Re: [PATCH 1/2] audit: fix NUL handling in untrusted strings

Thursday, 11 September 2008

On Thursday 11 September 2008 14:10:12 Miloslav Trmač wrote:
...
 > As a side note I'm concerned there may be places in the user
audit
 > code which treat string data as null terminated (at least that is my
 > recollection).

 Yes, auditd adds a NUL terminator to the audit record, and then treats
 it as a regular NUL-terminated string; if the audit record contains an
 embedded NUL byte, the rest of the record is discarded by auditd. 
In every case where this occurs (kernel or user space), the field values are 
expected to be encoded to prevent it from being discarded.

-Steve

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [PATCH 1/2] audit: fix NUL handling in untrusted strings