Date: Mon, 2 Jun 2008 13:21:11 GMT From: Vincenzo Iozzo <snagg@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 142753 for review Message-ID: <200806021321.m52DLBh6050139@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=142753 Change 142753 by snagg@snagg_macosx on 2008/06/02 13:20:53 A memory leak, an integer overflow and another bug are now fixed Affected files ... .. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_pipe.c#24 edit Differences ... ==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_pipe.c#24 (text) ==== @@ -270,7 +270,7 @@ audit_pipe_compare_preselect_event); if(event != NULL) { if(event_flag != -1) - if (event->app_flag != event_flag) + if (!(event->app_flag & event_flag)) app = NULL; } else app = NULL; @@ -356,7 +356,11 @@ * Pessimistically assume that the entry for this pid doesn't * exist, and allocate. We will free it if it is unneeded. */ - KASSERT(num >= 0, ("Number of events is out of range")); + KASSERT(num >= 0, ("Number of events is out of range")); + + /* Max number allowed */ + KASSERT(num <= AUDIT_NEVENTS, ("Number of events is out of range")); + app_new = malloc(sizeof(*app_new), M_AUDIT_PIPE_PRESELECT, M_WAITOK); if(num) app_new->app_auevents= malloc(sizeof(struct audit_pipe_preselect_event) * @@ -370,6 +374,8 @@ app = audit_pipe_preselect_find_event(ap, -1, app_pid, -1); found = (app != NULL) ? 1: 0; if(found) { + if(app->app_event_len) + free(app->app_auevents, M_AUDIT_PIPE_PRESELECT_EVENT); app->app_auevents = app_new->app_auevents; app_new = NULL; app->app_event_len = num;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200806021321.m52DLBh6050139>