Miloslav Trmač wrote:
Yes, that's correct. However, the function in question,
audit_log_n_untrustedstring() is not an interface accepting a null
terminated string, it accepts a count. The helper function on which it
is dependent, audit_string_contains_control(), disregards the length
parameter it is passed and thus audit_log_n_untrustedstring()
misbehaves as a consequence.
If the interface says "NUL-terminated string", any bytes after that are
not "actual data".
This is true, but it's only part of the problem, the string functions
still need to be robust, even used inappropriately.
It would be wrong for the audit system to assume the memory block it
was pointed to only ever contained null terminated ascii strings,
especially when the memory block is terminated by virtue of an octet
Yes, that's why it was wrong to use audit_*string() for TTY input data.
And the 2/2 patch fixes it - at the source of the problem, not in an
unrelated function that was incorrectly used.
John Dennis <jdennis redhat com>