]> granicus.if.org Git - sudo/commitdiff
Fix logic bug. We only want to return -1 from linux_audit_open()
authorTodd C. Miller <Todd.Miller@courtesan.com>
Mon, 13 Oct 2014 14:33:25 +0000 (08:33 -0600)
committerTodd C. Miller <Todd.Miller@courtesan.com>
Mon, 13 Oct 2014 14:33:25 +0000 (08:33 -0600)
when audit_open() fails and errno is not one of EINVAL, EPROTONOSUPPORT,
or EAFNOSUPPORT.  For those errno values, we return AUDIT_NOT_CONFIGURED
which is not a fatal error.  Bug #671

plugins/sudoers/linux_audit.c

index 2befd079be6f4914944afb2d07acfdb327da2fda..2e5f43d7475a36da231d865c1cc37c5ab91c2b76 100644 (file)
@@ -57,10 +57,10 @@ linux_audit_open(void)
     au_fd = audit_open();
     if (au_fd == -1) {
        /* Kernel may not have audit support. */
-       if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT) {
-           sudo_warn(U_("unable to open audit system"));
+       if (errno == EINVAL || errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT)
            au_fd = AUDIT_NOT_CONFIGURED;
-       }
+       else
+           sudo_warn(U_("unable to open audit system"));
     } else {
        (void)fcntl(au_fd, F_SETFD, FD_CLOEXEC);
     }