in one case (src/auditd.c) we don't even need to allocate a buffer, in the
other two we do it in two steps to avoid using a non-standard function.
Signed-off-by: Tycho Andersen <tycho(a)docker.com>
---
auparse/auparse.c | 6 ++++--
src/auditd.c | 10 +++++-----
src/ausearch-lol.c | 6 ++++--
3 files changed, 13 insertions(+), 9 deletions(-)
diff --git a/auparse/auparse.c b/auparse/auparse.c
index 3677ad7..b428330 100644
--- a/auparse/auparse.c
+++ b/auparse/auparse.c
@@ -1096,10 +1096,12 @@ static int extract_timestamp(const char *b, au_event_t *e)
int rc = 1;
e->host = NULL;
+
+ tmp = alloca(340);
if (*b == 'n')
- tmp = strndupa(b, 340);
+ tmp = strncpy(tmp, b, 340);
else
- tmp = strndupa(b, 80);
+ tmp = strncpy(tmp, b, 80);
ptr = audit_strsplit(tmp);
if (ptr) {
// Optionally grab the node - may or may not be included
diff --git a/src/auditd.c b/src/auditd.c
index 3f0162d..a1c2c51 100644
--- a/src/auditd.c
+++ b/src/auditd.c
@@ -185,7 +185,7 @@ static void child_handler2( int sig )
static int extract_type(const char *str)
{
- const char *tptr, *ptr2, *ptr = str;
+ const char *ptr2, *ptr = str;
if (*str == 'n') {
ptr = strchr(str+1, ' ');
if (ptr == NULL)
@@ -194,12 +194,12 @@ static int extract_type(const char *str)
}
// ptr should be at 't'
ptr2 = strchr(ptr, ' ');
- // get type=xxx in a buffer
- tptr = strndupa(ptr, ptr2 - ptr);
+
// find =
- str = strchr(tptr, '=');
- if (str == NULL)
+ str = strchr(ptr, '=');
+ if (str == NULL || str >= ptr2)
return -1; // Malformed - bomb out
+
// name is 1 past
str++;
return audit_name_to_msg_type(str);
diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
index b1aec06..5d461b0 100644
--- a/src/ausearch-lol.c
+++ b/src/ausearch-lol.c
@@ -135,10 +135,12 @@ static int extract_timestamp(const char *b, event *e)
char *ptr, *tmp, *tnode, *ttype;
e->node = NULL;
+
+ tmp = alloca(340);
if (*b == 'n')
- tmp = strndupa(b, 340);
+ tmp = strncpy(tmp, b, 340);
else
- tmp = strndupa(b, 80);
+ tmp = strncpy(tmp, b, 80);
ptr = audit_strsplit(tmp);
if (ptr) {
// Check to see if this is the node info
--
2.9.3