1 files changed, 48 insertions, 23 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index e6d88635032c..dae3570b3a3b 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -692,7 +692,8 @@ static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
                        goto out;
                len = vsnprintf(skb->tail, avail, fmt, args2);
        }
-        skb_put(skb, (len < avail) ? len : avail);
+        if (len > 0)
+                skb_put(skb, len);
 out:
        return;
 }
@@ -710,20 +711,47 @@ void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)
        va_end(args);
 }
-void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf, size_t len)
+/* This function will take the passed buf and convert it into a string of
+ * ascii hex digits. The new string is placed onto the skb. */
+void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf, 
+                size_t len)
 {
-        int i;
+        int i, avail, new_len;
+        unsigned char *ptr;
+        struct sk_buff *skb;
+        static const unsigned char *hex = "0123456789ABCDEF";
+        BUG_ON(!ab->skb);
+        skb = ab->skb;
+        avail = skb_tailroom(skb);
+        new_len = len<<1;
+        if (new_len >= avail) {
+                /* Round the buffer request up to the next multiple */
+                new_len = AUDIT_BUFSIZ*(((new_len-avail)/AUDIT_BUFSIZ) + 1);
+                avail = audit_expand(ab, new_len);
+                if (!avail)
+                        return;
+        }
-        for (i=0; i<len; i++)
+        ptr = skb->tail;
-                audit_log_format(ab, "%02x", buf[i]);
+        for (i=0; i<len; i++) {
+                *ptr++ = hex[(buf[i] & 0xF0)>>4]; /* Upper nibble */
+                *ptr++ = hex[buf[i] & 0x0F];      /* Lower nibble */
+        }
+        *ptr = 0;
+        skb_put(skb, len << 1); /* new string is twice the old string */
 }
+/* This code will escape a string that is passed to it if the string
+ * contains a control character, unprintable character, double quote mark, 
+ * or a space. Unescaped strings will start and end with a double quote mark.
+ * Strings that are escaped are printed in hex (2 digits per char). */
 void audit_log_untrustedstring(struct audit_buffer *ab, const char *string)
 {
        const unsigned char *p = string;
        while (*p) {
-                if (*p == '"' || *p == ' ' || *p < 0x20 || *p > 0x7f) {
+                if (*p == '"' || *p < 0x21 || *p > 0x7f) {
                        audit_log_hex(ab, string, strlen(string));
                        return;
                }
@@ -732,31 +760,28 @@ void audit_log_untrustedstring(struct audit_buffer *ab, const char *string)
        audit_log_format(ab, "\"%s\"", string);
 }
+/* This is a helper-function to print the escaped d_path */
-/* This is a helper-function to print the d_path without using a static
- * buffer or allocating another buffer in addition to the one in
- * audit_buffer. */
 void audit_log_d_path(struct audit_buffer *ab, const char *prefix,
                      struct dentry *dentry, struct vfsmount *vfsmnt)
 {
-        char *p;
+        char *p, *path;
-        struct sk_buff *skb = ab->skb;
-        int  len, avail;
        if (prefix)
                audit_log_format(ab, " %s", prefix);
-        avail = skb_tailroom(skb);
+        /* We will allow 11 spaces for ' (deleted)' to be appended */
-        p = d_path(dentry, vfsmnt, skb->tail, avail);
+        path = kmalloc(PATH_MAX+11, GFP_KERNEL);
-        if (IS_ERR(p)) {
+        if (!path) {
-                /* FIXME: can we save some information here? */
+                audit_log_format(ab, "<no memory>");
-                audit_log_format(ab, "<toolong>");
+                return;
-        } else {
-                /* path isn't at start of buffer */
-                len = ((char *)skb->tail + avail - 1) - p;
-                memmove(skb->tail, p, len);
-                skb_put(skb, len);
        }
+        p = d_path(dentry, vfsmnt, path, PATH_MAX+11);
+        if (IS_ERR(p)) { /* Should never happen since we send PATH_MAX */
+                /* FIXME: can we save some information here? */
+                audit_log_format(ab, "<too long>");
+        } else 
+                audit_log_untrustedstring(ab, p);
+        kfree(path);
 }
 /* Remove queued messages from the audit_txlist and send them to user space. */

diff --git a/kernel/audit.c b/kernel/audit.c index e6d88635032c..dae3570b3a3b 100644 --- a/kernel/audit.c +++ b/kernel/audit.c
@@ -692,7 +692,8 @@ static void audit_log_vformat(struct audit_buffer ab, const char fmt,
692	goto out;	692	goto out;
693	len = vsnprintf(skb->tail, avail, fmt, args2);	693	len = vsnprintf(skb->tail, avail, fmt, args2);
694	}	694	}
695	skb_put(skb, (len < avail) ? len : avail);	695	if (len > 0)
		696	skb_put(skb, len);
696	out:	697	out:
697	return;	698	return;
698	}	699	}
@@ -710,20 +711,47 @@ void audit_log_format(struct audit_buffer ab, const char fmt, ...)
710	va_end(args);	711	va_end(args);
711	}	712	}
712		713
713	void audit_log_hex(struct audit_buffer ab, const unsigned char buf, size_t len)	714	/* This function will take the passed buf and convert it into a string of
		715	* ascii hex digits. The new string is placed onto the skb. */
		716	void audit_log_hex(struct audit_buffer ab, const unsigned char buf,
		717	size_t len)
714	{	718	{
715	int i;	719	int i, avail, new_len;
		720	unsigned char *ptr;
		721	struct sk_buff *skb;
		722	static const unsigned char *hex = "0123456789ABCDEF";
		723
		724	BUG_ON(!ab->skb);
		725	skb = ab->skb;
		726	avail = skb_tailroom(skb);
		727	new_len = len<<1;
		728	if (new_len >= avail) {
		729	/* Round the buffer request up to the next multiple */
		730	new_len = AUDIT_BUFSIZ*(((new_len-avail)/AUDIT_BUFSIZ) + 1);
		731	avail = audit_expand(ab, new_len);
		732	if (!avail)
		733	return;
		734	}
716		735
717	for (i=0; i<len; i++)	736	ptr = skb->tail;
718	audit_log_format(ab, "%02x", buf[i]);	737	for (i=0; i<len; i++) {
		738	ptr++ = hex[(buf[i] & 0xF0)>>4]; / Upper nibble */
		739	ptr++ = hex[buf[i] & 0x0F]; / Lower nibble */
		740	}
		741	*ptr = 0;
		742	skb_put(skb, len << 1); /* new string is twice the old string */
719	}	743	}
720		744
		745	/* This code will escape a string that is passed to it if the string
		746	* contains a control character, unprintable character, double quote mark,
		747	* or a space. Unescaped strings will start and end with a double quote mark.
		748	* Strings that are escaped are printed in hex (2 digits per char). */
721	void audit_log_untrustedstring(struct audit_buffer ab, const char string)	749	void audit_log_untrustedstring(struct audit_buffer ab, const char string)
722	{	750	{
723	const unsigned char *p = string;	751	const unsigned char *p = string;
724		752
725	while (*p) {	753	while (*p) {
726	if (p == '"' \|\| p == ' ' \|\| p < 0x20 \|\| p > 0x7f) {	754	if (p == '"' \|\| p < 0x21 \|\| *p > 0x7f) {
727	audit_log_hex(ab, string, strlen(string));	755	audit_log_hex(ab, string, strlen(string));
728	return;	756	return;
729	}	757	}
@@ -732,31 +760,28 @@ void audit_log_untrustedstring(struct audit_buffer ab, const char string)
732	audit_log_format(ab, "\"%s\"", string);	760	audit_log_format(ab, "\"%s\"", string);
733	}	761	}
734		762
735		763	/* This is a helper-function to print the escaped d_path */
736	/* This is a helper-function to print the d_path without using a static
737	* buffer or allocating another buffer in addition to the one in
738	* audit_buffer. */
739	void audit_log_d_path(struct audit_buffer ab, const char prefix,	764	void audit_log_d_path(struct audit_buffer ab, const char prefix,
740	struct dentry dentry, struct vfsmount vfsmnt)	765	struct dentry dentry, struct vfsmount vfsmnt)
741	{	766	{
742	char *p;	767	char p, path;
743	struct sk_buff *skb = ab->skb;
744	int len, avail;
745		768
746	if (prefix)	769	if (prefix)
747	audit_log_format(ab, " %s", prefix);	770	audit_log_format(ab, " %s", prefix);
748		771
749	avail = skb_tailroom(skb);	772	/* We will allow 11 spaces for ' (deleted)' to be appended */
750	p = d_path(dentry, vfsmnt, skb->tail, avail);	773	path = kmalloc(PATH_MAX+11, GFP_KERNEL);
751	if (IS_ERR(p)) {	774	if (!path) {
752	/* FIXME: can we save some information here? */	775	audit_log_format(ab, "<no memory>");
753	audit_log_format(ab, "<toolong>");	776	return;
754	} else {
755	/* path isn't at start of buffer */
756	len = ((char *)skb->tail + avail - 1) - p;
757	memmove(skb->tail, p, len);
758	skb_put(skb, len);
759	}	777	}
		778	p = d_path(dentry, vfsmnt, path, PATH_MAX+11);
		779	if (IS_ERR(p)) { /* Should never happen since we send PATH_MAX */
		780	/* FIXME: can we save some information here? */
		781	audit_log_format(ab, "<too long>");
		782	} else
		783	audit_log_untrustedstring(ab, p);
		784	kfree(path);
760	}	785	}
761		786
762	/* Remove queued messages from the audit_txlist and send them to user space. */	787	/* Remove queued messages from the audit_txlist and send them to user space. */