Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

AUDIT: Fix remaining cases of direct logging of untrusted strings by avc_audit

Per Steve Grubb's observation that there are some remaining cases where
avc_audit() directly logs untrusted strings without escaping them, here
is a patch that changes avc_audit() to use audit_log_untrustedstring()
or audit_log_hex() as appropriate.  Note that d_name.name is nul-
terminated by d_alloc(), and that sun_path is nul-terminated by
unix_mkname(), so it is not necessary for the AVC to create nul-
terminated copies or to alter audit_log_untrustedstring to take a length
argument.  In the case of an abstract name, we use audit_log_hex() with
an explicit length.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Stephen Smalley 20 years ago
parent
99e45eeac8
commit
37ca5389b8
1 changed files with 9 additions and 13 deletions
Unified View Show Diff Stats
  1. 9 13
      security/selinux/avc.c

+ 9 - 13
security/selinux/avc.c
View File 

@@ -575,16 +575,16 @@ void avc_audit(u32 ssid, u32 tsid,
 
 				struct dentry *dentry = a->u.fs.dentry;
 
 				struct dentry *dentry = a->u.fs.dentry;
 
 				if (a->u.fs.mnt)
 
 				if (a->u.fs.mnt)
 
 					audit_avc_path(dentry, a->u.fs.mnt);
 
 					audit_avc_path(dentry, a->u.fs.mnt);
 
-				audit_log_format(ab, " name=%s",
 
-						 dentry->d_name.name);
 
+				audit_log_format(ab, " name=");
 
+				audit_log_untrustedstring(ab, dentry->d_name.name);
 
 				inode = dentry->d_inode;
 
 				inode = dentry->d_inode;
 
 			} else if (a->u.fs.inode) {
 
 			} else if (a->u.fs.inode) {
 
 				struct dentry *dentry;
 
 				struct dentry *dentry;
 
 				inode = a->u.fs.inode;
 
 				inode = a->u.fs.inode;
 
 				dentry = d_find_alias(inode);
 
 				dentry = d_find_alias(inode);
 
 				if (dentry) {
 
 				if (dentry) {
 
-					audit_log_format(ab, " name=%s",
 
-							 dentry->d_name.name);
 
+					audit_log_format(ab, " name=");
 
+					audit_log_untrustedstring(ab, dentry->d_name.name);
 
 					dput(dentry);
 
 					dput(dentry);
 
 				}
 
 				}
 
 			}
 
 			}
 
@@ -628,23 +628,19 @@ void avc_audit(u32 ssid, u32 tsid,
 
 					u = unix_sk(sk);
 
 					u = unix_sk(sk);
 
 					if (u->dentry) {
 
 					if (u->dentry) {
 
 						audit_avc_path(u->dentry, u->mnt);
 
 						audit_avc_path(u->dentry, u->mnt);
 
-						audit_log_format(ab, " name=%s",
 
-								 u->dentry->d_name.name);
 
-
 
+						audit_log_format(ab, " name=");
 
+						audit_log_untrustedstring(ab, u->dentry->d_name.name);
 
 						break;
 
 						break;
 
 					}
 
 					}
 
 					if (!u->addr)
 
 					if (!u->addr)
 
 						break;
 
 						break;
 
 					len = u->addr->len-sizeof(short);
 
 					len = u->addr->len-sizeof(short);
 
 					p = &u->addr->name->sun_path[0];
 
 					p = &u->addr->name->sun_path[0];
 
+					audit_log_format(ab, " path=");
 
 					if (*p)
 
 					if (*p)
 
-						audit_log_format(ab,
 
-							"path=%*.*s", len,
 
-							len, p);
 
+						audit_log_untrustedstring(ab, p);
 
 					else
 
 					else
 
-						audit_log_format(ab,
 
-							"path=@%*.*s", len-1,
 
-							len-1, p+1);
 
+						audit_log_hex(ab, p, len);
 
 					break;
 
 					break;
 
 				}
 
 				}
 
 			}
 
 			}