From owner-p4-projects@FreeBSD.ORG Sat Jan 21 14:05:00 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id C589216A422; Sat, 21 Jan 2006 14:04:59 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 707ED16A41F for ; Sat, 21 Jan 2006 14:04:59 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 22C3343D45 for ; Sat, 21 Jan 2006 14:04:59 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k0LE4xAc082914 for ; Sat, 21 Jan 2006 14:04:59 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k0LE4wZQ082911 for perforce@freebsd.org; Sat, 21 Jan 2006 14:04:58 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Sat, 21 Jan 2006 14:04:58 GMT Message-Id: <200601211404.k0LE4wZQ082911@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 90081 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Jan 2006 14:05:00 -0000 http://perforce.freebsd.org/chv.cgi?CH=90081 Change 90081 by rwatson@rwatson_sesame on 2006/01/21 14:04:43 Integrate OpenBSM branch into audit3 to pick up recent results from FlexeLint. Affected files ... .. //depot/projects/trustedbsd/audit3/contrib/openbsm/README#4 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit.h#5 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#6 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_token.c#6 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_user.c#4 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_wrappers.c#3 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/tools/Makefile#2 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/tools/audump.c#3 integrate Differences ... ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/README#4 (text+ko) ==== @@ -56,9 +56,16 @@ SPARTA, Inc. Robert Watson Wayne Salamon + Suresh Krishnaswamy + Kevin Van Vechten Tom Rhodes Wojciech Koszek Chunyang Yuan + Poul-Henning Kamp + +In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel +Software's FlexeLint tool were used to identify a number of bugs in the +OpenBSM implementation. Contributions ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit.h#5 (text+ko) ==== @@ -37,7 +37,7 @@ #define AUDIT_RECORD_MAGIC 0x828a0f1b #define MAX_AUDIT_RECORDS 20 #define MAX_AUDIT_RECORD_SIZE 4096 -#define MIN_AUDIT_FILE_SIZE 512 * 1024 +#define MIN_AUDIT_FILE_SIZE (512 * 1024) /* * Triggers for the audit daemon ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#6 (text+ko) ==== @@ -46,7 +46,6 @@ #include #include #include -#include #include #include #include @@ -551,7 +550,7 @@ break; case AU_IPv6: - READ_TOKEN_BYTES(buf, len, &tok->tt.hdr32_ex.addr, + READ_TOKEN_BYTES(buf, len, tok->tt.hdr32_ex.addr, sizeof(tok->tt.hdr32_ex.addr), tok->len, err); break; } @@ -2533,115 +2532,150 @@ switch(tok->id) { case AUT_HEADER32: - return (print_header32_tok(outfp, tok, del, raw, sfrm)); + print_header32_tok(outfp, tok, del, raw, sfrm); + return; case AUT_HEADER32_EX: - return (print_header32_ex_tok(outfp, tok, del, raw, sfrm)); + print_header32_ex_tok(outfp, tok, del, raw, sfrm); + return; case AUT_HEADER64: - return (print_header64_tok(outfp, tok, del, raw, sfrm)); + print_header64_tok(outfp, tok, del, raw, sfrm); + return; case AUT_HEADER64_EX: - return (print_header64_ex_tok(outfp, tok, del, raw, sfrm)); + print_header64_ex_tok(outfp, tok, del, raw, sfrm); + return; case AUT_TRAILER: - return (print_trailer_tok(outfp, tok, del, raw, sfrm)); + print_trailer_tok(outfp, tok, del, raw, sfrm); + return; case AUT_ARG32: - return (print_arg32_tok(outfp, tok, del, raw, sfrm)); + print_arg32_tok(outfp, tok, del, raw, sfrm); + return; case AUT_ARG64: - return (print_arg64_tok(outfp, tok, del, raw, sfrm)); + print_arg64_tok(outfp, tok, del, raw, sfrm); + return; case AUT_DATA: - return (print_arb_tok(outfp, tok, del, raw, sfrm)); + print_arb_tok(outfp, tok, del, raw, sfrm); + return; case AUT_ATTR32: - return (print_attr32_tok(outfp, tok, del, raw, sfrm)); + print_attr32_tok(outfp, tok, del, raw, sfrm); + return; case AUT_ATTR64: - return (print_attr64_tok(outfp, tok, del, raw, sfrm)); + print_attr64_tok(outfp, tok, del, raw, sfrm); case AUT_EXIT: - return (print_exit_tok(outfp, tok, del, raw, sfrm)); + print_exit_tok(outfp, tok, del, raw, sfrm); + return; case AUT_EXEC_ARGS: - return (print_execarg_tok(outfp, tok, del, raw, sfrm)); + print_execarg_tok(outfp, tok, del, raw, sfrm); + return; case AUT_EXEC_ENV: - return (print_execenv_tok(outfp, tok, del, raw, sfrm)); + print_execenv_tok(outfp, tok, del, raw, sfrm); + return; case AUT_OTHER_FILE32: - return (print_file_tok(outfp, tok, del, raw, sfrm)); + print_file_tok(outfp, tok, del, raw, sfrm); + return; case AUT_NEWGROUPS: - return (print_newgroups_tok(outfp, tok, del, raw, sfrm)); + print_newgroups_tok(outfp, tok, del, raw, sfrm); + return; case AUT_IN_ADDR: - return (print_inaddr_tok(outfp, tok, del, raw, sfrm)); + print_inaddr_tok(outfp, tok, del, raw, sfrm); + return; case AUT_IN_ADDR_EX: - return (print_inaddr_ex_tok(outfp, tok, del, raw, sfrm)); + print_inaddr_ex_tok(outfp, tok, del, raw, sfrm); + return; case AUT_IP: - return (print_ip_tok(outfp, tok, del, raw, sfrm)); + print_ip_tok(outfp, tok, del, raw, sfrm); + return; case AUT_IPC: - return (print_ipc_tok(outfp, tok, del, raw, sfrm)); + print_ipc_tok(outfp, tok, del, raw, sfrm); + return; case AUT_IPC_PERM: - return (print_ipcperm_tok(outfp, tok, del, raw, sfrm)); + print_ipcperm_tok(outfp, tok, del, raw, sfrm); + return; case AUT_IPORT: - return (print_iport_tok(outfp, tok, del, raw, sfrm)); + print_iport_tok(outfp, tok, del, raw, sfrm); + return; case AUT_OPAQUE: - return (print_opaque_tok(outfp, tok, del, raw, sfrm)); + print_opaque_tok(outfp, tok, del, raw, sfrm); + return; case AUT_PATH: - return (print_path_tok(outfp, tok, del, raw, sfrm)); + print_path_tok(outfp, tok, del, raw, sfrm); + return; case AUT_PROCESS32: - return (print_process32_tok(outfp, tok, del, raw, sfrm)); + print_process32_tok(outfp, tok, del, raw, sfrm); + return; case AUT_PROCESS32_EX: - return (print_process32ex_tok(outfp, tok, del, raw, sfrm)); + print_process32ex_tok(outfp, tok, del, raw, sfrm); + return; case AUT_RETURN32: - return (print_return32_tok(outfp, tok, del, raw, sfrm)); + print_return32_tok(outfp, tok, del, raw, sfrm); + return; case AUT_RETURN64: - return (print_return64_tok(outfp, tok, del, raw, sfrm)); + print_return64_tok(outfp, tok, del, raw, sfrm); + return; case AUT_SEQ: - return (print_seq_tok(outfp, tok, del, raw, sfrm)); + print_seq_tok(outfp, tok, del, raw, sfrm); + return; case AUT_SOCKET: - return (print_socket_tok(outfp, tok, del, raw, sfrm)); + print_socket_tok(outfp, tok, del, raw, sfrm); + return; case AUT_SOCKINET32: - return (print_sock_inet32_tok(outfp, tok, del, raw, sfrm)); + print_sock_inet32_tok(outfp, tok, del, raw, sfrm); + return; case AUT_SOCKUNIX: - return (print_sock_unix_tok(outfp, tok, del, raw, sfrm)); + print_sock_unix_tok(outfp, tok, del, raw, sfrm); + return; case AUT_SUBJECT32: - return (print_subject32_tok(outfp, tok, del, raw, sfrm)); + print_subject32_tok(outfp, tok, del, raw, sfrm); + return; case AUT_SUBJECT64: - return (print_subject64_tok(outfp, tok, del, raw, sfrm)); + print_subject64_tok(outfp, tok, del, raw, sfrm); + return; case AUT_SUBJECT32_EX: - return (print_subject32ex_tok(outfp, tok, del, raw, sfrm)); + print_subject32ex_tok(outfp, tok, del, raw, sfrm); + return; case AUT_TEXT: - return (print_text_tok(outfp, tok, del, raw, sfrm)); + print_text_tok(outfp, tok, del, raw, sfrm); + return; case AUT_SOCKET_EX: - return (print_socketex32_tok(outfp, tok, del, raw, sfrm)); + print_socketex32_tok(outfp, tok, del, raw, sfrm); + return; default: - return (print_invalid_tok(outfp, tok, del, raw, sfrm)); + print_invalid_tok(outfp, tok, del, raw, sfrm); } } ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_token.c#6 (text+ko) ==== @@ -59,13 +59,13 @@ #define GET_TOKEN_AREA(t, dptr, length) do { \ t = malloc (sizeof(token_t)); \ if (t != NULL) { \ - t->len = length; \ - t->t_data = malloc (length * sizeof(u_char)); \ + t->len = (length); \ + t->t_data = malloc ((length) * sizeof(u_char)); \ if ((dptr = t->t_data) == NULL) { \ free(t); \ t = NULL; \ } else \ - memset(dptr, 0, length); \ + memset(dptr, 0, (length)); \ } \ } while (0) @@ -83,18 +83,14 @@ u_char *dptr = NULL; u_int16_t textlen; - if (text == NULL) { - errno = EINVAL; - return (NULL); - } + textlen = strlen(text); + textlen += 1; - textlen = strlen(text); - GET_TOKEN_AREA(t, dptr, 9 + textlen); + GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t) + + sizeof(u_int16_t) + textlen); if (t == NULL) return (NULL); - textlen += 1; - ADD_U_CHAR(dptr, AUT_ARG32); ADD_U_CHAR(dptr, n); ADD_U_INT32(dptr, v); @@ -112,18 +108,14 @@ u_char *dptr = NULL; u_int16_t textlen; - if (text == NULL) { - errno = EINVAL; - return (NULL); - } + textlen = strlen(text); + textlen += 1; - textlen = strlen(text); - GET_TOKEN_AREA(t, dptr, 13 + textlen); + GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int64_t) + + sizeof(u_int16_t) + textlen); if (t == NULL) return (NULL); - textlen += 1; - ADD_U_CHAR(dptr, AUT_ARG64); ADD_U_CHAR(dptr, n); ADD_U_INT64(dptr, v); @@ -159,12 +151,8 @@ u_int16_t pad0_16 = 0; u_int16_t pad0_32 = 0; - if (vni == NULL) { - errno = EINVAL; - return (NULL); - } - - GET_TOKEN_AREA(t, dptr, 29); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) + + 3 * sizeof(u_int32_t) + sizeof(u_int64_t) + sizeof(u_int32_t)); if (t == NULL) return (NULL); @@ -230,11 +218,6 @@ u_char *dptr = NULL; size_t datasize, totdata; - if (p == NULL) { - errno = EINVAL; - return (NULL); - } - /* Determine the size of the basic unit. */ switch (unit_type) { case AUR_BYTE: @@ -256,7 +239,7 @@ totdata = datasize * unit_count; - GET_TOKEN_AREA(t, dptr, totdata + 4); + GET_TOKEN_AREA(t, dptr, totdata + 4 * sizeof(u_char)); if (t == NULL) return (NULL); @@ -281,7 +264,7 @@ token_t *t; u_char *dptr = NULL; - GET_TOKEN_AREA(t, dptr, 9); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int32_t)); if (t == NULL) return (NULL); @@ -313,12 +296,8 @@ u_char *dptr = NULL; int i; - if (groups == NULL) { - errno = EINVAL; - return (NULL); - } - - GET_TOKEN_AREA(t, dptr, n * 4 + 3); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + + n * sizeof(u_int32_t)); if (t == NULL) return (NULL); @@ -340,12 +319,7 @@ token_t *t; u_char *dptr = NULL; - if (internet_addr == NULL) { - errno = EINVAL; - return (NULL); - } - - GET_TOKEN_AREA(t, dptr, 5); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t)); if (t == NULL) return (NULL); @@ -367,12 +341,7 @@ u_char *dptr = NULL; u_int32_t type = AF_INET6; - if (internet_addr == NULL) { - errno = EINVAL; - return (NULL); - } - - GET_TOKEN_AREA(t, dptr, 21); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(u_int32_t)); if (t == NULL) return (NULL); @@ -396,12 +365,7 @@ token_t *t; u_char *dptr = NULL; - if (ip == NULL) { - errno = EINVAL; - return (NULL); - } - - GET_TOKEN_AREA(t, dptr, 21); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(struct ip)); if (t == NULL) return (NULL); @@ -425,8 +389,7 @@ token_t *t; u_char *dptr = NULL; - - GET_TOKEN_AREA(t, dptr, 6); + GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t)); if (t == NULL) return (NULL); @@ -454,13 +417,7 @@ u_char *dptr = NULL; u_int16_t pad0 = 0; - - if (perm == NULL) { - errno = EINVAL; - return (NULL); - } - - GET_TOKEN_AREA(t, dptr, 29); + GET_TOKEN_AREA(t, dptr, 12 * sizeof(u_int16_t) + sizeof(u_int32_t)); if (t == NULL) return (NULL); @@ -493,7 +450,6 @@ return (t); } - /* * token ID 1 byte * port IP address 2 bytes @@ -504,8 +460,7 @@ token_t *t; u_char *dptr = NULL; - - GET_TOKEN_AREA(t, dptr, 3); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t)); if (t == NULL) return (NULL); @@ -515,7 +470,6 @@ return (t); } - /* * token ID 1 byte * size 2 bytes @@ -527,12 +481,7 @@ token_t *t; u_char *dptr = NULL; - if ((data == NULL) || (bytes <= 0)) { - errno = EINVAL; - return (NULL); - } - - GET_TOKEN_AREA(t, dptr, bytes + 3); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + bytes); if (t == NULL) return (NULL); @@ -569,16 +518,14 @@ return (NULL); #endif - if (file == NULL) { - errno = EINVAL; - return (NULL); - } filelen = strlen(file); - GET_TOKEN_AREA(t, dptr, filelen + 12); + filelen += 1; + + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int32_t) + + sizeof(u_int16_t) + filelen); if (t == NULL) return (NULL); - filelen += 1; timems = tm.tv_usec/1000; ADD_U_CHAR(dptr, AUT_OTHER_FILE32); @@ -602,17 +549,13 @@ u_char *dptr = NULL; u_int16_t textlen; - if (text == NULL) { - errno = EINVAL; - return (NULL); - } textlen = strlen(text); - GET_TOKEN_AREA(t, dptr, textlen + 4); + textlen += 1; + + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen); if (t == NULL) return (NULL); - textlen += 1; - ADD_U_CHAR(dptr, AUT_TEXT); ADD_U_INT16(dptr, textlen); ADD_STRING(dptr, text, textlen); @@ -632,17 +575,13 @@ u_char *dptr = NULL; u_int16_t textlen; - if (text == NULL) { - errno = EINVAL; - return (NULL); - } textlen = strlen(text); - GET_TOKEN_AREA(t, dptr, textlen + 4); + textlen += 1; + + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen); if (t == NULL) return (NULL); - textlen += 1; - ADD_U_CHAR(dptr, AUT_PATH); ADD_U_INT16(dptr, textlen); ADD_STRING(dptr, text, textlen); @@ -670,12 +609,7 @@ token_t *t; u_char *dptr = NULL; - if (tid == NULL) { - errno = EINVAL; - return (NULL); - } - - GET_TOKEN_AREA(t, dptr, 37); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9 * sizeof(u_int32_t)); if (t == NULL) return (NULL); @@ -732,12 +666,7 @@ token_t *t; u_char *dptr = NULL; - if (tid == NULL) { - errno = EINVAL; - return (NULL); - } - - GET_TOKEN_AREA(t, dptr, 53); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * sizeof(u_int32_t)); if (t == NULL) return (NULL); @@ -788,7 +717,7 @@ token_t *t; u_char *dptr = NULL; - GET_TOKEN_AREA(t, dptr, 6); + GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t)); if (t == NULL) return (NULL); @@ -805,7 +734,7 @@ token_t *t; u_char *dptr = NULL; - GET_TOKEN_AREA(t, dptr, 10); + GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int64_t)); if (t == NULL) return (NULL); @@ -833,7 +762,7 @@ token_t *t; u_char *dptr = NULL; - GET_TOKEN_AREA(t, dptr, 5); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t)); if (t == NULL) return (NULL); @@ -898,10 +827,7 @@ token_t *t; u_char *dptr; - if (so == NULL) - return (NULL); - - GET_TOKEN_AREA(t, dptr, 107); + GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + strlen(so->sun_path) + 1); if (t == NULL) return (NULL); @@ -909,7 +835,7 @@ /* BSM token has two bytes for family */ ADD_U_CHAR(dptr, 0); ADD_U_CHAR(dptr, so->sun_family); - ADD_STRING(dptr, so->sun_path, strlen(so->sun_path)); + ADD_STRING(dptr, so->sun_path, strlen(so->sun_path) + 1); return (t); } @@ -926,12 +852,8 @@ token_t *t; u_char *dptr = NULL; - if (so == NULL) { - errno = EINVAL; - return (NULL); - } - - GET_TOKEN_AREA(t, dptr, 9); + GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + sizeof(u_int16_t) + + sizeof(u_int32_t)); if (t == NULL) return (NULL); @@ -955,12 +877,8 @@ token_t *t; u_char *dptr = NULL; - if (so == NULL) { - errno = EINVAL; - return (NULL); - } - - GET_TOKEN_AREA(t, dptr, 21); + GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + sizeof(u_int16_t) + + 4 * sizeof(u_int32_t)); if (t == NULL) return (NULL); @@ -1009,12 +927,7 @@ token_t *t; u_char *dptr = NULL; - if (tid == NULL) { - errno = EINVAL; - return (NULL); - } - - GET_TOKEN_AREA(t, dptr, 37); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9 * sizeof(u_int32_t)); if (t == NULL) return (NULL); @@ -1071,12 +984,7 @@ token_t *t; u_char *dptr = NULL; - if (tid == NULL) { - errno = EINVAL; - return (NULL); - } - - GET_TOKEN_AREA(t, dptr, 53); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * sizeof(u_int32_t)); if (t == NULL) return (NULL); @@ -1148,11 +1056,6 @@ int i, count = 0; size_t totlen = 0; - if (args == NULL) { - errno = EINVAL; - return (NULL); - } - nextarg = *args; while (nextarg != NULL) { @@ -1164,7 +1067,8 @@ nextarg = *(args + count); } - GET_TOKEN_AREA(t, dptr, 5 + totlen); + totlen += count * sizeof(char); /* nul terminations. */ + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen); if (t == NULL) return (NULL); @@ -1193,11 +1097,6 @@ size_t totlen = 0; const char *nextenv; - if (env == NULL) { - errno = EINVAL; - return (NULL); - } - nextenv = *env; while (nextenv != NULL) { @@ -1209,7 +1108,8 @@ nextenv = *(env + count); } - GET_TOKEN_AREA(t, dptr, 5 + totlen); + totlen += sizeof(char) * count; + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen); if (t == NULL) return (NULL); @@ -1252,7 +1152,8 @@ return (NULL); #endif - GET_TOKEN_AREA(t, dptr, 18); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + + sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t)); if (t == NULL) return (NULL); @@ -1297,7 +1198,8 @@ u_char *dptr = NULL; u_int16_t magic = TRAILER_PAD_MAGIC; - GET_TOKEN_AREA(t, dptr, 7); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + + sizeof(u_int32_t)); if (t == NULL) return (NULL); ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_user.c#4 (text+ko) ==== @@ -39,9 +39,9 @@ * Parse the contents of the audit_user file into au_user_ent structures. */ -static FILE *fp = NULL; -static char linestr[AU_LINE_MAX]; -static char *delim = ":"; +static FILE *fp = NULL; +static char linestr[AU_LINE_MAX]; +static const char *user_delim = ":"; static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; @@ -49,14 +49,14 @@ * Parse one line from the audit_user file into the au_user_ent structure. */ static struct au_user_ent * -userfromstr(char *str, char *delim, struct au_user_ent *u) +userfromstr(char *str, struct au_user_ent *u) { char *username, *always, *never; char *last; - username = strtok_r(str, delim, &last); - always = strtok_r(NULL, delim, &last); - never = strtok_r(NULL, delim, &last); + username = strtok_r(str, user_delim, &last); + always = strtok_r(NULL, user_delim, &last); + never = strtok_r(NULL, user_delim, &last); if ((username == NULL) || (always == NULL) || (never == NULL)) return (NULL); @@ -128,7 +128,7 @@ *nl = '\0'; /* Get the next structure. */ - if (userfromstr(linestr, delim, u) == NULL) + if (userfromstr(linestr, u) == NULL) return (NULL); return (u); @@ -214,7 +214,8 @@ /* Get user mask. */ if ((up = getauusernam_r(&u, username)) != NULL) { - if (-1 == getfauditflags(&u.au_always, &u.au_never, mask_p)) + if (-1 == getfauditflags(&up->au_always, &up->au_never, + mask_p)) return (-1); return (0); } ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_wrappers.c#3 (text+ko) ==== @@ -239,6 +239,7 @@ /* tokenize and save the error message */ if ((errtok = au_to_text(errmsg)) == NULL) { + au_free_token(subject); syslog(LOG_ERR, "%s: au_to_text() failed", func); return (kAUMakeTextTokErr); } @@ -265,6 +266,7 @@ } /* tokenize and save the error message */ if ((errtok = au_to_text(errmsg)) == NULL) { + au_free_token(subject); syslog(LOG_ERR, "%s: au_to_text() failed", func); return (kAUMakeTextTokErr); } ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/tools/Makefile#2 (text+ko) ==== @@ -8,5 +8,6 @@ DPADD= /usr/lib/libbsm.a LDADD= -lbsm BINDIR= /usr/sbin +WARNS= 3 .include ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/tools/audump.c#3 (text+ko) ==== @@ -25,8 +25,11 @@ */ #include +#include +#include #include #include +#include /* * Simple tool to dump various /etc/security databases using the defined APIs.