summaryrefslogtreecommitdiffstats
path: root/contrib/openbsm/libbsm/bsm_io.c
diff options
context:
space:
mode:
authorrwatson <rwatson@FreeBSD.org>2006-09-21 07:07:33 +0000
committerrwatson <rwatson@FreeBSD.org>2006-09-21 07:07:33 +0000
commit3fc61fcaeb6c4f73a668795461e276064f449f38 (patch)
treee89d92d2294a63485849fba4ed404c2f99207ca7 /contrib/openbsm/libbsm/bsm_io.c
parent24713adf4396d925450ece7ee61082d0bed8b75a (diff)
downloadFreeBSD-src-3fc61fcaeb6c4f73a668795461e276064f449f38.zip
FreeBSD-src-3fc61fcaeb6c4f73a668795461e276064f449f38.tar.gz
Vendor import of OpenBSM 1.0 alpha 11, with the following change history
notes since the last import: OpenBSM 1.0 alpha 11 - Reclassify certain read/write operations as having no class rather than the fr/fw class; our default classes audit intent (open) not operations (read, write). - Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads and writes of sysctls as separate events. Add additional kernel environment and jail events for FreeBSD. - Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER (issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued by the kernel audit implementation) so that they can be distinguished. - Disable rate limiting of rotate requests; as the kernel doesn't retransmit a dropped request, the log file will otherwise grow indefinitely if the trigger is dropped. - Improve auditd debugging output. - Fix a number of threading related bugs in audit_control file reading routines. - Add APIs au_poltostr() and au_strtopol() to convert between text representations of audit_control policy flags and the flags passed to auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY). - Add API getacpol() to return the 'policy:' entry from audit_control, an extension to the Solaris file format to allow specification of policy persistent flags. - Update audump to print the audit_control policy field. - Update auditd to read the audit_control policy field and set the kernel policy to match it when configuring/reconfiguring. Remove the -s and -h arguments as these policies are now set via the configuration file. If a policy line is not found in the configuration file, continue with the current default of setting AUDIT_CNT. - Fix bugs in the parsing of large execve(2) arguments and environmental variable tokens; increase maximum parsed argument and variable count. - configure now detects strlcat(), used by policy-related functions. - Reference token and record sample files added to test tree. Obtained from: TrustedBSD Project
Diffstat (limited to 'contrib/openbsm/libbsm/bsm_io.c')
-rw-r--r--contrib/openbsm/libbsm/bsm_io.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/contrib/openbsm/libbsm/bsm_io.c b/contrib/openbsm/libbsm/bsm_io.c
index 30639e6..2587735 100644
--- a/contrib/openbsm/libbsm/bsm_io.c
+++ b/contrib/openbsm/libbsm/bsm_io.c
@@ -31,7 +31,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#40 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#41 $
*/
#include <sys/types.h>
@@ -1190,7 +1190,8 @@ fetch_execarg_tok(tokenstr_t *tok, char *buf, int len)
for (i = 0; i < tok->tt.execarg.count; i++) {
bptr = buf + tok->len;
- tok->tt.execarg.text[i] = bptr;
+ if (i < AUDIT_MAX_ARGS)
+ tok->tt.execarg.text[i] = bptr;
/* Look for a null terminated string. */
while (bptr && (*bptr != '\0')) {
@@ -1202,6 +1203,8 @@ fetch_execarg_tok(tokenstr_t *tok, char *buf, int len)
return (-1);
tok->len++; /* \0 character */
}
+ if (tok->tt.execarg.count > AUDIT_MAX_ARGS)
+ tok->tt.execarg.count = AUDIT_MAX_ARGS;
return (0);
}
@@ -1235,9 +1238,10 @@ fetch_execenv_tok(tokenstr_t *tok, char *buf, int len)
if (err)
return (-1);
- for (i = 0; i< tok->tt.execenv.count; i++) {
+ for (i = 0; i < tok->tt.execenv.count; i++) {
bptr = buf + tok->len;
- tok->tt.execenv.text[i] = bptr;
+ if (i < AUDIT_MAX_ENV)
+ tok->tt.execenv.text[i] = bptr;
/* Look for a null terminated string. */
while (bptr && (*bptr != '\0')) {
@@ -1249,6 +1253,8 @@ fetch_execenv_tok(tokenstr_t *tok, char *buf, int len)
return (-1);
tok->len++; /* \0 character */
}
+ if (tok->tt.execenv.count > AUDIT_MAX_ENV)
+ tok->tt.execenv.count = AUDIT_MAX_ENV;
return (0);
}
OpenPOWER on IntegriCloud