diff options
author | Peter Zijlstra <a.p.zijlstra@chello.nl> | 2007-07-28 00:55:18 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-07-28 19:42:22 -0700 |
commit | 040b3a2df2dd26c3e401823f3b0ce3fe99e966c5 (patch) | |
tree | dbf88e0023db86669e775ed2ab4c5fb55186ffe0 /kernel | |
parent | 0af3678f7c5872836d1cc8d7c659abd62c3c5ae7 (diff) | |
download | lwn-040b3a2df2dd26c3e401823f3b0ce3fe99e966c5.tar.gz lwn-040b3a2df2dd26c3e401823f3b0ce3fe99e966c5.zip |
audit: fix two bugs in the new execve audit code
copy_from_user() returns the number of bytes not copied, hence 0 is the
expected output.
axi->mm might not be valid anymore when not equal to current->mm, do not
dereference before checking that - thanks to Al for spotting that.
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Tested-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/auditsc.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index bde1124d5908..a777d3761416 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -824,12 +824,14 @@ static void audit_log_execve_info(struct audit_buffer *ab, { int i; long len, ret; - const char __user *p = (const char __user *)axi->mm->arg_start; + const char __user *p; char *buf; if (axi->mm != current->mm) return; /* execve failed, no additional info */ + p = (const char __user *)axi->mm->arg_start; + for (i = 0; i < axi->argc; i++, p += len) { len = strnlen_user(p, MAX_ARG_STRLEN); /* @@ -855,7 +857,7 @@ static void audit_log_execve_info(struct audit_buffer *ab, * copied them here, and the mm hasn't been exposed to user- * space yet. */ - if (!ret) { + if (ret) { WARN_ON(1); send_sig(SIGKILL, current, 0); } |