Re: [PATCH] make it match explicitly when use option '-a', '-A' and '-d' to specify "list,action"

Hello, Steve, Yu Zhiguo wrote: I'm sorry I had made a mistake in this patch. Now I make a new patch for the for latest code in audit SVN project. I know the method to correct this bug is not very beautiful, but I think this is the most efficient and simplest method. Hope your indication. Signed-off-by: Yu Zhiguo<yuzg(a)cn.fujitsu.com> --- src/auditctl.c | 28 +++++++++++++++++++--------- 1 files changed, 19 insertions(+), 9 deletions(-) diff --git a/src/auditctl.c b/src/auditctl.c index d740509..26028b9 100644 --- a/src/auditctl.c +++ b/src/auditctl.c @@ -172,31 +172,41 @@ static void usage(void) static int audit_rule_setup(const char *opt, int *flags, int *act) { static int multiple = 0; + char *p; if (++multiple != 1) return 3; - if (strstr(opt, "task")) + /* comma separating */ + p = strchr(opt, ','); + if (!p || strchr(p + 1, ',')) + return 2; + + /* obtain list */ + if (!strncmp(opt, "task,", p - opt + 1)) *flags = AUDIT_FILTER_TASK; - else if (strstr(opt, "entry")) + else if (!strncmp(opt, "entry,", p - opt + 1)) *flags = AUDIT_FILTER_ENTRY; - else if (strstr(opt, "exit")) + else if (!strncmp(opt, "exit,", p - opt + 1)) *flags = AUDIT_FILTER_EXIT; - else if (strstr(opt, "user")) + else if (!strncmp(opt, "user,", p - opt + 1)) *flags = AUDIT_FILTER_USER; - else if (strstr(opt, "exclude")) { + else if (!strncmp(opt, "exclude,", p - opt + 1)) { *flags = AUDIT_FILTER_EXCLUDE; exclude = 1; } else return 2; - if (strstr(opt, "never")) + + /* obtain action */ + if (!strcmp(p + 1, "always")) + *act = AUDIT_ALWAYS; + else if (!strcmp(p + 1, "never")) *act = AUDIT_NEVER; - else if (strstr(opt, "possible")) + else if (!strcmp(p + 1, "possible")) return 1; - else if (strstr(opt, "always")) - *act = AUDIT_ALWAYS; else return 2; + return 0; }