Commit 37ca5389 authored by Stephen Smalley's avatar Stephen Smalley Committed by David Woodhouse

AUDIT: Fix remaining cases of direct logging of untrusted strings by avc_audit

Per Steve Grubb's observation that there are some remaining cases where
avc_audit() directly logs untrusted strings without escaping them, here
is a patch that changes avc_audit() to use audit_log_untrustedstring()
or audit_log_hex() as appropriate.  Note that d_name.name is nul-
terminated by d_alloc(), and that sun_path is nul-terminated by
unix_mkname(), so it is not necessary for the AVC to create nul-
terminated copies or to alter audit_log_untrustedstring to take a length
argument.  In the case of an abstract name, we use audit_log_hex() with
an explicit length.
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
parent 99e45eea
...@@ -575,16 +575,16 @@ void avc_audit(u32 ssid, u32 tsid, ...@@ -575,16 +575,16 @@ void avc_audit(u32 ssid, u32 tsid,
struct dentry *dentry = a->u.fs.dentry; struct dentry *dentry = a->u.fs.dentry;
if (a->u.fs.mnt) if (a->u.fs.mnt)
audit_avc_path(dentry, a->u.fs.mnt); audit_avc_path(dentry, a->u.fs.mnt);
audit_log_format(ab, " name=%s", audit_log_format(ab, " name=");
dentry->d_name.name); audit_log_untrustedstring(ab, dentry->d_name.name);
inode = dentry->d_inode; inode = dentry->d_inode;
} else if (a->u.fs.inode) { } else if (a->u.fs.inode) {
struct dentry *dentry; struct dentry *dentry;
inode = a->u.fs.inode; inode = a->u.fs.inode;
dentry = d_find_alias(inode); dentry = d_find_alias(inode);
if (dentry) { if (dentry) {
audit_log_format(ab, " name=%s", audit_log_format(ab, " name=");
dentry->d_name.name); audit_log_untrustedstring(ab, dentry->d_name.name);
dput(dentry); dput(dentry);
} }
} }
...@@ -628,23 +628,19 @@ void avc_audit(u32 ssid, u32 tsid, ...@@ -628,23 +628,19 @@ void avc_audit(u32 ssid, u32 tsid,
u = unix_sk(sk); u = unix_sk(sk);
if (u->dentry) { if (u->dentry) {
audit_avc_path(u->dentry, u->mnt); audit_avc_path(u->dentry, u->mnt);
audit_log_format(ab, " name=%s", audit_log_format(ab, " name=");
u->dentry->d_name.name); audit_log_untrustedstring(ab, u->dentry->d_name.name);
break; break;
} }
if (!u->addr) if (!u->addr)
break; break;
len = u->addr->len-sizeof(short); len = u->addr->len-sizeof(short);
p = &u->addr->name->sun_path[0]; p = &u->addr->name->sun_path[0];
audit_log_format(ab, " path=");
if (*p) if (*p)
audit_log_format(ab, audit_log_untrustedstring(ab, p);
"path=%*.*s", len,
len, p);
else else
audit_log_format(ab, audit_log_hex(ab, p, len);
"path=@%*.*s", len-1,
len-1, p+1);
break; break;
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment