packages/audit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

change

Browse Source
This commit is contained in:
fangxiuning 2024-02-02 14:32:22 +08:00
parent c50e1aa3fb
commit c6f16f0d50
5 changed files with 661 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
audit.spec
View File

@ -2,7 +2,7 @@ Summary: User space tools for kernel auditing
Name: audit
Epoch: 1
Version: 3.0.1
Release: 13
Release: 14
License: GPLv2+ and LGPLv2+
URL: https://people.redhat.com/sgrubb/audit/
Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
@ -56,6 +56,10 @@ Patch44: backport-lib-enclose-macro-to-avoid-precedence-issues.patch
Patch45: backport-memory-allocation-updates-341.patch
Patch46: backport-lib-cast-to-unsigned-char-for-character-test-functio.patch
Patch47: backport-Make-session-id-consistently-typed-327.patch
Patch48: backport-Avoid-file-descriptor-leaks-in-multi-threaded-applic.patch
Patch49: backport-fix-the-use-of-isdigit-everywhere.patch
Patch50: backport-Fix-new-warnings-for-unused-results.patch
Patch51: backport-Change-the-first-iteration-test-so-static-analysis-b.patch
BuildRequires: gcc swig libtool systemd kernel-headers >= 2.6.29
BuildRequires: openldap-devel krb5-devel libcap-ng-devel
@ -391,6 +395,9 @@ fi
%attr(644,root,root) %{_mandir}/man8/*.8.gz
%changelog
* Fri Feb 2 2024 fangxiuning <fangxiuning@huawei.com> - 1:3.0.1-14
- backport patches from upstream
* Fri Feb 2 2024 fangxiuning <fangxiuning@huawei.com> - 1:3.0.1-13
- backport patches from upstream

119
backport-Avoid-file-descriptor-leaks-in-multi-threaded-applic.patch Normal file
View File

@ -0,0 +1,119 @@
From 2663987c5088924bce510fcf8e7891d6aae976ba Mon Sep 17 00:00:00 2001
From: cgzones <cgzones@googlemail.com>
Date: Sat, 4 Nov 2023 03:48:39 +0100
Subject: [PATCH] Avoid file descriptor leaks in multi-threaded applications
(#339)
* lib: set close-on-exec flag
libaudit may be called from a multi-threaded application.
Avoid leaking local file descriptors on a concurrent execve.
* lib: simplify SOCK_CLOEXEC
SOCK_CLOEXEC is supported since Linux 2.6.27.
Reference:https://github.com/linux-audit/audit-userspace/commit/2663987c5088924bce510fcf8e7891d6aae976ba
Conflict:lib/audit_logging.c,lib/libaudit.c,lib/netlink.c
---
lib/audit_logging.c | 2 +-
lib/libaudit.c | 10 +++++-----
lib/netlink.c | 12 +-----------
3 files changed, 7 insertions(+), 17 deletions(-)
diff --git a/lib/audit_logging.c b/lib/audit_logging.c
index a9f3257..1e521fe 100644
--- a/lib/audit_logging.c
+++ b/lib/audit_logging.c
@@ -177,7 +177,7 @@ static char *_get_commname(const char *comm, char *commname, unsigned int size)
if (comm == NULL) {
int len;
- int fd = open("/proc/self/comm", O_RDONLY);
+ int fd = open("/proc/self/comm", O_RDONLY|O_CLOEXEC);
if (fd < 0) {
strcpy(commname, "\"?\"");
return commname;
diff --git a/lib/libaudit.c b/lib/libaudit.c
index 5843ac0..eda51e8 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -220,7 +220,7 @@ static int load_libaudit_config(const char *path)
char buf[128];
/* open the file */
- rc = open(path, O_NOFOLLOW|O_RDONLY);
+ rc = open(path, O_NOFOLLOW|O_RDONLY|O_CLOEXEC);
if (rc < 0) {
if (errno != ENOENT) {
audit_msg(LOG_ERR, "Error opening %s (%s)",
@@ -260,7 +260,7 @@ static int load_libaudit_config(const char *path)
}
/* it's ok, read line by line */
- f = fdopen(fd, "rm");
+ f = fdopen(fd, "rme");
if (f == NULL) {
audit_msg(LOG_ERR, "Error - fdopen failed (%s)",
strerror(errno));
@@ -894,7 +894,7 @@ uid_t audit_getloginuid(void)
char buf[16];
errno = 0;
- in = open("/proc/self/loginuid", O_NOFOLLOW|O_RDONLY);
+ in = open("/proc/self/loginuid", O_NOFOLLOW|O_RDONLY|O_CLOEXEC);
if (in < 0)
return -1;
do {
@@ -922,7 +922,7 @@ int audit_setloginuid(uid_t uid)
errno = 0;
count = snprintf(loginuid, sizeof(loginuid), "%u", uid);
- o = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC);
+ o = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC|O_CLOEXEC);
if (o >= 0) {
int block, offset = 0;
@@ -958,7 +958,7 @@ uint32_t audit_get_session(void)
char buf[16];
errno = 0;
- in = open("/proc/self/sessionid", O_NOFOLLOW|O_RDONLY);
+ in = open("/proc/self/sessionid", O_NOFOLLOW|O_RDONLY|O_CLOEXEC);
if (in < 0)
return -2;
do {
diff --git a/lib/netlink.c b/lib/netlink.c
index 4d0670a..6168eb3 100644
--- a/lib/netlink.c
+++ b/lib/netlink.c
@@ -51,7 +51,7 @@ static int check_ack(int fd);
int audit_open(void)
{
int saved_errno;
- int fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_AUDIT);
+ int fd = socket(PF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_AUDIT);
if (fd < 0) {
saved_errno = errno;
@@ -64,16 +64,6 @@ int audit_open(void)
"Error opening audit netlink socket (%s)",
strerror(errno));
errno = saved_errno;
- return fd;
- }
- if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) {
- saved_errno = errno;
- audit_msg(LOG_ERR,
- "Error setting audit netlink socket CLOEXEC flag (%s)",
- strerror(errno));
- close(fd);
- errno = saved_errno;
- return -1;
}
return fd;
}
--
2.33.0

39
backport-Change-the-first-iteration-test-so-static-analysis-b.patch Normal file
View File

@ -0,0 +1,39 @@
From b84b007cd0ef504e8c86b8cc73646f3119ed343c Mon Sep 17 00:00:00 2001
From: Steve Grubb <ausearch.1@gmail.com>
Date: Wed, 29 Nov 2023 15:49:21 -0500
Subject: [PATCH] Change the first iteration test so static analysis better
understands the code
Reference:https://github.com/linux-audit/audit-userspace/commit/b84b007cd0ef504e8c86b8cc73646f3119ed343c
Conflict:NA
---
tools/aulast/aulast-llist.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/tools/aulast/aulast-llist.c b/tools/aulast/aulast-llist.c
index 87638ebc..d7765ba4 100644
--- a/tools/aulast/aulast-llist.c
+++ b/tools/aulast/aulast-llist.c
@@ -140,11 +140,15 @@ int list_update_logout(llist* l, time_t t, unsigned long serial)
lnode *list_delete_cur(llist *l)
{
register lnode *cur, *prev;
-
- prev = cur = l->head; /* start at the beginning */
+
+ if (l == NULL || l->head == NULL)
+ return NULL;
+
+ prev = cur = l->head; /* start at the beginning */
while (cur) {
if (cur == l->cur) {
- if (cur == prev && cur == l->head) {
+ // If the first iteration
+ if (prev == l->head && cur == l->head) {
l->head = cur->next;
l->cur = cur->next;
free((void *)cur->name);
--
2.33.0

107
backport-Fix-new-warnings-for-unused-results.patch Normal file
View File

@ -0,0 +1,107 @@
From a4e8b7e18f249fe5decdd2fe748a5068ffeaee57 Mon Sep 17 00:00:00 2001
From: Steve Grubb <ausearch.1@gmail.com>
Date: Mon, 20 Nov 2023 16:37:46 -0500
Subject: [PATCH] Fix new warnings for unused results
Reference:https://github.com/linux-audit/audit-userspace/commit/a4e8b7e18f249fe5decdd2fe748a5068ffeaee57
Conflict:audisp/plugins/ids/ids.c
---
audisp/plugins/ids/ids.c | 5 +++--
audisp/plugins/ids/ids.h | 2 +-
audisp/plugins/statsd/audisp-statsd.c | 4 ++--
lib/libaudit.c | 3 ++-
lib/netlink.c | 3 ++-
src/auditd.c | 3 ++-
6 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/audisp/plugins/ids/ids.c b/audisp/plugins/ids/ids.c
index f9f312d..8fe3699 100644
--- a/audisp/plugins/ids/ids.c
+++ b/audisp/plugins/ids/ids.c
@@ -91,9 +91,10 @@ static void destroy_audit(void)
audit_close(audit_fd);
}
-void log_audit_event(int type, const char *text, int res)
+int log_audit_event(int type, const char *text, int res)
{
- audit_log_user_message(audit_fd, type, text, NULL, NULL, NULL, res);
+ return audit_log_user_message(audit_fd, type, text,
+ NULL, NULL, NULL, res);
}
diff --git a/audisp/plugins/ids/ids.h b/audisp/plugins/ids/ids.h
index eb1d83c..2cf13b6 100644
--- a/audisp/plugins/ids/ids.h
+++ b/audisp/plugins/ids/ids.h
@@ -14,6 +14,6 @@
extern int debug;
extern void my_printf(const char *fmt, ...)
__attribute__ (( format(printf, 1, 2) ));
-extern void log_audit_event(int type, const char *text, int res);
+extern int log_audit_event(int type, const char *text, int res);
#endif
diff --git a/audisp/plugins/statsd/audisp-statsd.c b/audisp/plugins/statsd/audisp-statsd.c
index e562afa..934db5c 100644
--- a/audisp/plugins/statsd/audisp-statsd.c
+++ b/audisp/plugins/statsd/audisp-statsd.c
@@ -216,9 +216,9 @@ static void get_kernel_status(void)
struct audit_reply rep;
audit_request_status(audit_fd);
- audit_get_reply(audit_fd, &rep, GET_REPLY_BLOCKING, 0);
+ int rc = audit_get_reply(audit_fd, &rep, GET_REPLY_BLOCKING, 0);
- if (rep.type == AUDIT_GET) {
+ if (rc > 0 && rep.type == AUDIT_GET) {
// add info to global audit event struct
r.lost = rep.status->lost;
r.backlog = rep.status->backlog;
diff --git a/lib/libaudit.c b/lib/libaudit.c
index eda51e8..86c333c 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -467,7 +467,8 @@ int audit_set_pid(int fd, uint32_t pid, rep_wait_t wmode)
rc = poll(pfd, 1, 100); /* .1 second */
} while (rc < 0 && errno == EINTR);
- (void)audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0);
+ if (audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0))
+ ; // intentionally empty
return 1;
}
diff --git a/lib/netlink.c b/lib/netlink.c
index 4d0670a..9b438b8 100644
--- a/lib/netlink.c
+++ b/lib/netlink.c
@@ -300,7 +300,8 @@ retry:
else if (rc > 0 && rep.type == NLMSG_ERROR) {
int error = rep.error->error;
/* Eat the message */
- (void)audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0);
+ if (audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0))
+ ; // intentionally empty
/* NLMSG_ERROR can indicate success, only report nonzero */
if (error) {
diff --git a/src/auditd.c b/src/auditd.c
index 8ab2fe1..5cb4394 100644
--- a/src/auditd.c
+++ b/src/auditd.c
@@ -1152,7 +1152,8 @@ static void clean_exit(void)
audit_msg(LOG_INFO, "The audit daemon is exiting.");
if (fd >= 0) {
if (!opt_aggregate_only)
- audit_set_pid(fd, 0, WAIT_NO);
+ if (audit_set_pid(fd, 0, WAIT_NO))
+ ; // intentionally empty
audit_close(fd);
}
if (pidfile)
--
2.33.0

388
backport-fix-the-use-of-isdigit-everywhere.patch Normal file
View File

@ -0,0 +1,388 @@
From 149a3464ef35fbaa98c57e2775a7a4ab20c2ee75 Mon Sep 17 00:00:00 2001
From: Steve Grubb <ausearch.1@gmail.com>
Date: Sun, 5 Nov 2023 14:24:49 -0500
Subject: [PATCH] fix the use of isdigit everywhere
Reference:https://github.com/linux-audit/audit-userspace/commit/149a3464ef35fbaa98c57e2775a7a4ab20c2ee75
Conflict:audisp/plugins/af_unix/audisp-af_unix.c,src/ausearch-options.c
---
audisp/plugins/ids/ids_config.c | 2 +-
audisp/plugins/remote/remote-config.c | 2 +-
audisp/plugins/zos-remote/zos-remote-config.c | 6 ++--
auparse/auditd-config.c | 2 +-
auparse/interpret.c | 6 ++--
src/auditctl.c | 6 ++--
src/aureport-options.c | 4 +--
src/aureport-output.c | 2 +-
src/ausearch-options.c | 36 +++++++++----------
src/ausearch-parse.c | 2 +-
tools/ausyscall/ausyscall.c | 4 +--
11 files changed, 36 insertions(+), 36 deletions(-)
diff --git a/audisp/plugins/ids/ids_config.c b/audisp/plugins/ids/ids_config.c
index 4da5ca9..f773794 100644
--- a/audisp/plugins/ids/ids_config.c
+++ b/audisp/plugins/ids/ids_config.c
@@ -345,7 +345,7 @@ static int unsigned_int_parser(struct nv_pair *nv, int line, unsigned int *val)
/* check that all chars are numbers */
for (i=0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
+ if (!isdigit((unsigned char)ptr[i])) {
syslog(LOG_ERR,
"Value %s should only be numbers - line %d",
nv->value, line);
diff --git a/audisp/plugins/remote/remote-config.c b/audisp/plugins/remote/remote-config.c
index 7d80752..1f05cdd 100644
--- a/audisp/plugins/remote/remote-config.c
+++ b/audisp/plugins/remote/remote-config.c
@@ -484,7 +484,7 @@ static int parse_uint (const struct nv_pair *nv, int line, unsigned int *valp,
/* check that all chars are numbers */
for (i=0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
+ if (!isdigit((unsigned char)ptr[i])) {
syslog(LOG_ERR,
"Value %s should only be numbers - line %d",
nv->value, line);
diff --git a/audisp/plugins/zos-remote/zos-remote-config.c b/audisp/plugins/zos-remote/zos-remote-config.c
index b92dc77..2f7e42f 100644
--- a/audisp/plugins/zos-remote/zos-remote-config.c
+++ b/audisp/plugins/zos-remote/zos-remote-config.c
@@ -301,7 +301,7 @@ static int port_parser(struct nv_pair *nv, int line, plugin_conf_t * c)
/* check that all chars are numbers */
for (i = 0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
+ if (!isdigit((unsigned char)ptr[i])) {
log_err("Value %s should only be numbers - line %d", nv->value, line);
return 1;
}
@@ -327,7 +327,7 @@ static int timeout_parser(struct nv_pair *nv, int line, plugin_conf_t * c)
/* check that all chars are numbers */
for (i = 0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
+ if (!isdigit((unsigned char)ptr[i])) {
log_err("Value %s should only be numbers - line %d", nv->value, line);
return 1;
}
@@ -376,7 +376,7 @@ static int q_depth_parser(struct nv_pair *nv, int line, plugin_conf_t * c)
/* check that all chars are numbers */
for (i = 0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
+ if (!isdigit((unsigned char)ptr[i])) {
log_err("Value %s should only be numbers - line %d", nv->value, line);
return 1;
}
diff --git a/auparse/auditd-config.c b/auparse/auditd-config.c
index bdb9cf8..d0fa746 100644
--- a/auparse/auditd-config.c
+++ b/auparse/auditd-config.c
@@ -341,7 +341,7 @@ static int eoe_timeout_parser(auparse_state_t *au, const char *val, int line,
/* check that all chars are numbers */
for (i=0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
+ if (!isdigit((unsigned char)ptr[i])) {
audit_msg(au, LOG_ERR,
"Value %s should only be numbers - line %d",
val, line);
diff --git a/auparse/interpret.c b/auparse/interpret.c
index 84c41ea..cc03a15 100644
--- a/auparse/interpret.c
+++ b/auparse/interpret.c
@@ -321,7 +321,7 @@ static void key_escape(const char *orig, char *dest, auparse_esc_t escape_mode)
static int is_int_string(const char *str)
{
while (*str) {
- if (!isdigit(*str))
+ if (!isdigit((unsigned char)*str))
return 0;
str++;
}
@@ -1381,7 +1381,7 @@ static const char *print_success(const char *val)
{
int res;
- if (isdigit(*val)) {
+ if (isdigit((unsigned char)*val)) {
errno = 0;
res = strtoul(val, NULL, 10);
if (errno) {
@@ -2185,7 +2185,7 @@ static const char *print_fanotify(const char *val)
{
int res;
- if (isdigit(*val)) {
+ if (isdigit((unsigned char)*val)) {
errno = 0;
res = strtoul(val, NULL, 10);
if (errno) {
diff --git a/src/auditctl.c b/src/auditctl.c
index 1eb424c..778b374 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -631,7 +631,7 @@ static int setopt(int count, int lineno, char *vars[])
}
break;
case 'r':
- if (optarg && isdigit(optarg[0])) {
+ if (optarg && isdigit((unsigned char)optarg[0])) {
uint32_t rate;
errno = 0;
rate = strtoul(optarg,NULL,0);
@@ -650,7 +650,7 @@ static int setopt(int count, int lineno, char *vars[])
}
break;
case 'b':
- if (optarg && isdigit(optarg[0])) {
+ if (optarg && isdigit((unsigned char)optarg[0])) {
uint32_t limit;
errno = 0;
limit = strtoul(optarg,NULL,0);
@@ -1061,7 +1061,7 @@ process_keys:
case 2:
#if HAVE_DECL_AUDIT_VERSION_BACKLOG_WAIT_TIME == 1 || \
HAVE_DECL_AUDIT_STATUS_BACKLOG_WAIT_TIME == 1
- if (optarg && isdigit(optarg[0])) {
+ if (optarg && isdigit((unsigned char)optarg[0])) {
uint32_t bwt;
errno = 0;
bwt = strtoul(optarg,NULL,0);
diff --git a/src/aureport-options.c b/src/aureport-options.c
index 7a8d92a..7264d5e 100644
--- a/src/aureport-options.c
+++ b/src/aureport-options.c
@@ -384,7 +384,7 @@ int check_params(int count, char *vars[])
// } else {
// UNIMPLEMENTED;
// set_detail(D_SPECIFIC);
-// if (isdigit(optarg[0])) {
+// if (isdigit((unsigned char)optarg[0])) {
// errno = 0;
// event_id = strtoul(optarg,
// NULL, 10);
@@ -763,7 +763,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
arg_eoe_timeout = (time_t)strtoul(optarg, NULL, 10);
if (errno || arg_eoe_timeout == 0) {
diff --git a/src/aureport-output.c b/src/aureport-output.c
index a635d53..27a2ce2 100644
--- a/src/aureport-output.c
+++ b/src/aureport-output.c
@@ -976,7 +976,7 @@ static void do_user_summary_output(slist *sptr)
long uid;
char name[64];
- if (sn->str[0] == '-' || isdigit(sn->str[0])) {
+ if (sn->str[0] == '-' || isdigit((unsigned char)sn->str[0])) {
uid = strtol(sn->str, NULL, 10);
printf("%u ", sn->hits);
safe_print_string(aulookup_uid(uid, name,
diff --git a/src/ausearch-options.c b/src/ausearch-options.c
index eff0596..aa13590 100644
--- a/src/ausearch-options.c
+++ b/src/ausearch-options.c
@@ -253,7 +253,7 @@ static int convert_str_to_msg(const char *optarg)
{
int tmp, retval = 0;
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
tmp = strtoul(optarg, NULL, 10);
if (errno) {
@@ -335,7 +335,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_id = strtoul(optarg, NULL, 10);
if (errno) {
@@ -357,7 +357,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
arg_eoe_timeout = (time_t)strtoul(optarg, NULL, 10);
if (errno || arg_eoe_timeout == 0) {
@@ -463,7 +463,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_gid = strtoul(optarg,NULL,10);
if (errno) {
@@ -497,7 +497,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_egid = strtoul(optarg,NULL,10);
if (errno) {
@@ -529,7 +529,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_gid = strtoul(optarg,NULL,10);
if (errno) {
@@ -648,7 +648,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_ppid = strtol(optarg,NULL,10);
if (errno)
@@ -669,7 +669,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_pid = strtol(optarg,NULL,10);
if (errno)
@@ -787,7 +787,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_syscall = (int)strtoul(optarg, NULL, 10);
if (errno) {
@@ -886,7 +886,7 @@ int check_params(int count, char *vars[])
}
{
size_t len = strlen(optarg);
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
unsigned long optval = strtoul(optarg,NULL,10);
if (errno || optval >= (1ul << 32))
@@ -894,7 +894,7 @@ int check_params(int count, char *vars[])
event_session_id = optval;
c++;
} else if (len >= 2 && *(optarg)=='-' &&
- (isdigit(optarg[1]))) {
+ (isdigit((unsigned char)optarg[1]))) {
errno = 0;
long optval = strtol(optarg, NULL, 0);
if (errno || optval < INT_MIN || optval > INT_MAX) {
@@ -926,7 +926,7 @@ int check_params(int count, char *vars[])
}
{
size_t len = strlen(optarg);
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_exit = strtoll(optarg, NULL, 0);
if (errno) {
@@ -935,7 +935,7 @@ int check_params(int count, char *vars[])
optarg);
}
} else if (len >= 2 && *(optarg)=='-' &&
- (isdigit(optarg[1]))) {
+ (isdigit((unsigned char)optarg[1]))) {
errno = 0;
event_exit = strtoll(optarg, NULL, 0);
if (errno) {
@@ -1067,7 +1067,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_uid = strtoul(optarg,NULL,10);
if (errno) {
@@ -1100,7 +1100,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_euid = strtoul(optarg,NULL,10);
if (errno) {
@@ -1133,7 +1133,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_uid = strtoul(optarg,NULL,10);
if (errno) {
@@ -1177,7 +1177,7 @@ int check_params(int count, char *vars[])
}
{
size_t len = strlen(optarg);
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_loginuid = strtoul(optarg,NULL,10);
if (errno) {
@@ -1187,7 +1187,7 @@ int check_params(int count, char *vars[])
retval = -1;
}
} else if (len >= 2 && *(optarg)=='-' &&
- (isdigit(optarg[1]))) {
+ (isdigit((unsigned char)optarg[1]))) {
errno = 0;
event_loginuid = strtol(optarg, NULL, 0);
if (errno) {
diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
index 7ee7bd4..f34e21d 100644
--- a/src/ausearch-parse.c
+++ b/src/ausearch-parse.c
@@ -1115,7 +1115,7 @@ try_again:
return 25;
ptr = str + 4;
term = ptr;
- while (isdigit(*term))
+ while (isdigit((unsigned char)*term))
term++;
if (term == ptr)
return 14;
diff --git a/tools/ausyscall/ausyscall.c b/tools/ausyscall/ausyscall.c
index 206e9ff..2ef4ad1 100644
--- a/tools/ausyscall/ausyscall.c
+++ b/tools/ausyscall/ausyscall.c
@@ -47,9 +47,9 @@ int main(int argc, char *argv[])
usage();
} else if (argc < 2)
usage();
-
+
for (i=1; i<argc; i++) {
- if (isdigit(argv[i][0])) {
+ if (isdigit((unsigned char)argv[i][0])) {
if (syscall_num != -1) {
fputs("Two syscall numbers not allowed\n",
stderr);
--
2.33.0