mirrors/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2025-11-04 02:30:34 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

AUDIT: Avoid log pollution by untrusted strings.

Browse source 
We log strings from userspace, such as arguments to open(). These could
be formatted to contain \n followed by fake audit log entries. Provide
a function for logging such strings, which gives a hex dump when the
string contains anything but basic printable ASCII characters. Use it
for logging filenames.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
This commit is contained in:
2005-04-29 15:54:44 +01:00
parent c60c390620
commit 83c7d09173
3 changed files with 34 additions and 4 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

8
include/linux/audit.h
View file

@ -174,11 +174,15 @@ extern void audit_log_format(struct audit_buffer *ab,
const char *fmt, ...) const char *fmt, ...)
__attribute__((format(printf,2,3))); __attribute__((format(printf,2,3)));
extern void audit_log_end(struct audit_buffer *ab); extern void audit_log_end(struct audit_buffer *ab);
extern void audit_log_hex(struct audit_buffer *ab,
const unsigned char *buf,
size_t len);
extern void audit_log_untrustedstring(struct audit_buffer *ab,
const char *string);
extern void audit_log_d_path(struct audit_buffer *ab, extern void audit_log_d_path(struct audit_buffer *ab,
const char *prefix, const char *prefix,
struct dentry *dentry, struct dentry *dentry,
struct vfsmount *vfsmnt); struct vfsmount *vfsmnt);
/* Private API (for auditsc.c only) */ /* Private API (for auditsc.c only) */
extern void audit_send_reply(int pid, int seq, int type, extern void audit_send_reply(int pid, int seq, int type,
int done, int multi, int done, int multi,
@ -190,6 +194,8 @@ extern void audit_log_lost(const char *message);
#define audit_log_vformat(b,f,a) do { ; } while (0) #define audit_log_vformat(b,f,a) do { ; } while (0)
#define audit_log_format(b,f,...) do { ; } while (0) #define audit_log_format(b,f,...) do { ; } while (0)
#define audit_log_end(b) do { ; } while (0) #define audit_log_end(b) do { ; } while (0)
#define audit_log_hex(a,b,l) do { ; } while (0)
#define audit_log_untrustedstring(a,s) do { ; } while (0)
#define audit_log_d_path(b,p,d,v) do { ; } while (0) #define audit_log_d_path(b,p,d,v) do { ; } while (0)
#endif #endif
#endif #endif

23
kernel/audit.c
View file

@ -720,6 +720,29 @@ void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)
va_end(args); va_end(args);
} }
void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf, size_t len)
{
int i;
for (i=0; i<len; i++)
audit_log_format(ab, "%02x", buf[i]);
}
void audit_log_untrustedstring(struct audit_buffer *ab, const char *string)
{
const char *p = string;
while (*p) {
if (*p == '"' || *p == ' ' || *p < 0x20 || *p > 0x7f) {
audit_log_hex(ab, string, strlen(string));
return;
}
p++;
}
audit_log_format(ab, "\"%s\"", string);
}
/* This is a helper-function to print the d_path without using a static /* This is a helper-function to print the d_path without using a static
* buffer or allocating another buffer in addition to the one in * buffer or allocating another buffer in addition to the one in
* audit_buffer. */ * audit_buffer. */

7
kernel/auditsc.c
View file

@ -696,9 +696,10 @@ static void audit_log_exit(struct audit_context *context)
if (!ab) if (!ab)
continue; /* audit_panic has been called */ continue; /* audit_panic has been called */
audit_log_format(ab, "item=%d", i); audit_log_format(ab, "item=%d", i);
if (context->names[i].name) if (context->names[i].name) {
audit_log_format(ab, " name=%s", audit_log_format(ab, " name=");
context->names[i].name); audit_log_untrustedstring(ab, context->names[i].name);
}
if (context->names[i].ino != (unsigned long)-1) if (context->names[i].ino != (unsigned long)-1)
audit_log_format(ab, " inode=%lu dev=%02x:%02x mode=%#o" audit_log_format(ab, " inode=%lu dev=%02x:%02x mode=%#o"
" uid=%d gid=%d rdev=%02x:%02x", " uid=%d gid=%d rdev=%02x:%02x",