From owner-p4-projects@FreeBSD.ORG  Mon Jun  2 13:21:12 2008
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 01A741065671; Mon,  2 Jun 2008 13:21:12 +0000 (UTC)
Delivered-To: perforce@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B77F7106566B
	for <perforce@FreeBSD.org>; Mon,  2 Jun 2008 13:21:11 +0000 (UTC)
	(envelope-from snagg@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id B5D408FC22
	for <perforce@FreeBSD.org>; Mon,  2 Jun 2008 13:21:11 +0000 (UTC)
	(envelope-from snagg@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id m52DLBcw050141
	for <perforce@FreeBSD.org>; Mon, 2 Jun 2008 13:21:11 GMT
	(envelope-from snagg@FreeBSD.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.1/8.14.1/Submit) id m52DLBh6050139
	for perforce@freebsd.org; Mon, 2 Jun 2008 13:21:11 GMT
	(envelope-from snagg@FreeBSD.org)
Date: Mon, 2 Jun 2008 13:21:11 GMT
Message-Id: <200806021321.m52DLBh6050139@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	snagg@FreeBSD.org using -f
From: Vincenzo Iozzo <snagg@FreeBSD.org>
To: Perforce Change Reviews <perforce@FreeBSD.org>
Cc: 
Subject: PERFORCE change 142753 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Jun 2008 13:21:12 -0000

http://perforce.freebsd.org/chv.cgi?CH=142753

Change 142753 by snagg@snagg_macosx on 2008/06/02 13:20:53

	A memory leak, an integer overflow and another bug are now fixed

Affected files ...

.. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_pipe.c#24 edit

Differences ...

==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_pipe.c#24 (text) ====

@@ -270,7 +270,7 @@
 				    audit_pipe_compare_preselect_event);
 				if(event != NULL) {
 					if(event_flag != -1)
-						 if (event->app_flag != event_flag)
+						 if (!(event->app_flag & event_flag))
 							app = NULL;
 				} else
 					app = NULL;
@@ -356,7 +356,11 @@
 	 * Pessimistically assume that the entry for this pid doesn't 
 	 * exist, and allocate.  We will free it if it is unneeded.
 	 */
-	KASSERT(num >= 0, ("Number of events is out of range"));    
+	KASSERT(num >= 0, ("Number of events is out of range"));
+	
+	/* Max number allowed */
+	KASSERT(num <= AUDIT_NEVENTS, ("Number of events is out of range"));
+	
 	app_new = malloc(sizeof(*app_new), M_AUDIT_PIPE_PRESELECT, M_WAITOK);
 	if(num)
 		app_new->app_auevents= malloc(sizeof(struct audit_pipe_preselect_event) *
@@ -370,6 +374,8 @@
 	app = audit_pipe_preselect_find_event(ap, -1, app_pid, -1);
 	found = (app != NULL) ? 1: 0;
 	if(found) {
+		if(app->app_event_len)
+			free(app->app_auevents,  M_AUDIT_PIPE_PRESELECT_EVENT);
 		app->app_auevents = app_new->app_auevents;
 		app_new = NULL;
 		app->app_event_len = num;