Re: type=SOCKADDR record missing for socketcall(accept)?

Thursday, 23 March 2006

On Thursday 23 March 2006 09:08, John D. Ramsdell wrote:
...
  I noticed that a socketcall(bind) and socketcall(connect) event
contain a
  record of type=SOCKADDR, but I cannot see one for a system call event
  associated with socketcall(accept).  Recording the sockaddr of an accepted
  socket is important for cross platform information flow analys 
Thanks for pointing this out. The following patch should address this.


Signed-off-by: Steve Grubb <sgrubb(a)redhat.com&gt;

diff -urp linux-2.6.15.x86_64.orig/net/socket.c linux-2.6.15.x86_64/net/socket.c

--- linux-2.6.15.x86_64.orig/net/socket.c	2006-03-23 10:16:44.000000000 -0500
+++ linux-2.6.15.x86_64/net/socket.c	2006-03-23 10:27:20.000000000 -0500
@@ -263,6 +263,8 @@ int move_addr_to_user(void *kaddr, int k
 		return -EINVAL;
 	if(len)
 	{
+		if (audit_sockaddr(klen, kaddr))
+			return -ENOMEM;
 		if(copy_to_user(uaddr,kaddr,len))
 			return -EFAULT;
 	}



    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: type=SOCKADDR record missing for socketcall(accept)?