diff options
author | rwatson <rwatson@FreeBSD.org> | 2009-04-19 23:28:08 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2009-04-19 23:28:08 +0000 |
commit | 901982532143dd15841b3ba3de8c712772a56b6f (patch) | |
tree | 1680b8422a471e386d5939cb16c710cc1e4dace4 /sys/security | |
parent | fab10a18224f6ffbbf8520be8801d2daec103456 (diff) | |
download | FreeBSD-src-901982532143dd15841b3ba3de8c712772a56b6f.zip FreeBSD-src-901982532143dd15841b3ba3de8c712772a56b6f.tar.gz |
Temporarily relax the constraints on argument size checking for A_GETCOND;
login(1) isn't quite ready for them yet on 64-bit systems as it continues
to use the conventions of the old version of the API.
Reported by: stas, Jakub Lach <jakub_lach at mailplus.pl>
Diffstat (limited to 'sys/security')
-rw-r--r-- | sys/security/audit/audit_syscalls.c | 18 |
1 files changed, 6 insertions, 12 deletions
diff --git a/sys/security/audit/audit_syscalls.c b/sys/security/audit/audit_syscalls.c index 7465dc8..bb1e707 100644 --- a/sys/security/audit/audit_syscalls.c +++ b/sys/security/audit/audit_syscalls.c @@ -216,6 +216,7 @@ auditon(struct thread *td, struct auditon_args *uap) */ switch (uap->cmd) { case A_OLDGETPOLICY: + case A_GETPOLICY: if (uap->length == sizeof(udata.au_policy64)) { if (!audit_fail_stop) udata.au_policy64 |= AUDIT_CNT; @@ -227,8 +228,6 @@ auditon(struct thread *td, struct auditon_args *uap) udata.au_policy64 |= AUDIT_ARGE; break; } - /* FALLTHROUGH */ - case A_GETPOLICY: if (uap->length != sizeof(udata.au_policy)) return (EINVAL); if (!audit_fail_stop) @@ -242,6 +241,7 @@ auditon(struct thread *td, struct auditon_args *uap) break; case A_OLDSETPOLICY: + case A_SETPOLICY: if (uap->length == sizeof(udata.au_policy64)) { if (udata.au_policy & (~AUDIT_CNT|AUDIT_AHLT| AUDIT_ARGV|AUDIT_ARGE)) @@ -254,8 +254,6 @@ auditon(struct thread *td, struct auditon_args *uap) audit_arge = (udata.au_policy64 & AUDIT_ARGE); break; } - /* FALLTHROUGH */ - case A_SETPOLICY: if (uap->length != sizeof(udata.au_policy)) return (EINVAL); if (udata.au_policy & ~(AUDIT_CNT|AUDIT_AHLT|AUDIT_ARGV| @@ -283,6 +281,7 @@ auditon(struct thread *td, struct auditon_args *uap) break; case A_OLDGETQCTRL: + case A_GETQCTRL: if (uap->length == sizeof(udata.au_qctrl64)) { udata.au_qctrl64.aq64_hiwater = (u_int64_t)audit_qctrl.aq_hiwater; @@ -294,14 +293,13 @@ auditon(struct thread *td, struct auditon_args *uap) (u_int64_t)audit_qctrl.aq_minfree; break; } - /* FALLTHROUGH */ - case A_GETQCTRL: if (uap->length != sizeof(udata.au_qctrl)) return (EINVAL); udata.au_qctrl = audit_qctrl; break; case A_OLDSETQCTRL: + case A_SETQCTRL: if (uap->length == sizeof(udata.au_qctrl64)) { if ((udata.au_qctrl64.aq64_hiwater > AQ_MAXHIGH) || (udata.au_qctrl64.aq64_lowater >= @@ -321,8 +319,6 @@ auditon(struct thread *td, struct auditon_args *uap) audit_qctrl.aq_delay = -1; /* Not used. */ break; } - /* FALLTHROUGH */ - case A_SETQCTRL: if (uap->length != sizeof(udata.au_qctrl)) return (EINVAL); if ((udata.au_qctrl.aq_hiwater > AQ_MAXHIGH) || @@ -362,6 +358,7 @@ auditon(struct thread *td, struct auditon_args *uap) break; case A_OLDGETCOND: + case A_GETCOND: if (uap->length == sizeof(udata.au_cond64)) { if (audit_enabled && !audit_suspended) udata.au_cond64 = AUC_AUDITING; @@ -369,8 +366,6 @@ auditon(struct thread *td, struct auditon_args *uap) udata.au_cond64 = AUC_NOAUDIT; break; } - /* FALLTHROUGH */ - case A_GETCOND: if (uap->length != sizeof(udata.au_cond)) return (EINVAL); if (audit_enabled && !audit_suspended) @@ -380,6 +375,7 @@ auditon(struct thread *td, struct auditon_args *uap) break; case A_OLDSETCOND: + case A_SETCOND: if (uap->length == sizeof(udata.au_cond64)) { if (udata.au_cond64 == AUC_NOAUDIT) audit_suspended = 1; @@ -391,8 +387,6 @@ auditon(struct thread *td, struct auditon_args *uap) } break; } - /* FALLTHROUGH */ - case A_SETCOND: if (uap->length != sizeof(udata.au_cond)) return (EINVAL); if (udata.au_cond == AUC_NOAUDIT) |