AUDIT: Avoid log pollution by untrusted strings.

We log strings from userspace, such as arguments to open(). These could be formatted to contain \n followed by fake audit log entries. Provide a function for logging such strings, which gives a hex dump when the string contains anything but basic printable ASCII characters. Use it for logging filenames. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
author: <dwmw2@shinybook.infradead.org> 2005-04-29 10:54:44 -0400
committer: <dwmw2@shinybook.infradead.org> 2005-04-29 10:54:44 -0400
commit: 83c7d09173fdb6b06b109e65895392db3e49ac9c (patch)
tree: 3f48367a4d1413e221a5367bcd0cf8df7322c368 /kernel/audit.c
parent: c60c390620e0abb60d4ae8c43583714bda27763f (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 0f84dd7af2c8..dca7b99615d2 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -720,6 +720,29 @@ void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)
        va_end(args);
 }
+void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf, size_t len)
+{
+        int i;
+        for (i=0; i<len; i++)
+                audit_log_format(ab, "%02x", buf[i]);
+}
+void audit_log_untrustedstring(struct audit_buffer *ab, const char *string)
+{
+        const char *p = string;
+        while (*p) {
+                if (*p == '"' || *p == ' ' || *p < 0x20 || *p > 0x7f) {
+                        audit_log_hex(ab, string, strlen(string));
+                        return;
+                }
+                p++;
+        }
+        audit_log_format(ab, "\"%s\"", string);
+}
 /* This is a helper-function to print the d_path without using a static
 * buffer or allocating another buffer in addition to the one in
 * audit_buffer. */
author	<dwmw2@shinybook.infradead.org>	2005-04-29 10:54:44 -0400
committer	<dwmw2@shinybook.infradead.org>	2005-04-29 10:54:44 -0400
commit	83c7d09173fdb6b06b109e65895392db3e49ac9c (patch)
tree	3f48367a4d1413e221a5367bcd0cf8df7322c368 /kernel/audit.c
parent	c60c390620e0abb60d4ae8c43583714bda27763f (diff)

diff --git a/kernel/audit.c b/kernel/audit.c index 0f84dd7af2c8..dca7b99615d2 100644 --- a/kernel/audit.c +++ b/kernel/audit.c
@@ -720,6 +720,29 @@ void audit_log_format(struct audit_buffer ab, const char fmt, ...)
720	va_end(args);	720	va_end(args);
721	}	721	}
722		722
		723	void audit_log_hex(struct audit_buffer ab, const unsigned char buf, size_t len)
		724	{
		725	int i;
		726
		727	for (i=0; i<len; i++)
		728	audit_log_format(ab, "%02x", buf[i]);
		729	}
		730
		731	void audit_log_untrustedstring(struct audit_buffer ab, const char string)
		732	{
		733	const char *p = string;
		734
		735	while (*p) {
		736	if (p == '"' \|\| p == ' ' \|\| p < 0x20 \|\| p > 0x7f) {
		737	audit_log_hex(ab, string, strlen(string));
		738	return;
		739	}
		740	p++;
		741	}
		742	audit_log_format(ab, "\"%s\"", string);
		743	}
		744
		745
723	/* This is a helper-function to print the d_path without using a static	746	/* This is a helper-function to print the d_path without using a static
724	* buffer or allocating another buffer in addition to the one in	747	* buffer or allocating another buffer in addition to the one in
725	* audit_buffer. */	748	* audit_buffer. */