PERFORCE change 100324 for review

Wayne Salamon wsalamon at FreeBSD.org
Fri Jun 30 01:26:47 UTC 2006 

http://perforce.freebsd.org/chv.cgi?CH=100324

Change 100324 by wsalamon at vh3 on 2006/06/30 00:59:30

	When creating subejct32_ex or process32_ex tokens, assert that we have
	a known address type. However, anyting but AU_IPv6 will get 4 bytes
	of the address written.

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#20 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#20 (text+ko) ====

@@ -30,7 +30,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#19 $
+ * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#20 $
  * $FreeBSD: src/sys/security/audit/audit_bsm_token.c,v 1.4 2006/06/17 13:53:04 wsalamon Exp $
  */
 
@@ -618,14 +618,14 @@
 	token_t *t;
 	u_char *dptr = NULL;
 
-	if (tid->at_type == AU_IPv4)
-		GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
-		    10 * sizeof(u_int32_t));
-	else if (tid->at_type == AU_IPv6)
-		GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
-		    13 * sizeof(u_int32_t));
+	KASSERT((tid->at_type == AU_IPv4) || (tid->at_type == AU_IPv6),
+	    ("au_to_process32_ex: type %u", (unsigned int)tid->at_type));
+	if (tid->at_type == AU_IPv6)
+		GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 *
+		    sizeof(u_int32_t));
 	else
-		return (NULL);
+		GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 *
+		    sizeof(u_int32_t));
 
 	ADD_U_CHAR(dptr, AUT_PROCESS32_EX);
 	ADD_U_INT32(dptr, auid);
@@ -955,14 +955,14 @@
 	token_t *t;
 	u_char *dptr = NULL;
 
-	if (tid->at_type == AU_IPv4)
-		GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 *
-		    sizeof(u_int32_t));
-	else if (tid->at_type == AU_IPv6)
+	KASSERT((tid->at_type == AU_IPv4) || (tid->at_type == AU_IPv6),
+	    ("au_to_subject32_ex: type %u", (unsigned int)tid->at_type));
+	if (tid->at_type == AU_IPv6)
 		GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 *
 		    sizeof(u_int32_t));
 	else
-		return (NULL);
+		GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 *
+		    sizeof(u_int32_t));
 
 	ADD_U_CHAR(dptr, AUT_SUBJECT32_EX);
 	ADD_U_INT32(dptr, auid);

More information about the trustedbsd-cvs mailing list