diff options
| author | csjp <csjp@FreeBSD.org> | 2006-11-06 00:15:44 +0000 |
|---|---|---|
| committer | csjp <csjp@FreeBSD.org> | 2006-11-06 00:15:44 +0000 |
| commit | cf1f0416d18ae97bc26c9a2e69019b70e64119b9 (patch) | |
| tree | 7aadb5117815599abe35731c6ac79fcbb42c09f2 /sys/security/audit/audit_private.h | |
| parent | 9ef7e5e3afc0c9daef60848d3b4b44df597298c1 (diff) | |
| download | FreeBSD-src-cf1f0416d18ae97bc26c9a2e69019b70e64119b9.zip FreeBSD-src-cf1f0416d18ae97bc26c9a2e69019b70e64119b9.tar.gz | |
Change the type of ar_arg_sockaddr from struct sockaddr to struct
sockaddr_storage. This structure is defined in RFC 2553 and is a more
semantically correct structure for holding IP and IP6 sockaddr information.
struct sockaddr is not big enough to hold all the required information for
IP6, resulting in truncated addresses et al when auditing IP6 sockaddr
information.
We also need to assume that the sa->sa_len has been validated before the call to
audit_arg_sockaddr() is made, otherwise it could result in a buffer overflow.
This is being done to accommodate auditing of network related arguments (like
connect, bind et al) that will be added soon.
Discussed with: rwatson
Obtained from: TrustedBSD Project
MFC after: 2 weeks
Diffstat (limited to 'sys/security/audit/audit_private.h')
| -rw-r--r-- | sys/security/audit/audit_private.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/security/audit/audit_private.h b/sys/security/audit/audit_private.h index e232bcd..660e7c2 100644 --- a/sys/security/audit/audit_private.h +++ b/sys/security/audit/audit_private.h @@ -200,7 +200,6 @@ struct audit_record { u_int ar_arg_signum; char ar_arg_login[MAXLOGNAME]; int ar_arg_ctlname[CTL_MAXNAME]; - struct sockaddr ar_arg_sockaddr; struct socket_au_info ar_arg_sockinfo; char *ar_arg_upath1; char *ar_arg_upath2; @@ -221,6 +220,7 @@ struct audit_record { int ar_arg_envc; int ar_arg_exitstatus; int ar_arg_exitretval; + struct sockaddr_storage ar_arg_sockaddr; }; /* |
