On Jan 6, 2014 7:38 PM, "William Roberts" <[email protected]> wrote: > > I've been doing some testing of the recent audit cmdline patches, > notably as many as the error paths as I can. > > On a failure, the field is populated with null, like when key is null. > However, it has quotes, should I drop the quotes... > > Example: > > Now: > cmdline="(null)" key=(null) > > Proposed: > cmdline=(null) key=(null) > > > I noticed that tty if its null also does not have quotes.
Also, I was ensuring that the end of cmdline was null terminated before adding it to the audit buffer. That code is something like: buf[res-1]=\0 Suppose buf is just a single character. Its within bounds but now gets clobbered with a null byte? Should I handle this case?
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
