From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paul Moore <paul@paul-moore.com>
Subject: Re: [PATCH] audit: Fix check of return value of strnlen_user()
Date: Wed, 03 Jun 2015 14:56:18 -0400
Message-ID: <1616713.xG362InQ3V@sifl>
References: <1433257709-1530-1-git-send-email-jack@suse.cz>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (ext-mx01.extmail.prod.ext.phx2.redhat.com
	[10.5.110.25])
	by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id t53IuLk0028634
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NO)
	for <linux-audit@redhat.com>; Wed, 3 Jun 2015 14:56:21 -0400
Received: from mail-qk0-f172.google.com (mail-qk0-f172.google.com
	[209.85.220.172]) by mx1.redhat.com (Postfix) with ESMTPS id 6144861
	for <linux-audit@redhat.com>; Wed,  3 Jun 2015 18:56:20 +0000 (UTC)
Received: by qkoo18 with SMTP id o18so11172139qko.1
	for <linux-audit@redhat.com>; Wed, 03 Jun 2015 11:56:19 -0700 (PDT)
In-Reply-To: <1433257709-1530-1-git-send-email-jack@suse.cz>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Jan Kara <jack@suse.cz>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Tuesday, June 02, 2015 05:08:29 PM Jan Kara wrote:
> strnlen_user() returns 0 when it hits fault, not -1. Fix the test in
> audit_log_single_execve_arg(). Luckily this shouldn't ever happen unless
> there's a kernel bug so it's mostly a cosmetic fix.
> 
> CC: Paul Moore <pmoore@redhat.com>
> Signed-off-by: Jan Kara <jack@suse.cz>
> ---
>  kernel/auditsc.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 9fb9d1cb83ce..bb947ceeee4d 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -1023,7 +1023,7 @@ static int audit_log_single_execve_arg(struct
> audit_context *context, * for strings that are too long, we should not have
> created
>  	 * any.
>  	 */
> -	if (unlikely((len == -1) || len > MAX_ARG_STRLEN - 1)) {
> +	if (unlikely((len == 0) || len > MAX_ARG_STRLEN - 1)) {

While we're at it, should we make it just "len > MAX_ARG_STRLEN" as well?  
Reading the comments in include/uapi/linux/binfmts.h as well as 
valid_arg_len() that seems to be the correct logic.

>  		WARN_ON(1);
>  		send_sig(SIGKILL, current, 0);
>  		return -1;

-- 
paul moore
www.paul-moore.com