Bug 1475998 - python audit crash if when using AUSOURCE_FILE_POINTER
python audit crash if when using AUSOURCE_FILE_POINTER
Status: ASSIGNED
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: audit (Show other bugs)
7.3
All Linux
medium Severity medium
: rc
: ---
Assigned To: Steve Grubb
BaseOS QE Security Team
:
Depends On:
Blocks: 1420851 1476406
  Show dependency treegraph
 
Reported: 2017-07-27 14:38 EDT by Paulo Andrade
Modified: 2017-08-14 17:14 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Paulo Andrade 2017-07-27 14:38:46 EDT
Steps to reproduce:

"""
$ touch /tmp/ausearch.log
$ cat t.py
#!/bin/python
import auparse
aup = auparse.AuParser(auparse.AUSOURCE_FILE_POINTER,open('/tmp/ausearch.log', 'r'))
aup.reset()

$ python t.py
"""

It almost works if enclosing the script as:
with open('/tmp/ausearch.log', 'r') as logfile:
    aup = auparse.AuParser(auparse.AUSOURCE_FILE_POINTER,logfile)
    aup.reset()

but will crash in auparse_destroy due to double fclose call.

  The problem is that python does not know about the references
of the FILE object. For example:

$ gdb -q --args python t.py
Reading symbols from /usr/bin/python2.7...Reading symbols from /usr/lib/debug/usr/bin/python2.7.debug...done.
done.

(gdb) b AuParser_init
Function "AuParser_init" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (AuParser_init) pending.
(gdb) r
Starting program: /usr/bin/python t.py
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Breakpoint 1, AuParser_init (self=0x7ffff7f5e138, args=(6, <file at remote 0x7ffff7f226f0>), kwds=0x0) at ../../../bindings/python/auparse_python.c:306
306	{
(gdb) p &self.au
$1 = (auparse_state_t **) 0x7ffff7f5e148
(gdb) watch *$1
Hardware watchpoint 2: *$1
(gdb) c
Continuing.
Hardware watchpoint 2: *$1

Old value = (auparse_state_t *) 0x0
New value = (auparse_state_t *) 0x6701e0
0x00007ffff05fa04d in AuParser_init (self=0x7ffff7f5e138, args=(6, <file at remote 0x7ffff7f226f0>), kwds=0x0) at ../../../bindings/python/auparse_python.c:439
439	        if ((self->au = auparse_init(source_type, fp)) == NULL) {
(gdb) p& self.au.in._fileno
$2 = (int *) 0x6b8980
Hardware watchpoint 3: *$2
(gdb) c
Continuing.
Hardware watchpoint 3: *$2

Old value = 7
New value = -1
_IO_new_file_close_it (fp=fp@entry=0x6b8910) at fileops.c:193
193	  fp->_offset = _IO_pos_BAD;
(gdb) bt
#0  _IO_new_file_close_it (fp=fp@entry=0x6b8910) at fileops.c:193
#1  0x00007ffff6d95b10 in _IO_new_fclose (fp=0x6b8910) at iofclose.c:59
#2  0x00007ffff7a76f79 in close_the_file (f=f@entry=0x7ffff7f226f0) at /usr/src/debug/Python-2.7.5/Objects/fileobject.c:456
#3  0x00007ffff7a77f78 in file_dealloc (f=0x7ffff7f226f0) at /usr/src/debug/Python-2.7.5/Objects/fileobject.c:619
#4  0x00007ffff7aab8c3 in tupledealloc (op=0x7ffff7eb7320) at /usr/src/debug/Python-2.7.5/Objects/tupleobject.c:238
#5  0x00007ffff7af4350 in do_call (nk=<optimized out>, na=<optimized out>, pp_stack=0x7fffffffdff0, func=<optimized out>) at /usr/src/debug/Python-2.7.5/Python/ceval.c:4628
#6  call_function (oparg=<optimized out>, pp_stack=0x7fffffffdff0) at /usr/src/debug/Python-2.7.5/Python/ceval.c:4431
#7  PyEval_EvalFrameEx (f=f@entry=Frame 0x6b8760, for file t.py, line 4, in <module> (), throwflag=throwflag@entry=0) at /usr/src/debug/Python-2.7.5/Python/ceval.c:3040
#8  0x00007ffff7af6e3d in PyEval_EvalCodeEx (co=co@entry=0x7ffff7f21e30, 
    globals=globals@entry={'auparse': <module at remote 0x7ffff7ed8bb0>, '__builtins__': <module at remote 0x7ffff7f9eb08>, '__file__': 't.py', '__package__': None, '__name__': '__main__', '__doc__': None}, 
    locals=locals@entry={'auparse': <module at remote 0x7ffff7ed8bb0>, '__builtins__': <module at remote 0x7ffff7f9eb08>, '__file__': 't.py', '__package__': None, '__name__': '__main__', '__doc__': None}, 
    args=args@entry=0x0, argcount=argcount@entry=0, kws=kws@entry=0x0, kwcount=kwcount@entry=0, defs=defs@entry=0x0, defcount=defcount@entry=0, closure=closure@entry=0x0)
    at /usr/src/debug/Python-2.7.5/Python/ceval.c:3640
#9  0x00007ffff7af6f42 in PyEval_EvalCode (co=co@entry=0x7ffff7f21e30, 
    globals=globals@entry={'auparse': <module at remote 0x7ffff7ed8bb0>, '__builtins__': <module at remote 0x7ffff7f9eb08>, '__file__': 't.py', '__package__': None, '__name__': '__main__', '__doc__': None}, 
    locals=locals@entry={'auparse': <module at remote 0x7ffff7ed8bb0>, '__builtins__': <module at remote 0x7ffff7f9eb08>, '__file__': 't.py', '__package__': None, '__name__': '__main__', '__doc__': None})
    at /usr/src/debug/Python-2.7.5/Python/ceval.c:689
#10 0x00007ffff7b1037f in run_mod (mod=<optimized out>, filename=filename@entry=0x7fffffffe6bb "t.py", 
    globals=globals@entry={'auparse': <module at remote 0x7ffff7ed8bb0>, '__builtins__': <module at remote 0x7ffff7f9eb08>, '__file__': 't.py', '__package__': None, '__name__': '__main__', '__doc__': None}, 
    locals=locals@entry={'auparse': <module at remote 0x7ffff7ed8bb0>, '__builtins__': <module at remote 0x7ffff7f9eb08>, '__file__': 't.py', '__package__': None, '__name__': '__main__', '__doc__': None}, 
    flags=flags@entry=0x7fffffffe290, arena=arena@entry=0x6b7e90) at /usr/src/debug/Python-2.7.5/Python/pythonrun.c:1374
[...]
Comment 2 Steve Grubb 2017-08-14 17:14:48 EDT
Should be fixed in upstream commit: ab2b97dcd52e414fd2470e4248d9f6ef65d80758

As far as I could tell, this only affected the python2 bindings.

Note You need to log in before you can comment on or make changes to this bug.