Miloslav Trmač wrote: > If the interface says "NUL-terminated string", any bytes after that are > not "actual data". Yes, that's correct. However, the function in question, audit_log_n_untrustedstring() is not an interface accepting a null terminated string, it accepts a count. The helper function on which it is dependent, audit_string_contains_control(), disregards the length parameter it is passed and thus audit_log_n_untrustedstring() misbehaves as a consequence. >> It would be wrong for the audit system to assume the memory block it >> was pointed to only ever contained null terminated ascii strings, >> especially when the memory block is terminated by virtue of an octet >> count. >> > Yes, that's why it was wrong to use audit_*string() for TTY input data. > And the 2/2 patch fixes it - at the source of the problem, not in an > unrelated function that was incorrectly used. > This is true, but it's only part of the problem, the string functions still need to be robust, even used inappropriately. -- John Dennis