Date: Thu, 12 Jul 2007 21:00:18 +0300 From: "Alex Samorukov" <samm@os2.kiev.ua> To: "FreeBSD gnats submit" <FreeBSD-gnats-submit@FreeBSD.org> Cc: samm@os2.kiev.ua Subject: bin/114534: OpenBSM auditreduce fail with short date format Message-ID: <1184263218.4541@samm.local> Resent-Message-ID: <200707121830.l6CIU64N082176@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 114534
>Category: bin
>Synopsis: OpenBSM auditreduce fail with short date format
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jul 12 18:30:05 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Alex Samorukov
>Release: FreeBSD 6.2-STABLE i386
>Organization:
Shevchenko Didkovskiy and Partners
>Environment:
System: FreeBSD 6.2-STABLE #3: Thu Jul 12 17:22:52 EEST 2007
root@samm.local:/usr/obj/usr/src/sys/SAMMKRNL
>Description:
I found a bug on auditreduce tool.
The problem is with '-a' key, which allow us to select records that occurred after or on the given datetime.
Man states that it has format:
-a YYYYMMDD[HH[MM[SS]]]
When i`m using -a with full format (e.g. -a -a 20070712175500) auditreduce work correctly, but with short format (e.g. -a 200707121755) it fail. After some testing i found that problem is with strptime function.
Here is a quote from the manual:
If the format string does not contain enough conversion specifications to
completely specify the resulting struct tm, the unspecified members of
timeptr are left untouched. For example, if format is ``%H:%M:%S'', only
tm_hour, tm_sec and tm_min will be modified. If time relative to today
is desired, initialize the timeptr structure with today's date before
passing it to strptime().
But tm structure in the sources was not zerowed and contain garbage, so we got random result with the short form.
>How-To-Repeat:
run auditreduce with short form and see no output.
After patch all work as designed
>Fix:
--- auditreduce.c Sat Sep 30 01:41:53 2006
+++ auditreduce.c.patched Thu Jul 12 19:23:06 2007
@@ -629,6 +629,7 @@
usage("d is exclusive with a and b");
}
SETOPT(opttochk, OPT_a);
+ bzero(&tm, sizeof(tm));
strptime(optarg, "%Y%m%d%H%M%S", &tm);
strftime(timestr, sizeof(timestr), "%Y%m%d%H%M%S",
&tm);
@@ -641,6 +642,7 @@
usage("d is exclusive with a and b");
}
SETOPT(opttochk, OPT_b);
+ bzero(&tm, sizeof(tm));
strptime(optarg, "%Y%m%d%H%M%S", &tm);
strftime(timestr, sizeof(timestr), "%Y%m%d%H%M%S",
&tm);
@@ -661,6 +663,7 @@
OPT_a))
usage("'d' is exclusive with 'a' and 'b'");
SETOPT(opttochk, OPT_d);
+ bzero(&tm, sizeof(tm));
strptime(optarg, "%Y%m%d", &tm);
strftime(timestr, sizeof(timestr), "%Y%m%d", &tm);
/* fprintf(stderr, "Time converted = %s\n", timestr); */
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1184263218.4541>