diff --git a/aide.spec b/aide.spec index 4b1d2fc791f58665d5d1b5a1ee007a0c121e313c..f166478296994ff5a7d1f8baffc0fa3129ad3378 100644 --- a/aide.spec +++ b/aide.spec @@ -1,6 +1,6 @@ Name: aide Version: 0.17.3 -Release: 4 +Release: 5 Summary: Advanced Intrusion Detection Environment License: GPLv2+ URL: http://sourceforge.net/projects/aide @@ -13,6 +13,8 @@ BuildRequires: libacl-devel libselinux-devel libattr-devel e2fsprogs-devel audi Patch0: Add-sm3-algorithm-for-aide.patch Patch1: backport-CVE-2021-45417-Precalculate-buffer-size-in-base64-functions.patch +Patch2: backport-Handle-malformed-database-lines.patch +Patch3: backport-Fix-handling-of-duplicate-database-entries.patch %description AIDE (Advanced Intrusion Detection Environment, [eyd]) is a file and directory integrity checker. @@ -60,6 +62,12 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %{_mandir}/*/* %changelog +* Tue Feb 22 2022 yixiangzhike - 0.17.3-5 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: handle malformed path and duplicate database entries + * Tue Feb 8 2022 yixiangzhike - 0.17.3-4 - Type:CVE - ID:CVE-2021-45417 diff --git a/backport-Fix-handling-of-duplicate-database-entries.patch b/backport-Fix-handling-of-duplicate-database-entries.patch new file mode 100644 index 0000000000000000000000000000000000000000..6adc36119c6480ef6a7f569df92a4e678b0c5054 --- /dev/null +++ b/backport-Fix-handling-of-duplicate-database-entries.patch @@ -0,0 +1,26 @@ +From 1067d1e1ce10dcd8f374e9d4295d39d75abf4958 Mon Sep 17 00:00:00 2001 +From: Hannes von Haugwitz +Date: Sun, 20 Feb 2022 18:09:10 +0100 +Subject: [PATCH] Fix handling of duplicate database entries + +* closes: #122 +--- + src/gen_list.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/gen_list.c b/src/gen_list.c +index bf5ce2e..a1467f3 100644 +--- a/src/gen_list.c ++++ b/src/gen_list.c +@@ -352,7 +352,7 @@ static void add_file_to_tree(seltree* tree,db_line* file,int db_flags, const dat + if(!node){ + node=new_seltree_node(tree,file->filename,0,NULL); + log_msg(LOG_LEVEL_DEBUG, "added new node '%s' (%p) for '%s' (reason: new entry)", node->path, node, file->filename); +- } else if (db && db_flags&DB_NEW?node->new_data:node->old_data) { ++ } else if (db && node->checked&db_flags) { + LOG_DB_FORMAT_LINE(LOG_LEVEL_WARNING, duplicate database entry found for '%s' (skip line), file->filename) + free_db_line(file); + free(file); +-- +1.8.3.1 + diff --git a/backport-Handle-malformed-database-lines.patch b/backport-Handle-malformed-database-lines.patch new file mode 100644 index 0000000000000000000000000000000000000000..3946db035250a7f6c78b7ba0cf184eeb2853e9c8 --- /dev/null +++ b/backport-Handle-malformed-database-lines.patch @@ -0,0 +1,169 @@ +From efaaba614c946118d731b542319b99a25a0a199c Mon Sep 17 00:00:00 2001 +From: Hannes von Haugwitz +Date: Tue, 18 Jan 2022 21:20:07 +0100 +Subject: [PATCH] Handle malformed database lines + +* handle malformed path +* handle duplicate database entry +* closes: #122 +--- + src/db_file.c | 19 ++++++++++++------- + src/gen_list.c | 34 +++++++++++++++++++--------------- + 2 files changed, 31 insertions(+), 22 deletions(-) + +diff --git a/src/db_file.c b/src/db_file.c +index 86d5b31..30324f2 100644 +--- a/src/db_file.c ++++ b/src/db_file.c +@@ -1,7 +1,7 @@ + /* + * AIDE (Advanced Intrusion Detection Environment) + * +- * Copyright (C) 1999-2007, 2010-2013, 2016, 2018-2021 Rami Lehti, ++ * Copyright (C) 1999-2007, 2010-2013, 2016, 2018-2022 Rami Lehti, + * Pablo Virolainen, Mike Markley, Richard van den Berg, + * Hannes von Haugwitz + * +@@ -249,13 +249,18 @@ char** db_readline_file(database* db) { + break; + } + case TPATH: { +- i = 0; +- s = checked_malloc(sizeof(char*)*num_attrs); +- for(ATTRIBUTE j=0; jfields[i]].db_name, i, dbtext); + } +- s[i] = checked_strdup(dbtext); +- LOG_DB_FORMAT_LINE(LOG_LEVEL_DEBUG, '%s' set field '%s' (position %d): '%s', s[0], attributes[db->fields[i]].db_name, i, dbtext); + break; + } + case TSTRING: { +diff --git a/src/gen_list.c b/src/gen_list.c +index 98b437c..bf5ce2e 100644 +--- a/src/gen_list.c ++++ b/src/gen_list.c +@@ -1,7 +1,7 @@ + /* + * AIDE (Advanced Intrusion Detection Environment) + * +- * Copyright (C) 1999-2006, 2009-2012, 2015-2016, 2019-2021 Rami Lehti, ++ * Copyright (C) 1999-2006, 2009-2012, 2015-2016, 2019-2022 Rami Lehti, + * Pablo Virolainen, Mike Markley, Richard van den Berg, + * Hannes von Haugwitz + * +@@ -342,9 +342,8 @@ void strip_dbline(db_line* line) + + /* + * add_file_to_tree +- * db = which db this file belongs to + */ +-static void add_file_to_tree(seltree* tree,db_line* file,int db) ++static void add_file_to_tree(seltree* tree,db_line* file,int db_flags, const database *db) + { + seltree* node=NULL; + +@@ -353,14 +352,19 @@ static void add_file_to_tree(seltree* tree,db_line* file,int db) + if(!node){ + node=new_seltree_node(tree,file->filename,0,NULL); + log_msg(LOG_LEVEL_DEBUG, "added new node '%s' (%p) for '%s' (reason: new entry)", node->path, node, file->filename); ++ } else if (db && db_flags&DB_NEW?node->new_data:node->old_data) { ++ LOG_DB_FORMAT_LINE(LOG_LEVEL_WARNING, duplicate database entry found for '%s' (skip line), file->filename) ++ free_db_line(file); ++ free(file); ++ return; + } + + /* add note to this node which db has modified it */ +- node->checked|=db; ++ node->checked|=db_flags; + + strip_dbline(file); + +- switch (db) { ++ switch (db_flags) { + case DB_OLD: { + log_msg(LOG_LEVEL_DEBUG, "add old entry '%s' (%c) to node '%s' (%p) as old data", file->filename, get_file_type_char_from_perm(file->perm), node->path, node); + node->old_data=file; +@@ -430,9 +434,9 @@ static void add_file_to_tree(seltree* tree,db_line* file,int db) + db_line *newData; + seltree* moved_node; + +- moved_node=get_seltree_inode(tree,file,db==DB_OLD?DB_NEW:DB_OLD); ++ moved_node=get_seltree_inode(tree,file,db_flags==DB_OLD?DB_NEW:DB_OLD); + if(!(moved_node == NULL || moved_node == node)) { +- if(db == DB_NEW) { ++ if(db_flags == DB_NEW) { + newData = node->new_data; + oldData = moved_node->old_data; + log_msg(LOG_LEVEL_DEBUG, "checking old data of node '%s' with new data of '%s'", moved_node->path, node->path); +@@ -453,8 +457,8 @@ static void add_file_to_tree(seltree* tree,db_line* file,int db) + /* Free the data if same else leave as is for report_tree */ + DB_ATTR_TYPE changed_attr_moved_file = get_changed_attributes(oldData, newData); + if ((changed_attr_moved_file&~(ATTR(attr_ctime))) == RETOK) { +- node->checked |= db==DB_NEW ? NODE_MOVED_IN : NODE_MOVED_OUT; +- moved_node->checked |= db==DB_NEW ? NODE_MOVED_OUT : NODE_MOVED_IN; ++ node->checked |= db_flags==DB_NEW ? NODE_MOVED_IN : NODE_MOVED_OUT; ++ moved_node->checked |= db_flags==DB_NEW ? NODE_MOVED_OUT : NODE_MOVED_IN; + if (changed_attr_moved_file & (ATTR(attr_ctime))) { + log_msg(LOG_LEVEL_DEBUG,_(" ctime is ignored, due to filename change: '%s' => '%s'"), oldData->filename, newData->filename); + } +@@ -471,13 +475,13 @@ static void add_file_to_tree(seltree* tree,db_line* file,int db) + log_msg(LOG_LEVEL_DEBUG, "no moved file found for '%s'", file->filename); + } + } +- if( (db == DB_NEW) && ++ if( (db_flags == DB_NEW) && + (node->new_data!=NULL) && + (file->attr & ATTR(attr_allownewfile)) ){ + node->checked|=NODE_ALLOW_NEW; + log_msg(LOG_LEVEL_DEBUG,_(" mark node '%s' as NODE_ALLOW_NEW (reason: entry '%s' has ANF attribute set)"), node->path, file->filename); + } +- if( (db == DB_OLD) && ++ if( (db_flags == DB_OLD) && + (node->old_data!=NULL) && + (file->attr & ATTR(attr_allowrmfile)) ){ + node->checked|=NODE_ALLOW_RM; +@@ -677,7 +681,7 @@ void populate_tree(seltree* tree, bool dry_run) + db_lex_buffer(&(conf->database_new)); + while((new=db_readline(&(conf->database_new))) != NULL){ + if((add=check_rxtree(new->filename,tree, &rule, get_restriction_from_perm(new->perm), dry_run))>0){ +- add_file_to_tree(tree,new,DB_NEW); ++ add_file_to_tree(tree,new,DB_NEW, &(conf->database_new)); + } else { + free_db_line(new); + free(new); +@@ -692,7 +696,7 @@ void populate_tree(seltree* tree, bool dry_run) + new=NULL; + log_msg(LOG_LEVEL_INFO, "read new entries from disk (root: '%s', limit: '%s')", conf->root_prefix, conf->limit?conf->limit:"(none)"); + while((new=db_readline_disk(dry_run)) != NULL) { +- add_file_to_tree(tree,new,DB_NEW); ++ add_file_to_tree(tree,new,DB_NEW, NULL); + } + } + if((conf->action&DO_COMPARE)||(conf->action&DO_DIFF)){ +@@ -701,9 +705,9 @@ void populate_tree(seltree* tree, bool dry_run) + while((old=db_readline(&(conf->database_in))) != NULL) { + add=check_rxtree(old->filename,tree, &rule, get_restriction_from_perm(old->perm), dry_run); + if(add > 0) { +- add_file_to_tree(tree,old,DB_OLD); ++ add_file_to_tree(tree,old,DB_OLD, &(conf->database_in)); + } else if (conf->limit!=NULL && add < 0) { +- add_file_to_tree(tree,old,DB_OLD|DB_NEW); ++ add_file_to_tree(tree,old,DB_OLD|DB_NEW, &(conf->database_in)); + }else{ + if(!initdbwarningprinted){ + log_msg(LOG_LEVEL_WARNING, _("%s:%s: old database entry '%s' has no matching rule, run --init or --update (this warning is only shown once)"), get_url_type_string((conf->database_in.url)->type), (conf->database_in.url)->value, old->filename); +-- +1.8.3.1 +