Fix typo introduced in last commit

Previously, we did not try to trap execve() in processes where the
architecture did not match the native or one of the compat architecture.
Now the filter will kill the process instead.  This is safer, though
perhaps less convenient for the user.

LICENSE.md

@@ -323,7 +323,7 @@ The embedded copy of zlib bears the following license:
 
 The embedded copy of protobuf-c bears the following license:
 
-    Copyright (c) 2008-2022, Dave Benson and the protobuf-c authors.
+    Copyright (c) 2008-2025, Dave Benson and the protobuf-c authors.
     All rights reserved.
 
     Redistribution and use in source and binary forms, with or without

include/protobuf-c/protobuf-c.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008-2022, Dave Benson and the protobuf-c authors.
+ * Copyright (c) 2008-2025, Dave Benson and the protobuf-c authors.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -34,16 +34,17 @@
  *
  * This file defines the public API for the `libprotobuf-c` support library.
  * This API includes interfaces that can be used directly by client code as well
- * as the interfaces used by the code generated by the `protoc-c` compiler.
+ * as the interfaces used by the code generated by the `protoc-gen-c` compiler
+ * plugin.
  *
  * The `libprotobuf-c` support library performs the actual serialization and
  * deserialization of Protocol Buffers messages. It interacts with structures,
- * definitions, and metadata generated by the `protoc-c` compiler from .proto
- * files.
+ * definitions, and metadata generated by the `protoc-gen-c` compiler plugin
+ * from .proto files.
  *
  * \authors Dave Benson and the `protobuf-c` authors.
  *
- * \copyright 2008-2014. Licensed under the terms of the [BSD-2-Clause] license.
+ * \copyright 2008-2025. Licensed under the terms of the [BSD-2-Clause] license.
  *
  * [protobuf-c]:       https://github.com/protobuf-c/protobuf-c
  * [Protocol Buffers]: https://developers.google.com/protocol-buffers/
@@ -74,7 +75,7 @@
  *
  * - Identifiers for functions and globals are all lowercase, with camel case
  *   words separated by single underscores. For example, one of the function
- *   prototypes generated by `protoc-c` for the above example:
+ *   prototypes generated by `protoc-gen-c` for the above example:
  *
 ~~~{.c}
 Foo__Bar__BazBah *
@@ -794,16 +795,16 @@ protobuf_c_version_number(void);
  * The version of the protobuf-c headers, represented as a string using the same
  * format as protobuf_c_version().
  */
-#define PROTOBUF_C_VERSION		"1.4.1"
+#define PROTOBUF_C_VERSION		"1.5.2"
 
 /**
  * The version of the protobuf-c headers, represented as an integer using the
  * same format as protobuf_c_version_number().
  */
-#define PROTOBUF_C_VERSION_NUMBER	1004001
+#define PROTOBUF_C_VERSION_NUMBER	1005002
 
 /**
- * The minimum protoc-c version which works with the current version of the
+ * The minimum protoc-gen-c version which works with the current version of the
  * protobuf-c headers.
  */
 #define PROTOBUF_C_MIN_COMPILER_VERSION	1000000

lib/logsrv/Makefile.in

@@ -108,7 +108,7 @@ Makefile: $(srcdir)/Makefile.in
 
 $(devdir)/log_server.pb-c.c: $(srcdir)/log_server.proto
 	@if [ -n "$(DEVEL)" ]; then \
-	    cmd='protoc-c --c_out=$(devdir) --proto_path=$(srcdir) $(srcdir)/log_server.proto'; \
+	    cmd='protoc --c_out=$(devdir) --proto_path=$(srcdir) $(srcdir)/log_server.proto'; \
 	    echo "$$cmd"; eval $$cmd; \
 	    cmd='$(scriptdir)/unanon $(devdir)/log_server.pb-c.h $(devdir)/log_server.pb-c.c'; \
 	    echo "$$cmd"; eval $$cmd; \

lib/protobuf-c/Makefile.in

@@ -101,20 +101,6 @@ Makefile: $(srcdir)/Makefile.in
 .i.plog:
 	ifile=$<; rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $${ifile%i}c --i-file $< --output-file $@
 
-$(devdir)/log_server.pb-c.c: $(srcdir)/log_server.proto
-	@if [ -n "$(DEVEL)" ]; then \
-	    cmd='protoc-c --c_out=$(devdir) --proto_path=$(srcdir) $(srcdir)/log_server.proto'; \
-	    echo "$$cmd"; eval $$cmd; \
-	    cmd='$(scriptdir)/unanon $(devdir)/log_server.pb-c.h $(devdir)/log_server.pb-c.c'; \
-	    echo "$$cmd"; eval $$cmd; \
-	    if [ "$(devdir)" == "$(srcdir)" ]; then \
-		cmd='mv -f $(devdir)/log_server.pb-c.h $(incdir)/log_server.pb-c.h'; \
-	    else \
-		cmd='mv -f $(devdir)/log_server.pb-c.h $(top_builddir)/log_server.pb-c.h'; \
-	    fi; \
-	    echo "$$cmd"; eval $$cmd; \
-	fi
-
 libprotobuf-c.la: $(LIBPROTOBUF_C_OBJS)
 	$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(LIBPROTOBUF_C_OBJS)
 

lib/protobuf-c/protobuf-c.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008-2022, Dave Benson and the protobuf-c authors.
+ * Copyright (c) 2008-2025, Dave Benson and the protobuf-c authors.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -28,14 +28,14 @@
  */
 
 /*! \file
- * Support library for `protoc-c` generated code.
+ * Support library for `protoc-gen-c` generated code.
  *
  * This file implements the public API used by the code generated
- * by `protoc-c`.
+ * by `protoc-gen-c`.
  *
  * \authors Dave Benson and the protobuf-c authors
  *
- * \copyright 2008-2014. Licensed under the terms of the [BSD-2-Clause] license.
+ * \copyright 2008-2025. Licensed under the terms of the [BSD-2-Clause] license.
  */
 
 /**
@@ -1903,7 +1903,6 @@ pack_buffer_packed_payload(const ProtobufCFieldDescriptor *field,
 		for (i = 0; i < count; i++) {
 			unsigned len = boolean_pack(((protobuf_c_boolean *) array)[i], scratch);
 			buffer->append(buffer, len, scratch);
-			rv += len;
 		}
 		return count;
 	default:
@@ -1938,6 +1937,7 @@ repeated_field_pack_to_buffer(const ProtobufCFieldDescriptor *field,
 		buffer->append(buffer, rv, scratch);
 		tmp = pack_buffer_packed_payload(field, count, array, buffer);
 		assert(tmp == payload_len);
+		(void)tmp;
 		return rv + payload_len;
 	} else {
 		size_t siz;
@@ -2571,7 +2571,7 @@ parse_required_member(ScannedMember *scanned_member,
 
 		if (maybe_clear && *pstr != NULL) {
 			const char *def = scanned_member->field->default_value;
-			if (*pstr != NULL && *pstr != def)
+			if (*pstr != def)
 				do_free(allocator, *pstr);
 		}
 		*pstr = do_alloc(allocator, len - pref_len + 1);
@@ -3293,6 +3293,8 @@ protobuf_c_message_unpack(const ProtobufCMessageDescriptor *desc,
 					      n_unknown * sizeof(ProtobufCMessageUnknownField));
 		if (rv->unknown_fields == NULL)
 			goto error_cleanup;
+	} else {
+		rv->unknown_fields = NULL;
 	}
 
 	/* do real parsing */

lib/ssl_compat/Makefile.in

@@ -106,20 +106,6 @@ Makefile: $(srcdir)/Makefile.in
 .i.plog:
 	ifile=$<; rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $${ifile%i}c --i-file $< --output-file $@
 
-$(devdir)/log_server.pb-c.c: $(srcdir)/log_server.proto
-	@if [ -n "$(DEVEL)" ]; then \
-	    cmd='protoc-c --c_out=$(devdir) --proto_path=$(srcdir) $(srcdir)/log_server.proto'; \
-	    echo "$$cmd"; eval $$cmd; \
-	    cmd='$(scriptdir)/unanon $(devdir)/log_server.pb-c.h $(devdir)/log_server.pb-c.c'; \
-	    echo "$$cmd"; eval $$cmd; \
-	    if [ "$(devdir)" == "$(srcdir)" ]; then \
-		cmd='mv -f $(devdir)/log_server.pb-c.h $(incdir)/log_server.pb-c.h'; \
-	    else \
-		cmd='mv -f $(devdir)/log_server.pb-c.h $(top_builddir)/log_server.pb-c.h'; \
-	    fi; \
-	    echo "$$cmd"; eval $$cmd; \
-	fi
-
 libssl_compat.la: $(LIBSSL_COMPAT_OBJS) $(LT_LIBS)
 	$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(LIBSSL_COMPAT_OBJS) $(LT_LIBS)
 

scripts/unanon

@@ -1,6 +1,6 @@
 #!/usr/bin/env perl
 #
-# Post-process files generated by protoc-c to remove anonymous unions.
+# Post-process files generated by protoc to remove anonymous unions.
 # Works on the generated files but probably little else.
 
 use warnings;

src/Makefile.in

@@ -203,7 +203,7 @@ Makefile: $(srcdir)/Makefile.in
 
 $(devdir)/intercept.pb-c.c: $(srcdir)/intercept.proto
 	@if [ -n "$(DEVEL)" ]; then \
-	    cmd='protoc-c --c_out=$(devdir) --proto_path=$(srcdir) $(srcdir)/intercept.proto'; \
+	    cmd='protoc --c_out=$(devdir) --proto_path=$(srcdir) $(srcdir)/intercept.proto'; \
 	    echo "$$cmd"; eval $$cmd; \
 	    cmd='$(scriptdir)/unanon $(devdir)/intercept.pb-c.h $(devdir)/intercept.pb-c.c'; \
 	    echo "$$cmd"; eval $$cmd; \

src/exec.c

@@ -408,8 +408,11 @@ direct_exec_allowed(const struct command_details *details)
     debug_decl(direct_exec_allowed, SUDO_DEBUG_EXEC);
 
     /* Assumes sudo_needs_pty() was already checked. */
-    if (ISSET(details->flags, CD_RBAC_ENABLED|CD_SET_TIMEOUT|CD_SUDOEDIT) ||
-	    policy_plugin.u.policy->close != NULL)
+    if (policy_plugin.u.policy->close != NULL)
+	debug_return_bool(false);
+    if (ISSET(details->flags, CD_RBAC_ENABLED|CD_SET_TIMEOUT|CD_SUDOEDIT))
+	debug_return_bool(false);
+    if (ISSET(details->flags, CD_INTERCEPT|CD_LOG_SUBCMDS))
 	debug_return_bool(false);
 
     TAILQ_FOREACH(plugin, &audit_plugins, entries) {

src/exec_ptrace.c

@@ -65,10 +65,15 @@
 #  define COMPAT_FLAG 0x00
 # endif
 
+/* SECCOMP_RET_KILL_PROCESS was added in Linux 4.14. */
+# ifndef SECCOMP_RET_KILL_PROCESS
+#  define SECCOMP_RET_KILL_PROCESS SECCOMP_RET_KILL
+# endif
+
 static int seccomp_trap_supported = -1;
-#ifdef HAVE_PROCESS_VM_READV
+# ifdef HAVE_PROCESS_VM_READV
 static size_t page_size;
-#endif
+# endif
 static size_t arg_max;
 
 /* Register getters and setters. */
@@ -1186,8 +1191,9 @@ set_exec_filter(void)
 	/* Trace execve(2)/execveat(2) syscalls (w/ compat flag) */
 	BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_TRACE | COMPAT_FLAG),
 # endif /* SECCOMP_AUDIT_ARCH_COMPAT */
-	/* Jump to the end unless the architecture matches. */
-	BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SECCOMP_AUDIT_ARCH, 0, 6),
+	/* Kill the process unless the (native) architecture matches. */
+	BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SECCOMP_AUDIT_ARCH, 1, 0),
+	BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_KILL_PROCESS),
 	/* Load syscall number into the accumulator. */
 	BPF_STMT(BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, nr)),
 	/* Jump to trace for execve(2)/execveat(2), else allow. */

src/intercept.pb-c.c

@@ -378,7 +378,7 @@ static const ProtobufCFieldDescriptor intercept_request__field_descriptors[2] =
     offsetof(InterceptRequest, u.policy_check_req),
     &policy_check_request__descriptor,
     NULL,
-    0 | PROTOBUF_C_FIELD_FLAG_ONEOF,             /* flags */
+    PROTOBUF_C_FIELD_FLAG_ONEOF,             /* flags */
     0,NULL,NULL    /* reserved1,reserved2, etc */
   },
   {
@@ -390,7 +390,7 @@ static const ProtobufCFieldDescriptor intercept_request__field_descriptors[2] =
     offsetof(InterceptRequest, u.hello),
     &intercept_hello__descriptor,
     NULL,
-    0 | PROTOBUF_C_FIELD_FLAG_ONEOF,             /* flags */
+    PROTOBUF_C_FIELD_FLAG_ONEOF,             /* flags */
     0,NULL,NULL    /* reserved1,reserved2, etc */
   },
 };
@@ -774,7 +774,7 @@ static const ProtobufCFieldDescriptor intercept_response__field_descriptors[4] =
     offsetof(InterceptResponse, u.hello_resp),
     &hello_response__descriptor,
     NULL,
-    0 | PROTOBUF_C_FIELD_FLAG_ONEOF,             /* flags */
+    PROTOBUF_C_FIELD_FLAG_ONEOF,             /* flags */
     0,NULL,NULL    /* reserved1,reserved2, etc */
   },
   {
@@ -786,7 +786,7 @@ static const ProtobufCFieldDescriptor intercept_response__field_descriptors[4] =
     offsetof(InterceptResponse, u.accept_msg),
     &policy_accept_message__descriptor,
     NULL,
-    0 | PROTOBUF_C_FIELD_FLAG_ONEOF,             /* flags */
+    PROTOBUF_C_FIELD_FLAG_ONEOF,             /* flags */
     0,NULL,NULL    /* reserved1,reserved2, etc */
   },
   {
@@ -798,7 +798,7 @@ static const ProtobufCFieldDescriptor intercept_response__field_descriptors[4] =
     offsetof(InterceptResponse, u.reject_msg),
     &policy_reject_message__descriptor,
     NULL,
-    0 | PROTOBUF_C_FIELD_FLAG_ONEOF,             /* flags */
+    PROTOBUF_C_FIELD_FLAG_ONEOF,             /* flags */
     0,NULL,NULL    /* reserved1,reserved2, etc */
   },
   {
@@ -810,7 +810,7 @@ static const ProtobufCFieldDescriptor intercept_response__field_descriptors[4] =
     offsetof(InterceptResponse, u.error_msg),
     &policy_error_message__descriptor,
     NULL,
-    0 | PROTOBUF_C_FIELD_FLAG_ONEOF,             /* flags */
+    PROTOBUF_C_FIELD_FLAG_ONEOF,             /* flags */
     0,NULL,NULL    /* reserved1,reserved2, etc */
   },
 };