aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2008-12-14 04:02:26 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2009-01-04 15:14:41 -0500
commit564f6993ffef656aebaf46cf2f1f6cb4f5c97207 (patch)
tree0bf1ee553ab1241338fe522ffbaed8cd48e10c99 /kernel
parentc32c8af43b9adde8d6f938d8e6328c13b8de79ac (diff)
sanitize audit_mq_open()
* don't bother with allocations * don't do double copy_from_user() * don't duplicate parts of check for audit_dummy_context() Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/auditsc.c65
1 files changed, 23 insertions, 42 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 140c47453470..83e946f1cdde 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -124,13 +124,6 @@ struct audit_aux_data {
124/* Number of target pids per aux struct. */ 124/* Number of target pids per aux struct. */
125#define AUDIT_AUX_PIDS 16 125#define AUDIT_AUX_PIDS 16
126 126
127struct audit_aux_data_mq_open {
128 struct audit_aux_data d;
129 int oflag;
130 mode_t mode;
131 struct mq_attr attr;
132};
133
134struct audit_aux_data_execve { 127struct audit_aux_data_execve {
135 struct audit_aux_data d; 128 struct audit_aux_data d;
136 int argc; 129 int argc;
@@ -242,6 +235,11 @@ struct audit_context {
242 unsigned int msg_prio; 235 unsigned int msg_prio;
243 struct timespec abs_timeout; 236 struct timespec abs_timeout;
244 } mq_sendrecv; 237 } mq_sendrecv;
238 struct {
239 int oflag;
240 mode_t mode;
241 struct mq_attr attr;
242 } mq_open;
245 }; 243 };
246 244
247#if AUDIT_DEBUG 245#if AUDIT_DEBUG
@@ -1263,6 +1261,16 @@ static void show_special(struct audit_context *context, int *call_panic)
1263 return; 1261 return;
1264 } 1262 }
1265 break; } 1263 break; }
1264 case AUDIT_MQ_OPEN: {
1265 audit_log_format(ab,
1266 "oflag=0x%x mode=%#o mq_flags=0x%lx mq_maxmsg=%ld "
1267 "mq_msgsize=%ld mq_curmsgs=%ld",
1268 context->mq_open.oflag, context->mq_open.mode,
1269 context->mq_open.attr.mq_flags,
1270 context->mq_open.attr.mq_maxmsg,
1271 context->mq_open.attr.mq_msgsize,
1272 context->mq_open.attr.mq_curmsgs);
1273 break; }
1266 case AUDIT_MQ_SENDRECV: { 1274 case AUDIT_MQ_SENDRECV: {
1267 audit_log_format(ab, 1275 audit_log_format(ab,
1268 "mqdes=%d msg_len=%zd msg_prio=%u " 1276 "mqdes=%d msg_len=%zd msg_prio=%u "
@@ -1368,15 +1376,6 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
1368 continue; /* audit_panic has been called */ 1376 continue; /* audit_panic has been called */
1369 1377
1370 switch (aux->type) { 1378 switch (aux->type) {
1371 case AUDIT_MQ_OPEN: {
1372 struct audit_aux_data_mq_open *axi = (void *)aux;
1373 audit_log_format(ab,
1374 "oflag=0x%x mode=%#o mq_flags=0x%lx mq_maxmsg=%ld "
1375 "mq_msgsize=%ld mq_curmsgs=%ld",
1376 axi->oflag, axi->mode, axi->attr.mq_flags,
1377 axi->attr.mq_maxmsg, axi->attr.mq_msgsize,
1378 axi->attr.mq_curmsgs);
1379 break; }
1380 1379
1381 case AUDIT_EXECVE: { 1380 case AUDIT_EXECVE: {
1382 struct audit_aux_data_execve *axi = (void *)aux; 1381 struct audit_aux_data_execve *axi = (void *)aux;
@@ -2135,38 +2134,20 @@ int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
2135 * @mode: mode bits 2134 * @mode: mode bits
2136 * @u_attr: queue attributes 2135 * @u_attr: queue attributes
2137 * 2136 *
2138 * Returns 0 for success or NULL context or < 0 on error.
2139 */ 2137 */
2140int __audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr) 2138void __audit_mq_open(int oflag, mode_t mode, struct mq_attr *attr)
2141{ 2139{
2142 struct audit_aux_data_mq_open *ax;
2143 struct audit_context *context = current->audit_context; 2140 struct audit_context *context = current->audit_context;
2144 2141
2145 if (!audit_enabled) 2142 if (attr)
2146 return 0; 2143 memcpy(&context->mq_open.attr, attr, sizeof(struct mq_attr));
2147 2144 else
2148 if (likely(!context)) 2145 memset(&context->mq_open.attr, 0, sizeof(struct mq_attr));
2149 return 0;
2150
2151 ax = kmalloc(sizeof(*ax), GFP_ATOMIC);
2152 if (!ax)
2153 return -ENOMEM;
2154
2155 if (u_attr != NULL) {
2156 if (copy_from_user(&ax->attr, u_attr, sizeof(ax->attr))) {
2157 kfree(ax);
2158 return -EFAULT;
2159 }
2160 } else
2161 memset(&ax->attr, 0, sizeof(ax->attr));
2162 2146
2163 ax->oflag = oflag; 2147 context->mq_open.oflag = oflag;
2164 ax->mode = mode; 2148 context->mq_open.mode = mode;
2165 2149
2166 ax->d.type = AUDIT_MQ_OPEN; 2150 context->type = AUDIT_MQ_OPEN;
2167 ax->d.next = context->aux;
2168 context->aux = (void *)ax;
2169 return 0;
2170} 2151}
2171 2152
2172/** 2153/**