Change the type of ar_arg_sockaddr from struct sockaddr to struct

sockaddr_storage. This structure is defined in RFC 2553 and is a more semantically correct structure for holding IP and IP6 sockaddr information. struct sockaddr is not big enough to hold all the required information for IP6, resulting in truncated addresses et al when auditing IP6 sockaddr information. We also need to assume that the sa->sa_len has been validated before the call to audit_arg_sockaddr() is made, otherwise it could result in a buffer overflow. This is being done to accommodate auditing of network related arguments (like connect, bind et al) that will be added soon. Discussed with: rwatson Obtained from: TrustedBSD Project MFC after: 2 weeks
2006-11-06 00:15:44 +00:00 · 2006-11-06 00:15:44 +00:00 · 130b146814
commit 130b146814
parent 0463b4a2fb
2 changed files with 2 additions and 3 deletions
--- a/sys/security/audit/audit_arg.c
+++ b/sys/security/audit/audit_arg.c
@ -417,8 +417,7 @@ audit_arg_sockaddr(struct thread *td, struct sockaddr *sa)
 	if (ar == NULL)
 		return;

-	bcopy(sa, &ar->k_ar.ar_arg_sockaddr,
-	    sizeof(ar->k_ar.ar_arg_sockaddr));
+	bcopy(sa, &ar->k_ar.ar_arg_sockaddr, sa->sa_len);
 	switch (sa->sa_family) {
 	case AF_INET:
 		ARG_SET_VALID(ar, ARG_SADDRINET);
--- a/sys/security/audit/audit_private.h
+++ b/sys/security/audit/audit_private.h
@ -200,7 +200,6 @@ struct audit_record {
 	u_int			ar_arg_signum;
 	char			ar_arg_login[MAXLOGNAME];
 	int			ar_arg_ctlname[CTL_MAXNAME];
-	struct sockaddr		ar_arg_sockaddr;
 	struct socket_au_info	ar_arg_sockinfo;
 	char			*ar_arg_upath1;
 	char			*ar_arg_upath2;
@ -221,6 +220,7 @@ struct audit_record {
 	int			ar_arg_envc;
 	int			ar_arg_exitstatus;
 	int			ar_arg_exitretval;
+	struct sockaddr_storage ar_arg_sockaddr;
 };

 /*