Re: the format string of printf to print audit status is wrong
On Thu, 2008-07-31 at 13:07 +0800, Yu Zhiguo wrote:
Hello Steve,
all audit status's type is __u32, so '%u' should be used
in format string of printf rather than '%d', otherwise the
value outputted to user will be wraparound.
For example:
# auditctl -r 4294967295
AUDIT_STATUS: enabled=1 flag=1 pid=8999 rate_limit=-1 backlog_limit=320
lost=2241 backlog=0
but it should be
# auditctl -r 4294967295
AUDIT_STATUS: enabled=1 flag=1 pid=8999 rate_limit=4294967295
backlog_limit=320 lost=2270 backlog=0
This is the patch. Can you apply it?
Signed-off-by: Yu Zhiguo<yuzg(a)cn.fujitsu.com>
---
src/auditctl.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/auditctl.c b/src/auditctl.c
index d740509..5416e9b 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -1349,8 +1349,8 @@ static int audit_print_reply(struct audit_reply *rep)
printed = 1;
return 0;
case AUDIT_GET:
- printf("AUDIT_STATUS: enabled=%d flag=%d pid=%d"
- " rate_limit=%d backlog_limit=%d lost=%d backlog=%d\n",
+ printf("AUDIT_STATUS: enabled=%u flag=%u pid=%u"
+ " rate_limit=%u backlog_limit=%u lost=%u backlog=%u\n",
In kernel the types are:
int audit_enabled;
static int audit_failure = AUDIT_FAIL_PRINTK;
typedef int __kernel_pid_t;
static int audit_rate_limit;
static int audit_backlog_limit = 64;
static atomic_t audit_lost = ATOMIC_INIT(0); (atomic_t is just volatile int)
backlog comes from:
static inline __u32 skb_queue_len()
So it seems reasonable to switch backlog=%d to backlog=%u but all of the
other values "could" be negative and should be shown as ints.
-Eric