summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--drivers/char/tty_audit.c2
-rw-r--r--include/linux/audit.h22
-rw-r--r--kernel/audit.c19
-rw-r--r--kernel/auditsc.c8
-rw-r--r--security/selinux/avc.c2
5 files changed, 29 insertions, 24 deletions
diff --git a/drivers/char/tty_audit.c b/drivers/char/tty_audit.c
index 9739bbf..caeedd1 100644
--- a/drivers/char/tty_audit.c
+++ b/drivers/char/tty_audit.c
@@ -92,7 +92,7 @@ static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid,
get_task_comm(name, tsk);
audit_log_untrustedstring(ab, name);
audit_log_format(ab, " data=");
- audit_log_n_untrustedstring(ab, buf->valid, buf->data);
+ audit_log_n_untrustedstring(ab, buf->data, buf->valid);
audit_log_end(ab);
}
buf->valid = 0;
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 25f6ae3..f938335 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -549,16 +549,20 @@ extern void audit_log_format(struct audit_buffer *ab,
const char *fmt, ...)
__attribute__((format(printf,2,3)));
extern void audit_log_end(struct audit_buffer *ab);
-extern void audit_log_hex(struct audit_buffer *ab,
- const unsigned char *buf,
- size_t len);
extern int audit_string_contains_control(const char *string,
size_t len);
+extern void audit_log_n_hex(struct audit_buffer *ab,
+ const unsigned char *buf,
+ size_t len);
+extern void audit_log_n_string(struct audit_buffer *ab,
+ const char *buf,
+ size_t n);
+#define audit_log_string(a,b) audit_log_n_string(a, b, strlen(b));
+extern void audit_log_n_untrustedstring(struct audit_buffer *ab,
+ const char *string,
+ size_t n);
extern void audit_log_untrustedstring(struct audit_buffer *ab,
const char *string);
-extern void audit_log_n_untrustedstring(struct audit_buffer *ab,
- size_t n,
- const char *string);
extern void audit_log_d_path(struct audit_buffer *ab,
const char *prefix,
struct path *path);
@@ -578,9 +582,11 @@ extern int audit_enabled;
#define audit_log_vformat(b,f,a) do { ; } while (0)
#define audit_log_format(b,f,...) do { ; } while (0)
#define audit_log_end(b) do { ; } while (0)
-#define audit_log_hex(a,b,l) do { ; } while (0)
-#define audit_log_untrustedstring(a,s) do { ; } while (0)
+#define audit_log_n_hex(a,b,l) do { ; } while (0)
+#define audit_log_n_string(a,c,l) do { ; } while (0)
+#define audit_log_string(a,c) do { ; } while (0)
#define audit_log_n_untrustedstring(a,n,s) do { ; } while (0)
+#define audit_log_untrustedstring(a,s) do { ; } while (0)
#define audit_log_d_path(b, p, d) do { ; } while (0)
#define audit_enabled 0
#endif
diff --git a/kernel/audit.c b/kernel/audit.c
index 520583d..5b9ad3d 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -757,8 +757,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
audit_log_format(ab, " msg=");
size = nlmsg_len(nlh);
- audit_log_n_untrustedstring(ab, size,
- data);
+ audit_log_n_untrustedstring(ab, data, size);
}
audit_set_pid(ab, pid);
audit_log_end(ab);
@@ -1293,7 +1292,7 @@ void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)
* This function will take the passed buf and convert it into a string of
* ascii hex digits. The new string is placed onto the skb.
*/
-void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf,
+void audit_log_n_hex(struct audit_buffer *ab, const unsigned char *buf,
size_t len)
{
int i, avail, new_len;
@@ -1329,8 +1328,8 @@ void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf,
* Format a string of no more than slen characters into the audit buffer,
* enclosed in quote marks.
*/
-static void audit_log_n_string(struct audit_buffer *ab, size_t slen,
- const char *string)
+void audit_log_n_string(struct audit_buffer *ab, const char *string,
+ size_t slen)
{
int avail, new_len;
unsigned char *ptr;
@@ -1386,13 +1385,13 @@ int audit_string_contains_control(const char *string, size_t len)
* The caller specifies the number of characters in the string to log, which may
* or may not be the entire string.
*/
-void audit_log_n_untrustedstring(struct audit_buffer *ab, size_t len,
- const char *string)
+void audit_log_n_untrustedstring(struct audit_buffer *ab, const char *string,
+ size_t len)
{
if (audit_string_contains_control(string, len))
- audit_log_hex(ab, string, len);
+ audit_log_n_hex(ab, string, len);
else
- audit_log_n_string(ab, len, string);
+ audit_log_n_string(ab, string, len);
}
/**
@@ -1405,7 +1404,7 @@ void audit_log_n_untrustedstring(struct audit_buffer *ab, size_t len,
*/
void audit_log_untrustedstring(struct audit_buffer *ab, const char *string)
{
- audit_log_n_untrustedstring(ab, strlen(string), string);
+ audit_log_n_untrustedstring(ab, string, strlen(string));
}
/* This is a helper-function to print the escaped d_path */
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index d7249fc..0072b1d 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1095,7 +1095,7 @@ static int audit_log_single_execve_arg(struct audit_context *context,
audit_log_format(*ab, "[%d]", i);
audit_log_format(*ab, "=");
if (has_cntl)
- audit_log_hex(*ab, buf, to_send);
+ audit_log_n_hex(*ab, buf, to_send);
else
audit_log_format(*ab, "\"%s\"", buf);
audit_log_format(*ab, "\n");
@@ -1307,7 +1307,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
struct audit_aux_data_sockaddr *axs = (void *)aux;
audit_log_format(ab, "saddr=");
- audit_log_hex(ab, axs->a, axs->len);
+ audit_log_n_hex(ab, axs->a, axs->len);
break; }
case AUDIT_FD_PAIR: {
@@ -1371,8 +1371,8 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
default:
/* log the name's directory component */
audit_log_format(ab, " name=");
- audit_log_n_untrustedstring(ab, n->name_len,
- n->name);
+ audit_log_n_untrustedstring(ab, n->name,
+ n->name_len);
}
} else
audit_log_format(ab, " name=(null)");
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 95a8ef4..114b4b4 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -646,7 +646,7 @@ void avc_audit(u32 ssid, u32 tsid,
if (*p)
audit_log_untrustedstring(ab, p);
else
- audit_log_hex(ab, p, len);
+ audit_log_n_hex(ab, p, len);
break;
}
}
OpenPOWER on IntegriCloud