diff options
| -rw-r--r-- | drivers/char/tty_audit.c | 2 | ||||
| -rw-r--r-- | include/linux/audit.h | 22 | ||||
| -rw-r--r-- | kernel/audit.c | 19 | ||||
| -rw-r--r-- | kernel/auditsc.c | 8 | ||||
| -rw-r--r-- | security/selinux/avc.c | 2 |
5 files changed, 29 insertions, 24 deletions
diff --git a/drivers/char/tty_audit.c b/drivers/char/tty_audit.c index 9739bbfc8f70..caeedd12d494 100644 --- a/drivers/char/tty_audit.c +++ b/drivers/char/tty_audit.c | |||
| @@ -92,7 +92,7 @@ static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid, | |||
| 92 | get_task_comm(name, tsk); | 92 | get_task_comm(name, tsk); |
| 93 | audit_log_untrustedstring(ab, name); | 93 | audit_log_untrustedstring(ab, name); |
| 94 | audit_log_format(ab, " data="); | 94 | audit_log_format(ab, " data="); |
| 95 | audit_log_n_untrustedstring(ab, buf->valid, buf->data); | 95 | audit_log_n_untrustedstring(ab, buf->data, buf->valid); |
| 96 | audit_log_end(ab); | 96 | audit_log_end(ab); |
| 97 | } | 97 | } |
| 98 | buf->valid = 0; | 98 | buf->valid = 0; |
diff --git a/include/linux/audit.h b/include/linux/audit.h index 25f6ae30dd4b..f938335af75e 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
| @@ -549,16 +549,20 @@ extern void audit_log_format(struct audit_buffer *ab, | |||
| 549 | const char *fmt, ...) | 549 | const char *fmt, ...) |
| 550 | __attribute__((format(printf,2,3))); | 550 | __attribute__((format(printf,2,3))); |
| 551 | extern void audit_log_end(struct audit_buffer *ab); | 551 | extern void audit_log_end(struct audit_buffer *ab); |
| 552 | extern void audit_log_hex(struct audit_buffer *ab, | ||
| 553 | const unsigned char *buf, | ||
| 554 | size_t len); | ||
| 555 | extern int audit_string_contains_control(const char *string, | 552 | extern int audit_string_contains_control(const char *string, |
| 556 | size_t len); | 553 | size_t len); |
| 554 | extern void audit_log_n_hex(struct audit_buffer *ab, | ||
| 555 | const unsigned char *buf, | ||
| 556 | size_t len); | ||
| 557 | extern void audit_log_n_string(struct audit_buffer *ab, | ||
| 558 | const char *buf, | ||
| 559 | size_t n); | ||
| 560 | #define audit_log_string(a,b) audit_log_n_string(a, b, strlen(b)); | ||
| 561 | extern void audit_log_n_untrustedstring(struct audit_buffer *ab, | ||
| 562 | const char *string, | ||
| 563 | size_t n); | ||
| 557 | extern void audit_log_untrustedstring(struct audit_buffer *ab, | 564 | extern void audit_log_untrustedstring(struct audit_buffer *ab, |
| 558 | const char *string); | 565 | const char *string); |
| 559 | extern void audit_log_n_untrustedstring(struct audit_buffer *ab, | ||
| 560 | size_t n, | ||
| 561 | const char *string); | ||
| 562 | extern void audit_log_d_path(struct audit_buffer *ab, | 566 | extern void audit_log_d_path(struct audit_buffer *ab, |
| 563 | const char *prefix, | 567 | const char *prefix, |
| 564 | struct path *path); | 568 | struct path *path); |
| @@ -578,9 +582,11 @@ extern int audit_enabled; | |||
| 578 | #define audit_log_vformat(b,f,a) do { ; } while (0) | 582 | #define audit_log_vformat(b,f,a) do { ; } while (0) |
| 579 | #define audit_log_format(b,f,...) do { ; } while (0) | 583 | #define audit_log_format(b,f,...) do { ; } while (0) |
| 580 | #define audit_log_end(b) do { ; } while (0) | 584 | #define audit_log_end(b) do { ; } while (0) |
| 581 | #define audit_log_hex(a,b,l) do { ; } while (0) | 585 | #define audit_log_n_hex(a,b,l) do { ; } while (0) |
| 582 | #define audit_log_untrustedstring(a,s) do { ; } while (0) | 586 | #define audit_log_n_string(a,c,l) do { ; } while (0) |
| 587 | #define audit_log_string(a,c) do { ; } while (0) | ||
| 583 | #define audit_log_n_untrustedstring(a,n,s) do { ; } while (0) | 588 | #define audit_log_n_untrustedstring(a,n,s) do { ; } while (0) |
| 589 | #define audit_log_untrustedstring(a,s) do { ; } while (0) | ||
| 584 | #define audit_log_d_path(b, p, d) do { ; } while (0) | 590 | #define audit_log_d_path(b, p, d) do { ; } while (0) |
| 585 | #define audit_enabled 0 | 591 | #define audit_enabled 0 |
| 586 | #endif | 592 | #endif |
diff --git a/kernel/audit.c b/kernel/audit.c index 520583d8ca18..5b9ad3dda885 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
| @@ -757,8 +757,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 757 | 757 | ||
| 758 | audit_log_format(ab, " msg="); | 758 | audit_log_format(ab, " msg="); |
| 759 | size = nlmsg_len(nlh); | 759 | size = nlmsg_len(nlh); |
| 760 | audit_log_n_untrustedstring(ab, size, | 760 | audit_log_n_untrustedstring(ab, data, size); |
| 761 | data); | ||
| 762 | } | 761 | } |
| 763 | audit_set_pid(ab, pid); | 762 | audit_set_pid(ab, pid); |
| 764 | audit_log_end(ab); | 763 | audit_log_end(ab); |
| @@ -1293,7 +1292,7 @@ void audit_log_format(struct audit_buffer *ab, const char *fmt, ...) | |||
| 1293 | * This function will take the passed buf and convert it into a string of | 1292 | * This function will take the passed buf and convert it into a string of |
| 1294 | * ascii hex digits. The new string is placed onto the skb. | 1293 | * ascii hex digits. The new string is placed onto the skb. |
| 1295 | */ | 1294 | */ |
| 1296 | void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf, | 1295 | void audit_log_n_hex(struct audit_buffer *ab, const unsigned char *buf, |
| 1297 | size_t len) | 1296 | size_t len) |
| 1298 | { | 1297 | { |
| 1299 | int i, avail, new_len; | 1298 | int i, avail, new_len; |
| @@ -1329,8 +1328,8 @@ void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf, | |||
| 1329 | * Format a string of no more than slen characters into the audit buffer, | 1328 | * Format a string of no more than slen characters into the audit buffer, |
| 1330 | * enclosed in quote marks. | 1329 | * enclosed in quote marks. |
| 1331 | */ | 1330 | */ |
| 1332 | static void audit_log_n_string(struct audit_buffer *ab, size_t slen, | 1331 | void audit_log_n_string(struct audit_buffer *ab, const char *string, |
| 1333 | const char *string) | 1332 | size_t slen) |
| 1334 | { | 1333 | { |
| 1335 | int avail, new_len; | 1334 | int avail, new_len; |
| 1336 | unsigned char *ptr; | 1335 | unsigned char *ptr; |
| @@ -1386,13 +1385,13 @@ int audit_string_contains_control(const char *string, size_t len) | |||
| 1386 | * The caller specifies the number of characters in the string to log, which may | 1385 | * The caller specifies the number of characters in the string to log, which may |
| 1387 | * or may not be the entire string. | 1386 | * or may not be the entire string. |
| 1388 | */ | 1387 | */ |
| 1389 | void audit_log_n_untrustedstring(struct audit_buffer *ab, size_t len, | 1388 | void audit_log_n_untrustedstring(struct audit_buffer *ab, const char *string, |
| 1390 | const char *string) | 1389 | size_t len) |
| 1391 | { | 1390 | { |
| 1392 | if (audit_string_contains_control(string, len)) | 1391 | if (audit_string_contains_control(string, len)) |
| 1393 | audit_log_hex(ab, string, len); | 1392 | audit_log_n_hex(ab, string, len); |
| 1394 | else | 1393 | else |
| 1395 | audit_log_n_string(ab, len, string); | 1394 | audit_log_n_string(ab, string, len); |
| 1396 | } | 1395 | } |
| 1397 | 1396 | ||
| 1398 | /** | 1397 | /** |
| @@ -1405,7 +1404,7 @@ void audit_log_n_untrustedstring(struct audit_buffer *ab, size_t len, | |||
| 1405 | */ | 1404 | */ |
| 1406 | void audit_log_untrustedstring(struct audit_buffer *ab, const char *string) | 1405 | void audit_log_untrustedstring(struct audit_buffer *ab, const char *string) |
| 1407 | { | 1406 | { |
| 1408 | audit_log_n_untrustedstring(ab, strlen(string), string); | 1407 | audit_log_n_untrustedstring(ab, string, strlen(string)); |
| 1409 | } | 1408 | } |
| 1410 | 1409 | ||
| 1411 | /* This is a helper-function to print the escaped d_path */ | 1410 | /* This is a helper-function to print the escaped d_path */ |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index d7249fcdc442..0072b1d8b258 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -1095,7 +1095,7 @@ static int audit_log_single_execve_arg(struct audit_context *context, | |||
| 1095 | audit_log_format(*ab, "[%d]", i); | 1095 | audit_log_format(*ab, "[%d]", i); |
| 1096 | audit_log_format(*ab, "="); | 1096 | audit_log_format(*ab, "="); |
| 1097 | if (has_cntl) | 1097 | if (has_cntl) |
| 1098 | audit_log_hex(*ab, buf, to_send); | 1098 | audit_log_n_hex(*ab, buf, to_send); |
| 1099 | else | 1099 | else |
| 1100 | audit_log_format(*ab, "\"%s\"", buf); | 1100 | audit_log_format(*ab, "\"%s\"", buf); |
| 1101 | audit_log_format(*ab, "\n"); | 1101 | audit_log_format(*ab, "\n"); |
| @@ -1307,7 +1307,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
| 1307 | struct audit_aux_data_sockaddr *axs = (void *)aux; | 1307 | struct audit_aux_data_sockaddr *axs = (void *)aux; |
| 1308 | 1308 | ||
| 1309 | audit_log_format(ab, "saddr="); | 1309 | audit_log_format(ab, "saddr="); |
| 1310 | audit_log_hex(ab, axs->a, axs->len); | 1310 | audit_log_n_hex(ab, axs->a, axs->len); |
| 1311 | break; } | 1311 | break; } |
| 1312 | 1312 | ||
| 1313 | case AUDIT_FD_PAIR: { | 1313 | case AUDIT_FD_PAIR: { |
| @@ -1371,8 +1371,8 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
| 1371 | default: | 1371 | default: |
| 1372 | /* log the name's directory component */ | 1372 | /* log the name's directory component */ |
| 1373 | audit_log_format(ab, " name="); | 1373 | audit_log_format(ab, " name="); |
| 1374 | audit_log_n_untrustedstring(ab, n->name_len, | 1374 | audit_log_n_untrustedstring(ab, n->name, |
| 1375 | n->name); | 1375 | n->name_len); |
| 1376 | } | 1376 | } |
| 1377 | } else | 1377 | } else |
| 1378 | audit_log_format(ab, " name=(null)"); | 1378 | audit_log_format(ab, " name=(null)"); |
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 95a8ef4a5073..114b4b4c97b2 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c | |||
| @@ -646,7 +646,7 @@ void avc_audit(u32 ssid, u32 tsid, | |||
| 646 | if (*p) | 646 | if (*p) |
| 647 | audit_log_untrustedstring(ab, p); | 647 | audit_log_untrustedstring(ab, p); |
| 648 | else | 648 | else |
| 649 | audit_log_hex(ab, p, len); | 649 | audit_log_n_hex(ab, p, len); |
| 650 | break; | 650 | break; |
| 651 | } | 651 | } |
| 652 | } | 652 | } |