From owner-svn-src-head@FreeBSD.ORG  Sun Apr 19 23:28:08 2009
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DDD3B106564A;
	Sun, 19 Apr 2009 23:28:08 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id CB3698FC18;
	Sun, 19 Apr 2009 23:28:08 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n3JNS873024016;
	Sun, 19 Apr 2009 23:28:08 GMT (envelope-from rwatson@svn.freebsd.org)
Received: (from rwatson@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id n3JNS8A5024015;
	Sun, 19 Apr 2009 23:28:08 GMT (envelope-from rwatson@svn.freebsd.org)
Message-Id: <200904192328.n3JNS8A5024015@svn.freebsd.org>
From: Robert Watson <rwatson@FreeBSD.org>
Date: Sun, 19 Apr 2009 23:28:08 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r191296 - head/sys/security/audit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
	<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Apr 2009 23:28:09 -0000

Author: rwatson
Date: Sun Apr 19 23:28:08 2009
New Revision: 191296
URL: http://svn.freebsd.org/changeset/base/191296

Log:
  Temporarily relax the constraints on argument size checking for A_GETCOND;
  login(1) isn't quite ready for them yet on 64-bit systems as it continues
  to use the conventions of the old version of the API.
  
  Reported by:	stas, Jakub Lach <jakub_lach at mailplus.pl>

Modified:
  head/sys/security/audit/audit_syscalls.c

Modified: head/sys/security/audit/audit_syscalls.c
==============================================================================
--- head/sys/security/audit/audit_syscalls.c	Sun Apr 19 23:15:04 2009	(r191295)
+++ head/sys/security/audit/audit_syscalls.c	Sun Apr 19 23:28:08 2009	(r191296)
@@ -216,6 +216,7 @@ auditon(struct thread *td, struct audito
 	 */
 	switch (uap->cmd) {
 	case A_OLDGETPOLICY:
+	case A_GETPOLICY:
 		if (uap->length == sizeof(udata.au_policy64)) {
 			if (!audit_fail_stop)
 				udata.au_policy64 |= AUDIT_CNT;
@@ -227,8 +228,6 @@ auditon(struct thread *td, struct audito
 				udata.au_policy64 |= AUDIT_ARGE;
 			break;
 		}
-		/* FALLTHROUGH */
-	case A_GETPOLICY:
 		if (uap->length != sizeof(udata.au_policy))
 			return (EINVAL);
 		if (!audit_fail_stop)
@@ -242,6 +241,7 @@ auditon(struct thread *td, struct audito
 		break;
 
 	case A_OLDSETPOLICY:
+	case A_SETPOLICY:
 		if (uap->length == sizeof(udata.au_policy64)) {
 			if (udata.au_policy & (~AUDIT_CNT|AUDIT_AHLT|
 			    AUDIT_ARGV|AUDIT_ARGE))
@@ -254,8 +254,6 @@ auditon(struct thread *td, struct audito
 			audit_arge = (udata.au_policy64 & AUDIT_ARGE);
 			break;
 		}
-		/* FALLTHROUGH */
-	case A_SETPOLICY:
 		if (uap->length != sizeof(udata.au_policy))
 			return (EINVAL);
 		if (udata.au_policy & ~(AUDIT_CNT|AUDIT_AHLT|AUDIT_ARGV|
@@ -283,6 +281,7 @@ auditon(struct thread *td, struct audito
 		break;
 
 	case A_OLDGETQCTRL:
+	case A_GETQCTRL:
 		if (uap->length == sizeof(udata.au_qctrl64)) {
 			udata.au_qctrl64.aq64_hiwater =
 			    (u_int64_t)audit_qctrl.aq_hiwater;
@@ -294,14 +293,13 @@ auditon(struct thread *td, struct audito
 			    (u_int64_t)audit_qctrl.aq_minfree;
 			break;
 		}
-		/* FALLTHROUGH */
-	case A_GETQCTRL:
 		if (uap->length != sizeof(udata.au_qctrl))
 			return (EINVAL);
 		udata.au_qctrl = audit_qctrl;
 		break;
 
 	case A_OLDSETQCTRL:
+	case A_SETQCTRL:
 		if (uap->length == sizeof(udata.au_qctrl64)) {
 			if ((udata.au_qctrl64.aq64_hiwater > AQ_MAXHIGH) ||
 			    (udata.au_qctrl64.aq64_lowater >=
@@ -321,8 +319,6 @@ auditon(struct thread *td, struct audito
 			audit_qctrl.aq_delay = -1;	/* Not used. */
 			break;
 		}
-		/* FALLTHROUGH */
-	case A_SETQCTRL:
 		if (uap->length != sizeof(udata.au_qctrl))
 			return (EINVAL);
 		if ((udata.au_qctrl.aq_hiwater > AQ_MAXHIGH) ||
@@ -362,6 +358,7 @@ auditon(struct thread *td, struct audito
 		break;
 
 	case A_OLDGETCOND:
+	case A_GETCOND:
 		if (uap->length == sizeof(udata.au_cond64)) {
 			if (audit_enabled && !audit_suspended)
 				udata.au_cond64 = AUC_AUDITING;
@@ -369,8 +366,6 @@ auditon(struct thread *td, struct audito
 				udata.au_cond64 = AUC_NOAUDIT;
 			break;
 		}
-		/* FALLTHROUGH */
-	case A_GETCOND:
 		if (uap->length != sizeof(udata.au_cond))
 			return (EINVAL);
 		if (audit_enabled && !audit_suspended)
@@ -380,6 +375,7 @@ auditon(struct thread *td, struct audito
 		break;
 
 	case A_OLDSETCOND:
+	case A_SETCOND:
 		if (uap->length == sizeof(udata.au_cond64)) {
 			if (udata.au_cond64 == AUC_NOAUDIT)
 				audit_suspended = 1;
@@ -391,8 +387,6 @@ auditon(struct thread *td, struct audito
 			}
 			break;
 		}
-		/* FALLTHROUGH */
-	case A_SETCOND:
 		if (uap->length != sizeof(udata.au_cond))
 			return (EINVAL);
 		if (udata.au_cond == AUC_NOAUDIT)