Re: audit-0.6.2 released
* Steve Grubb (sgrubb(a)redhat.com) wrote:
On Wednesday 27 April 2005 03:26, Chris Wright wrote:
> What was your test case? This patch will potentially corrupt data in
> skb->data[offset + len].
Chris,
It may be more expedient to just submit a corrected patch to the mail list.
I don't have a good patch yet. NULL terminating the buffer doesn't look
safe. I was beginning to suspect audit_log_vformat buffer size
handling, but can't make it break (nor figure when ab->len could become
suspect. I'll keep digging, but a way to trigger would sure help.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net