[PATCH 4/5] Fix the bug of AUDIT_PERM field added without a watch

Hello Steve, AUDIT_PERM field should used after a watch given. For example, auditctl -a exit,always -F perm=r No error message is outputed. I think we should add checking for it. Signed-off-by: Zhang Xiliang <zhangxiliang(a)cn.fujitsu.com&gt; --- lib/libaudit.c | 2 ++ src/auditctl.c | 5 +++++ 2 files changed, 7 insertions(+), 0 deletions(-) diff --git a/lib/libaudit.c b/lib/libaudit.c index 3e2e28f..fd2c41b 100644 --- a/lib/libaudit.c +++ b/lib/libaudit.c @@ -1046,6 +1046,8 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, return -7; else if (op != AUDIT_EQUAL) return -13; + else if (audit_permadded != 1) + return -22; else { unsigned int i, len, val = 0; diff --git a/src/auditctl.c b/src/auditctl.c index 1455ee6..b356faa 100644 --- a/src/auditctl.c +++ b/src/auditctl.c @@ -857,6 +857,11 @@ static int setopt(int count, char *vars[]) "-F value should be number for %s\n", optarg); retval = -1; break; + case -22: + fprintf(stderr, + "permission option needs a watch given prior to it\n"); + retval = -1; + break; default: retval = -1; break;