[PATCH 1/2] audit: fix NUL handling in untrusted strings
John Dennis
jdennis at redhat.com
Thu Sep 11 19:47:33 UTC 2008
Miloslav Trmač wrote:
> If the interface says "NUL-terminated string", any bytes after that are
> not "actual data".
Yes, that's correct. However, the function in question,
audit_log_n_untrustedstring() is not an interface accepting a null
terminated string, it accepts a count. The helper function on which it
is dependent, audit_string_contains_control(), disregards the length
parameter it is passed and thus audit_log_n_untrustedstring() misbehaves
as a consequence.
>> It would be wrong for the audit system to assume the memory block it
>> was pointed to only ever contained null terminated ascii strings,
>> especially when the memory block is terminated by virtue of an octet
>> count.
>>
> Yes, that's why it was wrong to use audit_*string() for TTY input data.
> And the 2/2 patch fixes it - at the source of the problem, not in an
> unrelated function that was incorrectly used.
>
This is true, but it's only part of the problem, the string functions
still need to be robust, even used inappropriately.
--
John Dennis <jdennis at redhat.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20080911/744a41cd/attachment.htm>
More information about the Linux-audit
mailing list