[PATCH] audit: fix broken class-based syscall audit

The sanity check in audit_match_class() is wrong. We are able to audit 2048 syscalls but in audit_match_class() we were accidentally using sizeof(_u32) instead of number of bits in _u32 when deciding how many syscalls were valid. On ia64 in particular we were hitting syscall numbers over the (wrong) limit of 256. Fixing the audit_match_class check takes care of the problem. Signed-off-by: Klaus Weidner <klaus@atsec.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

[PATCH] audit: fix broken class-based syscall audit
The sanity check in audit_match_class() is wrong. We are able to audit 2048 syscalls but in audit_match_class() we were accidentally using sizeof(_u32) instead of number of bits in _u32 when deciding how many syscalls were valid. On ia64 in particular we were hitting syscall numbers over the (wrong) limit of 256. Fixing the audit_match_class check takes care of the problem. Signed-off-by: Klaus Weidner <klaus@atsec.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
c926e4f4 · Klaus Weidner · Al Viro · 5b9a4262 · c926e4f4
Commit c926e4f4 authored May 16, 2007 by Klaus Weidner Committed by Al Viro Jul 22, 2007
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

kernel/auditfilter.c kernel/auditfilter.c +1 -1

No files found.
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -304,7 +304,7 @@ int __init audit_register_class(int class, unsigned *list)

 int audit_match_class(int class, unsigned syscall)
 {
-	if (unlikely(syscall >= AUDIT_BITMASK_SIZE * sizeof(__u32)))
+	if (unlikely(syscall >= AUDIT_BITMASK_SIZE * 32))
 		return 0;
 	if (unlikely(class >= AUDIT_SYSCALL_CLASSES || !classes[class]))
 		return 0;