packages/audit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
audit/backport-Cleanup-gssapi-code.patch
huangzq6 215a896d41 backport some patch for audit
2022-12-28 10:53:05 +08:00

68 lines
2.1 KiB
Diff
Raw Blame History

From ff0b0a11497fe9360e3aaa448c8744955f8c0fc9 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Fri, 15 Jul 2022 16:09:10 -0400
Subject: Cleanup gssapi code
---
src/auditd-listen.c | 28 ++++++++++++++++++----------
1 file changed, 18 insertions(+), 10 deletions(-)
diff --git a/src/auditd-listen.c b/src/auditd-listen.c
index 34a142a..61a3480 100644
--- a/src/auditd-listen.c
+++ b/src/auditd-listen.c
@@ -414,10 +414,9 @@ static int negotiate_credentials(ev_tcp *io)
GSS_C_NO_CHANNEL_BINDINGS, &client,
NULL, &send_tok, &sess_flags,
NULL, NULL);
- if (recv_tok.value) {
- free(recv_tok.value);
- recv_tok.value = NULL;
- }
+ if (recv_tok.value)
+ gss_release_buffer(&min_stat, &recv_tok);
+
if (maj_stat != GSS_S_COMPLETE
&& maj_stat != GSS_S_CONTINUE_NEEDED) {
gss_release_buffer(&min_stat, &send_tok);
@@ -441,6 +440,7 @@ static int negotiate_credentials(ev_tcp *io)
if (*context != GSS_C_NO_CONTEXT)
gss_delete_sec_context(&min_stat,
context, GSS_C_NO_BUFFER);
+ gss_release_name(&min_stat, &client);
return -1;
}
gss_release_buffer(&min_stat, &send_tok);
@@ -455,14 +455,22 @@ static int negotiate_credentials(ev_tcp *io)
return -1;
}
- audit_msg(LOG_INFO, "GSS-API Accepted connection from: %s",
- (char *)recv_tok.value);
- io->remote_name = strdup(recv_tok.value);
- io->remote_name_len = strlen(recv_tok.value);
+ if (asprintf(&io->remote_name, "%.*s", (int)recv_tok.length,
+ (char *)recv_tok.value) < 0) {
+ io->remote_name = strdup("?");
+ io->remote_name_len = 1;
+ } else
+ io->remote_name_len = recv_tok.length;
+
+ audit_msg(LOG_INFO, "GSS-API Accepted connection from: %s",
+ io->remote_name);
gss_release_buffer(&min_stat, &recv_tok);
- slashptr = strchr(io->remote_name, '/');
- atptr = strchr(io->remote_name, '@');
+ if (io->remote_name) {
+ slashptr = strchr(io->remote_name, '/');
+ atptr = strchr(io->remote_name, '@');
+ } else
+ slashptr = NULL;
if (!slashptr || !atptr) {
audit_msg(LOG_ERR, "Invalid GSS name from remote client: %s",
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink