From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Mon, 13 Oct 2014 14:33:25 +0000 (-0600)
Subject: Fix logic bug.  We only want to return -1 from linux_audit_open()
X-Git-Tag: SUDO_1_8_12^2~152
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=38c7d7abc4b9d42e171529a87ee4932e98f0a486;p=sudo

Fix logic bug.  We only want to return -1 from linux_audit_open()
when audit_open() fails and errno is not one of EINVAL, EPROTONOSUPPORT,
or EAFNOSUPPORT.  For those errno values, we return AUDIT_NOT_CONFIGURED
which is not a fatal error.  Bug #671
---

diff --git a/plugins/sudoers/linux_audit.c b/plugins/sudoers/linux_audit.c
index 2befd079b..2e5f43d74 100644
--- a/plugins/sudoers/linux_audit.c
+++ b/plugins/sudoers/linux_audit.c
@@ -57,10 +57,10 @@ linux_audit_open(void)
     au_fd = audit_open();
     if (au_fd == -1) {
 	/* Kernel may not have audit support. */
-	if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT) {
-	    sudo_warn(U_("unable to open audit system"));
+	if (errno == EINVAL || errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT)
 	    au_fd = AUDIT_NOT_CONFIGURED;
-	}
+	else
+	    sudo_warn(U_("unable to open audit system"));
     } else {
 	(void)fcntl(au_fd, F_SETFD, FD_CLOEXEC);
     }