aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2005-05-24 21:28:28 +0100
committerDavid Woodhouse <dwmw2@shinybook.infradead.org>2005-05-24 21:28:28 +0100
commit37ca5389b863e5ffba6fb7c22331bf57dbf7764a (patch)
tree4869477a27fbd8ad91b0ce42f0b2e4b6817e5105 /security
parent99e45eeac867d51ff3395dcf3d7aedf5ac2812c8 (diff)
downloadmrst-s0i3-test-37ca5389b863e5ffba6fb7c22331bf57dbf7764a.tar.gz
mrst-s0i3-test-37ca5389b863e5ffba6fb7c22331bf57dbf7764a.tar.xz
mrst-s0i3-test-37ca5389b863e5ffba6fb7c22331bf57dbf7764a.zip
AUDIT: Fix remaining cases of direct logging of untrusted strings by avc_audit
Per Steve Grubb's observation that there are some remaining cases where avc_audit() directly logs untrusted strings without escaping them, here is a patch that changes avc_audit() to use audit_log_untrustedstring() or audit_log_hex() as appropriate. Note that d_name.name is nul- terminated by d_alloc(), and that sun_path is nul-terminated by unix_mkname(), so it is not necessary for the AVC to create nul- terminated copies or to alter audit_log_untrustedstring to take a length argument. In the case of an abstract name, we use audit_log_hex() with an explicit length. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/avc.c22
1 files changed, 9 insertions, 13 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 914d0d294ff..451502467a9 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -575,16 +575,16 @@ void avc_audit(u32 ssid, u32 tsid,
struct dentry *dentry = a->u.fs.dentry;
if (a->u.fs.mnt)
audit_avc_path(dentry, a->u.fs.mnt);
- audit_log_format(ab, " name=%s",
- dentry->d_name.name);
+ audit_log_format(ab, " name=");
+ audit_log_untrustedstring(ab, dentry->d_name.name);
inode = dentry->d_inode;
} else if (a->u.fs.inode) {
struct dentry *dentry;
inode = a->u.fs.inode;
dentry = d_find_alias(inode);
if (dentry) {
- audit_log_format(ab, " name=%s",
- dentry->d_name.name);
+ audit_log_format(ab, " name=");
+ audit_log_untrustedstring(ab, dentry->d_name.name);
dput(dentry);
}
}
@@ -628,23 +628,19 @@ void avc_audit(u32 ssid, u32 tsid,
u = unix_sk(sk);
if (u->dentry) {
audit_avc_path(u->dentry, u->mnt);
- audit_log_format(ab, " name=%s",
- u->dentry->d_name.name);
-
+ audit_log_format(ab, " name=");
+ audit_log_untrustedstring(ab, u->dentry->d_name.name);
break;
}
if (!u->addr)
break;
len = u->addr->len-sizeof(short);
p = &u->addr->name->sun_path[0];
+ audit_log_format(ab, " path=");
if (*p)
- audit_log_format(ab,
- "path=%*.*s", len,
- len, p);
+ audit_log_untrustedstring(ab, p);
else
- audit_log_format(ab,
- "path=@%*.*s", len-1,
- len-1, p+1);
+ audit_log_hex(ab, p, len);
break;
}
}