Temporarily relax the constraints on argument size checking for A_GETCOND;
login(1) isn't quite ready for them yet on 64-bit systems as it continues to use the conventions of the old version of the API. Reported by: stas, Jakub Lach <jakub_lach at mailplus.pl>
This commit is contained in:
rwatson
parent
fab10a1822
commit
9019825321
@ -216,6 +216,7 @@ auditon(struct thread *td, struct auditon_args *uap)
|
|||||||
*/
|
*/
|
||||||
switch (uap->cmd) {
|
switch (uap->cmd) {
|
||||||
case A_OLDGETPOLICY:
|
case A_OLDGETPOLICY:
|
||||||
|
case A_GETPOLICY:
|
||||||
if (uap->length == sizeof(udata.au_policy64)) {
|
if (uap->length == sizeof(udata.au_policy64)) {
|
||||||
if (!audit_fail_stop)
|
if (!audit_fail_stop)
|
||||||
udata.au_policy64 |= AUDIT_CNT;
|
udata.au_policy64 |= AUDIT_CNT;
|
||||||
@ -227,8 +228,6 @@ auditon(struct thread *td, struct auditon_args *uap)
|
|||||||
udata.au_policy64 |= AUDIT_ARGE;
|
udata.au_policy64 |= AUDIT_ARGE;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
/* FALLTHROUGH */
|
|
||||||
case A_GETPOLICY:
|
|
||||||
if (uap->length != sizeof(udata.au_policy))
|
if (uap->length != sizeof(udata.au_policy))
|
||||||
return (EINVAL);
|
return (EINVAL);
|
||||||
if (!audit_fail_stop)
|
if (!audit_fail_stop)
|
||||||
@ -242,6 +241,7 @@ auditon(struct thread *td, struct auditon_args *uap)
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case A_OLDSETPOLICY:
|
case A_OLDSETPOLICY:
|
||||||
|
case A_SETPOLICY:
|
||||||
if (uap->length == sizeof(udata.au_policy64)) {
|
if (uap->length == sizeof(udata.au_policy64)) {
|
||||||
if (udata.au_policy & (~AUDIT_CNT|AUDIT_AHLT|
|
if (udata.au_policy & (~AUDIT_CNT|AUDIT_AHLT|
|
||||||
AUDIT_ARGV|AUDIT_ARGE))
|
AUDIT_ARGV|AUDIT_ARGE))
|
||||||
@ -254,8 +254,6 @@ auditon(struct thread *td, struct auditon_args *uap)
|
|||||||
audit_arge = (udata.au_policy64 & AUDIT_ARGE);
|
audit_arge = (udata.au_policy64 & AUDIT_ARGE);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
/* FALLTHROUGH */
|
|
||||||
case A_SETPOLICY:
|
|
||||||
if (uap->length != sizeof(udata.au_policy))
|
if (uap->length != sizeof(udata.au_policy))
|
||||||
return (EINVAL);
|
return (EINVAL);
|
||||||
if (udata.au_policy & ~(AUDIT_CNT|AUDIT_AHLT|AUDIT_ARGV|
|
if (udata.au_policy & ~(AUDIT_CNT|AUDIT_AHLT|AUDIT_ARGV|
|
||||||
@ -283,6 +281,7 @@ auditon(struct thread *td, struct auditon_args *uap)
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case A_OLDGETQCTRL:
|
case A_OLDGETQCTRL:
|
||||||
|
case A_GETQCTRL:
|
||||||
if (uap->length == sizeof(udata.au_qctrl64)) {
|
if (uap->length == sizeof(udata.au_qctrl64)) {
|
||||||
udata.au_qctrl64.aq64_hiwater =
|
udata.au_qctrl64.aq64_hiwater =
|
||||||
(u_int64_t)audit_qctrl.aq_hiwater;
|
(u_int64_t)audit_qctrl.aq_hiwater;
|
||||||
@ -294,14 +293,13 @@ auditon(struct thread *td, struct auditon_args *uap)
|
|||||||
(u_int64_t)audit_qctrl.aq_minfree;
|
(u_int64_t)audit_qctrl.aq_minfree;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
/* FALLTHROUGH */
|
|
||||||
case A_GETQCTRL:
|
|
||||||
if (uap->length != sizeof(udata.au_qctrl))
|
if (uap->length != sizeof(udata.au_qctrl))
|
||||||
return (EINVAL);
|
return (EINVAL);
|
||||||
udata.au_qctrl = audit_qctrl;
|
udata.au_qctrl = audit_qctrl;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case A_OLDSETQCTRL:
|
case A_OLDSETQCTRL:
|
||||||
|
case A_SETQCTRL:
|
||||||
if (uap->length == sizeof(udata.au_qctrl64)) {
|
if (uap->length == sizeof(udata.au_qctrl64)) {
|
||||||
if ((udata.au_qctrl64.aq64_hiwater > AQ_MAXHIGH) ||
|
if ((udata.au_qctrl64.aq64_hiwater > AQ_MAXHIGH) ||
|
||||||
(udata.au_qctrl64.aq64_lowater >=
|
(udata.au_qctrl64.aq64_lowater >=
|
||||||
@ -321,8 +319,6 @@ auditon(struct thread *td, struct auditon_args *uap)
|
|||||||
audit_qctrl.aq_delay = -1; /* Not used. */
|
audit_qctrl.aq_delay = -1; /* Not used. */
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
/* FALLTHROUGH */
|
|
||||||
case A_SETQCTRL:
|
|
||||||
if (uap->length != sizeof(udata.au_qctrl))
|
if (uap->length != sizeof(udata.au_qctrl))
|
||||||
return (EINVAL);
|
return (EINVAL);
|
||||||
if ((udata.au_qctrl.aq_hiwater > AQ_MAXHIGH) ||
|
if ((udata.au_qctrl.aq_hiwater > AQ_MAXHIGH) ||
|
||||||
@ -362,6 +358,7 @@ auditon(struct thread *td, struct auditon_args *uap)
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case A_OLDGETCOND:
|
case A_OLDGETCOND:
|
||||||
|
case A_GETCOND:
|
||||||
if (uap->length == sizeof(udata.au_cond64)) {
|
if (uap->length == sizeof(udata.au_cond64)) {
|
||||||
if (audit_enabled && !audit_suspended)
|
if (audit_enabled && !audit_suspended)
|
||||||
udata.au_cond64 = AUC_AUDITING;
|
udata.au_cond64 = AUC_AUDITING;
|
||||||
@ -369,8 +366,6 @@ auditon(struct thread *td, struct auditon_args *uap)
|
|||||||
udata.au_cond64 = AUC_NOAUDIT;
|
udata.au_cond64 = AUC_NOAUDIT;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
/* FALLTHROUGH */
|
|
||||||
case A_GETCOND:
|
|
||||||
if (uap->length != sizeof(udata.au_cond))
|
if (uap->length != sizeof(udata.au_cond))
|
||||||
return (EINVAL);
|
return (EINVAL);
|
||||||
if (audit_enabled && !audit_suspended)
|
if (audit_enabled && !audit_suspended)
|
||||||
@ -380,6 +375,7 @@ auditon(struct thread *td, struct auditon_args *uap)
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case A_OLDSETCOND:
|
case A_OLDSETCOND:
|
||||||
|
case A_SETCOND:
|
||||||
if (uap->length == sizeof(udata.au_cond64)) {
|
if (uap->length == sizeof(udata.au_cond64)) {
|
||||||
if (udata.au_cond64 == AUC_NOAUDIT)
|
if (udata.au_cond64 == AUC_NOAUDIT)
|
||||||
audit_suspended = 1;
|
audit_suspended = 1;
|
||||||
@ -391,8 +387,6 @@ auditon(struct thread *td, struct auditon_args *uap)
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
/* FALLTHROUGH */
|
|
||||||
case A_SETCOND:
|
|
||||||
if (uap->length != sizeof(udata.au_cond))
|
if (uap->length != sizeof(udata.au_cond))
|
||||||
return (EINVAL);
|
return (EINVAL);
|
||||||
if (udata.au_cond == AUC_NOAUDIT)
|
if (udata.au_cond == AUC_NOAUDIT)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user