auditd(8): fix long-standing uninitialized memory use bug

The bogus use could lead to an infinite loop depending on how fast the
audit_warn script to execute.

By fixing read(2) interruptibility, d060887 (r335899) revealed another bug
in auditd_wait_for_events.  When read is interrupted by SIGCHLD,
auditd_reap_children will always return with errno set to ECHILD.  But
auditd_wait_for_events checks errno after that point, expecting it to be
unchanged since read.  As a result, it calls auditd_handle_trigger with bogus
stack garbage.  The result is the error message "Got unknown trigger 48."  Fix
by simply ignoring errno at that point; there's only one value it could've
possibly had, thanks to the check up above.

The best part is we've had a fix for this for like 18 months and just never
merged it.  Merge it now.

PR:		234209
Reported by:	Marie Helene Kvello-Aune <freebsd AT mhka.no> (2018-12)
Submitted by:	asomers (2018-07)
Reviewed by:	me (in OpenBSM)
Obtained from:	OpenBSM
X-MFC-With:	r335899
Security:	¯\_(ツ)_/¯
Differential Revision:	https://github.com/openbsm/openbsm/pull/45
This commit is contained in:
Conrad Meyer 2019-11-28 00:46:03 +00:00
parent 2ac044e6bc
commit 8dd74db753

View File

@ -241,7 +241,7 @@ auditd_wait_for_events(void)
auditd_config_controls();
}
if ((num == -1) && (errno == EINTR))
if (num == -1)
continue;
if (num == 0) {
auditd_log_err("%s: read EOF", __FUNCTION__);