 32-Bits, audispd is crashing. Backtrace:
(gdb) bt
0 0xb6e20958 in __GI_raise (sig=sig at entry=6)
at /usr/src/debug/glibc/2.23-r0/git/sysdeps/unix/sysv/linux/raise.c:54
1 0xb6e21e58 in __GI_abort ()
at /usr/src/debug/glibc/2.23-r0/git/stdlib/abort.c:118
2 0xb6e59d64 in __libc_message (do_abort=do_abort at entry=2,
fmt=0xb6f1119c "*** Error in `%s': %s: 0x%s ***\n")
at /usr/src/debug/glibc/2.23-r0/git/sysdeps/posix/libc_fatal.c:175
3 0xb6e60108 in malloc_printerr (action=<optimized out>,
str=0xb6f11354 "double free or corruption (fasttop)", ptr=<optimized out>,
ar_ptr=<optimized out>)
at /usr/src/debug/glibc/2.23-r0/git/malloc/malloc.c:5007
4 0xb6e60a98 in _int_free (av=0xb6f2d79c <main_arena>, p=<optimized out>,
have_lock=<optimized out>)
at /usr/src/debug/glibc/2.23-r0/git/malloc/malloc.c:3868
5 0x004234b8 in free_pconfig (config=0x43b398)
at /usr/src/debug/audit/2.4.3-r8/audit-2.4.3/audisp/audispd-pconfig.c:513
6 0x00421244 in main (argc=<optimized out>, argv=<optimized out>)
at /usr/src/debug/audit/2.4.3-r8/audit-2.4.3/audisp/audispd.c:464
(gdb) f 5
(gdb) p config->path
$2 = 0x43b5f0 ""
(gdb) p config->name
$3 = 0x43b370 "h\264C
Be paranoid and overwrite config->path with zero bytes before doing the
free().
---
audisp/audispd-pconfig.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/audisp/audispd-pconfig.c b/audisp/audispd-pconfig.c
index a8b7878..a13f681 100644
--- a/audisp/audispd-pconfig.c
+++ b/audisp/audispd-pconfig.c
@@ -510,7 +510,11 @@ void free_pconfig(plugin_conf_t *config)
close(config->plug_pipe[0]);
if (config->plug_pipe[1] >= 0)
close(config->plug_pipe[1]);
+ /* Be paranoid and overwrite config->path with zero bytes before doing the
+ * free() */
+ memset(config->path, 0, strlen(config->path));
free((void *)config->path);
+ config->path = NULL;
free((void *)config->name);
}
--
2.29.2
More information about the Linux-audit
mailing list