audit: Handle embedded NUL in TTY input auditing

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Data read from a TTY can contain an embedded NUL byte (e.g. after
pressing Ctrl-2, or sent to a PTY). After the previous patch, the data
would be logged only up to the first NUL.

This patch modifies the AUDIT_TTY record to always use the hexadecimal
format, which does not terminate at the first NUL byte. The vast
majority of recorded TTY input data will contain either ' ' or '\n', so
the hexadecimal format would have been used anyway.

Signed-off-by: Miloslav Trmac <mitr@redhat.com>
Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by

Miloslav Trmac and committed by

Linus Torvalds 17 years ago 7459b6ff 9d020a2e

+1 -1

1 changed file

expand all

drivers

char

tty_audit.c

+1 -1

drivers/char/tty_audit.c

··· 93 93 get_task_comm(name, tsk); 94 94 audit_log_untrustedstring(ab, name); 95 95 audit_log_format(ab, " data="); 96 - audit_log_n_untrustedstring(ab, buf->data, buf->valid); 96 + audit_log_n_hex(ab, buf->data, buf->valid); 97 97 audit_log_end(ab); 98 98 } 99 99 buf->valid = 0;