On 14/01/07, William Roberts wrote: > Signed-off-by: William Roberts <[email protected]> > --- > kernel/auditsc.c | 19 +++++++++++++++---- > 1 file changed, 15 insertions(+), 4 deletions(-) > > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > index a4c2003..9ba1f2a 100644 > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -1292,9 +1292,20 @@ static void audit_log_cmdline(struct audit_buffer *ab, > struct task_struct *tsk, > if (!buf) > goto out; > res = get_cmdline(tsk, buf, PATH_MAX); > - /* Ensure NULL terminated */ > - if (buf[res-1] != '\0') > - buf[res-1] = '\0'; > + if (res == 0) { > + kfree(buf); > + goto out; > + } > + /* > + * Ensure NULL terminated but don't clobber the end > + * unless the buffer is full. Worst case you end up > + * with 2 null bytes ending it. By doing it this way > + * one avoids additional branching. One checking if the > + * end is null and another to check if their should be > + * an increment before setting the null byte. > + */ > + res += res < PATH_MAX; > + buf[res-1] = '\0'; > context->cmdline = buf; > } > msg = context->cmdline; > @@ -1333,8 +1344,8 @@ static void audit_log_exit(struct audit_context > *context, struct task_struct *ts > context->name_count); > > audit_log_task_info(ab, tsk); > - audit_log_cmdline(ab, tsk, context); > audit_log_key(ab, context->filterkey); > + audit_log_cmdline(ab, tsk, context); > audit_log_end(ab); > > for (aux = context->aux; aux; aux = aux->next) {
I'm fine with this. - RGB -- Richard Guy Briggs <[email protected]> Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat Remote, Ottawa, Canada Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
