1 files changed, 50 insertions, 4 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 0fbf1c116363..7dfac7031bd7 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1051,20 +1051,53 @@ void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf,
        skb_put(skb, len << 1); /* new string is twice the old string */
 }
+/*
+ * Format a string of no more than slen characters into the audit buffer,
+ * enclosed in quote marks.
+ */
+static void audit_log_n_string(struct audit_buffer *ab, size_t slen,
+                               const char *string)
+{
+        int avail, new_len;
+        unsigned char *ptr;
+        struct sk_buff *skb;
+        BUG_ON(!ab->skb);
+        skb = ab->skb;
+        avail = skb_tailroom(skb);
+        new_len = slen + 3;     /* enclosing quotes + null terminator */
+        if (new_len > avail) {
+                avail = audit_expand(ab, new_len);
+                if (!avail)
+                        return;
+        }
+        ptr = skb->tail;
+        *ptr++ = '"';
+        memcpy(ptr, string, slen);
+        ptr += slen;
+        *ptr++ = '"';
+        *ptr = 0;
+        skb_put(skb, slen + 2); /* don't include null terminator */
+}
 /**
- * audit_log_unstrustedstring - log a string that may contain random characters
+ * audit_log_n_unstrustedstring - log a string that may contain random characters
 * @ab: audit_buffer
+ * @len: lenth of string (not including trailing null)
 * @string: string to be logged
 *
 * This code will escape a string that is passed to it if the string
 * contains a control character, unprintable character, double quote mark,
 * or a space. Unescaped strings will start and end with a double quote mark.
 * Strings that are escaped are printed in hex (2 digits per char).
+ *
+ * The caller specifies the number of characters in the string to log, which may
+ * or may not be the entire string.
 */
-const char *audit_log_untrustedstring(struct audit_buffer *ab, const char *string)
+const char *audit_log_n_untrustedstring(struct audit_buffer *ab, size_t len,
+                                        const char *string)
 {
        const unsigned char *p = string;
-        size_t len = strlen(string);
        while (*p) {
                if (*p == '"' || *p < 0x21 || *p > 0x7f) {
@@ -1073,10 +1106,23 @@ const char *audit_log_untrustedstring(struct audit_buffer *ab, const char *strin
                }
                p++;
        }
-        audit_log_format(ab, "\"%s\"", string);
+        audit_log_n_string(ab, len, string);
        return p + 1;
 }
+/**
+ * audit_log_unstrustedstring - log a string that may contain random characters
+ * @ab: audit_buffer
+ * @string: string to be logged
+ *
+ * Same as audit_log_n_unstrustedstring(), except that strlen is used to
+ * determine string length.
+ */
+const char *audit_log_untrustedstring(struct audit_buffer *ab, const char *string)
+{
+        return audit_log_n_untrustedstring(ab, strlen(string), string);
+}
 /* This is a helper-function to print the escaped d_path */
 void audit_log_d_path(struct audit_buffer *ab, const char *prefix,
                      struct dentry *dentry, struct vfsmount *vfsmnt)

diff --git a/kernel/audit.c b/kernel/audit.c index 0fbf1c116363..7dfac7031bd7 100644 --- a/kernel/audit.c +++ b/kernel/audit.c
@@ -1051,20 +1051,53 @@ void audit_log_hex(struct audit_buffer ab, const unsigned char buf,
1051	skb_put(skb, len << 1); /* new string is twice the old string */	1051	skb_put(skb, len << 1); /* new string is twice the old string */
1052	}	1052	}
1053		1053
		1054	/*
		1055	* Format a string of no more than slen characters into the audit buffer,
		1056	* enclosed in quote marks.
		1057	*/
		1058	static void audit_log_n_string(struct audit_buffer *ab, size_t slen,
		1059	const char *string)
		1060	{
		1061	int avail, new_len;
		1062	unsigned char *ptr;
		1063	struct sk_buff *skb;
		1064
		1065	BUG_ON(!ab->skb);
		1066	skb = ab->skb;
		1067	avail = skb_tailroom(skb);
		1068	new_len = slen + 3; /* enclosing quotes + null terminator */
		1069	if (new_len > avail) {
		1070	avail = audit_expand(ab, new_len);
		1071	if (!avail)
		1072	return;
		1073	}
		1074	ptr = skb->tail;
		1075	*ptr++ = '"';
		1076	memcpy(ptr, string, slen);
		1077	ptr += slen;
		1078	*ptr++ = '"';
		1079	*ptr = 0;
		1080	skb_put(skb, slen + 2); /* don't include null terminator */
		1081	}
		1082
1054	/**	1083	/**
1055	* audit_log_unstrustedstring - log a string that may contain random characters	1084	* audit_log_n_unstrustedstring - log a string that may contain random characters
1056	* @ab: audit_buffer	1085	* @ab: audit_buffer
		1086	* @len: lenth of string (not including trailing null)
1057	* @string: string to be logged	1087	* @string: string to be logged
1058	*	1088	*
1059	* This code will escape a string that is passed to it if the string	1089	* This code will escape a string that is passed to it if the string
1060	* contains a control character, unprintable character, double quote mark,	1090	* contains a control character, unprintable character, double quote mark,
1061	* or a space. Unescaped strings will start and end with a double quote mark.	1091	* or a space. Unescaped strings will start and end with a double quote mark.
1062	* Strings that are escaped are printed in hex (2 digits per char).	1092	* Strings that are escaped are printed in hex (2 digits per char).
		1093	*
		1094	* The caller specifies the number of characters in the string to log, which may
		1095	* or may not be the entire string.
1063	*/	1096	*/
1064	const char audit_log_untrustedstring(struct audit_buffer ab, const char *string)	1097	const char audit_log_n_untrustedstring(struct audit_buffer ab, size_t len,
		1098	const char *string)
1065	{	1099	{
1066	const unsigned char *p = string;	1100	const unsigned char *p = string;
1067	size_t len = strlen(string);
1068		1101
1069	while (*p) {	1102	while (*p) {
1070	if (p == '"' \|\| p < 0x21 \|\| *p > 0x7f) {	1103	if (p == '"' \|\| p < 0x21 \|\| *p > 0x7f) {
@@ -1073,10 +1106,23 @@ const char audit_log_untrustedstring(struct audit_buffer ab, const char *strin
1073	}	1106	}
1074	p++;	1107	p++;
1075	}	1108	}
1076	audit_log_format(ab, "\"%s\"", string);	1109	audit_log_n_string(ab, len, string);
1077	return p + 1;	1110	return p + 1;
1078	}	1111	}
1079		1112
		1113	/**
		1114	* audit_log_unstrustedstring - log a string that may contain random characters
		1115	* @ab: audit_buffer
		1116	* @string: string to be logged
		1117	*
		1118	* Same as audit_log_n_unstrustedstring(), except that strlen is used to
		1119	* determine string length.
		1120	*/
		1121	const char audit_log_untrustedstring(struct audit_buffer ab, const char *string)
		1122	{
		1123	return audit_log_n_untrustedstring(ab, strlen(string), string);
		1124	}
		1125
1080	/* This is a helper-function to print the escaped d_path */	1126	/* This is a helper-function to print the escaped d_path */
1081	void audit_log_d_path(struct audit_buffer ab, const char prefix,	1127	void audit_log_d_path(struct audit_buffer ab, const char prefix,
1082	struct dentry dentry, struct vfsmount vfsmnt)	1128	struct dentry dentry, struct vfsmount vfsmnt)