aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
author <dwmw2@shinybook.infradead.org>2005-04-29 10:54:44 -0400
committer <dwmw2@shinybook.infradead.org>2005-04-29 10:54:44 -0400
commit83c7d09173fdb6b06b109e65895392db3e49ac9c (patch)
tree3f48367a4d1413e221a5367bcd0cf8df7322c368 /kernel
parentc60c390620e0abb60d4ae8c43583714bda27763f (diff)
AUDIT: Avoid log pollution by untrusted strings.
We log strings from userspace, such as arguments to open(). These could be formatted to contain \n followed by fake audit log entries. Provide a function for logging such strings, which gives a hex dump when the string contains anything but basic printable ASCII characters. Use it for logging filenames. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/audit.c23
-rw-r--r--kernel/auditsc.c7
2 files changed, 27 insertions, 3 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 0f84dd7af2c8..dca7b99615d2 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -720,6 +720,29 @@ void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)
720 va_end(args); 720 va_end(args);
721} 721}
722 722
723void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf, size_t len)
724{
725 int i;
726
727 for (i=0; i<len; i++)
728 audit_log_format(ab, "%02x", buf[i]);
729}
730
731void audit_log_untrustedstring(struct audit_buffer *ab, const char *string)
732{
733 const char *p = string;
734
735 while (*p) {
736 if (*p == '"' || *p == ' ' || *p < 0x20 || *p > 0x7f) {
737 audit_log_hex(ab, string, strlen(string));
738 return;
739 }
740 p++;
741 }
742 audit_log_format(ab, "\"%s\"", string);
743}
744
745
723/* This is a helper-function to print the d_path without using a static 746/* This is a helper-function to print the d_path without using a static
724 * buffer or allocating another buffer in addition to the one in 747 * buffer or allocating another buffer in addition to the one in
725 * audit_buffer. */ 748 * audit_buffer. */
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 6f1931381bc9..00e87ffff13b 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -696,9 +696,10 @@ static void audit_log_exit(struct audit_context *context)
696 if (!ab) 696 if (!ab)
697 continue; /* audit_panic has been called */ 697 continue; /* audit_panic has been called */
698 audit_log_format(ab, "item=%d", i); 698 audit_log_format(ab, "item=%d", i);
699 if (context->names[i].name) 699 if (context->names[i].name) {
700 audit_log_format(ab, " name=%s", 700 audit_log_format(ab, " name=");
701 context->names[i].name); 701 audit_log_untrustedstring(ab, context->names[i].name);
702 }
702 if (context->names[i].ino != (unsigned long)-1) 703 if (context->names[i].ino != (unsigned long)-1)
703 audit_log_format(ab, " inode=%lu dev=%02x:%02x mode=%#o" 704 audit_log_format(ab, " inode=%lu dev=%02x:%02x mode=%#o"
704 " uid=%d gid=%d rdev=%02x:%02x", 705 " uid=%d gid=%d rdev=%02x:%02x",