Projects
openEuler:20.03:LTS:SP3
audit
_service:tar_scm_kernel_repo:backport-In-auditd...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm_kernel_repo:backport-In-auditd-check-if-log_file-is-valid-before-closing-.patch of Package audit
From 6531c7dfb832ea245d8004662ea7c4e90107c0df Mon Sep 17 00:00:00 2001 From: Steve Grubb <sgrubb@redhat.com> Date: Wed, 11 Aug 2021 15:10:18 -0400 Subject: [PATCH 2207/2246] In auditd, check if log_file is valid before closing handle --- src/auditd-event.c | 44 +++++++++++++++++++++++++++++++---------------- 1 files changed, 29 insertions(+), 15 deletions(-) diff --git a/src/auditd-event.c b/src/auditd-event.c index 3655726..788c44a 100644 --- a/src/auditd-event.c +++ b/src/auditd-event.c @@ -71,7 +71,7 @@ static void init_flush_thread(void); /* Local Data */ static struct daemon_conf *config; static volatile int log_fd; -static FILE *log_file; +static FILE *log_file = NULL; static unsigned int disk_err_warning = 0; static int fs_space_warning = 0; static int fs_admin_space_warning = 0; @@ -174,7 +175,8 @@ int init_event(struct daemon_conf *conf) format_buf = (char *)malloc(FORMAT_BUF_LEN); if (format_buf == NULL) { audit_msg(LOG_ERR, "No memory for formatting, exiting"); - fclose(log_file); + if (log_file) + fclose(log_file); log_file = NULL; return 1; } @@ -212,7 +214,8 @@ static void *flush_thread_main(void *arg) flush = 0; pthread_mutex_unlock(&flush_lock); - fsync(log_fd); + if (log_fd >= 0) + fsync(log_fd); } return NULL; } @@ -589,7 +592,8 @@ void handle_event(struct auditd_event *e) if (config->daemonize == D_BACKGROUND) { if (config->flush == FT_INCREMENTAL) { /* EIO is only likely failure */ - if (fsync(log_fd) != 0) { + if (log_fd >= 0 && + fsync(log_fd) != 0) { do_disk_error_action( "fsync", errno); @@ -744,6 +748,9 @@ static void check_space_left(void) int rc; struct statfs buf; + if (log_fd < 0) + return; + rc = fstatfs(log_fd, &buf); if (rc == 0) { if (buf.f_bavail < 5) { @@ -831,7 +838,8 @@ static void do_space_left_action(int admin) case FA_EXEC: // Close the logging file in case the script zips or // moves the file. We'll reopen in sigusr2 handler - fclose(log_file); + if (log_file) + fclose(log_file); log_file = NULL; log_fd = -1; logging_suspended = 1; @@ -881,7 +889,8 @@ static void do_disk_full_action(void) case FA_EXEC: // Close the logging file in case the script zips or // moves the file. We'll reopen in sigusr2 handler - fclose(log_file); + if (log_file) + fclose(log_file); log_file = NULL; log_fd = -1; logging_suspended = 1; @@ -928,7 +937,8 @@ static void do_disk_error_action(const char *func, int err) case FA_EXEC: // Close the logging file in case the script zips or // moves the file. We'll reopen in sigusr2 handler - fclose(log_file); + if (log_file) + fclose(log_file); log_file = NULL; log_fd = -1; logging_suspended = 1; @@ -1053,17 +1063,21 @@ static void rotate_logs(unsigned int num_logs, unsigned int keep_logs) /* Close audit file. fchmod and fchown errors are not fatal because we * already adjusted log file permissions and ownership when opening the * log file. */ - if (fchmod(log_fd, config->log_group ? S_IRUSR|S_IRGRP : S_IRUSR) < 0){ - audit_msg(LOG_WARNING, "Couldn't change permissions while " + if (log_fd >= 0) { + if (fchmod(log_fd, config->log_group ? S_IRUSR|S_IRGRP : + S_IRUSR) < 0){ + audit_msg(LOG_WARNING, "Couldn't change permissions while " "rotating log file (%s)", strerror(errno)); - } - if (fchown(log_fd, 0, config->log_group) < 0) { - audit_msg(LOG_WARNING, "Couldn't change ownership while " + } + if (fchown(log_fd, 0, config->log_group) < 0) { + audit_msg(LOG_WARNING, "Couldn't change ownership while " "rotating log file (%s)", strerror(errno)); + } } - fclose(log_file); + if (log_file) + fclose(log_file); log_file = NULL; - + /* Rotate */ len = strlen(config->log_file) + 16; oldname = (char *)malloc(len); @@ -1470,7 +1484,8 @@ static void reconfigure(struct auditd_event *e) free((void *)nconf->log_file); if (need_reopen) { - fclose(log_file); + if (log_file) + fclose(log_file); log_file = NULL; fix_disk_permissions(); if (open_audit_log()) { -- 1.8.3.1
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.