Changeset 516


Ignore:
Timestamp:
Oct 31, 2016, 8:31:24 PM (8 years ago)
Author:
katerina
Message:

Fix for ticket #409 and #410 (unprivileged suidcheck and gcc 6.2 compiler warnings).

Location:
trunk
Files:
13 edited

Legend:

Unmodified
Added
Removed
  • trunk/configure.ac

    r511 r516  
    1212dnl start
    1313dnl
    14 AM_INIT_AUTOMAKE(samhain, 4.1.6)
     14AM_INIT_AUTOMAKE(samhain, 4.2.0)
    1515AC_DEFINE([SAMHAIN], 1, [Application is samhain])
    1616AC_CANONICAL_HOST
  • trunk/docs/Changelog

    r515 r516  
    114.2.0:
     2        * fix handle tracefs (permission for stat denied) when running
     3        suidcheck without root privilege (for testing)
     4        * fix compiler warnings on gcc 6.2
    25        * fix incorrect mandir option in Install.sh (reported by David)
    36        * add option 'SetAuditdFlags = r|w|x|a' to (re-)define flags supplied
  • trunk/src/dnmalloc.c

    r481 r516  
    52965296{
    52975297  mstate av = get_malloc_state();
    5298   struct mallinfo mi;
     5298  static struct mallinfo mi;
    52995299  unsigned int i;
    53005300  mbinptr b;
     
    53125312  check_malloc_state();
    53135313
     5314  if (!av || av->top == 0) {
     5315    return mi;
     5316  }
     5317 
    53145318  /* Account for top */
    53155319  avail = chunksize(av->top);
     
    53625366          (CHUNK_SIZE_T)(HASHTABLESIZE / (1024*1024)));
    53635367  fprintf(stderr, "max system bytes = %10lu\n",
    5364           (CHUNK_SIZE_T)(mi.usmblks));
     5368          (CHUNK_SIZE_T)(mi.usmblks));
    53655369  fprintf(stderr, "system bytes     = %10lu  (%10lu sbrked, %10lu mmaped)\n",
    5366           (CHUNK_SIZE_T)(mi.arena + mi.hblkhd),
    5367           (CHUNK_SIZE_T)(mi.arena),
    5368           (CHUNK_SIZE_T)(mi.hblkhd));
     5370          (CHUNK_SIZE_T)(mi.arena + mi.hblkhd),
     5371          (CHUNK_SIZE_T)(mi.arena),
     5372          (CHUNK_SIZE_T)(mi.hblkhd));
    53695373  fprintf(stderr, "in use bytes     = %10lu\n",
    5370           (CHUNK_SIZE_T)(mi.uordblks + mi.hblkhd));
    5371 
     5374          (CHUNK_SIZE_T)(mi.uordblks + mi.hblkhd));
    53725375}
    53735376
  • trunk/src/sh_audit.c

    r514 r516  
    415415/* Check whether it is already covered by a higher directory
    416416 */
    417 static int test_exchange (struct aud_list * this, char * file)
     417static int test_exchange (struct aud_list * this, const char * file)
    418418{
    419419  size_t len0 = sl_strlen(this->file);
     
    421421  int    ret  = -1;
    422422
     423  if (!file || !this || !this->file)
     424    return 0;
     425 
    423426  if (len0 == len1)
    424427    {
  • trunk/src/sh_err_log.c

    r481 r516  
    12841284              status = sl_forward(fd);
    12851285              if (!SL_ISERROR(status))
    1286                 status = sl_write (fd, report,  strlen(report));
     1286                sl_write (fd, report,  strlen(report));
    12871287              (void) sl_sync(fd);
    12881288
  • trunk/src/sh_files.c

    r505 r516  
    622622  size_t       l_name;
    623623  char *       candidate = NULL;
    624   size_t       l_candidate = 0;
     624  volatile size_t       l_candidate = 0;
    625625 
    626626  if (NULL == tree)
     
    20462046#endif
    20472047
    2048 static void * sh_dummy_dirlist;
    2049 static void * sh_dummy_tmpcat;
     2048void * sh_dummy_dirlist;
     2049void * sh_dummy_tmpcat;
    20502050
    20512051/* -- Check a single directory and its content. Does not
  • trunk/src/sh_hash.c

    r514 r516  
    12551255sh_file_t * sh_hash_push_int (file_type * buf, char * fileHash)
    12561256{
    1257   sh_file_t    * fp;
     1257  sh_file_t    * fp = NULL;
    12581258  sh_filestore_t p;
    12591259
     
    12661266  SL_ENTER(_("sh_hash_push_int"));
    12671267
     1268  if (!buf)
     1269    SL_RETURN(NULL, _("sh_hash_push_int"));
     1270   
    12681271  fp = SH_ALLOC(sizeof(sh_file_t));
    12691272
     
    18071810  int         retval = 0;
    18081811
     1812  if (!theFile)
     1813    return retval;
     1814 
    18091815  if (S_FALSE == sh_ignore_chk_new(theFile->fullpath))
    18101816    {
     
    18991905  SL_ENTER(_("sh_hash_compdata"));
    19001906
    1901   if (IsInit != 1) sh_hash_init();
     1907  if (!theFile)
     1908    SL_RETURN(0, _("sh_hash_compdata"));
     1909
     1910 if (IsInit != 1) sh_hash_init();
    19021911
    19031912  if (severity_override < 0)
  • trunk/src/sh_log_repeat.c

    r272 r516  
    5959#define SH_CLEANUP 256
    6060
     61void * sh_dummy_g_array     = NULL;
     62
    6163static struct gestalt * add_entry (unsigned char * flags, UINT16 * sum,
    6264                                   time_t ltime)
     
    6466  struct gestalt * array = NULL;
    6567
     68  sh_dummy_g_array = (void*) &array;
     69 
    6670 start:
    6771  if (urec < nrec)
     
    165169      struct gestalt * array = arec;
    166170
     171      sh_dummy_g_array = (void*) &array;
     172     
    167173      memcpy(flint, flags, SH_NFIELDS);
    168174
  • trunk/src/sh_mem.c

    r489 r516  
    318318}
    319319
    320 static void ** sh_mem_dummy_a;
    321 static memlist_t ** sh_mem_merr_3;
     320void ** sh_mem_dummy_a;
     321memlist_t ** sh_mem_merr_3;
    322322
    323323void sh_mem_free (void * aa, char * file, int line)
  • trunk/src/sh_portcheck.c

    r511 r516  
    18081808static int iface_comp (const void *a, const void *b)
    18091809{
    1810   const struct portchk_interfaces * aa = (struct portchk_interfaces *) a;
    1811   const struct portchk_interfaces * bb = (struct portchk_interfaces *) b;
     1810  const struct portchk_interfaces * aa = (const struct portchk_interfaces *) a;
     1811  const struct portchk_interfaces * bb = (const struct portchk_interfaces *) b;
    18121812  return (aa->type - bb->type);
    18131813}
  • trunk/src/sh_string.c

    r484 r516  
    644644              len = (size_t) tlen;
    645645
    646               if (tlen > 0 && r->siz > (r->len + len))
     646              if (tlen > 0 && r->siz > (r->len + len) &&
     647                  &(s->str[ovector[last]]) )
    647648                {
    648649                  memcpy(p, &(s->str[ovector[last]]), (size_t)len);
     
    675676            {
    676677              len = (size_t)tlen;
    677               if (r->siz >= (r->len + len)) {
     678              if (r->siz >= (r->len + len) &&
     679                  &(s->str[ovector[2*i -1]]) ) {
    678680                memcpy(p, &(s->str[ovector[2*i -1]]), (size_t)len);
    679681                p += (len - 1);
  • trunk/src/sh_suidchk.c

    r483 r516  
    997997 * by longjmp' warning. And no, 'volatile' proved insufficient.
    998998 */
    999 static void * sh_dummy_dirlist = NULL;
    1000 static void * sh_dummy_itmp    = NULL;
     999void * sh_dummy_idirlist = NULL;
     1000void * sh_dummy_itmp     = NULL;
    10011001
    10021002
     
    10281028   * Avoids the 'clobbered by longjmp' warning.
    10291029   */
    1030   sh_dummy_dirlist = (void*) &dirlist;
    1031   sh_dummy_itmp    = (void*) &tmp;
     1030  sh_dummy_idirlist = (void*) &dirlist;
     1031  sh_dummy_itmp     = (void*) &tmp;
    10321032
    10331033  if (iname == NULL)
     
    11461146                                    ShSuidchkFps) , 0);
    11471147      }
    1148              
     1148
    11491149    status = (int) retry_lstat(FIL__, __LINE__, tmpcat, &buf);
    11501150
     
    11861186             */
    11871187            fs = filesystem_type (tmpcat, tmpcat, &buf);
     1188
    11881189            if (fs != NULL
    11891190#ifndef SH_SUIDTESTDIR
     
    15201521  status = sh_suidchk_check_internal (SH_SUIDTESTDIR);
    15211522#else
     1523  #error
    15221524  status = sh_suidchk_check_internal ("/");
    15231525#endif
     
    22112213  current_dev = statp->st_dev;
    22122214  current_fstype = filesystem_type_uncached (path, relpath, statp);
     2215 
    22132216  return current_fstype;
    22142217}
     
    22322235#endif
    22332236
    2234 #ifdef FSTYPE_MNTENT            /* 4.3BSD, SunOS, HP-UX, Dynix, Irix.  */
     2237#ifdef FSTYPE_MNTENT            /* 4.3BSD, SunOS, HP-UX, Dynix, Irix,Linux  */
    22352238  char *table = MOUNTED;
    22362239  FILE *mfp;
     
    22942297              volatile int  elevel = SH_ERR_ERR;
    22952298              size_t tlen = strlen(mnt->mnt_dir);
    2296 
     2299             
    22972300              if (tlen >= 6 && 0 == strcmp(&((mnt->mnt_dir)[tlen-6]), _("/.gvfs")))
    22982301                elevel = SH_ERR_NOTICE;
    22992302              else if (tlen >= 5 && 0 == strcmp(&((mnt->mnt_dir)[tlen-5]), _("/gvfs")))
    23002303                elevel = SH_ERR_NOTICE;
    2301 
     2304              else if (0 == strcmp (mnt->mnt_type, _("tracefs")))
     2305                elevel = SH_ERR_NOTICE;
     2306             
    23022307              sl_snprintf(errmsg, sizeof(errmsg), _("stat(%s) failed"),
    23032308                          mnt->mnt_dir);
     
    23072312                               _("filesystem_type_uncached") );
    23082313              SH_MUTEX_UNLOCK(mutex_thread_nolog);
    2309               return NULL;
     2314              continue;
    23102315            }
    23112316          dev = disk_stats.st_dev;
  • trunk/src/sh_unix.c

    r513 r516  
    37923792
    37933793static void * sh_dummy_filename;
    3794 static void * sh_dummy_tmp;
    3795 static void * sh_dummy_tmp2;
     3794void * sh_dummy_tmp;
     3795void * sh_dummy_tmp2;
    37963796
    37973797int sh_unix_getinfo (int level, const char * filename, file_type * theFile,
Note: See TracChangeset for help on using the changeset viewer.