Date: Mon, 29 Jun 2009 20:19:19 +0000 (UTC) From: Stacey Son <sson@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r195177 - head/sys/security/audit Message-ID: <200906292019.n5TKJJ3n058328@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: sson Date: Mon Jun 29 20:19:19 2009 New Revision: 195177 URL: http://svn.freebsd.org/changeset/base/195177 Log: Dynamically allocate the gidset field in audit record. This fixes a problem created by the recent change that allows a large number of groups per user. The gidset field in struct kaudit_record is now dynamically allocated to the size needed rather than statically (using NGROUPS). Approved by: re@ (kensmith, rwatson), gnn (mentor) Modified: head/sys/security/audit/audit.c head/sys/security/audit/audit_arg.c head/sys/security/audit/audit_private.h Modified: head/sys/security/audit/audit.c ============================================================================== --- head/sys/security/audit/audit.c Mon Jun 29 20:12:54 2009 (r195176) +++ head/sys/security/audit/audit.c Mon Jun 29 20:19:19 2009 (r195177) @@ -77,6 +77,7 @@ static MALLOC_DEFINE(M_AUDITCRED, "audit MALLOC_DEFINE(M_AUDITDATA, "audit_data", "Audit data storage"); MALLOC_DEFINE(M_AUDITPATH, "audit_path", "Audit path storage"); MALLOC_DEFINE(M_AUDITTEXT, "audit_text", "Audit text storage"); +MALLOC_DEFINE(M_AUDITGIDSET, "audit_gidset", "Audit GID set storage"); SYSCTL_NODE(_security, OID_AUTO, audit, CTLFLAG_RW, 0, "TrustedBSD audit controls"); @@ -253,6 +254,8 @@ audit_record_dtor(void *mem, int size, v free(ar->k_ar.ar_arg_argv, M_AUDITTEXT); if (ar->k_ar.ar_arg_envv != NULL) free(ar->k_ar.ar_arg_envv, M_AUDITTEXT); + if (ar->k_ar.ar_arg_groups.gidset != NULL) + free(ar->k_ar.ar_arg_groups.gidset, M_AUDITGIDSET); } /* Modified: head/sys/security/audit/audit_arg.c ============================================================================== --- head/sys/security/audit/audit_arg.c Mon Jun 29 20:12:54 2009 (r195176) +++ head/sys/security/audit/audit_arg.c Mon Jun 29 20:19:19 2009 (r195177) @@ -236,10 +236,17 @@ audit_arg_groupset(gid_t *gidset, u_int u_int i; struct kaudit_record *ar; + KASSERT(gidset_size <= NGROUPS, + ("audit_arg_groupset: gidset_size > NGROUPS")); + ar = currecord(); if (ar == NULL) return; + if (ar->k_ar.ar_arg_groups.gidset == NULL) + ar->k_ar.ar_arg_groups.gidset = malloc( + sizeof(gid_t) * gidset_size, M_AUDITGIDSET, M_WAITOK); + for (i = 0; i < gidset_size; i++) ar->k_ar.ar_arg_groups.gidset[i] = gidset[i]; ar->k_ar.ar_arg_groups.gidset_size = gidset_size; Modified: head/sys/security/audit/audit_private.h ============================================================================== --- head/sys/security/audit/audit_private.h Mon Jun 29 20:12:54 2009 (r195176) +++ head/sys/security/audit/audit_private.h Mon Jun 29 20:19:19 2009 (r195177) @@ -50,6 +50,7 @@ MALLOC_DECLARE(M_AUDITBSM); MALLOC_DECLARE(M_AUDITDATA); MALLOC_DECLARE(M_AUDITPATH); MALLOC_DECLARE(M_AUDITTEXT); +MALLOC_DECLARE(M_AUDITGIDSET); #endif /* @@ -104,8 +105,8 @@ struct vnode_au_info { }; struct groupset { - gid_t gidset[NGROUPS]; - u_int gidset_size; + gid_t *gidset; + u_int gidset_size; }; struct socket_au_info {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906292019.n5TKJJ3n058328>