[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[PATCH] Don't crash on unknown S_IFMT file modes



Hello,
ausearch -i and libauparse currently crash (access NULL) if a mode= field contains an unknown file type.  Such records are generated by the kernel for IPC, e.g.

    node=jcdx156 type=IPC msg=audit(1237915952.720:2294): ouid=500 ogid=1106 mode=0600 obj=siterep_u:siterep_r:siterep_t:s0-s15:c0.c1023

The attached patch:
* Modifies ausearch and libauparse to output the file format in octal if it is unknown.
* Modifies libauparse to use the same interpreted field format as ausearch (without a space in the middle).
* Modifies comma handling in libauparse to avoid a strcat() call.

    Mirek


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]