Sophie

Sophie

distrib > Scientific%20Linux > 5x > x86_64 > by-pkgid > 89877e42827f16fa5f86b1df0c2860b1 > files > 2776

kernel-2.6.18-128.1.10.el5.src.rpm

From: Eric Paris <eparis@parisplace.org>
Subject: [RHEL5 PATCH] XFRM Audit: 222033 correct xfrm auditing panic
Date: Tue, 09 Jan 2007 13:51:52 -0500
Bugzilla: 222033
Message-Id: <1168368712.26569.41.camel@localhost.localdomain>
Changelog: XFRM Audit: correct xfrm auditing panic


EIP: [<c0320f67>] xfrm_audit_log+0x116/0x423 SS:ESP 0068:f522999c

the reason for the crash is that we pass both 'xp' and 'x' as NULL into 
xfrm_audit_log(), which thus has no other option but to crash.

We move the problematic call into the else from the above if (!delete)
to make sure it will have returned in this case.  Upstream also added a
check to xfrm_audit_log() such that if both xfrm and policy are NULL, we
return.  In that case there isn't anything to audit since we are only
auditing creation and deletion of xfrm and policy.


--- linux-2.6.18.i686/net/xfrm/xfrm_policy.c.pre.xfrm	2007-01-09 13:33:06.000000000 -0500
+++ linux-2.6.18.i686/net/xfrm/xfrm_policy.c	2007-01-09 13:34:54.000000000 -0500
@@ -1388,6 +1388,9 @@ void xfrm_audit_log(uid_t auid, u32 sid,
 	if (audit_enabled == 0)
 		return;
 
+	if ((x == NULL) && (xp == NULL))
+		return;
+
 	audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC, type);
 	if (audit_buf == NULL)
 	return;
--- linux-2.6.18.i686/net/xfrm/xfrm_user.c.pre.xfrm	2007-01-09 13:33:06.000000000 -0500
+++ linux-2.6.18.i686/net/xfrm/xfrm_user.c	2007-01-09 13:34:54.000000000 -0500
@@ -1066,10 +1066,6 @@ static int xfrm_get_policy(struct sk_buf
 		xp = xfrm_policy_bysel_ctx(p->dir, &p->sel, tmp.security, delete);
 		security_xfrm_policy_free(&tmp);
 	}
-	if (delete)
-		xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
-			       AUDIT_MAC_IPSEC_DELSPD, (xp) ? 1 : 0, xp, NULL);
-
 	if (xp == NULL)
 		return -ENOENT;
 
@@ -1087,6 +1083,10 @@ static int xfrm_get_policy(struct sk_buf
 	} else {
 		if ((err = security_xfrm_policy_delete(xp)) != 0)
 			goto out;
+
+		xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
+			       AUDIT_MAC_IPSEC_DELSPD, (xp) ? 1 : 0, xp, NULL);
+
 		c.data.byid = p->index;
 		c.event = nlh->nlmsg_type;
 		c.seq = nlh->nlmsg_seq;

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional