Date: Sun, 17 Feb 2008 22:25:29 GMT From: "Christian S.J. Peron" <csjp@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 135596 for review Message-ID: <200802172225.m1HMPT5G095023@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=135596 Change 135596 by csjp@ibm01 on 2008/02/17 22:24:43 Annotate limitation in read records from audit pipes. Affected files ... .. //depot/projects/trustedbsd/netauditd/netauditd.c#3 edit Differences ... ==== //depot/projects/trustedbsd/netauditd/netauditd.c#3 (text+ko) ==== @@ -366,8 +366,10 @@ case NETAUDIT_DST_TRAIL: au->ac_fd = open(au->ac_path, O_WRONLY | O_APPEND | \ O_CREAT, S_IRUSR | S_IWUSR); - if (au->ac_fd == -1) + if (au->ac_fd == -1) { + warn("%s", au->ac_path); continue; + } au->ac_established = 1; break; case NETAUDIT_DST_NET: @@ -378,6 +380,7 @@ continue; if (connect(au->ac_fd, au->ac_ainfo->ai_addr, au->ac_ainfo->ai_addrlen) == -1) { + warn("connect"); close(au->ac_fd); continue; } @@ -463,6 +466,10 @@ exit(2); if ((new->ar_sbuf = malloc(NETAUDIT_PIPE_BUFSIZE)) == NULL) exit(2); + /* + * XXXCSJP: It is possible that the audit record will be greater then + * NETAUDIT_PIPE_BUFSIZE, in which case the pipe will truncate it. + */ new->ar_sbuflen = read(au->ac_fd, new->ar_sbuf, NETAUDIT_PIPE_BUFSIZE); if (new->ar_sbuflen == -1) { if (errno != EAGAIN)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200802172225.m1HMPT5G095023>