Re: [PATCH 1/2] audit: fix NUL handling in untrusted strings
Miloslav Trmač wrote:
If the interface says "NUL-terminated string", any bytes
after that are
not "actual data".
Yes, that's correct. However, the function in
question,
audit_log_n_untrustedstring() is not an interface accepting a null
terminated string, it accepts a count. The helper function on which it
is dependent, audit_string_contains_control(), disregards the length
parameter it is passed and thus audit_log_n_untrustedstring() misbehaves
as a consequence.
> It would be wrong for the audit system to assume the memory block
it
> was pointed to only ever contained null terminated ascii strings,
> especially when the memory block is terminated by virtue of an octet
> count.
>
Yes, that's why it was wrong to use audit_*string() for TTY input data.
And the 2/2 patch fixes it - at the source of the problem, not in an
unrelated function that was incorrectly used.
This is true, but it's only part of the problem, the string functions
still need to be robust, even used inappropriately.
--
John Dennis <jdennis(a)redhat.com>
Attachments:
- attachment.html (text/html — 1.6 KB)