Re: Two small errors in ausearch-parse.c
On Saturday, October 03, 2015 06:13:16 PM Emily Ratliff wrote:
While testing usage of some tools, I stumbled across two small errors
in
ausearch-parse.c. I have attached two patches
Thanks. Applied.
end-fix.patch fixes the segfaults which can be found by running
ausearch -m USER_AUTH,USER_ACCT --success no --if end-986-dump.log
and
ausearch -m USER_AUTH,USER_ACCT --success no --if error-ausearch.log
term-segfault.patch fixes the errors that can be found by running
aureport -if corrupt-log-for-aureport.log
and
ausearch -m USER_AUTH,USER_ACCT --success no --if
corrupt-log-for-ausearch.log
The erroneous log files were produced using zzuf. The corrupted log files
are also attached. It is unlikely that a user will encounter corrupted
audit log files in the wild, so these bugs aren't serious, but they are
easy to fix.
I would agree. The fixes were in a place where an intial " was found and it was
looking for the terminating one. Its highly unlikely this would ever be
encountered in the wild because libaudit would typically handle the writing of
that ".
-Steve