PERFORCE change 90081 for review
Robert Watson
rwatson at FreeBSD.org
Sat Jan 21 06:05:00 PST 2006
http://perforce.freebsd.org/chv.cgi?CH=90081
Change 90081 by rwatson at rwatson_sesame on 2006/01/21 14:04:43
Integrate OpenBSM branch into audit3 to pick up recent results from
FlexeLint.
Affected files ...
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/README#4 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit.h#5 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#6 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_token.c#6 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_user.c#4 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_wrappers.c#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/tools/Makefile#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/tools/audump.c#3 integrate
Differences ...
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/README#4 (text+ko) ====
@@ -56,9 +56,16 @@
SPARTA, Inc.
Robert Watson
Wayne Salamon
+ Suresh Krishnaswamy
+ Kevin Van Vechten
Tom Rhodes
Wojciech Koszek
Chunyang Yuan
+ Poul-Henning Kamp
+
+In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel
+Software's FlexeLint tool were used to identify a number of bugs in the
+OpenBSM implementation.
Contributions
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit.h#5 (text+ko) ====
@@ -37,7 +37,7 @@
#define AUDIT_RECORD_MAGIC 0x828a0f1b
#define MAX_AUDIT_RECORDS 20
#define MAX_AUDIT_RECORD_SIZE 4096
-#define MIN_AUDIT_FILE_SIZE 512 * 1024
+#define MIN_AUDIT_FILE_SIZE (512 * 1024)
/*
* Triggers for the audit daemon
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#6 (text+ko) ====
@@ -46,7 +46,6 @@
#include <netinet/in.h>
#include <arpa/inet.h>
#include <errno.h>
-#include <fcntl.h>
#include <time.h>
#include <stdlib.h>
#include <stdio.h>
@@ -551,7 +550,7 @@
break;
case AU_IPv6:
- READ_TOKEN_BYTES(buf, len, &tok->tt.hdr32_ex.addr,
+ READ_TOKEN_BYTES(buf, len, tok->tt.hdr32_ex.addr,
sizeof(tok->tt.hdr32_ex.addr), tok->len, err);
break;
}
@@ -2533,115 +2532,150 @@
switch(tok->id) {
case AUT_HEADER32:
- return (print_header32_tok(outfp, tok, del, raw, sfrm));
+ print_header32_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_HEADER32_EX:
- return (print_header32_ex_tok(outfp, tok, del, raw, sfrm));
+ print_header32_ex_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_HEADER64:
- return (print_header64_tok(outfp, tok, del, raw, sfrm));
+ print_header64_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_HEADER64_EX:
- return (print_header64_ex_tok(outfp, tok, del, raw, sfrm));
+ print_header64_ex_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_TRAILER:
- return (print_trailer_tok(outfp, tok, del, raw, sfrm));
+ print_trailer_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_ARG32:
- return (print_arg32_tok(outfp, tok, del, raw, sfrm));
+ print_arg32_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_ARG64:
- return (print_arg64_tok(outfp, tok, del, raw, sfrm));
+ print_arg64_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_DATA:
- return (print_arb_tok(outfp, tok, del, raw, sfrm));
+ print_arb_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_ATTR32:
- return (print_attr32_tok(outfp, tok, del, raw, sfrm));
+ print_attr32_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_ATTR64:
- return (print_attr64_tok(outfp, tok, del, raw, sfrm));
+ print_attr64_tok(outfp, tok, del, raw, sfrm);
case AUT_EXIT:
- return (print_exit_tok(outfp, tok, del, raw, sfrm));
+ print_exit_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_EXEC_ARGS:
- return (print_execarg_tok(outfp, tok, del, raw, sfrm));
+ print_execarg_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_EXEC_ENV:
- return (print_execenv_tok(outfp, tok, del, raw, sfrm));
+ print_execenv_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_OTHER_FILE32:
- return (print_file_tok(outfp, tok, del, raw, sfrm));
+ print_file_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_NEWGROUPS:
- return (print_newgroups_tok(outfp, tok, del, raw, sfrm));
+ print_newgroups_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_IN_ADDR:
- return (print_inaddr_tok(outfp, tok, del, raw, sfrm));
+ print_inaddr_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_IN_ADDR_EX:
- return (print_inaddr_ex_tok(outfp, tok, del, raw, sfrm));
+ print_inaddr_ex_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_IP:
- return (print_ip_tok(outfp, tok, del, raw, sfrm));
+ print_ip_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_IPC:
- return (print_ipc_tok(outfp, tok, del, raw, sfrm));
+ print_ipc_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_IPC_PERM:
- return (print_ipcperm_tok(outfp, tok, del, raw, sfrm));
+ print_ipcperm_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_IPORT:
- return (print_iport_tok(outfp, tok, del, raw, sfrm));
+ print_iport_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_OPAQUE:
- return (print_opaque_tok(outfp, tok, del, raw, sfrm));
+ print_opaque_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_PATH:
- return (print_path_tok(outfp, tok, del, raw, sfrm));
+ print_path_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_PROCESS32:
- return (print_process32_tok(outfp, tok, del, raw, sfrm));
+ print_process32_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_PROCESS32_EX:
- return (print_process32ex_tok(outfp, tok, del, raw, sfrm));
+ print_process32ex_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_RETURN32:
- return (print_return32_tok(outfp, tok, del, raw, sfrm));
+ print_return32_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_RETURN64:
- return (print_return64_tok(outfp, tok, del, raw, sfrm));
+ print_return64_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_SEQ:
- return (print_seq_tok(outfp, tok, del, raw, sfrm));
+ print_seq_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_SOCKET:
- return (print_socket_tok(outfp, tok, del, raw, sfrm));
+ print_socket_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_SOCKINET32:
- return (print_sock_inet32_tok(outfp, tok, del, raw, sfrm));
+ print_sock_inet32_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_SOCKUNIX:
- return (print_sock_unix_tok(outfp, tok, del, raw, sfrm));
+ print_sock_unix_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_SUBJECT32:
- return (print_subject32_tok(outfp, tok, del, raw, sfrm));
+ print_subject32_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_SUBJECT64:
- return (print_subject64_tok(outfp, tok, del, raw, sfrm));
+ print_subject64_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_SUBJECT32_EX:
- return (print_subject32ex_tok(outfp, tok, del, raw, sfrm));
+ print_subject32ex_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_TEXT:
- return (print_text_tok(outfp, tok, del, raw, sfrm));
+ print_text_tok(outfp, tok, del, raw, sfrm);
+ return;
case AUT_SOCKET_EX:
- return (print_socketex32_tok(outfp, tok, del, raw, sfrm));
+ print_socketex32_tok(outfp, tok, del, raw, sfrm);
+ return;
default:
- return (print_invalid_tok(outfp, tok, del, raw, sfrm));
+ print_invalid_tok(outfp, tok, del, raw, sfrm);
}
}
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_token.c#6 (text+ko) ====
@@ -59,13 +59,13 @@
#define GET_TOKEN_AREA(t, dptr, length) do { \
t = malloc (sizeof(token_t)); \
if (t != NULL) { \
- t->len = length; \
- t->t_data = malloc (length * sizeof(u_char)); \
+ t->len = (length); \
+ t->t_data = malloc ((length) * sizeof(u_char)); \
if ((dptr = t->t_data) == NULL) { \
free(t); \
t = NULL; \
} else \
- memset(dptr, 0, length); \
+ memset(dptr, 0, (length)); \
} \
} while (0)
@@ -83,18 +83,14 @@
u_char *dptr = NULL;
u_int16_t textlen;
- if (text == NULL) {
- errno = EINVAL;
- return (NULL);
- }
+ textlen = strlen(text);
+ textlen += 1;
- textlen = strlen(text);
- GET_TOKEN_AREA(t, dptr, 9 + textlen);
+ GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t) +
+ sizeof(u_int16_t) + textlen);
if (t == NULL)
return (NULL);
- textlen += 1;
-
ADD_U_CHAR(dptr, AUT_ARG32);
ADD_U_CHAR(dptr, n);
ADD_U_INT32(dptr, v);
@@ -112,18 +108,14 @@
u_char *dptr = NULL;
u_int16_t textlen;
- if (text == NULL) {
- errno = EINVAL;
- return (NULL);
- }
+ textlen = strlen(text);
+ textlen += 1;
- textlen = strlen(text);
- GET_TOKEN_AREA(t, dptr, 13 + textlen);
+ GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int64_t) +
+ sizeof(u_int16_t) + textlen);
if (t == NULL)
return (NULL);
- textlen += 1;
-
ADD_U_CHAR(dptr, AUT_ARG64);
ADD_U_CHAR(dptr, n);
ADD_U_INT64(dptr, v);
@@ -159,12 +151,8 @@
u_int16_t pad0_16 = 0;
u_int16_t pad0_32 = 0;
- if (vni == NULL) {
- errno = EINVAL;
- return (NULL);
- }
-
- GET_TOKEN_AREA(t, dptr, 29);
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) +
+ 3 * sizeof(u_int32_t) + sizeof(u_int64_t) + sizeof(u_int32_t));
if (t == NULL)
return (NULL);
@@ -230,11 +218,6 @@
u_char *dptr = NULL;
size_t datasize, totdata;
- if (p == NULL) {
- errno = EINVAL;
- return (NULL);
- }
-
/* Determine the size of the basic unit. */
switch (unit_type) {
case AUR_BYTE:
@@ -256,7 +239,7 @@
totdata = datasize * unit_count;
- GET_TOKEN_AREA(t, dptr, totdata + 4);
+ GET_TOKEN_AREA(t, dptr, totdata + 4 * sizeof(u_char));
if (t == NULL)
return (NULL);
@@ -281,7 +264,7 @@
token_t *t;
u_char *dptr = NULL;
- GET_TOKEN_AREA(t, dptr, 9);
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int32_t));
if (t == NULL)
return (NULL);
@@ -313,12 +296,8 @@
u_char *dptr = NULL;
int i;
- if (groups == NULL) {
- errno = EINVAL;
- return (NULL);
- }
-
- GET_TOKEN_AREA(t, dptr, n * 4 + 3);
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) +
+ n * sizeof(u_int32_t));
if (t == NULL)
return (NULL);
@@ -340,12 +319,7 @@
token_t *t;
u_char *dptr = NULL;
- if (internet_addr == NULL) {
- errno = EINVAL;
- return (NULL);
- }
-
- GET_TOKEN_AREA(t, dptr, 5);
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t));
if (t == NULL)
return (NULL);
@@ -367,12 +341,7 @@
u_char *dptr = NULL;
u_int32_t type = AF_INET6;
- if (internet_addr == NULL) {
- errno = EINVAL;
- return (NULL);
- }
-
- GET_TOKEN_AREA(t, dptr, 21);
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(u_int32_t));
if (t == NULL)
return (NULL);
@@ -396,12 +365,7 @@
token_t *t;
u_char *dptr = NULL;
- if (ip == NULL) {
- errno = EINVAL;
- return (NULL);
- }
-
- GET_TOKEN_AREA(t, dptr, 21);
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(struct ip));
if (t == NULL)
return (NULL);
@@ -425,8 +389,7 @@
token_t *t;
u_char *dptr = NULL;
-
- GET_TOKEN_AREA(t, dptr, 6);
+ GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t));
if (t == NULL)
return (NULL);
@@ -454,13 +417,7 @@
u_char *dptr = NULL;
u_int16_t pad0 = 0;
-
- if (perm == NULL) {
- errno = EINVAL;
- return (NULL);
- }
-
- GET_TOKEN_AREA(t, dptr, 29);
+ GET_TOKEN_AREA(t, dptr, 12 * sizeof(u_int16_t) + sizeof(u_int32_t));
if (t == NULL)
return (NULL);
@@ -493,7 +450,6 @@
return (t);
}
-
/*
* token ID 1 byte
* port IP address 2 bytes
@@ -504,8 +460,7 @@
token_t *t;
u_char *dptr = NULL;
-
- GET_TOKEN_AREA(t, dptr, 3);
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t));
if (t == NULL)
return (NULL);
@@ -515,7 +470,6 @@
return (t);
}
-
/*
* token ID 1 byte
* size 2 bytes
@@ -527,12 +481,7 @@
token_t *t;
u_char *dptr = NULL;
- if ((data == NULL) || (bytes <= 0)) {
- errno = EINVAL;
- return (NULL);
- }
-
- GET_TOKEN_AREA(t, dptr, bytes + 3);
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + bytes);
if (t == NULL)
return (NULL);
@@ -569,16 +518,14 @@
return (NULL);
#endif
- if (file == NULL) {
- errno = EINVAL;
- return (NULL);
- }
filelen = strlen(file);
- GET_TOKEN_AREA(t, dptr, filelen + 12);
+ filelen += 1;
+
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int32_t) +
+ sizeof(u_int16_t) + filelen);
if (t == NULL)
return (NULL);
- filelen += 1;
timems = tm.tv_usec/1000;
ADD_U_CHAR(dptr, AUT_OTHER_FILE32);
@@ -602,17 +549,13 @@
u_char *dptr = NULL;
u_int16_t textlen;
- if (text == NULL) {
- errno = EINVAL;
- return (NULL);
- }
textlen = strlen(text);
- GET_TOKEN_AREA(t, dptr, textlen + 4);
+ textlen += 1;
+
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen);
if (t == NULL)
return (NULL);
- textlen += 1;
-
ADD_U_CHAR(dptr, AUT_TEXT);
ADD_U_INT16(dptr, textlen);
ADD_STRING(dptr, text, textlen);
@@ -632,17 +575,13 @@
u_char *dptr = NULL;
u_int16_t textlen;
- if (text == NULL) {
- errno = EINVAL;
- return (NULL);
- }
textlen = strlen(text);
- GET_TOKEN_AREA(t, dptr, textlen + 4);
+ textlen += 1;
+
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen);
if (t == NULL)
return (NULL);
- textlen += 1;
-
ADD_U_CHAR(dptr, AUT_PATH);
ADD_U_INT16(dptr, textlen);
ADD_STRING(dptr, text, textlen);
@@ -670,12 +609,7 @@
token_t *t;
u_char *dptr = NULL;
- if (tid == NULL) {
- errno = EINVAL;
- return (NULL);
- }
-
- GET_TOKEN_AREA(t, dptr, 37);
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9 * sizeof(u_int32_t));
if (t == NULL)
return (NULL);
@@ -732,12 +666,7 @@
token_t *t;
u_char *dptr = NULL;
- if (tid == NULL) {
- errno = EINVAL;
- return (NULL);
- }
-
- GET_TOKEN_AREA(t, dptr, 53);
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * sizeof(u_int32_t));
if (t == NULL)
return (NULL);
@@ -788,7 +717,7 @@
token_t *t;
u_char *dptr = NULL;
- GET_TOKEN_AREA(t, dptr, 6);
+ GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t));
if (t == NULL)
return (NULL);
@@ -805,7 +734,7 @@
token_t *t;
u_char *dptr = NULL;
- GET_TOKEN_AREA(t, dptr, 10);
+ GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int64_t));
if (t == NULL)
return (NULL);
@@ -833,7 +762,7 @@
token_t *t;
u_char *dptr = NULL;
- GET_TOKEN_AREA(t, dptr, 5);
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t));
if (t == NULL)
return (NULL);
@@ -898,10 +827,7 @@
token_t *t;
u_char *dptr;
- if (so == NULL)
- return (NULL);
-
- GET_TOKEN_AREA(t, dptr, 107);
+ GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + strlen(so->sun_path) + 1);
if (t == NULL)
return (NULL);
@@ -909,7 +835,7 @@
/* BSM token has two bytes for family */
ADD_U_CHAR(dptr, 0);
ADD_U_CHAR(dptr, so->sun_family);
- ADD_STRING(dptr, so->sun_path, strlen(so->sun_path));
+ ADD_STRING(dptr, so->sun_path, strlen(so->sun_path) + 1);
return (t);
}
@@ -926,12 +852,8 @@
token_t *t;
u_char *dptr = NULL;
- if (so == NULL) {
- errno = EINVAL;
- return (NULL);
- }
-
- GET_TOKEN_AREA(t, dptr, 9);
+ GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + sizeof(u_int16_t) +
+ sizeof(u_int32_t));
if (t == NULL)
return (NULL);
@@ -955,12 +877,8 @@
token_t *t;
u_char *dptr = NULL;
- if (so == NULL) {
- errno = EINVAL;
- return (NULL);
- }
-
- GET_TOKEN_AREA(t, dptr, 21);
+ GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + sizeof(u_int16_t) +
+ 4 * sizeof(u_int32_t));
if (t == NULL)
return (NULL);
@@ -1009,12 +927,7 @@
token_t *t;
u_char *dptr = NULL;
- if (tid == NULL) {
- errno = EINVAL;
- return (NULL);
- }
-
- GET_TOKEN_AREA(t, dptr, 37);
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9 * sizeof(u_int32_t));
if (t == NULL)
return (NULL);
@@ -1071,12 +984,7 @@
token_t *t;
u_char *dptr = NULL;
- if (tid == NULL) {
- errno = EINVAL;
- return (NULL);
- }
-
- GET_TOKEN_AREA(t, dptr, 53);
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * sizeof(u_int32_t));
if (t == NULL)
return (NULL);
@@ -1148,11 +1056,6 @@
int i, count = 0;
size_t totlen = 0;
- if (args == NULL) {
- errno = EINVAL;
- return (NULL);
- }
-
nextarg = *args;
while (nextarg != NULL) {
@@ -1164,7 +1067,8 @@
nextarg = *(args + count);
}
- GET_TOKEN_AREA(t, dptr, 5 + totlen);
+ totlen += count * sizeof(char); /* nul terminations. */
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen);
if (t == NULL)
return (NULL);
@@ -1193,11 +1097,6 @@
size_t totlen = 0;
const char *nextenv;
- if (env == NULL) {
- errno = EINVAL;
- return (NULL);
- }
-
nextenv = *env;
while (nextenv != NULL) {
@@ -1209,7 +1108,8 @@
nextenv = *(env + count);
}
- GET_TOKEN_AREA(t, dptr, 5 + totlen);
+ totlen += sizeof(char) * count;
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen);
if (t == NULL)
return (NULL);
@@ -1252,7 +1152,8 @@
return (NULL);
#endif
- GET_TOKEN_AREA(t, dptr, 18);
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) +
+ sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t));
if (t == NULL)
return (NULL);
@@ -1297,7 +1198,8 @@
u_char *dptr = NULL;
u_int16_t magic = TRAILER_PAD_MAGIC;
- GET_TOKEN_AREA(t, dptr, 7);
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) +
+ sizeof(u_int32_t));
if (t == NULL)
return (NULL);
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_user.c#4 (text+ko) ====
@@ -39,9 +39,9 @@
* Parse the contents of the audit_user file into au_user_ent structures.
*/
-static FILE *fp = NULL;
-static char linestr[AU_LINE_MAX];
-static char *delim = ":";
+static FILE *fp = NULL;
+static char linestr[AU_LINE_MAX];
+static const char *user_delim = ":";
static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
@@ -49,14 +49,14 @@
* Parse one line from the audit_user file into the au_user_ent structure.
*/
static struct au_user_ent *
-userfromstr(char *str, char *delim, struct au_user_ent *u)
+userfromstr(char *str, struct au_user_ent *u)
{
char *username, *always, *never;
char *last;
- username = strtok_r(str, delim, &last);
- always = strtok_r(NULL, delim, &last);
- never = strtok_r(NULL, delim, &last);
+ username = strtok_r(str, user_delim, &last);
+ always = strtok_r(NULL, user_delim, &last);
+ never = strtok_r(NULL, user_delim, &last);
if ((username == NULL) || (always == NULL) || (never == NULL))
return (NULL);
@@ -128,7 +128,7 @@
*nl = '\0';
/* Get the next structure. */
- if (userfromstr(linestr, delim, u) == NULL)
+ if (userfromstr(linestr, u) == NULL)
return (NULL);
return (u);
@@ -214,7 +214,8 @@
/* Get user mask. */
if ((up = getauusernam_r(&u, username)) != NULL) {
- if (-1 == getfauditflags(&u.au_always, &u.au_never, mask_p))
+ if (-1 == getfauditflags(&up->au_always, &up->au_never,
+ mask_p))
return (-1);
return (0);
}
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_wrappers.c#3 (text+ko) ====
@@ -239,6 +239,7 @@
/* tokenize and save the error message */
if ((errtok = au_to_text(errmsg)) == NULL) {
+ au_free_token(subject);
syslog(LOG_ERR, "%s: au_to_text() failed", func);
return (kAUMakeTextTokErr);
}
@@ -265,6 +266,7 @@
}
/* tokenize and save the error message */
if ((errtok = au_to_text(errmsg)) == NULL) {
+ au_free_token(subject);
syslog(LOG_ERR, "%s: au_to_text() failed", func);
return (kAUMakeTextTokErr);
}
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/tools/Makefile#2 (text+ko) ====
@@ -8,5 +8,6 @@
DPADD= /usr/lib/libbsm.a
LDADD= -lbsm
BINDIR= /usr/sbin
+WARNS= 3
.include <bsd.prog.mk>
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/tools/audump.c#3 (text+ko) ====
@@ -25,8 +25,11 @@
*/
#include <bsm/libbsm.h>
+#include <string.h>
+#include <err.h>
#include <limits.h>
#include <stdio.h>
+#include <stdlib.h>
/*
* Simple tool to dump various /etc/security databases using the defined APIs.
More information about the p4-projects
mailing list