From: John Dennis <jdennis@redhat.com>
To: "Miloslav Trmač" <mitr@redhat.com>
Cc: linux-audit <linux-audit@redhat.com>,
viro@zeniv.linux.org.uk,
linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 1/2] audit: fix NUL handling in untrusted strings
Date: Thu, 11 Sep 2008 15:47:33 -0400 [thread overview]
Message-ID: <48C975D5.3020603@redhat.com> (raw)
In-Reply-To: <1221161260.17533.30.camel@amilo>
[-- Attachment #1.1: Type: text/plain, Size: 1092 bytes --]
Miloslav Trmač wrote:
> If the interface says "NUL-terminated string", any bytes after that are
> not "actual data".
Yes, that's correct. However, the function in question,
audit_log_n_untrustedstring() is not an interface accepting a null
terminated string, it accepts a count. The helper function on which it
is dependent, audit_string_contains_control(), disregards the length
parameter it is passed and thus audit_log_n_untrustedstring() misbehaves
as a consequence.
>> It would be wrong for the audit system to assume the memory block it
>> was pointed to only ever contained null terminated ascii strings,
>> especially when the memory block is terminated by virtue of an octet
>> count.
>>
> Yes, that's why it was wrong to use audit_*string() for TTY input data.
> And the 2/2 patch fixes it - at the source of the problem, not in an
> unrelated function that was incorrectly used.
>
This is true, but it's only part of the problem, the string functions
still need to be robust, even used inappropriately.
--
John Dennis <jdennis@redhat.com>
[-- Attachment #1.2: Type: text/html, Size: 1694 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
next prev parent reply other threads:[~2008-09-11 19:47 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-09-10 22:23 [PATCH 1/2] audit: fix NUL handling in untrusted strings Miloslav Trmač
2008-09-11 14:25 ` Eric Paris
2008-09-11 14:25 ` Eric Paris
2008-09-11 14:43 ` Miloslav Trmač
2008-09-11 14:43 ` Miloslav Trmač
2008-09-11 17:30 ` John Dennis
2008-09-11 18:10 ` Miloslav Trmač
2008-09-11 18:10 ` Miloslav Trmač
2008-09-11 18:15 ` Miloslav Trmač
2008-09-11 19:08 ` Steve Grubb
2008-09-11 19:08 ` Steve Grubb
2008-09-11 19:19 ` John Dennis
2008-09-11 19:12 ` John Dennis
2008-09-11 19:27 ` Miloslav Trmač
2008-09-11 19:27 ` Miloslav Trmač
2008-09-11 19:47 ` John Dennis [this message]
2008-09-11 20:03 ` Miloslav Trmač
2008-09-11 20:03 ` Miloslav Trmač
2008-09-11 19:14 ` Andrew Morton
2008-09-11 19:14 ` Andrew Morton
2008-09-11 19:37 ` Miloslav Trmač
2008-09-11 19:37 ` Miloslav Trmač
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48C975D5.3020603@redhat.com \
--to=jdennis@redhat.com \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mitr@redhat.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.