auditd(8): fix long-standing uninitialized memory use bug
The bogus use could lead to an infinite loop depending on how fast the audit_warn script to execute. By fixing read(2) interruptibility, d060887 (r335899) revealed another bug in auditd_wait_for_events. When read is interrupted by SIGCHLD, auditd_reap_children will always return with errno set to ECHILD. But auditd_wait_for_events checks errno after that point, expecting it to be unchanged since read. As a result, it calls auditd_handle_trigger with bogus stack garbage. The result is the error message "Got unknown trigger 48." Fix by simply ignoring errno at that point; there's only one value it could've possibly had, thanks to the check up above. The best part is we've had a fix for this for like 18 months and just never merged it. Merge it now. PR: 234209 Reported by: Marie Helene Kvello-Aune <freebsd AT mhka.no> (2018-12) Submitted by: asomers (2018-07) Reviewed by: me (in OpenBSM) Obtained from: OpenBSM X-MFC-With: r335899 Security: ¯\_(ツ)_/¯ Differential Revision: https://github.com/openbsm/openbsm/pull/45
This commit is contained in:
parent
2ac044e6bc
commit
8dd74db753
@ -241,7 +241,7 @@ auditd_wait_for_events(void)
|
||||
auditd_config_controls();
|
||||
}
|
||||
|
||||
if ((num == -1) && (errno == EINTR))
|
||||
if (num == -1)
|
||||
continue;
|
||||
if (num == 0) {
|
||||
auditd_log_err("%s: read EOF", __FUNCTION__);
|
||||
|
Loading…
Reference in New Issue
Block a user