File check-for-AF_UNIX-unnamed-sockets.patch of Package audit-secondary

Overview Repositories Revisions Requests Users Attributes Meta

File check-for-AF_UNIX-unnamed-sockets.patch of Package audit-secondary (Revision e22aae9e580e040d565055f1fa3967d6)

Currently displaying revision e22aae9e580e040d565055f1fa3967d6 , Show latest

From 4fcf946ea07f696166364e015239d904946617a8 Mon Sep 17 00:00:00 2001
From: Enzo Matsumiya <ematsumiya@suse.de>
Date: Thu, 27 Apr 2023 12:46:30 -0300
Subject: [PATCH] Check for AF_UNIX unnamed sockets

Change the interpreted message for unnamed/anonymous sockets, and
make sure to not return an error if so.

Also check if sun_path[1] is valid for abstract sockets cases before
trying to strdup() it.

Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
---
 auparse/interpret.c  |  7 ++++---
 src/ausearch-parse.c | 19 ++++++++++++-------
 2 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/auparse/interpret.c b/auparse/interpret.c
index f8c5c84a5..bb4d0e1e1 100644
--- a/auparse/interpret.c
+++ b/auparse/interpret.c
@@ -1235,9 +1235,10 @@ static const char *print_sockaddr(const char *val)
         switch (saddr->sa_family) {
                 case AF_LOCAL:
 			if (slen < 4) {
-				rc = asprintf(&out,
-				    "{ saddr_fam=%s sockaddr len too short }",
-							str);
+				rc = asprintf(&out, "{ saddr_fam=%s %s }", str,
+				    slen == sizeof(saddr->sa_family) ?
+				    "unnamed socket" : // ignore sun_path
+				    "sockaddr len too short");
 				break;
 			} else {
                                 const struct sockaddr_un *un =
diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
index 597d45f12..f9aad6303 100644
--- a/src/ausearch-parse.c
+++ b/src/ausearch-parse.c
@@ -1706,20 +1706,22 @@ static int parse_sockaddr(const lnode *n, search_items *s)
 				}
 				len = sizeof(struct sockaddr_in6);
 			} else if (saddr->sa_family == AF_UNIX) {
-				if (len < 4) {
-					fprintf(stderr,
-						"sun_path len too short\n");
-					return 3;
-				}
 				struct sockaddr_un *un =
 					(struct sockaddr_un *)saddr;
+				if (len != sizeof(saddr->sa_family) &&
+				    len < 4) {
+					fprintf(stderr,
+						"sun_path len too short (%d)\n",
+						len);
+					return 4;
+				}
 				if (event_filename) {
 					if (!s->filename) {
 						//create
 						s->filename =
 							malloc(sizeof(slist));
 						if (s->filename == NULL)
-							return 4;
+							return 5;
 						slist_create(s->filename);
 					}
 					if (s->filename) {
@@ -1728,9 +1730,12 @@ static int parse_sockaddr(const lnode *n, search_items *s)
 						if (un->sun_path[0])
 						    sn.str =
 							strdup(un->sun_path);
-						else
+						else if (un->sun_path[1])
 						    sn.str =
 							strdup(un->sun_path+1);
+						else
+							return 6;
+
 						sn.key = NULL;
 						sn.hits = 1;
 						slist_append(s->filename, &sn);

 
From 4fcf946ea07f696166364e015239d904946617a8 Mon Sep 17 00:00:00 2001
From: Enzo Matsumiya <ematsumiya@suse.de>
Date: Thu, 27 Apr 2023 12:46:30 -0300
Subject: [PATCH] Check for AF_UNIX unnamed sockets
​
Change the interpreted message for unnamed/anonymous sockets, and
make sure to not return an error if so.
​
Also check if sun_path[1] is valid for abstract sockets cases before
trying to strdup() it.
​
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
---
 auparse/interpret.c  |  7 ++++---
 src/ausearch-parse.c | 19 ++++++++++++-------
 2 files changed, 16 insertions(+), 10 deletions(-)
​
diff --git a/auparse/interpret.c b/auparse/interpret.c
index f8c5c84a5..bb4d0e1e1 100644
--- a/auparse/interpret.c
+++ b/auparse/interpret.c
@@ -1235,9 +1235,10 @@ static const char *print_sockaddr(const char *val)
         switch (saddr->sa_family) {
                 case AF_LOCAL:
            if (slen < 4) {
-               rc = asprintf(&out,
-                   "{ saddr_fam=%s sockaddr len too short }",
-                           str);
+               rc = asprintf(&out, "{ saddr_fam=%s %s }", str,
+                   slen == sizeof(saddr->sa_family) ?
+                   "unnamed socket" : // ignore sun_path
+                   "sockaddr len too short");
                break;
            } else {
                                 const struct sockaddr_un *un =
diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
index 597d45f12..f9aad6303 100644
--- a/src/ausearch-parse.c
+++ b/src/ausearch-parse.c
@@ -1706,20 +1706,22 @@ static int parse_sockaddr(const lnode *n, search_items *s)
                }
                len = sizeof(struct sockaddr_in6);
            } else if (saddr->sa_family == AF_UNIX) {
-               if (len < 4) {
-                   fprintf(stderr,
-                       "sun_path len too short\n");
-                   return 3;
-               }
                struct sockaddr_un *un =
                    (struct sockaddr_un *)saddr;
+               if (len != sizeof(saddr->sa_family) &&
+                   len < 4) {
+                   fprintf(stderr,
+                       "sun_path len too short (%d)\n",
+                       len);
+                   return 4;
+               }
                if (event_filename) {
                    if (!s->filename) {
                        //create
                        s->filename =
                            malloc(sizeof(slist));
                        if (s->filename == NULL)
-                           return 4;
+                           return 5;
                        slist_create(s->filename);
                    }
                    if (s->filename) {
@@ -1728,9 +1730,12 @@ static int parse_sockaddr(const lnode *n, search_items *s)
                        if (un->sun_path[0])
                            sn.str =
                            strdup(un->sun_path);
-                       else
+                       else if (un->sun_path[1])
                            sn.str =
                            strdup(un->sun_path+1);
+                       else
+                           return 6;
+
                        sn.key = NULL;
                        sn.hits = 1;
                        slist_append(s->filename, &sn);
​

Places

File check-for-AF_UNIX-unnamed-sockets.patch of Package audit-secondary (Revision e22aae9e580e040d565055f1fa3967d6)

Places