aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/audit.c
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2008-01-07 14:31:58 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2008-02-01 14:23:55 -0500
commitde6bbd1d30e5912620d25dd15e3f180ac7f9fcef (patch)
tree3807b13f8e2e490c258c5bb37915c95fc1bcfe20 /kernel/audit.c
parente445deb593d67c8ed13bd357c780a93d78bc84cf (diff)
[AUDIT] break large execve argument logging into smaller messages
execve arguments can be quite large. There is no limit on the number of arguments and a 4G limit on the size of an argument. this patch prints those aruguments in bite sized pieces. a userspace size limitation of 8k was discovered so this keeps messages around 7.5k single arguments larger than 7.5k in length are split into multiple records and can be identified as aX[Y]= Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel/audit.c')
-rw-r--r--kernel/audit.c37
1 files changed, 23 insertions, 14 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index cf6698289426..26ff925e13f2 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1350,6 +1350,21 @@ static void audit_log_n_string(struct audit_buffer *ab, size_t slen,
1350} 1350}
1351 1351
1352/** 1352/**
1353 * audit_string_contains_control - does a string need to be logged in hex
1354 * @string - string to be checked
1355 * @len - max length of the string to check
1356 */
1357int audit_string_contains_control(const char *string, size_t len)
1358{
1359 const unsigned char *p;
1360 for (p = string; p < (const unsigned char *)string + len && *p; p++) {
1361 if (*p == '"' || *p < 0x21 || *p > 0x7f)
1362 return 1;
1363 }
1364 return 0;
1365}
1366
1367/**
1353 * audit_log_n_untrustedstring - log a string that may contain random characters 1368 * audit_log_n_untrustedstring - log a string that may contain random characters
1354 * @ab: audit_buffer 1369 * @ab: audit_buffer
1355 * @len: lenth of string (not including trailing null) 1370 * @len: lenth of string (not including trailing null)
@@ -1363,19 +1378,13 @@ static void audit_log_n_string(struct audit_buffer *ab, size_t slen,
1363 * The caller specifies the number of characters in the string to log, which may 1378 * The caller specifies the number of characters in the string to log, which may
1364 * or may not be the entire string. 1379 * or may not be the entire string.
1365 */ 1380 */
1366const char *audit_log_n_untrustedstring(struct audit_buffer *ab, size_t len, 1381void audit_log_n_untrustedstring(struct audit_buffer *ab, size_t len,
1367 const char *string) 1382 const char *string)
1368{ 1383{
1369 const unsigned char *p; 1384 if (audit_string_contains_control(string, len))
1370 1385 audit_log_hex(ab, string, len);
1371 for (p = string; p < (const unsigned char *)string + len && *p; p++) { 1386 else
1372 if (*p == '"' || *p < 0x21 || *p > 0x7f) { 1387 audit_log_n_string(ab, len, string);
1373 audit_log_hex(ab, string, len);
1374 return string + len + 1;
1375 }
1376 }
1377 audit_log_n_string(ab, len, string);
1378 return p + 1;
1379} 1388}
1380 1389
1381/** 1390/**
@@ -1386,9 +1395,9 @@ const char *audit_log_n_untrustedstring(struct audit_buffer *ab, size_t len,
1386 * Same as audit_log_n_untrustedstring(), except that strlen is used to 1395 * Same as audit_log_n_untrustedstring(), except that strlen is used to
1387 * determine string length. 1396 * determine string length.
1388 */ 1397 */
1389const char *audit_log_untrustedstring(struct audit_buffer *ab, const char *string) 1398void audit_log_untrustedstring(struct audit_buffer *ab, const char *string)
1390{ 1399{
1391 return audit_log_n_untrustedstring(ab, strlen(string), string); 1400 audit_log_n_untrustedstring(ab, strlen(string), string);
1392} 1401}
1393 1402
1394/* This is a helper-function to print the escaped d_path */ 1403/* This is a helper-function to print the escaped d_path */