[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] Fix audit operators



Steve Grubb mentioned that BUG() should be called in the
should-be-possible situation of an invalid op to audit_comparator().

I added this, plus a "return 0" that should never  be" called to assuage
the compiler worrying about this function completing without ever having
returned an int.

Updated patch below.

:-Dustin

--- a/kernel/auditfilter.c	2006-02-16 11:57:17.000000000 -0600
+++ b/kernel/auditfilter.c	2006-02-16 23:28:23.000000000 -0600
@@ -139,11 +139,17 @@ static struct audit_entry *audit_rule_to
 		f->val = rule->values[i];
 
 		entry->rule.vers_ops = (f->op & AUDIT_OPERATORS) ? 2 : 1;
+
+		/* Legacy support for simple operator support
+		 * where AUDIT_NEGATE bit signified != and otherwise assumed == */
 		if (f->op & AUDIT_NEGATE)
-			f->op |= AUDIT_NOT_EQUAL;
-		else if (!(f->op & AUDIT_OPERATORS))
-			f->op |= AUDIT_EQUAL;
-		f->op &= ~AUDIT_NEGATE;
+			f->op = AUDIT_NOT_EQUAL;
+		else if (!f->op)
+			f->op = AUDIT_EQUAL;
+		else if (f->op == AUDIT_OPERATORS) {
+			err = -EINVAL;
+			goto exit_free;
+		}
 	}
 
 exit_nofree:
@@ -537,9 +543,10 @@ int audit_comparator(const u32 left, con
 		return (left > right);
 	case AUDIT_GREATER_THAN_OR_EQUAL:
 		return (left >= right);
-	default:
-		return -EINVAL;
 	}
+        /* should NEVER get here; op checked on rule insertion */
+        BUG();
+        return 0;
 }
 
 int audit_str_comparator(const char *left, const u32 op, const char *right)



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]