Commit 0a73dccc authored by Al Viro's avatar Al Viro

[PATCH] validate rule fields' types

Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent f368c07d
...@@ -348,17 +348,31 @@ static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule) ...@@ -348,17 +348,31 @@ static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule)
f->val = rule->values[i]; f->val = rule->values[i];
err = -EINVAL; err = -EINVAL;
if (f->type & AUDIT_UNUSED_BITS)
goto exit_free;
switch(f->type) { switch(f->type) {
case AUDIT_SE_USER: default:
case AUDIT_SE_ROLE:
case AUDIT_SE_TYPE:
case AUDIT_SE_SEN:
case AUDIT_SE_CLR:
case AUDIT_WATCH:
goto exit_free; goto exit_free;
case AUDIT_PID:
case AUDIT_UID:
case AUDIT_EUID:
case AUDIT_SUID:
case AUDIT_FSUID:
case AUDIT_GID:
case AUDIT_EGID:
case AUDIT_SGID:
case AUDIT_FSGID:
case AUDIT_LOGINUID:
case AUDIT_PERS:
case AUDIT_ARCH:
case AUDIT_MSGTYPE:
case AUDIT_DEVMAJOR:
case AUDIT_DEVMINOR:
case AUDIT_EXIT:
case AUDIT_SUCCESS:
case AUDIT_ARG0:
case AUDIT_ARG1:
case AUDIT_ARG2:
case AUDIT_ARG3:
break;
case AUDIT_INODE: case AUDIT_INODE:
err = audit_to_inode(&entry->rule, f); err = audit_to_inode(&entry->rule, f);
if (err) if (err)
...@@ -432,6 +446,29 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, ...@@ -432,6 +446,29 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
f->se_str = NULL; f->se_str = NULL;
f->se_rule = NULL; f->se_rule = NULL;
switch(f->type) { switch(f->type) {
case AUDIT_PID:
case AUDIT_UID:
case AUDIT_EUID:
case AUDIT_SUID:
case AUDIT_FSUID:
case AUDIT_GID:
case AUDIT_EGID:
case AUDIT_SGID:
case AUDIT_FSGID:
case AUDIT_LOGINUID:
case AUDIT_PERS:
case AUDIT_ARCH:
case AUDIT_MSGTYPE:
case AUDIT_PPID:
case AUDIT_DEVMAJOR:
case AUDIT_DEVMINOR:
case AUDIT_EXIT:
case AUDIT_SUCCESS:
case AUDIT_ARG0:
case AUDIT_ARG1:
case AUDIT_ARG2:
case AUDIT_ARG3:
break;
case AUDIT_SE_USER: case AUDIT_SE_USER:
case AUDIT_SE_ROLE: case AUDIT_SE_ROLE:
case AUDIT_SE_TYPE: case AUDIT_SE_TYPE:
...@@ -474,6 +511,8 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, ...@@ -474,6 +511,8 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
if (err) if (err)
goto exit_free; goto exit_free;
break; break;
default:
goto exit_free;
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment