diff --git a/audit.spec b/audit.spec index 6864aec..3502037 100644 --- a/audit.spec +++ b/audit.spec @@ -369,7 +369,7 @@ fi %attr(644,root,root) %{_mandir}/man8/*.8.gz %changelog -* Tue May 28 2024 xuraoqing - 1:3.1.2-3 +* Wed May 29 2024 fangxiuning - 1:3.1.2-3 - backport patches to fix bugs * Thu Feb 1 2024 liyunfei - 1:3.1.2-2 diff --git a/backport-Cleanup-code-in-LRU.patch b/backport-Cleanup-code-in-LRU.patch new file mode 100644 index 0000000..ffd5ce2 --- /dev/null +++ b/backport-Cleanup-code-in-LRU.patch @@ -0,0 +1,77 @@ +From 4939b8541322cbf3a53affc28e71ce53d92f121f Mon Sep 17 00:00:00 2001 +From: Steve Grubb +Date: Fri, 3 May 2024 17:50:35 -0400 +Subject: [PATCH] Cleanup code in LRU + +Dont dereference anything until after checking if the queue is not empty. +Also, leave a note disputing static analysis thinking there is a use after +free destroying the queue. + +Conflict:NA +Reference:https://github.com/linux-audit/audit-userspace/commit/4939b8541322cbf3a53affc28e71ce53d92f121f + +--- + auparse/lru.c | 20 ++++++++++++-------- + 1 file changed, 12 insertions(+), 8 deletions(-) + +diff --git a/auparse/lru.c b/auparse/lru.c +index 05c4088d..f30bcf41 100644 +--- a/auparse/lru.c ++++ b/auparse/lru.c +@@ -116,6 +116,11 @@ static void destroy_queue(Queue *queue) + dump_queue_stats(queue); + #endif + ++ // Some static analysis scanners try to flag this as a use after ++ // free accessing queue->end. This is a false positive. It is freed. ++ // However, static analysis apps are incapable of seeing that in ++ // remove_node, end is updated to a prior node as part of detaching ++ // the current end node. + while (queue->count) + dequeue(queue); + +@@ -252,34 +257,33 @@ out: + sanity_check_queue(queue, "2 remove_node"); + } + +-// Remove from the end of the queue ++// Remove from the end of the queue + static void dequeue(Queue *queue) + { +- QNode *temp = queue->end; +- + if (queue_is_empty(queue)) + return; + ++ QNode *temp = queue->end; + remove_node(queue, queue->end); + + // if (queue->cleanup) + // queue->cleanup(temp->str); + free(temp->str); + free(temp); +- ++ + // decrement the total of full slots by 1 + queue->count--; + } +- ++ + // Remove front of the queue because its a mismatch + void lru_evict(Queue *queue, unsigned int key) + { ++ if (queue_is_empty(queue)) ++ return; ++ + Hash *hash = queue->hash; + QNode *temp = queue->front; + +- if (queue_is_empty(queue)) +- return; +- + hash->array[key] = NULL; + remove_node(queue, queue->front); + +-- +2.33.0 + diff --git a/backport-Fix-memory-leaks.patch b/backport-Fix-memory-leaks.patch new file mode 100644 index 0000000..8afde88 --- /dev/null +++ b/backport-Fix-memory-leaks.patch @@ -0,0 +1,69 @@ +From 289dc3a077f05fba93816fbdfbbfe032322d7f64 Mon Sep 17 00:00:00 2001 +From: Steve Grubb +Date: Tue, 21 May 2024 12:28:29 -0400 +Subject: [PATCH] Fix memory leaks + +Conflict:NA +Reference:https://github.com/linux-audit/audit-userspace/commit/289dc3a077f05fba93816fbdfbbfe032322d7f64 + +--- + src/auditd-listen.c | 2 +- + src/ausearch-lol.c | 2 ++ + src/ausearch-parse.c | 6 ++++-- + 3 files changed, 7 insertions(+), 3 deletions(-) + +diff --git a/src/auditd-listen.c b/src/auditd-listen.c +index ea3f137c..52076361 100644 +--- a/src/auditd-listen.c ++++ b/src/auditd-listen.c +@@ -443,8 +443,8 @@ static int negotiate_credentials(ev_tcp *io) + gss_release_name(&min_stat, &client); + return -1; + } +- gss_release_buffer(&min_stat, &send_tok); + } ++ gss_release_buffer(&min_stat, &send_tok); + } while (maj_stat == GSS_S_CONTINUE_NEEDED); + + maj_stat = gss_display_name(&min_stat, client, &recv_tok, NULL); +diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c +index a5418079..784c58f6 100644 +--- a/src/ausearch-lol.c ++++ b/src/ausearch-lol.c +@@ -311,6 +311,7 @@ int lol_add_record(lol *lo, char *buff) + n.type = e.type; + n.message = strdup(buff); + if(n.message == NULL) { ++ free((char *)e.node); + fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__); + return 0; + } +@@ -369,6 +370,7 @@ int lol_add_record(lol *lo, char *buff) + // Create new event and fill it in + l = malloc(sizeof(llist)); + if (l == NULL) { ++ free((char *)e.node); + fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__); + return 0; + } +diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c +index be57606b..4c9bef0d 100644 +--- a/src/ausearch-parse.c ++++ b/src/ausearch-parse.c +@@ -769,9 +769,11 @@ static int common_path_parser(search_items *s, char *path) + if ((sn.str[0] == '.') && ((sn.str[1] == '.') || + (sn.str[1] == '/')) && s->cwd) { + char *tmp = malloc(PATH_MAX); +- if (tmp == NULL) ++ if (tmp == NULL) { ++ free(sn.str); + return 6; +- snprintf(tmp, PATH_MAX, "%s/%s", ++ } ++ snprintf(tmp, PATH_MAX, "%s/%s", + s->cwd, sn.str); + free(sn.str); + sn.str = tmp; +-- +2.33.0 + diff --git a/backport-Use-atomic_int-if-available-for-signal-related-flags.patch b/backport-Use-atomic_int-if-available-for-signal-related-flags.patch new file mode 100644 index 0000000..bd7bb3c --- /dev/null +++ b/backport-Use-atomic_int-if-available-for-signal-related-flags.patch @@ -0,0 +1,92 @@ +From 184f20c56576300343b8f8b60a8bebb185074485 Mon Sep 17 00:00:00 2001 +From: Steve Grubb +Date: Fri, 26 Apr 2024 12:44:56 -0400 +Subject: [PATCH] Use atomic_int if available for signal related flags + +Conflict:src/auditd.c +Reference:https://github.com/linux-audit/audit-userspace/commit/184f20c56576300343b8f8b60a8bebb185074485 + +--- + configure.ac | 7 ++++++- + src/auditd-event.c | 5 ++++- + src/auditd.c | 9 ++++++--- + 3 files changed, 16 insertions(+), 5 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 8644ccc..61d32a8 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -87,7 +87,12 @@ AC_LINK_IFELSE( + [AC_DEFINE(HAVE_STRNDUPA, 1, [Let us know if we have it or not])], + [] + ) +- ++AC_CHECK_HEADERS([stdatomic.h], [ ++ AC_DEFINE([HAVE_ATOMIC], 1, [Define to 1 if you have the header file.]) ++ AC_DEFINE([ATOMIC_INT], atomic_int, [Define atomic_int if you have the header file.]) ++ ], [ ++ AC_DEFINE([ATOMIC_INT], int, [Define to the type of an int if is not available.]) ++]) + AC_MSG_CHECKING(__attr_access support) + AC_COMPILE_IFELSE( + [AC_LANG_SOURCE( +diff --git a/src/auditd-event.c b/src/auditd-event.c +index c74b420..74c4fbd 100644 +--- a/src/auditd-event.c ++++ b/src/auditd-event.c +@@ -36,6 +36,9 @@ + #include /* POSIX_HOST_NAME_MAX */ + #include /* toupper */ + #include /* dirname */ ++#ifdef HAVE_ATOMIC ++#include ++#endif + #include "auditd-event.h" + #include "auditd-dispatch.h" + #include "auditd-listen.h" +@@ -45,7 +48,7 @@ + #include "auparse-idata.h" + + /* This is defined in auditd.c */ +-extern volatile int stop; ++extern volatile ATOMIC_INT stop; + + /* Local function prototypes */ + static void send_ack(const struct auditd_event *e, int ack_type, +diff --git a/src/auditd.c b/src/auditd.c +index 901f741..aebb919 100644 +--- a/src/auditd.c ++++ b/src/auditd.c +@@ -38,6 +38,9 @@ + #include + #include + #include ++#ifdef HAVE_ATOMIC ++#include ++#endif + + #include "libaudit.h" + #include "auditd-event.h" +@@ -62,7 +65,7 @@ + #define SUBJ_LEN 4097 + + /* Global Data */ +-volatile int stop = 0; ++volatile ATOMIC_INT stop = 0; + + /* Local data */ + static int fd = -1, pipefds[2] = {-1, -1}; +@@ -72,8 +75,8 @@ static const char *state_file = "/var/run/auditd.state"; + static int init_pipe[2]; + static int do_fork = 1, opt_aggregate_only = 0, config_dir_set = 0; + static struct auditd_event *cur_event = NULL, *reconfig_ev = NULL; +-static int hup_info_requested = 0; +-static int usr1_info_requested = 0, usr2_info_requested = 0; ++static ATOMIC_INT hup_info_requested = 0; ++static ATOMIC_INT usr1_info_requested = 0, usr2_info_requested = 0; + static char subj[SUBJ_LEN]; + static uint32_t session; + static int hup_flag = 0; +-- +2.33.0 + diff --git a/backport-Use-atomic_uint-if-available-for-signal-related-flag.patch b/backport-Use-atomic_uint-if-available-for-signal-related-flag.patch new file mode 100644 index 0000000..6e8f9a8 --- /dev/null +++ b/backport-Use-atomic_uint-if-available-for-signal-related-flag.patch @@ -0,0 +1,85 @@ +From 3955b5e29e119122dc2fc0a53ba82529613e4e1c Mon Sep 17 00:00:00 2001 +From: Steve Grubb +Date: Fri, 26 Apr 2024 14:03:02 -0400 +Subject: [PATCH] Use atomic_uint if available for signal related flags + +Conflict:NA +Reference:https://github.com/linux-audit/audit-userspace/commit/3955b5e29e119122dc2fc0a53ba82529613e4e1c + +--- + audisp/audispd.c | 7 +++++-- + audisp/queue.c | 9 ++++++--- + configure.ac | 2 ++ + 3 files changed, 13 insertions(+), 5 deletions(-) + +diff --git a/audisp/audispd.c b/audisp/audispd.c +index 0902a073..e4e49087 100644 +--- a/audisp/audispd.c ++++ b/audisp/audispd.c +@@ -37,6 +37,9 @@ + #include + #include + #include ++#ifdef HAVE_ATOMIC ++#include ++#endif + + #include "audispd-pconfig.h" + #include "audispd-config.h" +@@ -46,8 +49,8 @@ + #include "private.h" + + /* Global Data */ +-static volatile int stop = 0; +-volatile int disp_hup = 0; ++static volatile ATOMIC_INT stop = 0; ++volatile ATOMIC_INT disp_hup = 0; + + /* Local data */ + static daemon_conf_t daemon_config; +diff --git a/audisp/queue.c b/audisp/queue.c +index 8bd20ea1..183a5af8 100644 +--- a/audisp/queue.c ++++ b/audisp/queue.c +@@ -25,17 +25,20 @@ + #include + #include + #include ++#ifdef HAVE_ATOMIC ++#include ++#endif + #include "queue.h" + + static volatile event_t **q; + static pthread_mutex_t queue_lock; + static pthread_cond_t queue_nonempty; +-static unsigned int q_next, q_last, q_depth, processing_suspended; +-static unsigned int currently_used, max_used, overflowed; ++static unsigned int q_next, q_last, q_depth, processing_suspended, overflowed; ++static ATOMIC_UNSIGNED currently_used, max_used; + static const char *SINGLE = "1"; + static const char *HALT = "0"; + static int queue_full_warning = 0; +-extern volatile int disp_hup; ++extern volatile ATOMIC_INT disp_hup; + #define QUEUE_FULL_LIMIT 5 + + void reset_suspended(void) +diff --git a/configure.ac b/configure.ac +index f0650f3f..969d36e8 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -89,8 +89,10 @@ AC_LINK_IFELSE( + AC_CHECK_HEADERS([stdatomic.h], [ + AC_DEFINE([HAVE_ATOMIC], 1, [Define to 1 if you have the header file.]) + AC_DEFINE([ATOMIC_INT], atomic_int, [Define atomic_int if you have the header file.]) ++ AC_DEFINE([ATOMIC_UNSIGNED], atomic_uint, [Define atomic_uint if you have the header file.]) + ], [ + AC_DEFINE([ATOMIC_INT], int, [Define to the type of an int if is not available.]) ++ AC_DEFINE([ATOMIC_UNSIGNED], unsigned, [Define to the type of an unsigned if is not available.]) + ]) + AC_MSG_CHECKING(__attr_access support) + AC_COMPILE_IFELSE( +-- +2.33.0 + diff --git a/backport-correcting-memcmp-args-in-check_rule_mismatch-functi.patch b/backport-correcting-memcmp-args-in-check_rule_mismatch-functi.patch new file mode 100644 index 0000000..312fca2 --- /dev/null +++ b/backport-correcting-memcmp-args-in-check_rule_mismatch-functi.patch @@ -0,0 +1,28 @@ +From 3f3b3a2377ce1977dd4136aa653f2f65c3cd2fe0 Mon Sep 17 00:00:00 2001 +From: Yugend +Date: Wed, 27 Mar 2024 17:41:07 +0300 +Subject: [PATCH] correcting memcmp args in check_rule_mismatch function + +Conflict:src/auditctl.c +Reference:https://github.com/linux-audit/audit-userspace/commit/3f3b3a2377ce1977dd4136aa653f2f65c3cd2fe0 + +--- + src/auditctl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/auditctl.c b/src/auditctl.c +index 7949d95c..acb1e518 100644 +--- a/src/auditctl.c ++++ b/src/auditctl.c +@@ -392,7 +392,7 @@ static int check_rule_mismatch(int lineno, const char *option) + audit_rule_syscallbyname_data(&tmprule, ptr); + ptr = strtok_r(NULL, ",", &saved); + } +- if (memcmp(tmprule.mask, rule_new->mask, AUDIT_BITMASK_SIZE)) ++ if (memcmp(tmprule.mask, rule_new->mask, AUDIT_BITMASK_SIZE * sizeof(tmprule.mask[0]))) + rc = 1; + free(tmp); + +-- +2.33.0 + diff --git a/backport-fix-one-more-leak.patch b/backport-fix-one-more-leak.patch new file mode 100644 index 0000000..af271ff --- /dev/null +++ b/backport-fix-one-more-leak.patch @@ -0,0 +1,30 @@ +From 613ccbdd1011692c6724a11cc8798112dd26d202 Mon Sep 17 00:00:00 2001 +From: Steve Grubb +Date: Tue, 21 May 2024 13:17:38 -0400 +Subject: [PATCH] fix one more leak + +Conflict:NA +Reference:https://github.com/linux-audit/audit-userspace/commit/613ccbdd1011692c6724a11cc8798112dd26d202 + +--- + src/ausearch-lol.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c +index 784c58f6..d156ce42 100644 +--- a/src/ausearch-lol.c ++++ b/src/ausearch-lol.c +@@ -371,7 +371,9 @@ int lol_add_record(lol *lo, char *buff) + l = malloc(sizeof(llist)); + if (l == NULL) { + free((char *)e.node); +- fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__); ++ free(n.message); ++ fprintf(stderr, "Out of memory. Check %s file, %d line", ++ __FILE__, __LINE__); + return 0; + } + list_create(l); +-- +2.33.0 +