[PATCH v2] Untrusted string logging

David Woodhouse dwmw2 at infradead.org
Wed May 18 09:55:27 UTC 2005


On Thu, 2005-05-12 at 13:29 -0400, Steve Grubb wrote:
> * audit_log_d_path was never fixed to use untrustedstring. This could mess up 
> user space parsers. This was fixed to make a temp buffer, call d_path, and 
> log temp buffer using untrustedstring.

The reason I didn't do it at the time was because I didn't see a simple
way to treat the _entire_ path, prefix and all, as a single string to be
either quoted or not by audit_log_untrustedstring() as appropriate.

I've changed your version slightly so it looks like this...

/* This is a helper-function to print the escaped d_path */
void audit_log_d_path(struct audit_buffer *ab, const char *prefix,
		      struct dentry *dentry, struct vfsmount *vfsmnt)
{
	char *p, *path;
	int plen = 0;

	if (prefix)
		plen = strlen(prefix);

	/* We will allow 11 spaces for ' (deleted)' to be appended */
	path = kmalloc(PATH_MAX+11+plen, GFP_KERNEL);
	if (!path) {
		audit_log_format(ab, "<no memory>");
		return;
	}
	p = d_path(dentry, vfsmnt, path+plen, PATH_MAX+11);
	if (IS_ERR(p)) { /* Should never happen since we send PATH_MAX */
		/* FIXME: can we save some information here? */
		audit_log_format(ab, "<too long>");
	} else {
		/* Prepend prefix to path, then log the whole thing 
		   together either quoted or unquoted as appropriate */
		if (plen) {
			p -= plen;
			memcpy(p, prefix, plen);
		}
		audit_log_untrustedstring(ab, p);
	}
	kfree(path);
}

-- 
dwmw2




More information about the Linux-audit mailing list