Boundary tests for filename/pathname
Steve Grubb
sgrubb at redhat.com
Wed Jun 8 13:00:19 UTC 2005
On Tuesday 07 June 2005 18:58, Loulwa Salem wrote:
> Then I thought to get the latest audit and I look in auditctl.c file, it
> seems that it is comparing against strlen() output, so not counting NULL.
Hmm. Fixing this.
> Based on what I found, I am thinking my initial assumption above is not
> valid, and I need to supply enough characters (without the null) to meet
> my test scenario ... Is this correct?
The authoritative place, as far as I know, is /usr/include/linux/limits.h.
#define PATH_MAX 4096 /* # chars in a path name including nul */
So...auditctl was letting strings 1 byte too big through. It now does:
size_t len = strlen(path);
if (len >= PATH_MAX) {
fprintf(stderr, "The path passed for the watch is too big\n");
return 1;
}
The kernel should have complained about this as well. auditfs.c
audit_receive_watch should be changed as well:
if (req->pathlen == 0)
goto audit_receive_watch_exit;
if (req->pathlen >= PATH_MAX) {
ret = -ENAMETOOLONG;
goto audit_receive_watch_exit;
}
-Steve
More information about the Linux-audit
mailing list