On Friday, September 18, 2015 03:52:43 AM Richard Guy Briggs wrote:
A bug was introduced by "audit: try harder to send to auditd
upon
netlink failure", caused by incomplete code and a function that expects
a string and does not accept a format plus arguments. Create a
temporary string variable to assemble the output text. It could be
merged as a fixup if it is not yet upstream.
Ungh, that's embarrassing; I really should have caught that in review. Sigh.
At least it shouldn't cause anything to blow up, just a less than helpful
message.
I pulled the original patch from linux-audit#next just now, I'll re-add it
once we sort this out.
Comments below ...
Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com>
---
kernel/audit.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index 18cdfe2..60913e6 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -420,7 +420,10 @@ restart:
if (audit_pid) {
if (err == -ECONNREFUSED || err == -EPERM
|| ++attempts >= AUDITD_RETRIES) {
- audit_log_lost("audit_pid=%d reset");
+ char s[32];
+
+ sprintf(s, "audit_pid=%d reset", audit_pid);
+ audit_log_lost(s);
Granted 32 bytes should be big enough for the string, but I would feel better
if we used snprintf() here; make the change and I'll merge the patch with the
original and push it back to linux-audit#next.
Normally I'm not a big fan of amending patches after they have been committed,
but in this case it is in the next branch (doing this for upstream or stable-X
is a big "no") and nothing sits on top of it.
audit_pid = 0;
audit_sock = NULL;
} else {
--
paul moore
security @ redhat