Date: Sun, 19 Apr 2009 23:28:08 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r191296 - head/sys/security/audit Message-ID: <200904192328.n3JNS8A5024015@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rwatson Date: Sun Apr 19 23:28:08 2009 New Revision: 191296 URL: http://svn.freebsd.org/changeset/base/191296 Log: Temporarily relax the constraints on argument size checking for A_GETCOND; login(1) isn't quite ready for them yet on 64-bit systems as it continues to use the conventions of the old version of the API. Reported by: stas, Jakub Lach <jakub_lach at mailplus.pl> Modified: head/sys/security/audit/audit_syscalls.c Modified: head/sys/security/audit/audit_syscalls.c ============================================================================== --- head/sys/security/audit/audit_syscalls.c Sun Apr 19 23:15:04 2009 (r191295) +++ head/sys/security/audit/audit_syscalls.c Sun Apr 19 23:28:08 2009 (r191296) @@ -216,6 +216,7 @@ auditon(struct thread *td, struct audito */ switch (uap->cmd) { case A_OLDGETPOLICY: + case A_GETPOLICY: if (uap->length == sizeof(udata.au_policy64)) { if (!audit_fail_stop) udata.au_policy64 |= AUDIT_CNT; @@ -227,8 +228,6 @@ auditon(struct thread *td, struct audito udata.au_policy64 |= AUDIT_ARGE; break; } - /* FALLTHROUGH */ - case A_GETPOLICY: if (uap->length != sizeof(udata.au_policy)) return (EINVAL); if (!audit_fail_stop) @@ -242,6 +241,7 @@ auditon(struct thread *td, struct audito break; case A_OLDSETPOLICY: + case A_SETPOLICY: if (uap->length == sizeof(udata.au_policy64)) { if (udata.au_policy & (~AUDIT_CNT|AUDIT_AHLT| AUDIT_ARGV|AUDIT_ARGE)) @@ -254,8 +254,6 @@ auditon(struct thread *td, struct audito audit_arge = (udata.au_policy64 & AUDIT_ARGE); break; } - /* FALLTHROUGH */ - case A_SETPOLICY: if (uap->length != sizeof(udata.au_policy)) return (EINVAL); if (udata.au_policy & ~(AUDIT_CNT|AUDIT_AHLT|AUDIT_ARGV| @@ -283,6 +281,7 @@ auditon(struct thread *td, struct audito break; case A_OLDGETQCTRL: + case A_GETQCTRL: if (uap->length == sizeof(udata.au_qctrl64)) { udata.au_qctrl64.aq64_hiwater = (u_int64_t)audit_qctrl.aq_hiwater; @@ -294,14 +293,13 @@ auditon(struct thread *td, struct audito (u_int64_t)audit_qctrl.aq_minfree; break; } - /* FALLTHROUGH */ - case A_GETQCTRL: if (uap->length != sizeof(udata.au_qctrl)) return (EINVAL); udata.au_qctrl = audit_qctrl; break; case A_OLDSETQCTRL: + case A_SETQCTRL: if (uap->length == sizeof(udata.au_qctrl64)) { if ((udata.au_qctrl64.aq64_hiwater > AQ_MAXHIGH) || (udata.au_qctrl64.aq64_lowater >= @@ -321,8 +319,6 @@ auditon(struct thread *td, struct audito audit_qctrl.aq_delay = -1; /* Not used. */ break; } - /* FALLTHROUGH */ - case A_SETQCTRL: if (uap->length != sizeof(udata.au_qctrl)) return (EINVAL); if ((udata.au_qctrl.aq_hiwater > AQ_MAXHIGH) || @@ -362,6 +358,7 @@ auditon(struct thread *td, struct audito break; case A_OLDGETCOND: + case A_GETCOND: if (uap->length == sizeof(udata.au_cond64)) { if (audit_enabled && !audit_suspended) udata.au_cond64 = AUC_AUDITING; @@ -369,8 +366,6 @@ auditon(struct thread *td, struct audito udata.au_cond64 = AUC_NOAUDIT; break; } - /* FALLTHROUGH */ - case A_GETCOND: if (uap->length != sizeof(udata.au_cond)) return (EINVAL); if (audit_enabled && !audit_suspended) @@ -380,6 +375,7 @@ auditon(struct thread *td, struct audito break; case A_OLDSETCOND: + case A_SETCOND: if (uap->length == sizeof(udata.au_cond64)) { if (udata.au_cond64 == AUC_NOAUDIT) audit_suspended = 1; @@ -391,8 +387,6 @@ auditon(struct thread *td, struct audito } break; } - /* FALLTHROUGH */ - case A_SETCOND: if (uap->length != sizeof(udata.au_cond)) return (EINVAL); if (udata.au_cond == AUC_NOAUDIT)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200904192328.n3JNS8A5024015>