|
Description
|
For audit events containing text tokens of type message list, libbsm's adt_to_text() _always_ prints "Invalid message index" if that message list has non-zero offset.
usr/src/lib/libbsm/common/adt_token.c:adt_to_text():
669 case ADT_MSG:
670 list = &adt_msg_text[(enum adt_login_text)def->dd_input_size];
671 list_index = ((union convert *)p_data)->msg_selector;
672
673 if ((list_index < list->ml_min_index) |
674 (list_index > list->ml_max_index))
675 string = "Invalid message index";
676 else
677 string = list->ml_msg_list[list_index +
678 list->ml_offset];
679
680 if (string == NULL) { /* null is valid; means skip */
681 if (required) {
682 string = empty;
683 } else
684 break;
685 }
Here, the list_index constains message id (w/ message list offset included) but the range check on lines 673, 674 should be relative to the message list size, ie. exactly what is on line 677,678.
See the same range check (but for return values) in usr/src/cmd/praudit/format.c:pa_retval():
2627 struct msg_text *msglist = &adt_msg_text[ADT_LIST_FAIL_VALUE];
2628
2629 if ((retval + msglist->ml_offset >= msglist->ml_min_index) &&
2630 (retval + msglist->ml_offset <= msglist->ml_max_index)) {
|
