Commit 0221c81b authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'audit.b62' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current

* 'audit.b62' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current:
  Audit: remove spaces from audit_log_d_path
  audit: audit_set_auditable defined but not used
  audit: incorrect ref counting in audit tree tag_chunk
  audit: Fix possible return value truncation in audit_get_context()
  audit: ignore terminating NUL in AUDIT_USER_TTY messages
  Audit: fix handling of 'strings' with NULL characters
  make the e->rule.xxx shorter in kernel auditfilter.c
  auditsc: fix kernel-doc notation
  audit: EXECVE record - removed bogus newline
parents 48f286a2 def57543
...@@ -766,6 +766,9 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) ...@@ -766,6 +766,9 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
audit_log_format(ab, " msg="); audit_log_format(ab, " msg=");
size = nlmsg_len(nlh); size = nlmsg_len(nlh);
if (size > 0 &&
((unsigned char *)data)[size - 1] == '\0')
size--;
audit_log_n_untrustedstring(ab, data, size); audit_log_n_untrustedstring(ab, data, size);
} }
audit_set_pid(ab, pid); audit_set_pid(ab, pid);
...@@ -1382,7 +1385,7 @@ void audit_log_n_string(struct audit_buffer *ab, const char *string, ...@@ -1382,7 +1385,7 @@ void audit_log_n_string(struct audit_buffer *ab, const char *string,
int audit_string_contains_control(const char *string, size_t len) int audit_string_contains_control(const char *string, size_t len)
{ {
const unsigned char *p; const unsigned char *p;
for (p = string; p < (const unsigned char *)string + len && *p; p++) { for (p = string; p < (const unsigned char *)string + len; p++) {
if (*p == '"' || *p < 0x21 || *p > 0x7e) if (*p == '"' || *p < 0x21 || *p > 0x7e)
return 1; return 1;
} }
...@@ -1437,13 +1440,13 @@ void audit_log_d_path(struct audit_buffer *ab, const char *prefix, ...@@ -1437,13 +1440,13 @@ void audit_log_d_path(struct audit_buffer *ab, const char *prefix,
/* We will allow 11 spaces for ' (deleted)' to be appended */ /* We will allow 11 spaces for ' (deleted)' to be appended */
pathname = kmalloc(PATH_MAX+11, ab->gfp_mask); pathname = kmalloc(PATH_MAX+11, ab->gfp_mask);
if (!pathname) { if (!pathname) {
audit_log_format(ab, "<no memory>"); audit_log_string(ab, "<no_memory>");
return; return;
} }
p = d_path(path, pathname, PATH_MAX+11); p = d_path(path, pathname, PATH_MAX+11);
if (IS_ERR(p)) { /* Should never happen since we send PATH_MAX */ if (IS_ERR(p)) { /* Should never happen since we send PATH_MAX */
/* FIXME: can we save some information here? */ /* FIXME: can we save some information here? */
audit_log_format(ab, "<too long>"); audit_log_string(ab, "<too_long>");
} else } else
audit_log_untrustedstring(ab, p); audit_log_untrustedstring(ab, p);
kfree(pathname); kfree(pathname);
......
...@@ -385,6 +385,7 @@ static int tag_chunk(struct inode *inode, struct audit_tree *tree) ...@@ -385,6 +385,7 @@ static int tag_chunk(struct inode *inode, struct audit_tree *tree)
mutex_lock(&inode->inotify_mutex); mutex_lock(&inode->inotify_mutex);
if (inotify_clone_watch(&old->watch, &chunk->watch) < 0) { if (inotify_clone_watch(&old->watch, &chunk->watch) < 0) {
mutex_unlock(&inode->inotify_mutex); mutex_unlock(&inode->inotify_mutex);
put_inotify_watch(&old->watch);
free_chunk(chunk); free_chunk(chunk);
return -ENOSPC; return -ENOSPC;
} }
...@@ -394,6 +395,7 @@ static int tag_chunk(struct inode *inode, struct audit_tree *tree) ...@@ -394,6 +395,7 @@ static int tag_chunk(struct inode *inode, struct audit_tree *tree)
chunk->dead = 1; chunk->dead = 1;
inotify_evict_watch(&chunk->watch); inotify_evict_watch(&chunk->watch);
mutex_unlock(&inode->inotify_mutex); mutex_unlock(&inode->inotify_mutex);
put_inotify_watch(&old->watch);
put_inotify_watch(&chunk->watch); put_inotify_watch(&chunk->watch);
return 0; return 0;
} }
......
...@@ -135,18 +135,18 @@ static void audit_remove_watch(struct audit_watch *watch) ...@@ -135,18 +135,18 @@ static void audit_remove_watch(struct audit_watch *watch)
static inline void audit_free_rule(struct audit_entry *e) static inline void audit_free_rule(struct audit_entry *e)
{ {
int i; int i;
struct audit_krule *erule = &e->rule;
/* some rules don't have associated watches */ /* some rules don't have associated watches */
if (e->rule.watch) if (erule->watch)
audit_put_watch(e->rule.watch); audit_put_watch(erule->watch);
if (e->rule.fields) if (erule->fields)
for (i = 0; i < e->rule.field_count; i++) { for (i = 0; i < erule->field_count; i++) {
struct audit_field *f = &e->rule.fields[i]; struct audit_field *f = &erule->fields[i];
kfree(f->lsm_str); kfree(f->lsm_str);
security_audit_rule_free(f->lsm_rule); security_audit_rule_free(f->lsm_rule);
} }
kfree(e->rule.fields); kfree(erule->fields);
kfree(e->rule.filterkey); kfree(erule->filterkey);
kfree(e); kfree(e);
} }
......
...@@ -329,6 +329,14 @@ static int audit_match_filetype(struct audit_context *ctx, int which) ...@@ -329,6 +329,14 @@ static int audit_match_filetype(struct audit_context *ctx, int which)
*/ */
#ifdef CONFIG_AUDIT_TREE #ifdef CONFIG_AUDIT_TREE
static void audit_set_auditable(struct audit_context *ctx)
{
if (!ctx->prio) {
ctx->prio = 1;
ctx->current_state = AUDIT_RECORD_CONTEXT;
}
}
static int put_tree_ref(struct audit_context *ctx, struct audit_chunk *chunk) static int put_tree_ref(struct audit_context *ctx, struct audit_chunk *chunk)
{ {
struct audit_tree_refs *p = ctx->trees; struct audit_tree_refs *p = ctx->trees;
...@@ -742,17 +750,9 @@ void audit_filter_inodes(struct task_struct *tsk, struct audit_context *ctx) ...@@ -742,17 +750,9 @@ void audit_filter_inodes(struct task_struct *tsk, struct audit_context *ctx)
rcu_read_unlock(); rcu_read_unlock();
} }
static void audit_set_auditable(struct audit_context *ctx)
{
if (!ctx->prio) {
ctx->prio = 1;
ctx->current_state = AUDIT_RECORD_CONTEXT;
}
}
static inline struct audit_context *audit_get_context(struct task_struct *tsk, static inline struct audit_context *audit_get_context(struct task_struct *tsk,
int return_valid, int return_valid,
int return_code) long return_code)
{ {
struct audit_context *context = tsk->audit_context; struct audit_context *context = tsk->audit_context;
...@@ -1024,7 +1024,7 @@ static int audit_log_single_execve_arg(struct audit_context *context, ...@@ -1024,7 +1024,7 @@ static int audit_log_single_execve_arg(struct audit_context *context,
{ {
char arg_num_len_buf[12]; char arg_num_len_buf[12];
const char __user *tmp_p = p; const char __user *tmp_p = p;
/* how many digits are in arg_num? 3 is the length of a=\n */ /* how many digits are in arg_num? 3 is the length of " a=" */
size_t arg_num_len = snprintf(arg_num_len_buf, 12, "%d", arg_num) + 3; size_t arg_num_len = snprintf(arg_num_len_buf, 12, "%d", arg_num) + 3;
size_t len, len_left, to_send; size_t len, len_left, to_send;
size_t max_execve_audit_len = MAX_EXECVE_AUDIT_LEN; size_t max_execve_audit_len = MAX_EXECVE_AUDIT_LEN;
...@@ -1110,7 +1110,7 @@ static int audit_log_single_execve_arg(struct audit_context *context, ...@@ -1110,7 +1110,7 @@ static int audit_log_single_execve_arg(struct audit_context *context,
* so we can be sure nothing was lost. * so we can be sure nothing was lost.
*/ */
if ((i == 0) && (too_long)) if ((i == 0) && (too_long))
audit_log_format(*ab, "a%d_len=%zu ", arg_num, audit_log_format(*ab, " a%d_len=%zu", arg_num,
has_cntl ? 2*len : len); has_cntl ? 2*len : len);
/* /*
...@@ -1130,7 +1130,7 @@ static int audit_log_single_execve_arg(struct audit_context *context, ...@@ -1130,7 +1130,7 @@ static int audit_log_single_execve_arg(struct audit_context *context,
buf[to_send] = '\0'; buf[to_send] = '\0';
/* actually log it */ /* actually log it */
audit_log_format(*ab, "a%d", arg_num); audit_log_format(*ab, " a%d", arg_num);
if (too_long) if (too_long)
audit_log_format(*ab, "[%d]", i); audit_log_format(*ab, "[%d]", i);
audit_log_format(*ab, "="); audit_log_format(*ab, "=");
...@@ -1138,7 +1138,6 @@ static int audit_log_single_execve_arg(struct audit_context *context, ...@@ -1138,7 +1138,6 @@ static int audit_log_single_execve_arg(struct audit_context *context,
audit_log_n_hex(*ab, buf, to_send); audit_log_n_hex(*ab, buf, to_send);
else else
audit_log_format(*ab, "\"%s\"", buf); audit_log_format(*ab, "\"%s\"", buf);
audit_log_format(*ab, "\n");
p += to_send; p += to_send;
len_left -= to_send; len_left -= to_send;
...@@ -1166,7 +1165,7 @@ static void audit_log_execve_info(struct audit_context *context, ...@@ -1166,7 +1165,7 @@ static void audit_log_execve_info(struct audit_context *context,
p = (const char __user *)axi->mm->arg_start; p = (const char __user *)axi->mm->arg_start;
audit_log_format(*ab, "argc=%d ", axi->argc); audit_log_format(*ab, "argc=%d", axi->argc);
/* /*
* we need some kernel buffer to hold the userspace args. Just * we need some kernel buffer to hold the userspace args. Just
...@@ -1479,7 +1478,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts ...@@ -1479,7 +1478,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
case 0: case 0:
/* name was specified as a relative path and the /* name was specified as a relative path and the
* directory component is the cwd */ * directory component is the cwd */
audit_log_d_path(ab, " name=", &context->pwd); audit_log_d_path(ab, "name=", &context->pwd);
break; break;
default: default:
/* log the name's directory component */ /* log the name's directory component */
...@@ -2150,7 +2149,7 @@ int audit_set_loginuid(struct task_struct *task, uid_t loginuid) ...@@ -2150,7 +2149,7 @@ int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
* __audit_mq_open - record audit data for a POSIX MQ open * __audit_mq_open - record audit data for a POSIX MQ open
* @oflag: open flag * @oflag: open flag
* @mode: mode bits * @mode: mode bits
* @u_attr: queue attributes * @attr: queue attributes
* *
*/ */
void __audit_mq_open(int oflag, mode_t mode, struct mq_attr *attr) void __audit_mq_open(int oflag, mode_t mode, struct mq_attr *attr)
...@@ -2197,7 +2196,7 @@ void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, ...@@ -2197,7 +2196,7 @@ void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio,
/** /**
* __audit_mq_notify - record audit data for a POSIX MQ notify * __audit_mq_notify - record audit data for a POSIX MQ notify
* @mqdes: MQ descriptor * @mqdes: MQ descriptor
* @u_notification: Notification event * @notification: Notification event
* *
*/ */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment