From af9b2bc27f12b3a899199627272d13e24eb6672d Mon Sep 17 00:00:00 2001 From: csjp Date: Thu, 6 Mar 2008 22:57:03 +0000 Subject: Change auditon(2) so that if somebody supplies an invalid command, it returns EINVAL. Right now we return 0 or success for invalid commands, which could be quite problematic in certain conditions. MFC after: 1 week Discussed with: rwatson --- sys/security/audit/audit_syscalls.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sys/security/audit/audit_syscalls.c b/sys/security/audit/audit_syscalls.c index cf3d8e3..589ca97 100644 --- a/sys/security/audit/audit_syscalls.c +++ b/sys/security/audit/audit_syscalls.c @@ -406,6 +406,9 @@ auditon(struct thread *td, struct auditon_args *uap) (udata.au_trigger > AUDIT_TRIGGER_MAX)) return (EINVAL); return (audit_send_trigger(udata.au_trigger)); + + default: + return (EINVAL); } /* -- cgit v1.1