1320161 – Line buffer is too short for plugin config files.

Bug 1320161 - Line buffer is too short for plugin config files.

Summary: Line buffer is too short for plugin config files.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	audit
Sub Component:
Version:	7.2
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Steve Grubb
QA Contact:	Ondrej Moriš
Docs Contact:
URL:
Whiteboard:
Depends On:	1235457
Blocks:	1172231
TreeView+	depends on / blocked

Reported:	2016-03-22 13:08 UTC by Karel Srot
Modified:	2016-11-04 06:13 UTC (History)
CC List:	5 users (show)
Fixed In Version:	audit-2.5.2-1.el7
Doc Type:	Bug Fix
Doc Text:
Clone Of:	1235457
Environment:
Last Closed:	2016-11-04 06:13:19 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2016:2418	0	normal	SHIPPED_LIVE	audit bug fix and enhancement update	2016-11-03 13:58:32 UTC

Description Karel Srot 2016-03-22 13:08:09 UTC

Bug present on RHEL-7 too, tested with audit-2.4.1-5.el7
As we are fixing it in 6.8 we should fix it in 7.3 too.

+++ This bug was initially created as a clone of Bug #1235457 +++

Description of problem:

  Since line buffer is too short for plugin config files, if user write a long comment in /etc/audisp/plugins.d/au-remote.conf, following errors can occur.

~~~
Jun 24 16:22:17 rhel6local audispd: Wrong number of arguments for line 2 in /etc/audisp/plugins.d/au-remote.conf
Jun 24 16:22:34 rhel6local audispd: Missing equal sign for line 2 in /etc/audisp/plugins.d/au-remote.conf
~~~


Version-Release number of selected component (if applicable):

  audit-2.3.7-5.el6.x86_64

How reproducible:

  Always

Steps to Reproduce:
1. Add the following line to "/etc/audisp/plugins.d/au-remote.conf"
~~~
# This file controls the audispd data path to the aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaall aaa aaaa
~~~
2. Restart auditd
  # service auditd restart
3. Check /var/log/messages
  # tail /var/log/messages

Actual results:

  Jun 24 16:44:20 rhel6local audispd: Missing equal sign for line 2 in /etc/audisp/plugins.d/au-remote.conf
  Jun 24 16:44:20 rhel6local audispd: Skipping au-remote.conf plugin due to errors


Expected results:

  no error

Additional info:

- audit-2.3.7/audisp/audispd-pconfig.c
~~~
int load_pconfig(plugin_conf_t *config, char *file)
{
        int fd, rc, mode, lineno = 1;
        struct stat st;
        FILE *f;
        char buf[128];
~~~

--- Additional comment from Yoshifumi Kinoshita on 2015-06-24 17:08:23 EDT ---

And line buffer for auditpd-config is robust.
If we add a long line, the following message is displayed.

~~~
Jun 24 16:49:22 rhel6local audispd: Skipping line 5 in /etc/audisp/audispd.conf: too long
~~~

- audit-2.3.7/audisp/audispd-config.c
~~~
int load_config(daemon_conf_t *config, const char *file)
{
        int fd, rc, mode, lineno = 1;
        struct stat st;
        FILE *f;
        char buf[160];
~~~

--- Additional comment from Steve Grubb on 2015-06-24 18:43:32 EDT ---

I updated the code to handle long lines just like audispd.conf and auditd.conf. Its fixed in upstream svn commit 1085.

Comment 2 Steve Grubb 2016-03-22 17:53:23 UTC

This is a test only bug because it was fixed in upstream 2.4.3 release and will be resolved by the rebase to 2.5.x.

Comment 3 Steve Grubb 2016-04-29 17:20:53 UTC

audit-2.5.2-1.el7 has been built to address this issue.

Comment 7 errata-xmlrpc 2016-11-04 06:13:19 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2418.html

Note You need to log in before you can comment on or make changes to this bug.