AUDIT: Avoid log pollution by untrusted strings.

We log strings from userspace, such as arguments to open(). These could be formatted to contain \n followed by fake audit log entries. Provide a function for logging such strings, which gives a hex dump when the string contains anything but basic printable ASCII characters. Use it for logging filenames. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
author: <dwmw2@shinybook.infradead.org> 2005-04-29 15:54:44 +0100
committer: <dwmw2@shinybook.infradead.org> 2005-04-29 15:54:44 +0100
commit: 83c7d09173fdb6b06b109e65895392db3e49ac9c (patch)
tree: 3f48367a4d1413e221a5367bcd0cf8df7322c368 /kernel/auditsc.c
parent: c60c390620e0abb60d4ae8c43583714bda27763f (diff)
download: linux-83c7d09173fdb6b06b109e65895392db3e49ac9c.tar.gz
1 files changed, 4 insertions, 3 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 6f1931381bc9e..00e87ffff13ba 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -696,9 +696,10 @@ static void audit_log_exit(struct audit_context *context)
 		if (!ab)
 			continue; /* audit_panic has been called */
 		audit_log_format(ab, "item=%d", i);
-		if (context->names[i].name)
-			audit_log_format(ab, " name=%s",
-					 context->names[i].name);
+		if (context->names[i].name) {
+			audit_log_format(ab, " name=");
+			audit_log_untrustedstring(ab, context->names[i].name);
+		}
 		if (context->names[i].ino != (unsigned long)-1)
 			audit_log_format(ab, " inode=%lu dev=%02x:%02x mode=%#o"
 					     " uid=%d gid=%d rdev=%02x:%02x",
author	<dwmw2@shinybook.infradead.org>	2005-04-29 15:54:44 +0100
committer	<dwmw2@shinybook.infradead.org>	2005-04-29 15:54:44 +0100
commit	83c7d09173fdb6b06b109e65895392db3e49ac9c (patch)
tree	3f48367a4d1413e221a5367bcd0cf8df7322c368 /kernel/auditsc.c
parent	c60c390620e0abb60d4ae8c43583714bda27763f (diff)
download	linux-83c7d09173fdb6b06b109e65895392db3e49ac9c.tar.gz