Log corruption
David Woodhouse
dwmw2 at infradead.org
Sun May 8 20:34:28 UTC 2005
On Sun, 2005-05-08 at 15:02 -0400, Steve Grubb intended to write:
> --- linux-2.6.9/kernel/audit.c.old 2005-05-08 20:43:02.000000000 +0100
> +++ linux-2.6.9/kernel/audit.c 2005-05-08 20:43:29.000000000 +0100
> @@ -502,7 +502,7 @@
>
> if (audit_pid) {
> struct nlmsghdr *nlh = (struct nlmsghdr *)skb->data;
> - nlh->nlmsg_len = skb->len;
> + nlh->nlmsg_len = skb->len - sizeof(*nlh);
> skb_get(skb); /* because netlink_* frees */
> retval = netlink_unicast(audit_sock, skb, audit_pid,
> MSG_DONTWAIT);
>
> Does anyone see anything wrong with that?
No, it looks sane; thanks. It's in an audit.32 kernel, uploaded to the
yum repo again: ftp://ftp.uk.linux.org/pub/people/dwmw2/audit/
--
dwmw2
More information about the Linux-audit
mailing list