Bug 1320161

Summary: Line buffer is too short for plugin config files.
Product: Red Hat Enterprise Linux 7 Reporter: Karel Srot <ksrot>
Component: auditAssignee: Steve Grubb <sgrubb>
Status: CLOSED ERRATA QA Contact: Ondrej Moriš <omoris>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.2CC: ksrot, omoris, sgrubb, wburrows, ykinoshi
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: audit-2.5.2-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1235457 Environment:
Last Closed: 2016-11-04 06:13:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1235457    
Bug Blocks: 1172231    

Description Karel Srot 2016-03-22 13:08:09 UTC 
Bug present on RHEL-7 too, tested with audit-2.4.1-5.el7
As we are fixing it in 6.8 we should fix it in 7.3 too.

+++ This bug was initially created as a clone of Bug #1235457 +++

Description of problem:

  Since line buffer is too short for plugin config files, if user write a long comment in /etc/audisp/plugins.d/au-remote.conf, following errors can occur.

~~~
Jun 24 16:22:17 rhel6local audispd: Wrong number of arguments for line 2 in /etc/audisp/plugins.d/au-remote.conf
Jun 24 16:22:34 rhel6local audispd: Missing equal sign for line 2 in /etc/audisp/plugins.d/au-remote.conf
~~~


Version-Release number of selected component (if applicable):

  audit-2.3.7-5.el6.x86_64

How reproducible:

  Always

Steps to Reproduce:
1. Add the following line to "/etc/audisp/plugins.d/au-remote.conf"
~~~
# This file controls the audispd data path to the aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaall aaa aaaa
~~~
2. Restart auditd
  # service auditd restart
3. Check /var/log/messages
  # tail /var/log/messages

Actual results:

  Jun 24 16:44:20 rhel6local audispd: Missing equal sign for line 2 in /etc/audisp/plugins.d/au-remote.conf
  Jun 24 16:44:20 rhel6local audispd: Skipping au-remote.conf plugin due to errors


Expected results:

  no error

Additional info:

- audit-2.3.7/audisp/audispd-pconfig.c
~~~
int load_pconfig(plugin_conf_t *config, char *file)
{
        int fd, rc, mode, lineno = 1;
        struct stat st;
        FILE *f;
        char buf[128];
~~~

--- Additional comment from Yoshifumi Kinoshita on 2015-06-24 17:08:23 EDT ---

And line buffer for auditpd-config is robust.
If we add a long line, the following message is displayed.

~~~
Jun 24 16:49:22 rhel6local audispd: Skipping line 5 in /etc/audisp/audispd.conf: too long
~~~

- audit-2.3.7/audisp/audispd-config.c
~~~
int load_config(daemon_conf_t *config, const char *file)
{
        int fd, rc, mode, lineno = 1;
        struct stat st;
        FILE *f;
        char buf[160];
~~~

--- Additional comment from Steve Grubb on 2015-06-24 18:43:32 EDT ---

I updated the code to handle long lines just like audispd.conf and auditd.conf. Its fixed in upstream svn commit 1085.
Comment 2 Steve Grubb 2016-03-22 17:53:23 UTC 
This is a test only bug because it was fixed in upstream 2.4.3 release and will be resolved by the rebase to 2.5.x.
Comment 3 Steve Grubb 2016-04-29 17:20:53 UTC 
audit-2.5.2-1.el7 has been built to address this issue.
Comment 7 errata-xmlrpc 2016-11-04 06:13:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2418.html