aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2008-12-10 03:16:51 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2009-01-04 15:14:39 -0500
commitf3298dc4f2277874d40cb4fc3a6e277317d6603b (patch)
tree8ba8f7e7a0597965b2f6c7106718a59cc164eab1
parent4f6b434fee2402b3decdeae9d16eb648725ae426 (diff)
sanitize audit_socketcall
* don't bother with allocations * now that it can't fail, make it return void Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r--include/linux/audit.h4
-rw-r--r--kernel/auditsc.c66
-rw-r--r--net/socket.c4
3 files changed, 41 insertions, 33 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 26c4f6f65a46..466a953d4bf6 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -446,7 +446,7 @@ extern void audit_log_task_context(struct audit_buffer *ab);
446extern int __audit_ipc_obj(struct kern_ipc_perm *ipcp); 446extern int __audit_ipc_obj(struct kern_ipc_perm *ipcp);
447extern int __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); 447extern int __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode);
448extern int audit_bprm(struct linux_binprm *bprm); 448extern int audit_bprm(struct linux_binprm *bprm);
449extern int audit_socketcall(int nargs, unsigned long *args); 449extern void audit_socketcall(int nargs, unsigned long *args);
450extern int audit_sockaddr(int len, void *addr); 450extern int audit_sockaddr(int len, void *addr);
451extern int __audit_fd_pair(int fd1, int fd2); 451extern int __audit_fd_pair(int fd1, int fd2);
452extern int audit_set_macxattr(const char *name); 452extern int audit_set_macxattr(const char *name);
@@ -549,7 +549,7 @@ extern int audit_signals;
549#define audit_ipc_obj(i) ({ 0; }) 549#define audit_ipc_obj(i) ({ 0; })
550#define audit_ipc_set_perm(q,u,g,m) ({ 0; }) 550#define audit_ipc_set_perm(q,u,g,m) ({ 0; })
551#define audit_bprm(p) ({ 0; }) 551#define audit_bprm(p) ({ 0; })
552#define audit_socketcall(n,a) ({ 0; }) 552#define audit_socketcall(n,a) ((void)0)
553#define audit_fd_pair(n,a) ({ 0; }) 553#define audit_fd_pair(n,a) ({ 0; })
554#define audit_sockaddr(len, addr) ({ 0; }) 554#define audit_sockaddr(len, addr) ({ 0; })
555#define audit_set_macxattr(n) do { ; } while (0) 555#define audit_set_macxattr(n) do { ; } while (0)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index c2e43ebb1b68..5cda66466e14 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -168,12 +168,6 @@ struct audit_aux_data_execve {
168 struct mm_struct *mm; 168 struct mm_struct *mm;
169}; 169};
170 170
171struct audit_aux_data_socketcall {
172 struct audit_aux_data d;
173 int nargs;
174 unsigned long args[0];
175};
176
177struct audit_aux_data_fd_pair { 171struct audit_aux_data_fd_pair {
178 struct audit_aux_data d; 172 struct audit_aux_data d;
179 int fd[2]; 173 int fd[2];
@@ -247,6 +241,14 @@ struct audit_context {
247 struct audit_tree_refs *trees, *first_trees; 241 struct audit_tree_refs *trees, *first_trees;
248 int tree_count; 242 int tree_count;
249 243
244 int type;
245 union {
246 struct {
247 int nargs;
248 long args[6];
249 } socketcall;
250 };
251
250#if AUDIT_DEBUG 252#if AUDIT_DEBUG
251 int put_count; 253 int put_count;
252 int ino_count; 254 int ino_count;
@@ -1226,6 +1228,27 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name)
1226 audit_log_format(ab, " cap_fe=%d cap_fver=%x", name->fcap.fE, name->fcap_ver); 1228 audit_log_format(ab, " cap_fe=%d cap_fver=%x", name->fcap.fE, name->fcap_ver);
1227} 1229}
1228 1230
1231static void show_special(struct audit_context *context)
1232{
1233 struct audit_buffer *ab;
1234 int i;
1235
1236 ab = audit_log_start(context, GFP_KERNEL, context->type);
1237 if (!ab)
1238 return;
1239
1240 switch (context->type) {
1241 case AUDIT_SOCKETCALL: {
1242 int nargs = context->socketcall.nargs;
1243 audit_log_format(ab, "nargs=%d", nargs);
1244 for (i = 0; i < nargs; i++)
1245 audit_log_format(ab, " a%d=%lx", i,
1246 context->socketcall.args[i]);
1247 break; }
1248 }
1249 audit_log_end(ab);
1250}
1251
1229static void audit_log_exit(struct audit_context *context, struct task_struct *tsk) 1252static void audit_log_exit(struct audit_context *context, struct task_struct *tsk)
1230{ 1253{
1231 const struct cred *cred; 1254 const struct cred *cred;
@@ -1372,13 +1395,6 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
1372 audit_log_execve_info(context, &ab, axi); 1395 audit_log_execve_info(context, &ab, axi);
1373 break; } 1396 break; }
1374 1397
1375 case AUDIT_SOCKETCALL: {
1376 struct audit_aux_data_socketcall *axs = (void *)aux;
1377 audit_log_format(ab, "nargs=%d", axs->nargs);
1378 for (i=0; i<axs->nargs; i++)
1379 audit_log_format(ab, " a%d=%lx", i, axs->args[i]);
1380 break; }
1381
1382 case AUDIT_FD_PAIR: { 1398 case AUDIT_FD_PAIR: {
1383 struct audit_aux_data_fd_pair *axs = (void *)aux; 1399 struct audit_aux_data_fd_pair *axs = (void *)aux;
1384 audit_log_format(ab, "fd0=%d fd1=%d", axs->fd[0], axs->fd[1]); 1400 audit_log_format(ab, "fd0=%d fd1=%d", axs->fd[0], axs->fd[1]);
@@ -1410,6 +1426,9 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
1410 audit_log_end(ab); 1426 audit_log_end(ab);
1411 } 1427 }
1412 1428
1429 if (context->type)
1430 show_special(context);
1431
1413 if (context->sockaddr_len) { 1432 if (context->sockaddr_len) {
1414 ab = audit_log_start(context, GFP_KERNEL, AUDIT_SOCKADDR); 1433 ab = audit_log_start(context, GFP_KERNEL, AUDIT_SOCKADDR);
1415 if (ab) { 1434 if (ab) {
@@ -1689,6 +1708,7 @@ void audit_syscall_exit(int valid, long return_code)
1689 context->target_pid = 0; 1708 context->target_pid = 0;
1690 context->target_sid = 0; 1709 context->target_sid = 0;
1691 context->sockaddr_len = 0; 1710 context->sockaddr_len = 0;
1711 context->type = 0;
1692 kfree(context->filterkey); 1712 kfree(context->filterkey);
1693 context->filterkey = NULL; 1713 context->filterkey = NULL;
1694 tsk->audit_context = context; 1714 tsk->audit_context = context;
@@ -2406,27 +2426,17 @@ int audit_bprm(struct linux_binprm *bprm)
2406 * @nargs: number of args 2426 * @nargs: number of args
2407 * @args: args array 2427 * @args: args array
2408 * 2428 *
2409 * Returns 0 for success or NULL context or < 0 on error.
2410 */ 2429 */
2411int audit_socketcall(int nargs, unsigned long *args) 2430void audit_socketcall(int nargs, unsigned long *args)
2412{ 2431{
2413 struct audit_aux_data_socketcall *ax;
2414 struct audit_context *context = current->audit_context; 2432 struct audit_context *context = current->audit_context;
2415 2433
2416 if (likely(!context || context->dummy)) 2434 if (likely(!context || context->dummy))
2417 return 0; 2435 return;
2418
2419 ax = kmalloc(sizeof(*ax) + nargs * sizeof(unsigned long), GFP_KERNEL);
2420 if (!ax)
2421 return -ENOMEM;
2422
2423 ax->nargs = nargs;
2424 memcpy(ax->args, args, nargs * sizeof(unsigned long));
2425 2436
2426 ax->d.type = AUDIT_SOCKETCALL; 2437 context->type = AUDIT_SOCKETCALL;
2427 ax->d.next = context->aux; 2438 context->socketcall.nargs = nargs;
2428 context->aux = (void *)ax; 2439 memcpy(context->socketcall.args, args, nargs * sizeof(unsigned long));
2429 return 0;
2430} 2440}
2431 2441
2432/** 2442/**
diff --git a/net/socket.c b/net/socket.c
index 2c730fc718ab..b41a92093e40 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -2065,9 +2065,7 @@ asmlinkage long sys_socketcall(int call, unsigned long __user *args)
2065 if (copy_from_user(a, args, nargs[call])) 2065 if (copy_from_user(a, args, nargs[call]))
2066 return -EFAULT; 2066 return -EFAULT;
2067 2067
2068 err = audit_socketcall(nargs[call] / sizeof(unsigned long), a); 2068 audit_socketcall(nargs[call] / sizeof(unsigned long), a);
2069 if (err)
2070 return err;
2071 2069
2072 a0 = a[0]; 2070 a0 = a[0];
2073 a1 = a[1]; 2071 a1 = a[1];