• Richard Guy Briggs's avatar
    audit: set nlmsg_len for multicast messages. · 54e05edd
    Richard Guy Briggs authored
    Report:
    	Looking at your example code in
    	http://people.redhat.com/rbriggs/audit-multicast-listen/audit-multicast-listen.c,
    	it seems that nlmsg_len field in the received messages is supposed to
    	contain the length of the header + payload, but it is always set to the
    	size of the header only, i.e. 16. The example program works, because
    	the printf format specifies the minimum width, not "precision", so it
    	simply prints out the payload until the first zero byte. This isn't too
    	much of a problem, but precludes the use of recvmmsg, iiuc?
    
    	(gdb) p *(struct nlmsghdr*)nlh
    	$14 = {nlmsg_len = 16, nlmsg_type = 1100, nlmsg_flags = 0, nlmsg_seq = 0, nlmsg_pid = 9910}
    
    The only time nlmsg_len would have been updated was at audit_buffer_alloc()
    inside audit_log_start() and never updated after.  It should arguably be done
    in audit_log_vformat(), but would be more efficient in audit_log_end().
    Reported-by: default avatarZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
    Signed-off-by: default avatarRichard Guy Briggs <rgb@redhat.com>
    54e05edd
audit.c 52.7 KB