Hello Steve, Some fields don't support value which isnot number.
For example, auditctl -a exit,always -F pid=a No error message is output and "pid=0" is added to rule. I think we should add checking for it. Signed-off-by: Zhang Xiliang <[EMAIL PROTECTED]> --- lib/deprecated.c | 3 +++ lib/libaudit.c | 3 +++ src/auditctl.c | 5 +++++ 3 files changed, 11 insertions(+), 0 deletions(-) diff --git a/lib/deprecated.c b/lib/deprecated.c index 5a1c04f..d6cdbe4 100644 --- a/lib/deprecated.c +++ b/lib/deprecated.c @@ -446,6 +446,9 @@ int audit_rule_fieldpair(struct audit_rule *rule, const char *pair, int flags) if (flags == AUDIT_FILTER_EXCLUDE) return -18; + + if (!isdigit((char)*(v))) + return -21; rule->values[rule->field_count] = strtol(v, NULL, 0); break; diff --git a/lib/libaudit.c b/lib/libaudit.c index 6ec15d8..3e2e28f 100644 --- a/lib/libaudit.c +++ b/lib/libaudit.c @@ -1101,6 +1101,9 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, if (flags == AUDIT_FILTER_EXCLUDE) return -18; + if (!isdigit((char)*(v))) + return -21; + rule->values[rule->field_count] = strtol(v, NULL, 0); break; } diff --git a/src/auditctl.c b/src/auditctl.c index a19bd14..1455ee6 100644 --- a/src/auditctl.c +++ b/src/auditctl.c @@ -852,6 +852,11 @@ static int setopt(int count, char *vars[]) "-F missing value after opration for %s\n", optarg); retval = -1; break; + case -21: + fprintf(stderr, + "-F value should be number for %s\n", optarg); + retval = -1; + break; default: retval = -1; break; -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit