diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2006-06-05 08:15:59 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2006-06-20 05:25:27 -0400 |
commit | 0a73dccc4fd472e65887eae6fbf4afc030541709 (patch) | |
tree | e9578332e31d0e88c681ac710acf2b196293ba8e | |
parent | f368c07d7214a7c41dfceb76c8db473b850f0229 (diff) |
[PATCH] validate rule fields' types
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | kernel/auditfilter.c | 57 |
1 files changed, 48 insertions, 9 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 03a6919103d4..9f985dd5e937 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
@@ -348,17 +348,31 @@ static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule) | |||
348 | f->val = rule->values[i]; | 348 | f->val = rule->values[i]; |
349 | 349 | ||
350 | err = -EINVAL; | 350 | err = -EINVAL; |
351 | if (f->type & AUDIT_UNUSED_BITS) | ||
352 | goto exit_free; | ||
353 | |||
354 | switch(f->type) { | 351 | switch(f->type) { |
355 | case AUDIT_SE_USER: | 352 | default: |
356 | case AUDIT_SE_ROLE: | ||
357 | case AUDIT_SE_TYPE: | ||
358 | case AUDIT_SE_SEN: | ||
359 | case AUDIT_SE_CLR: | ||
360 | case AUDIT_WATCH: | ||
361 | goto exit_free; | 353 | goto exit_free; |
354 | case AUDIT_PID: | ||
355 | case AUDIT_UID: | ||
356 | case AUDIT_EUID: | ||
357 | case AUDIT_SUID: | ||
358 | case AUDIT_FSUID: | ||
359 | case AUDIT_GID: | ||
360 | case AUDIT_EGID: | ||
361 | case AUDIT_SGID: | ||
362 | case AUDIT_FSGID: | ||
363 | case AUDIT_LOGINUID: | ||
364 | case AUDIT_PERS: | ||
365 | case AUDIT_ARCH: | ||
366 | case AUDIT_MSGTYPE: | ||
367 | case AUDIT_DEVMAJOR: | ||
368 | case AUDIT_DEVMINOR: | ||
369 | case AUDIT_EXIT: | ||
370 | case AUDIT_SUCCESS: | ||
371 | case AUDIT_ARG0: | ||
372 | case AUDIT_ARG1: | ||
373 | case AUDIT_ARG2: | ||
374 | case AUDIT_ARG3: | ||
375 | break; | ||
362 | case AUDIT_INODE: | 376 | case AUDIT_INODE: |
363 | err = audit_to_inode(&entry->rule, f); | 377 | err = audit_to_inode(&entry->rule, f); |
364 | if (err) | 378 | if (err) |
@@ -432,6 +446,29 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, | |||
432 | f->se_str = NULL; | 446 | f->se_str = NULL; |
433 | f->se_rule = NULL; | 447 | f->se_rule = NULL; |
434 | switch(f->type) { | 448 | switch(f->type) { |
449 | case AUDIT_PID: | ||
450 | case AUDIT_UID: | ||
451 | case AUDIT_EUID: | ||
452 | case AUDIT_SUID: | ||
453 | case AUDIT_FSUID: | ||
454 | case AUDIT_GID: | ||
455 | case AUDIT_EGID: | ||
456 | case AUDIT_SGID: | ||
457 | case AUDIT_FSGID: | ||
458 | case AUDIT_LOGINUID: | ||
459 | case AUDIT_PERS: | ||
460 | case AUDIT_ARCH: | ||
461 | case AUDIT_MSGTYPE: | ||
462 | case AUDIT_PPID: | ||
463 | case AUDIT_DEVMAJOR: | ||
464 | case AUDIT_DEVMINOR: | ||
465 | case AUDIT_EXIT: | ||
466 | case AUDIT_SUCCESS: | ||
467 | case AUDIT_ARG0: | ||
468 | case AUDIT_ARG1: | ||
469 | case AUDIT_ARG2: | ||
470 | case AUDIT_ARG3: | ||
471 | break; | ||
435 | case AUDIT_SE_USER: | 472 | case AUDIT_SE_USER: |
436 | case AUDIT_SE_ROLE: | 473 | case AUDIT_SE_ROLE: |
437 | case AUDIT_SE_TYPE: | 474 | case AUDIT_SE_TYPE: |
@@ -474,6 +511,8 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, | |||
474 | if (err) | 511 | if (err) |
475 | goto exit_free; | 512 | goto exit_free; |
476 | break; | 513 | break; |
514 | default: | ||
515 | goto exit_free; | ||
477 | } | 516 | } |
478 | } | 517 | } |
479 | 518 | ||