Commit c926e4f4 authored May 16, 2007 by Klaus Weidner Committed by Al Viro Jul 22, 2007

[PATCH] audit: fix broken class-based syscall audit



The sanity check in audit_match_class() is wrong.  We are able to audit
2048 syscalls but in audit_match_class() we were accidentally using
sizeof(_u32) instead of number of bits in _u32 when deciding how many
syscalls were valid.  On ia64 in particular we were hitting syscall
numbers over the (wrong) limit of 256.  Fixing the audit_match_class
check takes care of the problem.

Signed-off-by: Klaus Weidner <klaus@atsec.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

parent 5b9a4262

kernel/auditfilter.c

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -304,7 +304,7 @@ int __init audit_register_class(int class, unsigned *list)

	int audit_match_class(int class, unsigned syscall)		int audit_match_class(int class, unsigned syscall)
	{		{
	if (unlikely(syscall >= AUDIT_BITMASK_SIZE * sizeof(__u32)))		if (unlikely(syscall >= AUDIT_BITMASK_SIZE * 32))
	return 0;		return 0;
	if (unlikely(class >= AUDIT_SYSCALL_CLASSES \|\| !classes[class]))		if (unlikely(class >= AUDIT_SYSCALL_CLASSES \|\| !classes[class]))
	return 0;		return 0;