allow short buffers to be unmarshaled (#110)

Also update CI script use go install for installing commands.
elastic · May 23, 2022 · 87f0a81 · 87f0a81
1 parent 391bb9b
commit 87f0a81
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 9 deletions.
diff --git a/.ci/test.sh b/.ci/test.sh
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 set -euxo pipefail
 
-GO111MODULE=off go get -u github.com/elastic/go-licenser
+go install github.com/elastic/go-licenser@latest
 go get -d -t ./...
 go mod download
 go mod verify
@@ -24,7 +24,7 @@ fi
 # Run the tests
 set +e
 mkdir -p build
-go get -v -u github.com/jstemmer/go-junit-report
+go install github.com/jstemmer/go-junit-report@latest
 export OUT_FILE="build/test-report.out"
 go test -v $(go list ./... | grep -v /vendor/) | tee ${OUT_FILE}
 status=$?
@@ -43,4 +43,4 @@ set -x
 
 mkdir -p build/bin
 go build -o build/bin/audit ./cmd/audit/
-go build -o build/bin/auparse ./cmd/auparse/
+go build -o build/bin/auparse ./cmd/auparse/
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ### Changed
 
+- Fix change in behaviour that causes error when unmarshaling `AuditStatus` with a short buffer. [#110](https://github.com/elastic/go-libaudit/pull/110)
+
 ### Removed
 
 ### Deprecated

diff --git a/audit.go b/audit.go
@@ -603,20 +603,28 @@ type AuditStatus struct {
 	BacklogWaitTimeActual uint32          // Time the kernel has spent waiting while the backlog limit is exceeded.
 }
 
-const sizeofAuditStatus = int(unsafe.Sizeof(AuditStatus{}))
+const (
+	sizeofAuditStatus = int(unsafe.Sizeof(AuditStatus{}))
+
+	// MinSizeofAuditStatus is the minimum usable message size that
+	// is acceptable for unmarshaling from the wire format. Messages
+	// this size do not report backlog_wait_time_actual.
+	MinSizeofAuditStatus = sizeofAuditStatus - int(unsafe.Sizeof(uint32(0)))
+)
 
 func (s AuditStatus) toWireFormat() []byte {
 	return (*[sizeofAuditStatus]byte)(unsafe.Pointer(&s))[:]
 }
 
-// FromWireFormat unmarshals the given buffer to an AuditStatus object. Due to
-// changes in the audit_status struct in the kernel source this method does
-// not return an error if the buffer is smaller than the sizeof our AuditStatus
-// struct.
+// FromWireFormat unmarshals the given buffer to an AuditStatus object.
+// It returns io.ErrUnexpectedEOF if len(buf) is less than MinSizeofAuditStatus.
 func (s *AuditStatus) FromWireFormat(buf []byte) error {
-	if len(buf) < sizeofAuditStatus {
+	if len(buf) < MinSizeofAuditStatus {
 		return io.ErrUnexpectedEOF
 	}
+	if len(buf) < sizeofAuditStatus {
+		*s = AuditStatus{}
+	}
 	copy((*[unsafe.Sizeof(AuditStatus{})]byte)(unsafe.Pointer(s))[:], buf)
 	return nil
 }