diff options
| author | rwatson <rwatson@FreeBSD.org> | 2006-09-20 13:23:40 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2006-09-20 13:23:40 +0000 |
| commit | 6061806b7a2441113ad29326d460afa8b87659b2 (patch) | |
| tree | be65104b59db262d96b574c4eb7dba409c97727f /sys/security | |
| parent | e63183ab3b572f0c8ce58cab5b0d21f00ca66d06 (diff) | |
| download | FreeBSD-src-6061806b7a2441113ad29326d460afa8b87659b2.zip FreeBSD-src-6061806b7a2441113ad29326d460afa8b87659b2.tar.gz | |
Rather than allocating all buffer memory for the completed BSM record
when allocating the record in the first place, allocate the final buffer
when closing the BSM record. At that point, more size information is
available, so a sufficiently large buffer can be allocated.
This allows the kernel to generate audit records in excess of
MAXAUDITDATA bytes, but is consistent with Solaris's behavior. This only
comes up when auditing command line arguments, in which case we presume
the administrator really does want the data as they have specified the
policy flag to gather them.
Obtained from: TrustedBSD Project
MFC after: 3 days
Diffstat (limited to 'sys/security')
| -rw-r--r-- | sys/security/audit/audit_bsm.c | 36 |
1 files changed, 17 insertions, 19 deletions
diff --git a/sys/security/audit/audit_bsm.c b/sys/security/audit/audit_bsm.c index 016e46d..72a2e6b 100644 --- a/sys/security/audit/audit_bsm.c +++ b/sys/security/audit/audit_bsm.c @@ -84,8 +84,7 @@ kau_open(void) struct au_record *rec; rec = malloc(sizeof(*rec), M_AUDITBSM, M_WAITOK); - rec->data = malloc(MAX_AUDIT_RECORD_SIZE * sizeof(u_char), - M_AUDITBSM, M_WAITOK | M_ZERO); + rec->data = NULL; TAILQ_INIT(&rec->token_q); rec->len = 0; rec->used = 1; @@ -119,23 +118,22 @@ kau_close(struct au_record *rec, struct timespec *ctime, short event) struct timeval tm; tot_rec_size = rec->len + AUDIT_HEADER_SIZE + AUDIT_TRAILER_SIZE; - if (tot_rec_size <= MAX_AUDIT_RECORD_SIZE) { - /* Create the header token */ - tm.tv_usec = ctime->tv_nsec / 1000; - tm.tv_sec = ctime->tv_sec; - hdr = au_to_header32_tm(tot_rec_size, event, 0, tm); - TAILQ_INSERT_HEAD(&rec->token_q, hdr, tokens); - - trail = au_to_trailer(tot_rec_size); - TAILQ_INSERT_TAIL(&rec->token_q, trail, tokens); - - /* Serialize token data to the record. */ - rec->len = tot_rec_size; - dptr = rec->data; - TAILQ_FOREACH(cur, &rec->token_q, tokens) { - memcpy(dptr, cur->t_data, cur->len); - dptr += cur->len; - } + rec->data = malloc(tot_rec_size, M_AUDITBSM, M_WAITOK | M_ZERO); + /* Create the header token */ + tm.tv_usec = ctime->tv_nsec / 1000; + tm.tv_sec = ctime->tv_sec; + hdr = au_to_header32_tm(tot_rec_size, event, 0, tm); + TAILQ_INSERT_HEAD(&rec->token_q, hdr, tokens); + + trail = au_to_trailer(tot_rec_size); + TAILQ_INSERT_TAIL(&rec->token_q, trail, tokens); + + /* Serialize token data to the record. */ + rec->len = tot_rec_size; + dptr = rec->data; + TAILQ_FOREACH(cur, &rec->token_q, tokens) { + memcpy(dptr, cur->t_data, cur->len); + dptr += cur->len; } } |
