* A memory leak problem when the the ”log_format = NOLOG“ is set in auditd.conf
@ 2014-08-21 13:32 崔捷
2014-08-21 19:51 ` Steve Grubb
0 siblings, 1 reply; 2+ messages in thread
From: 崔捷 @ 2014-08-21 13:32 UTC (permalink / raw)
To: linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 1712 bytes --]
Hello,
I found a memory leak problem when the the ”log_format = NOLOG“ is set in
auditd.conf.
See the code in function "void enqueue_event(struct auditd_reply_list
*rep)" in "/src/auditd-event.c",
If it comes into the case LF_NOLOG, then there is no chance to free the
rep->reply.message because it returns so that the message cannot be
dequeued in function "static void *event_thread_main(void *arg) " to free
it.
The same problem may occurs in case "default:" below the case LF_NOLOG.
When the message type is between AUDIT_FIRST_DAEMON and AUDIT_LAST_DAEMON,
the rep->reply.message will be malloced in function "int
send_audit_event(int type, const char *str)" in "/src/auditd.c".
So I write a patch below, but I'm not sure whether this is the correct way
to submit a patch because this is my first submmition. So please tell me if
I'm wrong.
--- a/src/auditd-event.c
+++ b/src/auditd-event.c
@@ -172,6 +172,11 @@ void enqueue_event(struct auditd_reply_list *rep)
case LF_NOLOG:
// We need the rotate event to get enqueued
if (rep->reply.type != AUDIT_DAEMON_ROTATE ) {
+ /* Internal DAEMON messages should be free'd */
+ if (rep->reply.type >= AUDIT_FIRST_DAEMON &&
+ rep->reply.type <= AUDIT_LAST_DAEMON) {
+ free((void *)rep->reply.message);
+ }
free(rep);
return;
}
@@ -180,6 +185,11 @@ void enqueue_event(struct auditd_reply_list *rep)
audit_msg(LOG_ERR,
"Illegal log format detected %d",
consumer_data.config->log_format);
+ /* Internal DAEMON messages should be free'd */
+ if (rep->reply.type >= AUDIT_FIRST_DAEMON &&
+ rep->reply.type <= AUDIT_LAST_DAEMON) {
+ free((void *)rep->reply.message);
+ }
free(rep);
return;
}
[-- Attachment #1.2: Type: text/html, Size: 3405 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: A memory leak problem when the the ”log_format = NOLOG“ is set in auditd.conf
2014-08-21 13:32 A memory leak problem when the the ”log_format = NOLOG“ is set in auditd.conf 崔捷
@ 2014-08-21 19:51 ` Steve Grubb
0 siblings, 0 replies; 2+ messages in thread
From: Steve Grubb @ 2014-08-21 19:51 UTC (permalink / raw)
To: linux-audit
On Thursday, August 21, 2014 09:32:16 PM 崔捷 wrote:
> I found a memory leak problem when the the ”log_format = NOLOG“ is set in
> auditd.conf.
Yes, it does look like a leak. This is fixed in commit #1000. Thanks!
-Steve
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-08-21 19:51 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-08-21 13:32 A memory leak problem when the the ”log_format = NOLOG“ is set in auditd.conf 崔捷
2014-08-21 19:51 ` Steve Grubb
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.