Re: Bad bug in remote logging
Am Dienstag, 12. April 2011, um 05:18:44 schrieb Linda Knippers:
Hi Linda,
Steve Grubb wrote:
> Hello,
>
> There was a bug reported to day that I think merits an email and/or
> discussion.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=695419
> =================================
> audisp-remote does
>
>> memset (&address, 0, sizeof(address));
>> address.sin_family = htons(AF_INET);
>> address.sin_port = htons(config.local_port);
>> address.sin_addr.s_addr = htonl(INADDR_ANY);
>
> which shows in strace as
>
>> bind(3, {sa_family=0x200 /* AF_??? */,
>> sa_data="\0<\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) =
Bind does not do anything with the family - it just calls the bind callback
function set for the protocol by the socket syscall. What is the socket
syscall saying here?
Note that the socket syscall (specifically __sock_create) has the following
code for the family:
if (family < 0 || family >= NPROTO)
return -EAFNOSUPPORT;
And NPROTO is defined as decimal 39 (in 2.6.38). Hence, 0x200 as a family does
not work for socket - the socket syscall would have returned an error.
If for some reason the socket syscall uses AF_INET and diverts into IPv4,
sin_family does not seem to be used unless you have a socket-specific bind
function (e.g. RAW sockets).
To make a final determination on the impact, I would check:
- strace for socket syscall
- tcpdump on the connection
Ciao
Stephan