Bug 1806323

Summary: AIDE breaks when setting report_ignore_e2fsattrs
Product: Red Hat Enterprise Linux 8 Reporter: Oliver Freyermuth <o.freyermuth>
Component: aideAssignee: Attila Lakatos <alakatos>
Status: CLOSED ERRATA QA Contact: Dalibor Pospíšil <dapospis>
Severity: high Docs Contact:
Priority: high    
Version: 8.0CC: alakatos, dapospis, mzeleny, o.freyermuth, rsroka, wienemann
Target Milestone: rcKeywords: AutoVerified, EasyFix, Patch, Triaged
Target Release: 8.0   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: aide-0.16-12.el8 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 1850276 (view as bug list) Environment:
Last Closed: 2020-11-04 03:16:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Oliver Freyermuth 2020-02-23 19:50:02 UTC 
Description of problem:

Setting:
report_ignore_e2fsattrs=I
yields:
Ignore invalid ext2 file attribute: 'J'
Ignore invalid ext2 file attribute: 'K'
Ignore invalid ext2 file attribute: 'L'
Ignore invalid ext2 file attribute: 'M'
Ignore invalid ext2 file attribute: 'O'
Ignore invalid ext2 file attribute: 'P'
Ignore invalid ext2 file attribute: 'Q'
...
Ignore invalid ext2 file attribute: '�'
and disables any e2fsattrs with character codes larger than "I". 

Version-Release number of selected component (if applicable):
0.16.11.el8

How reproducible:
Always. 

Steps to Reproduce:
1. Add line to configuration. 
2. Run "aide --check". 

Actual results:
Warnings, wrong behaviour.

Expected results:
Setting to be honoured.

Additional info:
Upstream bug report:
https://github.com/aide/aide/issues/65
Comment 1 Oliver Freyermuth 2020-02-25 19:22:24 UTC 
More information:
The issue is not reproducible with upstream AIDE 0.16. 

It is introduced by coverity.patch which performs the following change:

> @@ -984,7 +991,7 @@ void do_report_ignore_e2fsattrs(char* va
>                   break;
>              }
>          }
> -        *val++;
> +        (*val)++;
>      }
>  }
>  #endif

The "*" was actually _not_ wanted by upstream, and has now been dropped in:
https://github.com/aide/aide/commit/fcf0f3a26067509e5c6730a94ca13bbef7f594a8

While it was a "harmless" (but confusing) syntax before, coverity has made it harmful.
Comment 9 errata-xmlrpc 2020-11-04 03:16:26 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (aide bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4718