diff options
| author | sson <sson@FreeBSD.org> | 2009-06-29 20:19:19 +0000 |
|---|---|---|
| committer | sson <sson@FreeBSD.org> | 2009-06-29 20:19:19 +0000 |
| commit | 3de2232b431b0fc22153f5286da9948f67b3d80e (patch) | |
| tree | a40b65d24900fa99e8ca16ffc6932787a5d2ed20 /sys/security/audit | |
| parent | 0cabaf8791593503b5c5aee1394849a275c48ef9 (diff) | |
| download | FreeBSD-src-3de2232b431b0fc22153f5286da9948f67b3d80e.zip FreeBSD-src-3de2232b431b0fc22153f5286da9948f67b3d80e.tar.gz | |
Dynamically allocate the gidset field in audit record.
This fixes a problem created by the recent change that allows a large
number of groups per user. The gidset field in struct kaudit_record
is now dynamically allocated to the size needed rather than statically
(using NGROUPS).
Approved by: re@ (kensmith, rwatson), gnn (mentor)
Diffstat (limited to 'sys/security/audit')
| -rw-r--r-- | sys/security/audit/audit.c | 3 | ||||
| -rw-r--r-- | sys/security/audit/audit_arg.c | 7 | ||||
| -rw-r--r-- | sys/security/audit/audit_private.h | 5 |
3 files changed, 13 insertions, 2 deletions
diff --git a/sys/security/audit/audit.c b/sys/security/audit/audit.c index da47d25..1967e05 100644 --- a/sys/security/audit/audit.c +++ b/sys/security/audit/audit.c @@ -77,6 +77,7 @@ static MALLOC_DEFINE(M_AUDITCRED, "audit_cred", "Audit cred storage"); MALLOC_DEFINE(M_AUDITDATA, "audit_data", "Audit data storage"); MALLOC_DEFINE(M_AUDITPATH, "audit_path", "Audit path storage"); MALLOC_DEFINE(M_AUDITTEXT, "audit_text", "Audit text storage"); +MALLOC_DEFINE(M_AUDITGIDSET, "audit_gidset", "Audit GID set storage"); SYSCTL_NODE(_security, OID_AUTO, audit, CTLFLAG_RW, 0, "TrustedBSD audit controls"); @@ -253,6 +254,8 @@ audit_record_dtor(void *mem, int size, void *arg) free(ar->k_ar.ar_arg_argv, M_AUDITTEXT); if (ar->k_ar.ar_arg_envv != NULL) free(ar->k_ar.ar_arg_envv, M_AUDITTEXT); + if (ar->k_ar.ar_arg_groups.gidset != NULL) + free(ar->k_ar.ar_arg_groups.gidset, M_AUDITGIDSET); } /* diff --git a/sys/security/audit/audit_arg.c b/sys/security/audit/audit_arg.c index 2007041..cf62421 100644 --- a/sys/security/audit/audit_arg.c +++ b/sys/security/audit/audit_arg.c @@ -236,10 +236,17 @@ audit_arg_groupset(gid_t *gidset, u_int gidset_size) u_int i; struct kaudit_record *ar; + KASSERT(gidset_size <= NGROUPS, + ("audit_arg_groupset: gidset_size > NGROUPS")); + ar = currecord(); if (ar == NULL) return; + if (ar->k_ar.ar_arg_groups.gidset == NULL) + ar->k_ar.ar_arg_groups.gidset = malloc( + sizeof(gid_t) * gidset_size, M_AUDITGIDSET, M_WAITOK); + for (i = 0; i < gidset_size; i++) ar->k_ar.ar_arg_groups.gidset[i] = gidset[i]; ar->k_ar.ar_arg_groups.gidset_size = gidset_size; diff --git a/sys/security/audit/audit_private.h b/sys/security/audit/audit_private.h index 0116f4d..0da2f2d 100644 --- a/sys/security/audit/audit_private.h +++ b/sys/security/audit/audit_private.h @@ -50,6 +50,7 @@ MALLOC_DECLARE(M_AUDITBSM); MALLOC_DECLARE(M_AUDITDATA); MALLOC_DECLARE(M_AUDITPATH); MALLOC_DECLARE(M_AUDITTEXT); +MALLOC_DECLARE(M_AUDITGIDSET); #endif /* @@ -104,8 +105,8 @@ struct vnode_au_info { }; struct groupset { - gid_t gidset[NGROUPS]; - u_int gidset_size; + gid_t *gidset; + u_int gidset_size; }; struct socket_au_info { |
