diff options
| author | <dwmw2@shinybook.infradead.org> | 2005-04-29 10:54:44 -0400 |
|---|---|---|
| committer | <dwmw2@shinybook.infradead.org> | 2005-04-29 10:54:44 -0400 |
| commit | 83c7d09173fdb6b06b109e65895392db3e49ac9c (patch) | |
| tree | 3f48367a4d1413e221a5367bcd0cf8df7322c368 /kernel/auditsc.c | |
| parent | c60c390620e0abb60d4ae8c43583714bda27763f (diff) | |
AUDIT: Avoid log pollution by untrusted strings.
We log strings from userspace, such as arguments to open(). These could
be formatted to contain \n followed by fake audit log entries. Provide
a function for logging such strings, which gives a hex dump when the
string contains anything but basic printable ASCII characters. Use it
for logging filenames.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'kernel/auditsc.c')
| -rw-r--r-- | kernel/auditsc.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 6f1931381bc9..00e87ffff13b 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -696,9 +696,10 @@ static void audit_log_exit(struct audit_context *context) | |||
| 696 | if (!ab) | 696 | if (!ab) |
| 697 | continue; /* audit_panic has been called */ | 697 | continue; /* audit_panic has been called */ |
| 698 | audit_log_format(ab, "item=%d", i); | 698 | audit_log_format(ab, "item=%d", i); |
| 699 | if (context->names[i].name) | 699 | if (context->names[i].name) { |
| 700 | audit_log_format(ab, " name=%s", | 700 | audit_log_format(ab, " name="); |
| 701 | context->names[i].name); | 701 | audit_log_untrustedstring(ab, context->names[i].name); |
| 702 | } | ||
| 702 | if (context->names[i].ino != (unsigned long)-1) | 703 | if (context->names[i].ino != (unsigned long)-1) |
| 703 | audit_log_format(ab, " inode=%lu dev=%02x:%02x mode=%#o" | 704 | audit_log_format(ab, " inode=%lu dev=%02x:%02x mode=%#o" |
| 704 | " uid=%d gid=%d rdev=%02x:%02x", | 705 | " uid=%d gid=%d rdev=%02x:%02x", |