From: Jan Kara <jack@suse.cz>
To: Paul Moore <paul@paul-moore.com>
Cc: linux-audit@redhat.com, Jan Kara <jack@suse.cz>
Subject: Re: [PATCH] audit: Fix check of return value of strnlen_user()
Date: Thu, 4 Jun 2015 09:36:37 +0200 [thread overview]
Message-ID: <20150604073637.GA5923@quack.suse.cz> (raw)
In-Reply-To: <1616713.xG362InQ3V@sifl>
On Wed 03-06-15 14:56:18, Paul Moore wrote:
> On Tuesday, June 02, 2015 05:08:29 PM Jan Kara wrote:
> > strnlen_user() returns 0 when it hits fault, not -1. Fix the test in
> > audit_log_single_execve_arg(). Luckily this shouldn't ever happen unless
> > there's a kernel bug so it's mostly a cosmetic fix.
> >
> > CC: Paul Moore <pmoore@redhat.com>
> > Signed-off-by: Jan Kara <jack@suse.cz>
> > ---
> > kernel/auditsc.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> > index 9fb9d1cb83ce..bb947ceeee4d 100644
> > --- a/kernel/auditsc.c
> > +++ b/kernel/auditsc.c
> > @@ -1023,7 +1023,7 @@ static int audit_log_single_execve_arg(struct
> > audit_context *context, * for strings that are too long, we should not have
> > created
> > * any.
> > */
> > - if (unlikely((len == -1) || len > MAX_ARG_STRLEN - 1)) {
> > + if (unlikely((len == 0) || len > MAX_ARG_STRLEN - 1)) {
>
> While we're at it, should we make it just "len > MAX_ARG_STRLEN" as well?
> Reading the comments in include/uapi/linux/binfmts.h as well as
> valid_arg_len() that seems to be the correct logic.
Umm, but audit_log_single_execve_arg() does decrement 1 from
strnlen_user() result before doing the comparison. So the current test
seems to match the one in valid_arg_len() exactly...
Honza
--
Jan Kara <jack@suse.cz>
SUSE Labs, CR
next prev parent reply other threads:[~2015-06-04 7:36 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-02 15:08 [PATCH] audit: Fix check of return value of strnlen_user() Jan Kara
2015-06-03 18:56 ` Paul Moore
2015-06-04 7:36 ` Jan Kara [this message]
2015-06-04 13:18 ` Paul Moore
2015-06-04 21:32 ` Jan Kara
2015-06-04 21:48 ` Paul Moore
2015-06-11 19:58 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150604073637.GA5923@quack.suse.cz \
--to=jack@suse.cz \
--cc=linux-audit@redhat.com \
--cc=paul@paul-moore.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.