From: Al Viro <viro@zeniv.linux.org.uk>
To: Paul Moore <paul@paul-moore.com>
Cc: Ricardo Robaina <rrobaina@redhat.com>,
audit@vger.kernel.org, linux-kernel@vger.kernel.org,
eparis@redhat.com, rgb@redhat.com
Subject: Re: [PATCH v1] audit: fix suffixed '/' filename matching in __audit_inode_child()
Date: Wed, 13 Nov 2024 23:04:25 +0000 [thread overview]
Message-ID: <20241113230425.GJ3387508@ZenIV> (raw)
In-Reply-To: <2d9292c28df34c50c1c0d1cbf6ce3b52@paul-moore.com>
On Mon, Nov 11, 2024 at 05:06:43PM -0500, Paul Moore wrote:
> This is completely untested, I didn't even compile it, but what about
> something like the following? We do add an extra strlen(), but that is
> going to be faster than the alloc/copy.
>
> diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
> index 470041c49a44..c30c2ee9fb77 100644
> --- a/kernel/auditfilter.c
> +++ b/kernel/auditfilter.c
> @@ -1320,10 +1320,13 @@ int audit_compare_dname_path(const struct qstr *dname, const char *path, int par
> return 1;
>
> parentlen = parentlen == AUDIT_NAME_FULL ? parent_len(path) : parentlen;
> - if (pathlen - parentlen != dlen)
> - return 1;
> -
> p = path + parentlen;
> + pathlen = strlen(p);
Huh? We have
pathlen = strlen(path);
several lines prior to this. So unless parentlen + path manages to exceed
strlen(path) (in which case your strlen() is really asking for trouble),
this is simply
pathlen -= parentlen;
What am I missing here? And while we are at it,
parentlen = parentlen == AUDIT_NAME_FULL ? parent_len(path) : parentlen;
is a bloody awful way to spell
if (parentlen == AUDIT_NAME_FULL)
parentlen = parent_len(path);
What's more, parent_len(path) starts with *yet* *another* strlen(path),
followed by really awful crap - we trim the trailing slashes (if any),
then search for the last slash before that... is that really worth
the chance to skip that strncmp()?
> + if (p[pathlen - 1] == '/')
> + pathlen--;
> +
> + if (pathlen != dlen)
> + return 1;
>
> return strncmp(p, dname->name, dlen);
... which really should've been memcmp(), at that.
next prev parent reply other threads:[~2024-11-13 23:04 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-05 12:37 [PATCH v1] audit: fix suffixed '/' filename matching in __audit_inode_child() Ricardo Robaina
2024-11-11 22:06 ` Paul Moore
2024-11-12 22:06 ` Richard Guy Briggs
2024-11-13 23:04 ` Al Viro [this message]
2024-11-14 3:23 ` Paul Moore
2024-11-14 4:09 ` Al Viro
2024-11-27 5:42 ` Paul Moore
2024-12-04 13:36 ` Ricardo Robaina
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241113230425.GJ3387508@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=audit@vger.kernel.org \
--cc=eparis@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=rgb@redhat.com \
--cc=rrobaina@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.