From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,INCLUDES_PATCH,MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E86B9C43215 for ; Sat, 16 Nov 2019 16:18:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id B515C21479 for ; Sat, 16 Nov 2019 16:18:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1573921138; bh=huh3IRdKqGi5hDvKHS1LXuAEpu3NxCzkYXsQqRKcB2I=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=TaqSHgJ6Xk8148h8NtZjmvs9PeJZJ6C6dmrEYpU9goi7vNsWl1ejYt4C0KgtpSIXD sOwZYc3Xy4ba8QcrCVvnRnlJmd/qHEojj1Dq91/YiK4v5Wl57BmBpAq7+BO6FZ+I3x 21ZB4FK1RW+OVQPLetOZArRKKkxQKSO/9oTFf0Iw= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728567AbfKPQS5 (ORCPT ); Sat, 16 Nov 2019 11:18:57 -0500 Received: from mail.kernel.org ([198.145.29.99]:52690 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729356AbfKPPqV (ORCPT ); Sat, 16 Nov 2019 10:46:21 -0500 Received: from sasha-vm.mshome.net (unknown [50.234.116.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3534D20855; Sat, 16 Nov 2019 15:46:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1573919181; bh=huh3IRdKqGi5hDvKHS1LXuAEpu3NxCzkYXsQqRKcB2I=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=MYdPWd+31hBcaRVJKysLtxBgKpnrlyjREWww4B/py2LFt1/ZtQLuZP9VZxYXXZ5ZC T3mm5z2xh8JZL4Qb3ZTl76ITv2QEvdghSkYjaXK1FtRBO+5j0AUUWoSIUvZlL7GlQJ Ss4GtYEWN8OTiinQsg8SV9Q2f/StEfU+Z/hUxxUc= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Richard Guy Briggs , Paul Moore , Sasha Levin Subject: [PATCH AUTOSEL 4.19 190/237] audit: print empty EXECVE args Date: Sat, 16 Nov 2019 10:40:25 -0500 Message-Id: <20191116154113.7417-190-sashal@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191116154113.7417-1-sashal@kernel.org> References: <20191116154113.7417-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Richard Guy Briggs [ Upstream commit ea956d8be91edc702a98b7fe1f9463e7ca8c42ab ] Empty executable arguments were being skipped when printing out the list of arguments in an EXECVE record, making it appear they were somehow lost. Include empty arguments as an itemized empty string. Reproducer: autrace /bin/ls "" "/etc" ausearch --start recent -m execve -i | grep EXECVE type=EXECVE msg=audit(10/03/2018 13:04:03.208:1391) : argc=3 a0=/bin/ls a2=/etc With fix: type=EXECVE msg=audit(10/03/2018 21:51:38.290:194) : argc=3 a0=/bin/ls a1= a2=/etc type=EXECVE msg=audit(1538617898.290:194): argc=3 a0="/bin/ls" a1="" a2="/etc" Passes audit-testsuite. GH issue tracker at https://github.com/linux-audit/audit-kernel/issues/99 Signed-off-by: Richard Guy Briggs [PM: cleaned up the commit metadata] Signed-off-by: Paul Moore Signed-off-by: Sasha Levin --- kernel/auditsc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b2d1f043f17fb..1513873e23bd1 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1107,7 +1107,7 @@ static void audit_log_execve_info(struct audit_context *context, } /* write as much as we can to the audit log */ - if (len_buf > 0) { + if (len_buf >= 0) { /* NOTE: some magic numbers here - basically if we * can't fit a reasonable amount of data into the * existing audit buffer, flush it and start with -- 2.20.1