[PATCH] add new audit data to last skb
Chris Wright
chrisw at osdl.org
Sat Apr 30 21:54:31 UTC 2005
When adding more formatted audit data to an skb for delivery to userspace,
the kernel will attempt to reuse an skb that has spare room. However, if
the audit message has already been fragmented to multiple skb's, the search
for spare room in the skb uses the head of the list. This will corrupt the
audit message with trailing bytes being placed midway through the stream.
Fix is to look at the end of the list.
Signed-off-by: Chris Wright <chrisw at osdl.org>
---
audit.c | 2 +-
1 files changed, 1 insertion(+), 1 deletion(-)
kernel/audit.c: 4a697c73faec0b952d4b240e7c3fadef49313148
--- k/kernel/audit.c
+++ l/kernel/audit.c
@@ -486,7 +486,7 @@ static void audit_log_move(struct audit_
if (ab->len == 0)
return;
- skb = skb_peek(&ab->sklist);
+ skb = skb_peek_tail(&ab->sklist);
if (!skb || skb_tailroom(skb) <= ab->len + extra) {
skb = alloc_skb(2 * ab->len + extra, GFP_ATOMIC);
if (!skb) {
More information about the Linux-audit
mailing list