Overview

File check-for-AF_UNIX-unnamed-sockets.patch of Package audit-secondary.30277

From 4fcf946ea07f696166364e015239d904946617a8 Mon Sep 17 00:00:00 2001
From: Enzo Matsumiya <ematsumiya@suse.de>
Date: Thu, 27 Apr 2023 12:46:30 -0300
Subject: [PATCH] Check for AF_UNIX unnamed sockets

Change the interpreted message for unnamed/anonymous sockets, and
make sure to not return an error if so.

Also check if sun_path[1] is valid for abstract sockets cases before
trying to strdup() it.

Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
---
 auparse/interpret.c  |  7 ++++---
 src/ausearch-parse.c | 19 ++++++++++++-------
 2 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/auparse/interpret.c b/auparse/interpret.c
index f8c5c84a5..bb4d0e1e1 100644
--- a/auparse/interpret.c
+++ b/auparse/interpret.c
@@ -1235,9 +1235,10 @@ static const char *print_sockaddr(const char *val)
         switch (saddr->sa_family) {
                 case AF_LOCAL:
 			if (slen < 4) {
-				rc = asprintf(&out,
-				    "{ saddr_fam=%s sockaddr len too short }",
-							str);
+				rc = asprintf(&out, "{ saddr_fam=%s %s }", str,
+				    slen == sizeof(saddr->sa_family) ?
+				    "unnamed socket" : // ignore sun_path
+				    "sockaddr len too short");
 				break;
 			} else {
                                 const struct sockaddr_un *un =
diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
index 597d45f12..f9aad6303 100644
--- a/src/ausearch-parse.c
+++ b/src/ausearch-parse.c
@@ -1706,20 +1706,22 @@ static int parse_sockaddr(const lnode *n, search_items *s)
 				}
 				len = sizeof(struct sockaddr_in6);
 			} else if (saddr->sa_family == AF_UNIX) {
-				if (len < 4) {
-					fprintf(stderr,
-						"sun_path len too short\n");
-					return 3;
-				}
 				struct sockaddr_un *un =
 					(struct sockaddr_un *)saddr;
+				if (len != sizeof(saddr->sa_family) &&
+				    len < 4) {
+					fprintf(stderr,
+						"sun_path len too short (%d)\n",
+						len);
+					return 4;
+				}
 				if (event_filename) {
 					if (!s->filename) {
 						//create
 						s->filename =
 							malloc(sizeof(slist));
 						if (s->filename == NULL)
-							return 4;
+							return 5;
 						slist_create(s->filename);
 					}
 					if (s->filename) {
@@ -1728,9 +1730,12 @@ static int parse_sockaddr(const lnode *n, search_items *s)
 						if (un->sun_path[0])
 						    sn.str =
 							strdup(un->sun_path);
-						else
+						else if (un->sun_path[1])
 						    sn.str =
 							strdup(un->sun_path+1);
+						else
+							return 6;
+
 						sn.key = NULL;
 						sn.hits = 1;
 						slist_append(s->filename, &sn);
openSUSE Build Service is sponsored by
Places