From nobody@FreeBSD.org  Sun Oct 23 16:47:39 2011
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 037741065673
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 23 Oct 2011 16:47:39 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id CFAFD8FC08
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 23 Oct 2011 16:47:38 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p9NGlcBL029318
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 23 Oct 2011 16:47:38 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id p9NGlcm9029317;
	Sun, 23 Oct 2011 16:47:38 GMT
	(envelope-from nobody)
Message-Id: <201110231647.p9NGlcm9029317@red.freebsd.org>
Date: Sun, 23 Oct 2011 16:47:38 GMT
From: Ryan Steinmetz <zi@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [openbsm][patch] praudit can produce invalid XML output
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         161936
>Category:       kern
>Synopsis:       [openbsm][patch] praudit can produce invalid XML output
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    csjp
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Oct 23 16:50:03 UTC 2011
>Closed-Date:    Tue Aug 13 23:43:49 UTC 2013
>Last-Modified:  Tue Aug 13 23:43:49 UTC 2013
>Originator:     Ryan Steinmetz
>Release:        8.2-RELEASE
>Organization:
Rochester Institute of Technology
>Environment:
>Description:
When using praudit to display audit entries, the XML output argument (-x) will cause praudit to print invalid XML in certain circumstances.

This surfaces anytime a command is audited that contains invalid XML characters (& or <).
>How-To-Repeat:
Ensure command logging is enabled and execute a command like the following:
% echo hi < test && ls
% praudit -x >file.tmp

Then use an XML parser to try to parse file.tmp, it will complain about invalid characters due to the presence of & and < in places they should not be.
>Fix:
Applying the attached patch to contrib/openbsm/libbsm/bsm_io.c properly sanitizes the entries as they are printed by replacing instances of & with &amp; and < with &lt;

cd /usr/src
patch < /path/to/bsm_io.c.diff
cd lib/libbsm && make clean;make obj && make depend && make && make install

Patch attached with submission follows:

--- contrib/openbsm/libbsm/bsm_io.c.orig	2011-10-23 12:10:40.000000000 -0400
+++ contrib/openbsm/libbsm/bsm_io.c	2011-10-23 12:35:31.000000000 -0400
@@ -214,6 +214,28 @@
 }
 
 /*
+ * Prints the given data bytes as an XML-sanitized string
+ */
+static void
+print_xml_string(FILE *fp, const char *str, size_t len)
+{
+	u_int32_t i;
+
+	if (len > 0) {
+		for (i = 0; i < len; i++) {
+			if (str[i] != '\0') {
+				if (str[i] == '&')
+					fprintf(fp, "&amp;");
+				else if (str[i] == '<')
+					fprintf(fp, "&lt;");
+				else
+					fprintf(fp, "%c", str[i]);
+			}
+		}
+	}
+}
+
+/*
  * Prints the beggining of attribute.
  */
 static void
@@ -1855,7 +1877,7 @@
 	for (i = 0; i < tok->tt.execarg.count; i++) {
 		if (xml) {
 			fprintf(fp, "<arg>");
-			print_string(fp, tok->tt.execarg.text[i],
+			print_xml_string(fp, tok->tt.execarg.text[i],
 			    strlen(tok->tt.execarg.text[i]));
 			fprintf(fp, "</arg>");
 		} else {
@@ -1914,7 +1936,7 @@
 	for (i = 0; i< tok->tt.execenv.count; i++) {
 		if (xml) {
 			fprintf(fp, "<env>");
-			print_string(fp, tok->tt.execenv.text[i],
+			print_xml_string(fp, tok->tt.execenv.text[i],
 			    strlen(tok->tt.execenv.text[i]));
 			fprintf(fp, "</env>");
 		} else {


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->csjp 
Responsible-Changed-By: csjp 
Responsible-Changed-When: Sun Oct 23 23:08:22 UTC 2011 
Responsible-Changed-Why:  
take 

http://www.freebsd.org/cgi/query-pr.cgi?pr=161936 

From: Ryan Steinmetz <zi@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org
Cc: csjp@FreeBSD.org
Subject: Re: bin/161936: [openbsm][patch] praudit can produce invalid XML
 output
Date: Thu, 27 Oct 2011 08:34:00 -0400

 I have also noticed that control characters will also confuse the XML
 parsers as well.
 
 Specifically, in one of my audit files, the presence of the following
 control characters caused issues for the XML Parser:
 ^H
 ^[
 
 It seems as if we may want to convert all control characters to their
 ascii literals as well.
 
 We may also want to include the following in the replacement logic:
 char    replaced with
 ---------------------
 &       &amp;
 <       &lt;
 >       &gt;
 "       &quot;
 '       &apos;
 
 -r

From: Ryan Steinmetz <zi@FreeBSD.org>
To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-bugs@FreeBSD.org
Cc: csjp@FreeBSD.org
Subject: Re: bin/161936: [openbsm][patch] praudit can produce invalid XML
 output
Date: Tue, 24 Jan 2012 09:33:48 -0500

 Is it possible to make sure this fix is rolled into 8.3-R?
 
 Thanks,
 -r
 

From: Ryan Steinmetz <zi@FreeBSD.org>
To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-bugs@FreeBSD.org
Cc: csjp@FreeBSD.org, pjd@FreeBSD.org, sson@FreeBSD.org, rwatson@FreeBSD.org
Subject: Re: bin/161936: [openbsm][patch] praudit can produce invalid XML
 output
Date: Fri, 24 Feb 2012 19:05:33 -0500

 --ikeVEW9yuYc//A+q
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 This updated patch addresses all known conditions that result in invalid
 XML being produced by praudit(1).
 
 -r
 
 --ikeVEW9yuYc//A+q
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: attachment; filename="bsm_io.diff.txt"
 
 --- contrib/openbsm/libbsm/bsm_io.c.orig	2012-02-24 18:18:03.000000000 -0500
 +++ contrib/openbsm/libbsm/bsm_io.c	2012-02-24 18:45:11.000000000 -0500
 @@ -73,6 +73,7 @@
  #include <string.h>
  #include <pwd.h>
  #include <grp.h>
 +#include <vis.h>
  
  #include <bsm/audit_internal.h>
  
 @@ -214,6 +215,45 @@
  }
  
  /*
 + * Prints the given data bytes as an XML-sanitized string.
 + */
 +static void
 +print_xml_string(FILE *fp, const char *str, size_t len)
 +{
 +	u_int32_t i;
 +	char visbuf[5];
 +
 +	if (len == 0)
 +		return;
 +
 +	for (i = 0; i < len; i++) {
 +		switch (str[i]) {
 +			case '\0':
 +				return;
 +			case '&':
 +				(void) fprintf(fp, "&amp;");
 +				break;
 +			case '<':
 +				(void) fprintf(fp, "&lt;");
 +				break;
 +			case '>':
 +				(void) fprintf(fp, "&gt;");
 +				break;
 +			case '\"':
 +				(void) fprintf(fp, "&quot;");
 +				break;
 +			case '\'':
 +				(void) fprintf(fp, "&apos;");
 +				break;
 +			default:
 +				(void) vis(visbuf, str[i], VIS_CSTYLE, 0);
 +				(void) fprintf(fp, visbuf);
 +				break;
 +		}
 +	}
 +}
 +
 +/*
   * Prints the beggining of attribute.
   */
  static void
 @@ -1855,7 +1895,7 @@
  	for (i = 0; i < tok->tt.execarg.count; i++) {
  		if (xml) {
  			fprintf(fp, "<arg>");
 -			print_string(fp, tok->tt.execarg.text[i],
 +			print_xml_string(fp, tok->tt.execarg.text[i],
  			    strlen(tok->tt.execarg.text[i]));
  			fprintf(fp, "</arg>");
  		} else {
 @@ -1914,7 +1954,7 @@
  	for (i = 0; i< tok->tt.execenv.count; i++) {
  		if (xml) {
  			fprintf(fp, "<env>");
 -			print_string(fp, tok->tt.execenv.text[i],
 +			print_xml_string(fp, tok->tt.execenv.text[i],
  			    strlen(tok->tt.execenv.text[i]));
  			fprintf(fp, "</env>");
  		} else {
 
 --ikeVEW9yuYc//A+q--
State-Changed-From-To: open->closed 
State-Changed-By: zi 
State-Changed-When: Tue Aug 13 23:43:49 UTC 2013 
State-Changed-Why:  
This was merged into 9-STABLE a few months ago. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=161936 
>Unformatted:
