Thank you! I spotted that when I started using AIDE:
https://mailman.cs.tut.fi/pipermail/aide/2007-May/000818.html But nobody ever replied to my question about which was the correct behavior. I've since had to advise others not to use regexp special characters in equals lines: https://mailman.cs.tut.fi/pipermail/aide/2007-October/000864.html So yes, I'd like to see the bug reported and fixed (though I have yet to review your patch carefully). --Robby On Dec 19, 2007, at 19:54, Brian De Wolf wrote: > Greetings, > > We were recently upgrading packages and we moved from 0.10 to > 0.13.1 of AIDE. Unfortunately, our matching stopped working > correctly after this upgrade. The equals matches would not match, > leaving us with directories and files that reported changes that we > were not concerned about. > > I have tracked this issue down to a patch that was applied for a > bug that didn't fix the issue it encountered correctly. This was > between CVS revisions 1.6 and 1.7. The bug that is related is at > http://sourceforge.net/tracker/index.php? > func=detail&aid=984424&group_id=86976&atid=581581 also known as bug > 984424. > > Now, the original issue certainly is an actual bug. During the > check_node_for_match recursion, the equals list was checked for > every parent node, rather than being checked only on the first > node. However, Zhi Wen Wong's fix did not remove these checks. > Instead, when one was matched as a regex, he made it also do a > string comparison of the file and the regex, without the '^'. Of > course, as is in all of the examples, equal matches are recommended > to have '$' at the end. Since it seemed like a good idea we did > this for all of our equal matches and, as you can guess, all of our > equal matches failed to match after we upgraded. > > Basically, instead of removing the erroneous checks, he converted > equal checks into string comparisons which causes all equal checks > in parent nodes to fail. (it is impossible for a match in /var to > pass a string comparison with a file in /var/log/, since if it > would match a string comparison it should have been in the /var/ > log/ node.) > > I have written a patch that removes the string comparison code (so > equal matches can be regexes like they're supposed to be) and fixes > the check_node_for_match functionality to match that of the pseudo- > code listed in the 0.13 manual. This allows equal matches to work > correctly. I have attached this patch. > > Should I also make a bug in the sourceforge tracker? > > Thanks! > Brian De Wolf > --- src/gen_list.c.orig 2007-12-19 15:37:13.000000000 -0800 > +++ src/gen_list.c 2007-12-19 16:19:43.000000000 -0800 > @@ -732,33 +732,6 @@ > return retval; > } > > -//this is used to check if $text if equal to a node in $rxrlist > -//should be used to check equ_rx_lst only > -int check_list_for_equal(list* rxrlist,char* text,DB_ATTR_TYPE* attr) > -{ > - list* r=NULL; > - int retval=1; > - char *temp; > - > - for(r=rxrlist;r;r=r->next){ > - temp=((rx_rule*)r->data)->rx; > - > - //FIXME, if rx not begin with ^, may need to do something else > - if(temp[0]=='^') //^ is for reg exp, we can ignore this character > - temp++; > - > - //we don't need to worry about buff-overflow, so strcmp is safe > - if((retval=strcmp(temp, text))==0){ > - *attr=((rx_rule*)r->data)->attr; > - error(231,"\"%s\" matches string from line #%ld: %s\n",text, > ((rx_rule*)r->data)->conf_lineno,((rx_rule*)r->data)->rx); > - break; > - } else { > - error(231,"\"%s\" doesn't match string from line #%ld: %s > \n",text,((rx_rule*)r->data)->conf_lineno,((rx_rule*)r->data)->rx); > - } > - } > - return retval; > -} > - > /* > * Function check_node_for_match() > * calls itself recursively to go to the top and then back down. > @@ -783,35 +756,24 @@ > return retval; > } > > - /* We need this to check whether this was the first one * > - * to be called and not a recursive call */ > - if(!((retval&16)==16)){ > - retval|=16; > + /* if this call is not recursive we check the equals list and we > set top * > + * and retval so we know following calls are recursive */ > + if(!(retval&16)){ > top=1; > - } else { > - top=0; > - } > - > - /* if no deeper match found */ > - if(!((retval&8)==8)&&!((retval&4)==4)){ > + retval|=16; > + > if(!check_list_for_match(node->equ_rx_lst,text,attr)){ > - /* > - Zhi Wen Wong added this line to fix bug that equ not work for > - compare > - if we do "=/bin", we should only check /bin > - so, /bin/bash or /bin/something should return 0 as neg > - */ > - if(!check_list_for_equal(node->equ_rx_lst,text,attr)) > - retval|=(2|4); > - }; > - }; > + retval|=2|4; > + } > + } > /* We'll use retval to pass information on whether to recurse > * the dir or not */ > > > - if(!((retval&8)==8)&&!((retval&4)==4)){ > + /* If 4 and 8 are not set, we will check for matches */ > + if(!(retval&(4|8))){ > if(!check_list_for_match(node->sel_rx_lst,text,attr)) > - retval|=(1|8); > + retval|=1|8; > } > > /* Now let's check the ancestors */ > _______________________________________________ > Aide mailing list > [email protected] > https://mailman.cs.tut.fi/mailman/listinfo/aide _______________________________________________ Aide mailing list [email protected] https://mailman.cs.tut.fi/mailman/listinfo/aide
