From owner-p4-projects@FreeBSD.ORG Tue Sep 19 09:01:15 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 1B7FB16A4E9; Tue, 19 Sep 2006 09:01:15 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CDA8616A4D8 for ; Tue, 19 Sep 2006 09:01:14 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 77B1E44115 for ; Tue, 19 Sep 2006 08:28:35 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k8J8SZWc015740 for ; Tue, 19 Sep 2006 08:28:35 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k8J8SYWF015737 for perforce@freebsd.org; Tue, 19 Sep 2006 08:28:34 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Tue, 19 Sep 2006 08:28:34 GMT Message-Id: <200609190828.k8J8SYWF015737@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 106331 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Sep 2006 09:01:15 -0000 http://perforce.freebsd.org/chv.cgi?CH=106331 Change 106331 by rwatson@rwatson_fledge on 2006/09/19 08:27:50 Fix bugs in execve(2) argument and environmental variable parsing for tokens containing large numbers of entries. Bump default maximum (changes ABI of token structure). Comment. Affected files ... .. //depot/projects/trustedbsd/openbsm/HISTORY#30 edit .. //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#29 edit .. //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#41 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/HISTORY#30 (text+ko) ==== @@ -25,6 +25,8 @@ - Update auditd to read the audit_control policy field and set the kernel policy to match it when configuring/reconfiguring. Remove the -s and -h arguments as these policies are now set via the configuration file. +- Fix bugs in the parsing of large execve(2) arguments and environmental + variable tokens; increase maximum parsed argument and variable count. OpenBSM 1.0 alpha 10 @@ -237,4 +239,4 @@ to support reloading of kernel event table. - Allow comments in /etc/security configuration files. -$P4: //depot/projects/trustedbsd/openbsm/HISTORY#29 $ +$P4: //depot/projects/trustedbsd/openbsm/HISTORY#30 $ ==== //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#29 (text+ko) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#28 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#29 $ */ #ifndef _LIBBSM_H_ @@ -37,9 +37,6 @@ * solely to allow OpenSSH to compile; Darwin/Apple code should not use them. */ -#define AUDIT_MAX_ARGS 10 -#define AUDIT_MAX_ENV 10 - #include #include @@ -55,13 +52,25 @@ #include /* audit_token_t */ #endif +/* + * Size parsed token vectors for execve(2) arguments and environmental + * variables. Note: changing these sizes affects the ABI of the token + * structure, and as the token structure is often placed in the caller stack, + * this is undesirable. + */ +#define AUDIT_MAX_ARGS 128 +#define AUDIT_MAX_ENV 128 + +/* + * Arguments to au_preselect(3). + */ +#define AU_PRS_USECACHE 0 +#define AU_PRS_REREAD 1 + #define AU_PRS_SUCCESS 1 #define AU_PRS_FAILURE 2 #define AU_PRS_BOTH (AU_PRS_SUCCESS|AU_PRS_FAILURE) -#define AU_PRS_USECACHE 0 -#define AU_PRS_REREAD 1 - #define AUDIT_EVENT_FILE "/etc/security/audit_event" #define AUDIT_CLASS_FILE "/etc/security/audit_class" #define AUDIT_CONTROL_FILE "/etc/security/audit_control" ==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#41 (text+ko) ==== @@ -31,7 +31,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#40 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#41 $ */ #include @@ -1190,7 +1190,8 @@ for (i = 0; i < tok->tt.execarg.count; i++) { bptr = buf + tok->len; - tok->tt.execarg.text[i] = bptr; + if (i < AUDIT_MAX_ARGS) + tok->tt.execarg.text[i] = bptr; /* Look for a null terminated string. */ while (bptr && (*bptr != '\0')) { @@ -1202,6 +1203,8 @@ return (-1); tok->len++; /* \0 character */ } + if (tok->tt.execarg.count > AUDIT_MAX_ARGS) + tok->tt.execarg.count = AUDIT_MAX_ARGS; return (0); } @@ -1235,9 +1238,10 @@ if (err) return (-1); - for (i = 0; i< tok->tt.execenv.count; i++) { + for (i = 0; i < tok->tt.execenv.count; i++) { bptr = buf + tok->len; - tok->tt.execenv.text[i] = bptr; + if (i < AUDIT_MAX_ENV) + tok->tt.execenv.text[i] = bptr; /* Look for a null terminated string. */ while (bptr && (*bptr != '\0')) { @@ -1249,6 +1253,8 @@ return (-1); tok->len++; /* \0 character */ } + if (tok->tt.execenv.count > AUDIT_MAX_ENV) + tok->tt.execenv.count = AUDIT_MAX_ENV; return (0); }