From mboxrd@z Thu Jan 1 00:00:00 1970 From: John Dennis Subject: Re: [PATCH] Fix acct quoting in audit_log_acct_message()) Date: Tue, 04 Mar 2008 13:29:42 -0500 Message-ID: <47CD9516.5070609@redhat.com> References: <47CCC6F0.1090005@redhat.com> <47CD65A3.8020204@redhat.com> <1204654248.12783.32.camel@vespa.frost.loc> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1204654248.12783.32.camel@vespa.frost.loc> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Tomas Mraz Cc: linux-audit@redhat.com, Simo Sorce List-Id: linux-audit@redhat.com Tomas Mraz wrote: > 1. Messages contain = pairs separated by spaces. > 2. All are just alphanumeric sequences. > 3. Values can be either: > a) byte sequences with the following special characters encoded as %XX > where XX is hexadecimal value of the encoded byte. Special characters > are: bytes with value <= 0x20 or >= 0x7F, '%', '(', ')', and '='. > b) recursively embedded messages enclosed in '(' and ')' parentheses. I think if a value is a string then the fact it is a string should be explicit and the boundaries of the string should be delimited. The simplest way to achieve this is by enclosing string values in double quotes and assuring any double quote contained in the string is escaped. If a value is not enclosed in double quotes it is not a string and is not subject to unescaping (decoding). -- John Dennis