AUDIT: Fix remaining cases of direct logging of untrusted strings by avc_audit
Per Steve Grubb's observation that there are some remaining cases where avc_audit() directly logs untrusted strings without escaping them, here is a patch that changes avc_audit() to use audit_log_untrustedstring() or audit_log_hex() as appropriate. Note that d_name.name is nul- terminated by d_alloc(), and that sun_path is nul-terminated by unix_mkname(), so it is not necessary for the AVC to create nul- terminated copies or to alter audit_log_untrustedstring to take a length argument. In the case of an abstract name, we use audit_log_hex() with an explicit length. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
This commit is contained in:
parent
99e45eeac8
commit
37ca5389b8
1 changed files with 9 additions and 13 deletions
|
@ -575,16 +575,16 @@ void avc_audit(u32 ssid, u32 tsid,
|
|||
struct dentry *dentry = a->u.fs.dentry;
|
||||
if (a->u.fs.mnt)
|
||||
audit_avc_path(dentry, a->u.fs.mnt);
|
||||
audit_log_format(ab, " name=%s",
|
||||
dentry->d_name.name);
|
||||
audit_log_format(ab, " name=");
|
||||
audit_log_untrustedstring(ab, dentry->d_name.name);
|
||||
inode = dentry->d_inode;
|
||||
} else if (a->u.fs.inode) {
|
||||
struct dentry *dentry;
|
||||
inode = a->u.fs.inode;
|
||||
dentry = d_find_alias(inode);
|
||||
if (dentry) {
|
||||
audit_log_format(ab, " name=%s",
|
||||
dentry->d_name.name);
|
||||
audit_log_format(ab, " name=");
|
||||
audit_log_untrustedstring(ab, dentry->d_name.name);
|
||||
dput(dentry);
|
||||
}
|
||||
}
|
||||
|
@ -628,23 +628,19 @@ void avc_audit(u32 ssid, u32 tsid,
|
|||
u = unix_sk(sk);
|
||||
if (u->dentry) {
|
||||
audit_avc_path(u->dentry, u->mnt);
|
||||
audit_log_format(ab, " name=%s",
|
||||
u->dentry->d_name.name);
|
||||
|
||||
audit_log_format(ab, " name=");
|
||||
audit_log_untrustedstring(ab, u->dentry->d_name.name);
|
||||
break;
|
||||
}
|
||||
if (!u->addr)
|
||||
break;
|
||||
len = u->addr->len-sizeof(short);
|
||||
p = &u->addr->name->sun_path[0];
|
||||
audit_log_format(ab, " path=");
|
||||
if (*p)
|
||||
audit_log_format(ab,
|
||||
"path=%*.*s", len,
|
||||
len, p);
|
||||
audit_log_untrustedstring(ab, p);
|
||||
else
|
||||
audit_log_format(ab,
|
||||
"path=@%*.*s", len-1,
|
||||
len-1, p+1);
|
||||
audit_log_hex(ab, p, len);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue