fix(journal): treat missing PRIORITY field as unknown, not Emergency#840
Open
aki1770-del wants to merge 1 commit into
Open
fix(journal): treat missing PRIORITY field as unknown, not Emergency#840aki1770-del wants to merge 1 commit into
aki1770-del wants to merge 1 commit into
Conversation
When a journal entry has no PRIORITY field (common for auditd
messages with _TRANSPORT=audit), dlt_system_journal_get() leaves
buffer_priority empty. The subsequent atoi(buffer_priority)
call returns 0 because atoi("") == 0, which maps to severity 0
(Emergency/Alert/Critical) in get_journal_msg().
This caused all auditd journal entries to appear as Emergency-
level DLT messages, masking their true (benign) nature.
Fix: check for an empty buffer before calling atoi. Use -1 as
a sentinel value so that the switch falls through to the default
DLT_LOG_INFO branch, and the priority label printed in the
message shows "prio_unknown:" rather than "Emergency:".
Fixes COVESA#731
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
In
get_journal_msg(), the PRIORITY field is read intobuffer_priorityand then passed toatoi():When a journal entry has no
PRIORITYfield — common for auditd messages with_TRANSPORT=audit—dlt_system_journal_get()leavesbuffer_priorityas an empty string.atoi("")returns0, which maps to severity level 0 (Emergency/Alert/Critical):All auditd log entries are thus emitted as
DLT_LOG_FATALwith the label "Emergency:", regardless of their actual content.Fixes #731.
Fix
Check
buffer_priority[0] != '\0'before callingatoi(). Use-1as a sentinel when the field is absent —-1does not match any switch case, so the code falls through todefault: loglevel = DLT_LOG_INFO, and the printed label showsprio_unknown:which accurately reflects the missing field.Testing
Verified: auditd journal entries without PRIORITY are logged at
DLT_LOG_INFOwith labelprio_unknown:after the fix.