diff options
author | <dwmw2@shinybook.infradead.org> | 2005-04-29 15:54:44 +0100 |
---|---|---|
committer | <dwmw2@shinybook.infradead.org> | 2005-04-29 15:54:44 +0100 |
commit | 83c7d09173fdb6b06b109e65895392db3e49ac9c (patch) | |
tree | 3f48367a4d1413e221a5367bcd0cf8df7322c368 /kernel/audit.c | |
parent | c60c390620e0abb60d4ae8c43583714bda27763f (diff) | |
download | lwn-83c7d09173fdb6b06b109e65895392db3e49ac9c.tar.gz lwn-83c7d09173fdb6b06b109e65895392db3e49ac9c.zip |
AUDIT: Avoid log pollution by untrusted strings.
We log strings from userspace, such as arguments to open(). These could
be formatted to contain \n followed by fake audit log entries. Provide
a function for logging such strings, which gives a hex dump when the
string contains anything but basic printable ASCII characters. Use it
for logging filenames.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'kernel/audit.c')
-rw-r--r-- | kernel/audit.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 0f84dd7af2c8..dca7b99615d2 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -720,6 +720,29 @@ void audit_log_format(struct audit_buffer *ab, const char *fmt, ...) va_end(args); } +void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf, size_t len) +{ + int i; + + for (i=0; i<len; i++) + audit_log_format(ab, "%02x", buf[i]); +} + +void audit_log_untrustedstring(struct audit_buffer *ab, const char *string) +{ + const char *p = string; + + while (*p) { + if (*p == '"' || *p == ' ' || *p < 0x20 || *p > 0x7f) { + audit_log_hex(ab, string, strlen(string)); + return; + } + p++; + } + audit_log_format(ab, "\"%s\"", string); +} + + /* This is a helper-function to print the d_path without using a static * buffer or allocating another buffer in addition to the one in * audit_buffer. */ |