d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8dd74db753
freebsd-dev/contrib/openbsm/bin/auditd
History
Conrad Meyer 8dd74db753 auditd(8): fix long-standing uninitialized memory use bug 
The bogus use could lead to an infinite loop depending on how fast the
audit_warn script to execute.

By fixing read(2) interruptibility, d060887 (r335899) revealed another bug
in auditd_wait_for_events.  When read is interrupted by SIGCHLD,
auditd_reap_children will always return with errno set to ECHILD.  But
auditd_wait_for_events checks errno after that point, expecting it to be
unchanged since read.  As a result, it calls auditd_handle_trigger with bogus
stack garbage.  The result is the error message "Got unknown trigger 48."  Fix
by simply ignoring errno at that point; there's only one value it could've
possibly had, thanks to the check up above.

The best part is we've had a fix for this for like 18 months and just never
merged it.  Merge it now.

PR:		234209
Reported by:	Marie Helene Kvello-Aune <freebsd AT mhka.no> (2018-12)
Submitted by:	asomers (2018-07)
Reviewed by:	me (in OpenBSM)
Obtained from:	OpenBSM
X-MFC-With:	r335899
Security:	¯\_(ツ)_/¯
Differential Revision:	https://github.com/openbsm/openbsm/pull/45
2019-11-28 00:46:03 +00:00
..
audit_triggers.defs
audit_warn.c
auditd_control.defs
auditd_darwin.c
auditd_fbsd.c auditd(8): fix long-standing uninitialized memory use bug 2019-11-28 00:46:03 +00:00
auditd.8
auditd.c auditd(8): register signal handlers interrutibly 2018-07-03 17:37:16 +00:00
auditd.h
Makefile.am
Makefile.in