diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2008-12-10 07:16:12 -0500 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2009-01-04 15:14:40 -0500 |
commit | 20114f71b27cafeb7c7e41d2b0f0b68c3fbb022b (patch) | |
tree | fcbb481cfec8c11f103ba07dbb08819de3822d80 /kernel/auditsc.c | |
parent | 7392906ea915b9a2c14dea32b3604b4e178f82f7 (diff) |
sanitize audit_mq_notify()
* don't copy_from_user() twice
* don't bother with allocations
* don't duplicate parts of audit_dummy_context()
* make it return void
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r-- | kernel/auditsc.c | 56 |
1 files changed, 16 insertions, 40 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index c50178c7e245..3ece960de894 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -139,12 +139,6 @@ struct audit_aux_data_mq_sendrecv { | |||
139 | struct timespec abs_timeout; | 139 | struct timespec abs_timeout; |
140 | }; | 140 | }; |
141 | 141 | ||
142 | struct audit_aux_data_mq_notify { | ||
143 | struct audit_aux_data d; | ||
144 | mqd_t mqdes; | ||
145 | struct sigevent notification; | ||
146 | }; | ||
147 | |||
148 | struct audit_aux_data_execve { | 142 | struct audit_aux_data_execve { |
149 | struct audit_aux_data d; | 143 | struct audit_aux_data d; |
150 | int argc; | 144 | int argc; |
@@ -246,6 +240,10 @@ struct audit_context { | |||
246 | mqd_t mqdes; | 240 | mqd_t mqdes; |
247 | struct mq_attr mqstat; | 241 | struct mq_attr mqstat; |
248 | } mq_getsetattr; | 242 | } mq_getsetattr; |
243 | struct { | ||
244 | mqd_t mqdes; | ||
245 | int sigev_signo; | ||
246 | } mq_notify; | ||
249 | }; | 247 | }; |
250 | 248 | ||
251 | #if AUDIT_DEBUG | 249 | #if AUDIT_DEBUG |
@@ -1267,6 +1265,11 @@ static void show_special(struct audit_context *context, int *call_panic) | |||
1267 | return; | 1265 | return; |
1268 | } | 1266 | } |
1269 | break; } | 1267 | break; } |
1268 | case AUDIT_MQ_NOTIFY: { | ||
1269 | audit_log_format(ab, "mqdes=%d sigev_signo=%d", | ||
1270 | context->mq_notify.mqdes, | ||
1271 | context->mq_notify.sigev_signo); | ||
1272 | break; } | ||
1270 | case AUDIT_MQ_GETSETATTR: { | 1273 | case AUDIT_MQ_GETSETATTR: { |
1271 | struct mq_attr *attr = &context->mq_getsetattr.mqstat; | 1274 | struct mq_attr *attr = &context->mq_getsetattr.mqstat; |
1272 | audit_log_format(ab, | 1275 | audit_log_format(ab, |
@@ -1376,14 +1379,6 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
1376 | axi->abs_timeout.tv_sec, axi->abs_timeout.tv_nsec); | 1379 | axi->abs_timeout.tv_sec, axi->abs_timeout.tv_nsec); |
1377 | break; } | 1380 | break; } |
1378 | 1381 | ||
1379 | case AUDIT_MQ_NOTIFY: { | ||
1380 | struct audit_aux_data_mq_notify *axi = (void *)aux; | ||
1381 | audit_log_format(ab, | ||
1382 | "mqdes=%d sigev_signo=%d", | ||
1383 | axi->mqdes, | ||
1384 | axi->notification.sigev_signo); | ||
1385 | break; } | ||
1386 | |||
1387 | case AUDIT_EXECVE: { | 1382 | case AUDIT_EXECVE: { |
1388 | struct audit_aux_data_execve *axi = (void *)aux; | 1383 | struct audit_aux_data_execve *axi = (void *)aux; |
1389 | audit_log_execve_info(context, &ab, axi); | 1384 | audit_log_execve_info(context, &ab, axi); |
@@ -2274,38 +2269,19 @@ int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, | |||
2274 | * @mqdes: MQ descriptor | 2269 | * @mqdes: MQ descriptor |
2275 | * @u_notification: Notification event | 2270 | * @u_notification: Notification event |
2276 | * | 2271 | * |
2277 | * Returns 0 for success or NULL context or < 0 on error. | ||
2278 | */ | 2272 | */ |
2279 | 2273 | ||
2280 | int __audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification) | 2274 | void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification) |
2281 | { | 2275 | { |
2282 | struct audit_aux_data_mq_notify *ax; | ||
2283 | struct audit_context *context = current->audit_context; | 2276 | struct audit_context *context = current->audit_context; |
2284 | 2277 | ||
2285 | if (!audit_enabled) | 2278 | if (notification) |
2286 | return 0; | 2279 | context->mq_notify.sigev_signo = notification->sigev_signo; |
2287 | 2280 | else | |
2288 | if (likely(!context)) | 2281 | context->mq_notify.sigev_signo = 0; |
2289 | return 0; | ||
2290 | |||
2291 | ax = kmalloc(sizeof(*ax), GFP_ATOMIC); | ||
2292 | if (!ax) | ||
2293 | return -ENOMEM; | ||
2294 | |||
2295 | if (u_notification != NULL) { | ||
2296 | if (copy_from_user(&ax->notification, u_notification, sizeof(ax->notification))) { | ||
2297 | kfree(ax); | ||
2298 | return -EFAULT; | ||
2299 | } | ||
2300 | } else | ||
2301 | memset(&ax->notification, 0, sizeof(ax->notification)); | ||
2302 | |||
2303 | ax->mqdes = mqdes; | ||
2304 | 2282 | ||
2305 | ax->d.type = AUDIT_MQ_NOTIFY; | 2283 | context->mq_notify.mqdes = mqdes; |
2306 | ax->d.next = context->aux; | 2284 | context->type = AUDIT_MQ_NOTIFY; |
2307 | context->aux = (void *)ax; | ||
2308 | return 0; | ||
2309 | } | 2285 | } |
2310 | 2286 | ||
2311 | /** | 2287 | /** |