Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e7df61f4 authored by Burn Alting's avatar Burn Alting Committed by Eric Paris
Browse files

audit: invalid op= values for rules 



Various audit events dealing with adding, removing and updating rules result in
invalid values set for the op keys which result in embedded spaces in op=
values.

The invalid values are
        op="add rule"       set in kernel/auditfilter.c
        op="remove rule"    set in kernel/auditfilter.c
        op="remove rule"    set in kernel/audit_tree.c
        op="updated rules"  set in kernel/audit_watch.c
        op="remove rule"    set in kernel/audit_watch.c

Replace the space in the above values with an underscore character ('_').

Coded-by: default avatarBurn Alting <burn@swtf.dyndns.org>
Signed-off-by: default avatarRichard Guy Briggs <rgb@redhat.com>
parent 01478d7d

kernel/audit_tree.c

+1 −1
Original line number Original line Diff line number Diff line
@@ -457,7 +457,7 @@ static void audit_log_remove_rule(struct audit_krule *rule) 
	if (unlikely(!ab))

	if (unlikely(!ab))

		return;

		return;

	audit_log_format(ab, "op=");

	audit_log_format(ab, "op=");

	audit_log_string(ab, "remove rule");

	audit_log_string(ab, "remove_rule");

	audit_log_format(ab, " dir=");

	audit_log_format(ab, " dir=");

	audit_log_untrustedstring(ab, rule->tree->pathname);

	audit_log_untrustedstring(ab, rule->tree->pathname);

	audit_log_key(ab, rule->filterkey);

	audit_log_key(ab, rule->filterkey);

kernel/audit_watch.c

+2 −2
Original line number Original line Diff line number Diff line
@@ -314,7 +314,7 @@ static void audit_update_watch(struct audit_parent *parent, 
					     &nentry->rule.list);

					     &nentry->rule.list);

			}

			}





			audit_watch_log_rule_change(r, owatch, "updated rules");

			audit_watch_log_rule_change(r, owatch, "updated_rules");





			call_rcu(&oentry->rcu, audit_free_rule_rcu);

			call_rcu(&oentry->rcu, audit_free_rule_rcu);

		}

		}
@@ -342,7 +342,7 @@ static void audit_remove_parent_watches(struct audit_parent *parent) 
	list_for_each_entry_safe(w, nextw, &parent->watches, wlist) {

	list_for_each_entry_safe(w, nextw, &parent->watches, wlist) {

		list_for_each_entry_safe(r, nextr, &w->rules, rlist) {

		list_for_each_entry_safe(r, nextr, &w->rules, rlist) {

			e = container_of(r, struct audit_entry, rule);

			e = container_of(r, struct audit_entry, rule);

			audit_watch_log_rule_change(r, w, "remove rule");

			audit_watch_log_rule_change(r, w, "remove_rule");

			list_del(&r->rlist);

			list_del(&r->rlist);

			list_del(&r->list);

			list_del(&r->list);

			list_del_rcu(&e->list);

			list_del_rcu(&e->list);

kernel/auditfilter.c

+2 −2
Original line number Original line Diff line number Diff line
@@ -1060,7 +1060,7 @@ int audit_rule_change(int type, __u32 portid, int seq, void *data, 
			return PTR_ERR(entry);

			return PTR_ERR(entry);





		err = audit_add_rule(entry);

		err = audit_add_rule(entry);

		audit_log_rule_change("add rule", &entry->rule, !err);

		audit_log_rule_change("add_rule", &entry->rule, !err);

		if (err)

		if (err)

			audit_free_rule(entry);

			audit_free_rule(entry);

		break;

		break;
@@ -1070,7 +1070,7 @@ int audit_rule_change(int type, __u32 portid, int seq, void *data, 
			return PTR_ERR(entry);

			return PTR_ERR(entry);





		err = audit_del_rule(entry);

		err = audit_del_rule(entry);

		audit_log_rule_change("remove rule", &entry->rule, !err);

		audit_log_rule_change("remove_rule", &entry->rule, !err);

		audit_free_rule(entry);

		audit_free_rule(entry);

		break;

		break;

	default:

	default: