From owner-freebsd-bugs@FreeBSD.ORG Thu Jul 12 18:30:06 2007 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6A24016A4A7 for ; Thu, 12 Jul 2007 18:30:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 4A3C113C4FD for ; Thu, 12 Jul 2007 18:30:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l6CIU6PH082177 for ; Thu, 12 Jul 2007 18:30:06 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l6CIU64N082176; Thu, 12 Jul 2007 18:30:06 GMT (envelope-from gnats) Resent-Date: Thu, 12 Jul 2007 18:30:06 GMT Resent-Message-Id: <200707121830.l6CIU64N082176@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Alex Samorukov" Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4060D16A400 for ; Thu, 12 Jul 2007 18:21:50 +0000 (UTC) (envelope-from samm@os2.kiev.ua) Received: from deepvision.tsua.net (deepvision.tsua.net [212.40.43.22]) by mx1.freebsd.org (Postfix) with ESMTP id DC50413C448 for ; Thu, 12 Jul 2007 18:21:49 +0000 (UTC) (envelope-from samm@os2.kiev.ua) Received: from 110-32-124-91.pool.ukrtel.net ([91.124.32.110] helo=samm.local) by deepvision.tsua.net with esmtpa (Exim 4.67 (FreeBSD)) (envelope-from ) id 1I92xo-000J0K-6l; Thu, 12 Jul 2007 21:00:28 +0300 Message-Id: <1184263218.4541@samm.local> Date: Thu, 12 Jul 2007 21:00:18 +0300 From: "Alex Samorukov" To: "FreeBSD gnats submit" X-Send-Pr-Version: gtk-send-pr 0.4.8 Cc: samm@os2.kiev.ua Subject: bin/114534: OpenBSM auditreduce fail with short date format X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jul 2007 18:30:06 -0000 >Number: 114534 >Category: bin >Synopsis: OpenBSM auditreduce fail with short date format >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jul 12 18:30:05 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Alex Samorukov >Release: FreeBSD 6.2-STABLE i386 >Organization: Shevchenko Didkovskiy and Partners >Environment: System: FreeBSD 6.2-STABLE #3: Thu Jul 12 17:22:52 EEST 2007 root@samm.local:/usr/obj/usr/src/sys/SAMMKRNL >Description: I found a bug on auditreduce tool. The problem is with '-a' key, which allow us to select records that occurred after or on the given datetime. Man states that it has format: -a YYYYMMDD[HH[MM[SS]]] When i`m using -a with full format (e.g. -a -a 20070712175500) auditreduce work correctly, but with short format (e.g. -a 200707121755) it fail. After some testing i found that problem is with strptime function. Here is a quote from the manual: If the format string does not contain enough conversion specifications to completely specify the resulting struct tm, the unspecified members of timeptr are left untouched. For example, if format is ``%H:%M:%S'', only tm_hour, tm_sec and tm_min will be modified. If time relative to today is desired, initialize the timeptr structure with today's date before passing it to strptime(). But tm structure in the sources was not zerowed and contain garbage, so we got random result with the short form. >How-To-Repeat: run auditreduce with short form and see no output. After patch all work as designed >Fix: --- auditreduce.c Sat Sep 30 01:41:53 2006 +++ auditreduce.c.patched Thu Jul 12 19:23:06 2007 @@ -629,6 +629,7 @@ usage("d is exclusive with a and b"); } SETOPT(opttochk, OPT_a); + bzero(&tm, sizeof(tm)); strptime(optarg, "%Y%m%d%H%M%S", &tm); strftime(timestr, sizeof(timestr), "%Y%m%d%H%M%S", &tm); @@ -641,6 +642,7 @@ usage("d is exclusive with a and b"); } SETOPT(opttochk, OPT_b); + bzero(&tm, sizeof(tm)); strptime(optarg, "%Y%m%d%H%M%S", &tm); strftime(timestr, sizeof(timestr), "%Y%m%d%H%M%S", &tm); @@ -661,6 +663,7 @@ OPT_a)) usage("'d' is exclusive with 'a' and 'b'"); SETOPT(opttochk, OPT_d); + bzero(&tm, sizeof(tm)); strptime(optarg, "%Y%m%d", &tm); strftime(timestr, sizeof(timestr), "%Y%m%d", &tm); /* fprintf(stderr, "Time converted = %s\n", timestr); */ >Release-Note: >Audit-Trail: >Unformatted: