summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
author <dwmw2@shinybook.infradead.org>2005-04-29 16:54:44 +0200
committer <dwmw2@shinybook.infradead.org>2005-04-29 16:54:44 +0200
commit83c7d09173fdb6b06b109e65895392db3e49ac9c (patch)
tree3f48367a4d1413e221a5367bcd0cf8df7322c368 /include
parent[PATCH] x86_64: fix PT_NOTE addition to IA32 vDSO (diff)
downloadlinux-83c7d09173fdb6b06b109e65895392db3e49ac9c.tar.xz
linux-83c7d09173fdb6b06b109e65895392db3e49ac9c.zip
AUDIT: Avoid log pollution by untrusted strings.
We log strings from userspace, such as arguments to open(). These could be formatted to contain \n followed by fake audit log entries. Provide a function for logging such strings, which gives a hex dump when the string contains anything but basic printable ASCII characters. Use it for logging filenames. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'include')
-rw-r--r--include/linux/audit.h8
1 files changed, 7 insertions, 1 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 3628f7cfb178..9b77992c4888 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -174,11 +174,15 @@ extern void audit_log_format(struct audit_buffer *ab,
const char *fmt, ...)
__attribute__((format(printf,2,3)));
extern void audit_log_end(struct audit_buffer *ab);
+extern void audit_log_hex(struct audit_buffer *ab,
+ const unsigned char *buf,
+ size_t len);
+extern void audit_log_untrustedstring(struct audit_buffer *ab,
+ const char *string);
extern void audit_log_d_path(struct audit_buffer *ab,
const char *prefix,
struct dentry *dentry,
struct vfsmount *vfsmnt);
-
/* Private API (for auditsc.c only) */
extern void audit_send_reply(int pid, int seq, int type,
int done, int multi,
@@ -190,6 +194,8 @@ extern void audit_log_lost(const char *message);
#define audit_log_vformat(b,f,a) do { ; } while (0)
#define audit_log_format(b,f,...) do { ; } while (0)
#define audit_log_end(b) do { ; } while (0)
+#define audit_log_hex(a,b,l) do { ; } while (0)
+#define audit_log_untrustedstring(a,s) do { ; } while (0)
#define audit_log_d_path(b,p,d,v) do { ; } while (0)
#endif
#endif