Miloslav Trmač wrote:

If the interface says "NUL-terminated string", any bytes after that are
not "actual data".

Yes, that's correct. However, the function in question, audit_log_n_untrustedstring() is not an interface accepting a null terminated string, it accepts a count. The helper function on which it is dependent, audit_string_contains_control(), disregards the length parameter it is passed and thus audit_log_n_untrustedstring() misbehaves as a consequence.

It would be wrong for the audit system to assume the memory block it
was pointed to only ever contained null terminated ascii strings,
especially when the memory block is terminated by virtue of an octet
count.

Yes, that's why it was wrong to use audit_*string() for TTY input data.
And the 2/2 patch fixes it - at the source of the problem, not in an
unrelated function that was incorrectly used.

This is true, but it's only part of the problem, the string functions still need to be robust, even used inappropriately.

-- 
John Dennis <jdennis@redhat.com>