aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRichard Guy Briggs <rgb@redhat.com>2013-09-18 09:32:24 -0400
committerEric Paris <eparis@redhat.com>2014-01-13 22:28:39 -0500
commit09f883a9023e7a86f92c731e80f30a9447f4bdbe (patch)
treea23e692d2816b1704aea60f3640e6f9fd2cdfad2
parentf910fde7307be80a1a228bba969c492f61f13281 (diff)
audit: clean up AUDIT_GET/SET local variables and future-proof API
Re-named confusing local variable names (status_set and status_get didn't agree with their command type name) and reduced their scope. Future-proof API changes by not depending on the exact size of the audit_status struct and by adding an API version field. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com>
-rw-r--r--include/uapi/linux/audit.h1
-rw-r--r--kernel/audit.c54
2 files changed, 30 insertions, 25 deletions
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index e2f0d9977131..4fdedd4c88a1 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -376,6 +376,7 @@ struct audit_status {
376 __u32 backlog_limit; /* waiting messages limit */ 376 __u32 backlog_limit; /* waiting messages limit */
377 __u32 lost; /* messages lost */ 377 __u32 lost; /* messages lost */
378 __u32 backlog; /* messages waiting in queue */ 378 __u32 backlog; /* messages waiting in queue */
379 __u32 version; /* audit api version number */
379}; 380};
380 381
381struct audit_features { 382struct audit_features {
diff --git a/kernel/audit.c b/kernel/audit.c
index 833f8e2003b7..80b7de02947b 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -743,7 +743,6 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
743{ 743{
744 u32 seq; 744 u32 seq;
745 void *data; 745 void *data;
746 struct audit_status *status_get, status_set;
747 int err; 746 int err;
748 struct audit_buffer *ab; 747 struct audit_buffer *ab;
749 u16 msg_type = nlh->nlmsg_type; 748 u16 msg_type = nlh->nlmsg_type;
@@ -769,34 +768,38 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
769 data = nlmsg_data(nlh); 768 data = nlmsg_data(nlh);
770 769
771 switch (msg_type) { 770 switch (msg_type) {
772 case AUDIT_GET: 771 case AUDIT_GET: {
773 memset(&status_set, 0, sizeof(status_set)); 772 struct audit_status s;
774 status_set.enabled = audit_enabled; 773 memset(&s, 0, sizeof(s));
775 status_set.failure = audit_failure; 774 s.enabled = audit_enabled;
776 status_set.pid = audit_pid; 775 s.failure = audit_failure;
777 status_set.rate_limit = audit_rate_limit; 776 s.pid = audit_pid;
778 status_set.backlog_limit = audit_backlog_limit; 777 s.rate_limit = audit_rate_limit;
779 status_set.lost = atomic_read(&audit_lost); 778 s.backlog_limit = audit_backlog_limit;
780 status_set.backlog = skb_queue_len(&audit_skb_queue); 779 s.lost = atomic_read(&audit_lost);
780 s.backlog = skb_queue_len(&audit_skb_queue);
781 s.version = 1;
781 audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_GET, 0, 0, 782 audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_GET, 0, 0,
782 &status_set, sizeof(status_set)); 783 &s, sizeof(s));
783 break; 784 break;
784 case AUDIT_SET: 785 }
785 if (nlmsg_len(nlh) < sizeof(struct audit_status)) 786 case AUDIT_SET: {
786 return -EINVAL; 787 struct audit_status s;
787 status_get = (struct audit_status *)data; 788 memset(&s, 0, sizeof(s));
788 if (status_get->mask & AUDIT_STATUS_ENABLED) { 789 /* guard against past and future API changes */
789 err = audit_set_enabled(status_get->enabled); 790 memcpy(&s, data, min_t(size_t, sizeof(s), nlmsg_len(nlh)));
791 if (s.mask & AUDIT_STATUS_ENABLED) {
792 err = audit_set_enabled(s.enabled);
790 if (err < 0) 793 if (err < 0)
791 return err; 794 return err;
792 } 795 }
793 if (status_get->mask & AUDIT_STATUS_FAILURE) { 796 if (s.mask & AUDIT_STATUS_FAILURE) {
794 err = audit_set_failure(status_get->failure); 797 err = audit_set_failure(s.failure);
795 if (err < 0) 798 if (err < 0)
796 return err; 799 return err;
797 } 800 }
798 if (status_get->mask & AUDIT_STATUS_PID) { 801 if (s.mask & AUDIT_STATUS_PID) {
799 int new_pid = status_get->pid; 802 int new_pid = s.pid;
800 803
801 if (audit_enabled != AUDIT_OFF) 804 if (audit_enabled != AUDIT_OFF)
802 audit_log_config_change("audit_pid", new_pid, audit_pid, 1); 805 audit_log_config_change("audit_pid", new_pid, audit_pid, 1);
@@ -804,14 +807,15 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
804 audit_nlk_portid = NETLINK_CB(skb).portid; 807 audit_nlk_portid = NETLINK_CB(skb).portid;
805 audit_sock = NETLINK_CB(skb).sk; 808 audit_sock = NETLINK_CB(skb).sk;
806 } 809 }
807 if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) { 810 if (s.mask & AUDIT_STATUS_RATE_LIMIT) {
808 err = audit_set_rate_limit(status_get->rate_limit); 811 err = audit_set_rate_limit(s.rate_limit);
809 if (err < 0) 812 if (err < 0)
810 return err; 813 return err;
811 } 814 }
812 if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT) 815 if (s.mask & AUDIT_STATUS_BACKLOG_LIMIT)
813 err = audit_set_backlog_limit(status_get->backlog_limit); 816 err = audit_set_backlog_limit(s.backlog_limit);
814 break; 817 break;
818 }
815 case AUDIT_GET_FEATURE: 819 case AUDIT_GET_FEATURE:
816 err = audit_get_feature(skb); 820 err = audit_get_feature(skb);
817 if (err) 821 if (err)