aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorSteve Grubb <sgrubb@redhat.com>2006-09-28 14:31:32 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2006-10-04 08:31:21 -0400
commitac9910ce017ff5f86f3a25e969b2c4f5d6ac438f (patch)
treef45d66fa60a02a9f5b32ea95a7d599cb1f175323 /kernel
parent419c58f11fb732cc8bd1335fa43e0decb34e0be3 (diff)
[PATCH] name_count array overrun
Hi, This patch removes the rdev logging from the previous patch The below patch closes an unbounded use of name_count. This can lead to oopses in some new file systems. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/auditsc.c19
1 files changed, 17 insertions, 2 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index b61c0191f3da..42f2f1179711 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1357,7 +1357,13 @@ void __audit_inode_child(const char *dname, const struct inode *inode,
1357 } 1357 }
1358 1358
1359update_context: 1359update_context:
1360 idx = context->name_count++; 1360 idx = context->name_count;
1361 if (context->name_count == AUDIT_NAMES) {
1362 printk(KERN_DEBUG "name_count maxed and losing %s\n",
1363 found_name ?: "(null)");
1364 return;
1365 }
1366 context->name_count++;
1361#if AUDIT_DEBUG 1367#if AUDIT_DEBUG
1362 context->ino_count++; 1368 context->ino_count++;
1363#endif 1369#endif
@@ -1375,7 +1381,16 @@ update_context:
1375 /* A parent was not found in audit_names, so copy the inode data for the 1381 /* A parent was not found in audit_names, so copy the inode data for the
1376 * provided parent. */ 1382 * provided parent. */
1377 if (!found_name) { 1383 if (!found_name) {
1378 idx = context->name_count++; 1384 idx = context->name_count;
1385 if (context->name_count == AUDIT_NAMES) {
1386 printk(KERN_DEBUG
1387 "name_count maxed and losing parent inode data: dev=%02x:%02x, inode=%lu",
1388 MAJOR(parent->i_sb->s_dev),
1389 MINOR(parent->i_sb->s_dev),
1390 parent->i_ino);
1391 return;
1392 }
1393 context->name_count++;
1379#if AUDIT_DEBUG 1394#if AUDIT_DEBUG
1380 context->ino_count++; 1395 context->ino_count++;
1381#endif 1396#endif