[AUDIT] break large execve argument logging into smaller messages

execve arguments can be quite large. There is no limit on the number of arguments and a 4G limit on the size of an argument. this patch prints those aruguments in bite sized pieces. a userspace size limitation of 8k was discovered so this keeps messages around 7.5k single arguments larger than 7.5k in length are split into multiple records and can be identified as aX[Y]= Signed-off-by: Eric Paris <eparis@redhat.com>
author: Eric Paris <eparis@redhat.com> 2008-01-07 14:31:58 -0500
committer: Al Viro <viro@zeniv.linux.org.uk> 2008-02-01 14:23:55 -0500
commit: de6bbd1d30e5912620d25dd15e3f180ac7f9fcef (patch)
tree: 3807b13f8e2e490c258c5bb37915c95fc1bcfe20 /kernel/audit.c
parent: e445deb593d67c8ed13bd357c780a93d78bc84cf (diff)
1 files changed, 23 insertions, 14 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index cf6698289426..26ff925e13f2 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1350,6 +1350,21 @@ static void audit_log_n_string(struct audit_buffer *ab, size_t slen,
 }
 /**
+ * audit_string_contains_control - does a string need to be logged in hex
+ * @string - string to be checked
+ * @len - max length of the string to check
+ */
+int audit_string_contains_control(const char *string, size_t len)
+{
+        const unsigned char *p;
+        for (p = string; p < (const unsigned char *)string + len && *p; p++) {
+                if (*p == '"' || *p < 0x21 || *p > 0x7f)
+                        return 1;
+        }
+        return 0;
+}
+/**
 * audit_log_n_untrustedstring - log a string that may contain random characters
 * @ab: audit_buffer
 * @len: lenth of string (not including trailing null)
@@ -1363,19 +1378,13 @@ static void audit_log_n_string(struct audit_buffer *ab, size_t slen,
 * The caller specifies the number of characters in the string to log, which may
 * or may not be the entire string.
 */
-const char *audit_log_n_untrustedstring(struct audit_buffer *ab, size_t len,
+void audit_log_n_untrustedstring(struct audit_buffer *ab, size_t len,
-                                        const char *string)
+                                 const char *string)
 {
-        const unsigned char *p;
+        if (audit_string_contains_control(string, len))
+                audit_log_hex(ab, string, len);
-        for (p = string; p < (const unsigned char *)string + len && *p; p++) {
+        else
-                if (*p == '"' || *p < 0x21 || *p > 0x7f) {
+                audit_log_n_string(ab, len, string);
-                        audit_log_hex(ab, string, len);
-                        return string + len + 1;
-                }
-        }
-        audit_log_n_string(ab, len, string);
-        return p + 1;
 }
 /**
@@ -1386,9 +1395,9 @@ const char *audit_log_n_untrustedstring(struct audit_buffer *ab, size_t len,
 * Same as audit_log_n_untrustedstring(), except that strlen is used to
 * determine string length.
 */
-const char *audit_log_untrustedstring(struct audit_buffer *ab, const char *string)
+void audit_log_untrustedstring(struct audit_buffer *ab, const char *string)
 {
-        return audit_log_n_untrustedstring(ab, strlen(string), string);
+        audit_log_n_untrustedstring(ab, strlen(string), string);
 }
 /* This is a helper-function to print the escaped d_path */
author	Eric Paris <eparis@redhat.com>	2008-01-07 14:31:58 -0500
committer	Al Viro <viro@zeniv.linux.org.uk>	2008-02-01 14:23:55 -0500
commit	de6bbd1d30e5912620d25dd15e3f180ac7f9fcef (patch)
tree	3807b13f8e2e490c258c5bb37915c95fc1bcfe20 /kernel/audit.c
parent	e445deb593d67c8ed13bd357c780a93d78bc84cf (diff)

diff --git a/kernel/audit.c b/kernel/audit.c index cf6698289426..26ff925e13f2 100644 --- a/kernel/audit.c +++ b/kernel/audit.c
@@ -1350,6 +1350,21 @@ static void audit_log_n_string(struct audit_buffer *ab, size_t slen,
1350	}	1350	}
1351		1351
1352	/**	1352	/**
		1353	* audit_string_contains_control - does a string need to be logged in hex
		1354	* @string - string to be checked
		1355	* @len - max length of the string to check
		1356	*/
		1357	int audit_string_contains_control(const char *string, size_t len)
		1358	{
		1359	const unsigned char *p;
		1360	for (p = string; p < (const unsigned char )string + len && p; p++) {
		1361	if (p == '"' \|\| p < 0x21 \|\| *p > 0x7f)
		1362	return 1;
		1363	}
		1364	return 0;
		1365	}
		1366
		1367	/**
1353	* audit_log_n_untrustedstring - log a string that may contain random characters	1368	* audit_log_n_untrustedstring - log a string that may contain random characters
1354	* @ab: audit_buffer	1369	* @ab: audit_buffer
1355	* @len: lenth of string (not including trailing null)	1370	* @len: lenth of string (not including trailing null)
@@ -1363,19 +1378,13 @@ static void audit_log_n_string(struct audit_buffer *ab, size_t slen,
1363	* The caller specifies the number of characters in the string to log, which may	1378	* The caller specifies the number of characters in the string to log, which may
1364	* or may not be the entire string.	1379	* or may not be the entire string.
1365	*/	1380	*/
1366	const char audit_log_n_untrustedstring(struct audit_buffer ab, size_t len,	1381	void audit_log_n_untrustedstring(struct audit_buffer *ab, size_t len,
1367	const char *string)	1382	const char *string)
1368	{	1383	{
1369	const unsigned char *p;	1384	if (audit_string_contains_control(string, len))
1370		1385	audit_log_hex(ab, string, len);
1371	for (p = string; p < (const unsigned char )string + len && p; p++) {	1386	else
1372	if (p == '"' \|\| p < 0x21 \|\| *p > 0x7f) {	1387	audit_log_n_string(ab, len, string);
1373	audit_log_hex(ab, string, len);
1374	return string + len + 1;
1375	}
1376	}
1377	audit_log_n_string(ab, len, string);
1378	return p + 1;
1379	}	1388	}
1380		1389
1381	/**	1390	/**
@@ -1386,9 +1395,9 @@ const char audit_log_n_untrustedstring(struct audit_buffer ab, size_t len,
1386	* Same as audit_log_n_untrustedstring(), except that strlen is used to	1395	* Same as audit_log_n_untrustedstring(), except that strlen is used to
1387	* determine string length.	1396	* determine string length.
1388	*/	1397	*/
1389	const char audit_log_untrustedstring(struct audit_buffer ab, const char *string)	1398	void audit_log_untrustedstring(struct audit_buffer ab, const char string)
1390	{	1399	{
1391	return audit_log_n_untrustedstring(ab, strlen(string), string);	1400	audit_log_n_untrustedstring(ab, strlen(string), string);
1392	}	1401	}
1393		1402
1394	/* This is a helper-function to print the escaped d_path */	1403	/* This is a helper-function to print the escaped d_path */