mhalden/bsmtrace.patch

## bsmtrace.patch
diff --git bsm.c bsm.c
index 97663f8..b592c74 100644
--- bsm.c
+++ bsm.c
@@ -65,11 +65,11 @@ bsm_match_event(struct bsm_state *bm, struct bsm_record_data *bd)
    for (i = 0; i < a->a_cnt; i++) {
        switch (bm->bm_event_type) {
        case SET_TYPE_AUCLASS:
-           if ((evdata & a->a_data.value[i]) != 0)
+           if ((evdata & a->a_data[i].value) != 0)
                match = 1;
            break;
        case SET_TYPE_AUEVENT:
-       if (a->a_data.value[i] == evdata)
+       if (a->a_data[i].value == evdata)
            match = 1;
        }
    }
@@ -151,8 +151,8 @@ bsm_match_object(struct bsm_state *bm, struct bsm_record_data *bd)
     */
    if (ap->a_type == STRING_ARRAY) {
        for (match = 0, i = 0; i < ap->a_cnt; i++) {
-           slen = strlen(ap->a_data.string[i]);
-           if (strncmp(ap->a_data.string[i], bd->br_path, slen)
+           slen = strlen(ap->a_data[i].string);
+           if (strncmp(ap->a_data[i].string, bd->br_path, slen)
                == 0) {
                match = 1;
                break;
@@ -162,14 +162,14 @@ bsm_match_object(struct bsm_state *bm, struct bsm_record_data *bd)
    } else if (ap->a_type == PCRE_ARRAY) {
        slen = strlen(bd->br_path);
        for (match = 0, i = 0; i < ap->a_cnt; i++) {
-           rc = pcre_exec(ap->a_data.pcre[i], NULL, bd->br_path,
+           rc = pcre_exec(ap->a_data[i].pcre, NULL, bd->br_path,
                slen, 0, 0, NULL, 0);
            if (rc == 0) {
                match = 1;
                break;
            } else if (rc < -1) {
                bsmtrace_error(0, "pcre exec failed for pattern"
-                   " %s on path %s", ap->a_data.pcre[i],
+                   " %s on path %s", ap->a_data[i].pcre,
                    bd->br_path);
            }
        }
@@ -237,7 +237,7 @@ bsm_check_subj_array(u_int subj, struct array *ap)
    int match, i;

    for (match = 0, i = 0; i < ap->a_cnt; i++)
-       if (ap->a_data.value[i] == subj)
+       if (ap->a_data[i].value == subj)
            match = 1;
    if (ap->a_negated != 0)
        match = !match;
diff --git conf.c conf.c
index b68e1a1..0f1d438 100644
--- conf.c
+++ conf.c
@@ -28,6 +28,7 @@
  * SUCH DAMAGE.
  */
 #include "includes.h"
+#include <err.h>

 static const struct _settype_tab {
    char    *stt_str;
@@ -136,6 +137,15 @@ conf_array_add(const char *str, struct array *a, int type)
    pcre *re;
 #endif

+   if (a->a_cnt >= a->a_size) {
+       union array_data *tmp = realloc(a->a_data, (a->a_size + BSM_ARRAY_MAX));
+       if (tmp == NULL) {
+           err(1, "Failed to allocate memory");
+       }
+       a->a_size += BSM_ARRAY_MAX;
+       a->a_data = tmp;
+   }
+
    e = 0;
    switch (type) {
    case SET_TYPE_AUCLASS:
@@ -200,15 +210,15 @@ conf_array_add(const char *str, struct array *a, int type)
            conf_detail(0, "%s: invalid %s name\n", str, estring);
    }
    if (type == SET_TYPE_PATH || type == SET_TYPE_LOGCHANNEL) {
-       a->a_data.string[a->a_cnt++] = ptr;
+       a->a_data[a->a_cnt++].string = ptr;
        a->a_type = STRING_ARRAY;
 #ifdef PCRE
    } else if (type == SET_TYPE_PCRE) {
-       a->a_data.pcre[a->a_cnt++] = re;
+       a->a_data[a->a_cnt++].pcre = re;
        a->a_type = PCRE_ARRAY;
 #endif
    } else {
-       a->a_data.value[a->a_cnt++] = value;
+       a->a_data[a->a_cnt++].value = value;
        a->a_type = INTEGER_ARRAY;
    }
 }
@@ -295,7 +305,7 @@ conf_set_log_channel(struct bsm_set *bss, struct bsm_sequence *bs)

    a = &bss->bss_data;
    for (i = 0; i < a->a_cnt; i++) {
-       lc = log_lookup_channel(a->a_data.string[i]);
+       lc = log_lookup_channel(a->a_data[i].string);
        if (lc == NULL)
            conf_detail(0, "unable to lookup channel");
        TAILQ_INSERT_HEAD(&bs->bs_log_channel, lc, log_glue);
diff --git deuce.h deuce.h
index 4ae7972..4bf3611 100644
--- deuce.h
+++ deuce.h
@@ -55,6 +55,14 @@ enum {
    SET_TYPE_LOGCHANNEL
 };

+union array_data {
+   int value;
+   char *string;
+#ifdef PCRE
+   pcre *pcre;
+#endif
+};
+
 struct array {
    int     a_type; /* Content type of a_data */
    int     a_negated;
@@ -63,19 +71,9 @@ struct array {
 #ifdef PCRE
 #define PCRE_ARRAY 4
 #endif
-   int     a_cnt;
-   /*
-    * NB: Perhaps in the future, these arrays will auto
-    * scale based on the demand.  But for now, just make
-    * them static.
-    */
-   union {
-       int  value[BSM_ARRAY_MAX];
-       char    *string[BSM_ARRAY_MAX];
-#ifdef PCRE
-       pcre    *pcre[BSM_ARRAY_MAX];
-#endif
-   } a_data;
+   size_t      a_cnt;
+   size_t      a_size;
+   union array_data *a_data;
 };

 /*
diff --git grammar.y grammar.y
index 947987c..34edbdb 100644
--- grammar.y
+++ grammar.y
@@ -90,6 +90,7 @@ define_def:
        src = $9;
        dst = &set_state->bss_data;
        *dst = *src;
+       free(array_state.a_data);
        bzero(&array_state, sizeof(struct array));
        TAILQ_INSERT_TAIL(&bsm_set_head, set_state, bss_glue);
        set_state = NULL;
@@ -181,6 +182,7 @@ anon_set:
        src = $6;
        dst = &set_state->bss_data;
        *dst = *src;
+       free(array_state.a_data);
        bzero(&array_state, sizeof(struct array));
        $$ = set_state;
        set_state = NULL;
@@ -390,6 +392,7 @@ type_spec:
        src = &ptr->bss_data;
        dst = &bm_state->bm_auditevent;
        *dst = *src;
+       free(array_state.a_data);
        bzero(&array_state, sizeof(struct array));
        dst->a_negated = $2;
    }
@@ -405,6 +408,7 @@ type_spec:
        src = &$3->bss_data;
        dst = &bm_state->bm_auditevent;
        *dst = *src;
+       free(array_state.a_data);
        bzero(&array_state, sizeof(struct array));
        dst->a_negated = $2;
    }
@@ -412,6 +416,7 @@ type_spec:
    {
        bm_state->bm_event_type = SET_TYPE_AUEVENT;
        bm_state->bm_event_flags |= BSM_STATE_EVENT_ANY;
+       free(array_state.a_data);
        bzero(&array_state, sizeof(struct array));
    }
    ;
@@ -435,6 +440,7 @@ object_spec:
        src = &ptr->bss_data;
        dst = &bm_state->bm_objects;
        *dst = *src;
+       free(array_state.a_data);
        bzero(&array_state, sizeof(struct array));
        dst->a_negated = $2;
    }
@@ -453,6 +459,7 @@ object_spec:
 #endif
        dst = &bm_state->bm_objects;
        *dst = *src;
+       free(array_state.a_data);
        bzero(&array_state, sizeof(struct array));
        dst->a_negated = $2;
    }
	diff --git bsm.c bsm.c
	index 97663f8..b592c74 100644
	--- bsm.c
	+++ bsm.c
	@@ -65,11 +65,11 @@ bsm_match_event(struct bsm_state bm, struct bsm_record_data bd)
	for (i = 0; i < a->a_cnt; i++) {
	switch (bm->bm_event_type) {
	case SET_TYPE_AUCLASS:
	- if ((evdata & a->a_data.value[i]) != 0)
	+ if ((evdata & a->a_data[i].value) != 0)
	match = 1;
	break;
	case SET_TYPE_AUEVENT:
	- if (a->a_data.value[i] == evdata)
	+ if (a->a_data[i].value == evdata)
	match = 1;
	}
	}
	@@ -151,8 +151,8 @@ bsm_match_object(struct bsm_state bm, struct bsm_record_data bd)
	*/
	if (ap->a_type == STRING_ARRAY) {
	for (match = 0, i = 0; i < ap->a_cnt; i++) {
	- slen = strlen(ap->a_data.string[i]);
	- if (strncmp(ap->a_data.string[i], bd->br_path, slen)
	+ slen = strlen(ap->a_data[i].string);
	+ if (strncmp(ap->a_data[i].string, bd->br_path, slen)
	== 0) {
	match = 1;
	break;
	@@ -162,14 +162,14 @@ bsm_match_object(struct bsm_state bm, struct bsm_record_data bd)
	} else if (ap->a_type == PCRE_ARRAY) {
	slen = strlen(bd->br_path);
	for (match = 0, i = 0; i < ap->a_cnt; i++) {
	- rc = pcre_exec(ap->a_data.pcre[i], NULL, bd->br_path,
	+ rc = pcre_exec(ap->a_data[i].pcre, NULL, bd->br_path,
	slen, 0, 0, NULL, 0);
	if (rc == 0) {
	match = 1;
	break;
	} else if (rc < -1) {
	bsmtrace_error(0, "pcre exec failed for pattern"
	- " %s on path %s", ap->a_data.pcre[i],
	+ " %s on path %s", ap->a_data[i].pcre,
	bd->br_path);
	}
	}
	@@ -237,7 +237,7 @@ bsm_check_subj_array(u_int subj, struct array *ap)
	int match, i;

	for (match = 0, i = 0; i < ap->a_cnt; i++)
	- if (ap->a_data.value[i] == subj)
	+ if (ap->a_data[i].value == subj)
	match = 1;
	if (ap->a_negated != 0)
	match = !match;
	diff --git conf.c conf.c
	index b68e1a1..0f1d438 100644
	--- conf.c
	+++ conf.c
	@@ -28,6 +28,7 @@
	* SUCH DAMAGE.
	*/
	#include "includes.h"
	+#include <err.h>

	static const struct _settype_tab {
	char *stt_str;
	@@ -136,6 +137,15 @@ conf_array_add(const char str, struct array a, int type)
	pcre *re;
	#endif

	+ if (a->a_cnt >= a->a_size) {
	+ union array_data *tmp = realloc(a->a_data, (a->a_size + BSM_ARRAY_MAX));
	+ if (tmp == NULL) {
	+ err(1, "Failed to allocate memory");
	+ }
	+ a->a_size += BSM_ARRAY_MAX;
	+ a->a_data = tmp;
	+ }
	+
	e = 0;
	switch (type) {
	case SET_TYPE_AUCLASS:
	@@ -200,15 +210,15 @@ conf_array_add(const char str, struct array a, int type)
	conf_detail(0, "%s: invalid %s name\n", str, estring);
	}
	if (type == SET_TYPE_PATH \|\| type == SET_TYPE_LOGCHANNEL) {
	- a->a_data.string[a->a_cnt++] = ptr;
	+ a->a_data[a->a_cnt++].string = ptr;
	a->a_type = STRING_ARRAY;
	#ifdef PCRE
	} else if (type == SET_TYPE_PCRE) {
	- a->a_data.pcre[a->a_cnt++] = re;
	+ a->a_data[a->a_cnt++].pcre = re;
	a->a_type = PCRE_ARRAY;
	#endif
	} else {
	- a->a_data.value[a->a_cnt++] = value;
	+ a->a_data[a->a_cnt++].value = value;
	a->a_type = INTEGER_ARRAY;
	}
	}
	@@ -295,7 +305,7 @@ conf_set_log_channel(struct bsm_set bss, struct bsm_sequence bs)

	a = &bss->bss_data;
	for (i = 0; i < a->a_cnt; i++) {
	- lc = log_lookup_channel(a->a_data.string[i]);
	+ lc = log_lookup_channel(a->a_data[i].string);
	if (lc == NULL)
	conf_detail(0, "unable to lookup channel");
	TAILQ_INSERT_HEAD(&bs->bs_log_channel, lc, log_glue);
	diff --git deuce.h deuce.h
	index 4ae7972..4bf3611 100644
	--- deuce.h
	+++ deuce.h
	@@ -55,6 +55,14 @@ enum {
	SET_TYPE_LOGCHANNEL
	};

	+union array_data {
	+ int value;
	+ char *string;
	+#ifdef PCRE
	+ pcre *pcre;
	+#endif
	+};
	+
	struct array {
	int a_type; /* Content type of a_data */
	int a_negated;
	@@ -63,19 +71,9 @@ struct array {
	#ifdef PCRE
	#define PCRE_ARRAY 4
	#endif
	- int a_cnt;
	- /*
	- * NB: Perhaps in the future, these arrays will auto
	- * scale based on the demand. But for now, just make
	- * them static.
	- */
	- union {
	- int value[BSM_ARRAY_MAX];
	- char *string[BSM_ARRAY_MAX];
	-#ifdef PCRE
	- pcre *pcre[BSM_ARRAY_MAX];
	-#endif
	- } a_data;
	+ size_t a_cnt;
	+ size_t a_size;
	+ union array_data *a_data;
	};

	/*
	diff --git grammar.y grammar.y
	index 947987c..34edbdb 100644
	--- grammar.y
	+++ grammar.y
	@@ -90,6 +90,7 @@ define_def:
	src = $9;
	dst = &set_state->bss_data;
	dst = src;
	+ free(array_state.a_data);
	bzero(&array_state, sizeof(struct array));
	TAILQ_INSERT_TAIL(&bsm_set_head, set_state, bss_glue);
	set_state = NULL;
	@@ -181,6 +182,7 @@ anon_set:
	src = $6;
	dst = &set_state->bss_data;
	dst = src;
	+ free(array_state.a_data);
	bzero(&array_state, sizeof(struct array));
	$$ = set_state;
	set_state = NULL;
	@@ -390,6 +392,7 @@ type_spec:
	src = &ptr->bss_data;
	dst = &bm_state->bm_auditevent;
	dst = src;
	+ free(array_state.a_data);
	bzero(&array_state, sizeof(struct array));
	dst->a_negated = $2;
	}
	@@ -405,6 +408,7 @@ type_spec:
	src = &$3->bss_data;
	dst = &bm_state->bm_auditevent;
	dst = src;
	+ free(array_state.a_data);
	bzero(&array_state, sizeof(struct array));
	dst->a_negated = $2;
	}
	@@ -412,6 +416,7 @@ type_spec:
	{
	bm_state->bm_event_type = SET_TYPE_AUEVENT;
	bm_state->bm_event_flags \|= BSM_STATE_EVENT_ANY;
	+ free(array_state.a_data);
	bzero(&array_state, sizeof(struct array));
	}
	;
	@@ -435,6 +440,7 @@ object_spec:
	src = &ptr->bss_data;
	dst = &bm_state->bm_objects;
	dst = src;
	+ free(array_state.a_data);
	bzero(&array_state, sizeof(struct array));
	dst->a_negated = $2;
	}
	@@ -453,6 +459,7 @@ object_spec:
	#endif
	dst = &bm_state->bm_objects;
	dst = src;
	+ free(array_state.a_data);
	bzero(&array_state, sizeof(struct array));
	dst->a_negated = $2;
	}