diff options
Diffstat (limited to 'kernel/audit.c')
-rw-r--r-- | kernel/audit.c | 37 |
1 files changed, 23 insertions, 14 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index cf669828942..26ff925e13f 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1350,6 +1350,21 @@ static void audit_log_n_string(struct audit_buffer *ab, size_t slen, } /** + * audit_string_contains_control - does a string need to be logged in hex + * @string - string to be checked + * @len - max length of the string to check + */ +int audit_string_contains_control(const char *string, size_t len) +{ + const unsigned char *p; + for (p = string; p < (const unsigned char *)string + len && *p; p++) { + if (*p == '"' || *p < 0x21 || *p > 0x7f) + return 1; + } + return 0; +} + +/** * audit_log_n_untrustedstring - log a string that may contain random characters * @ab: audit_buffer * @len: lenth of string (not including trailing null) @@ -1363,19 +1378,13 @@ static void audit_log_n_string(struct audit_buffer *ab, size_t slen, * The caller specifies the number of characters in the string to log, which may * or may not be the entire string. */ -const char *audit_log_n_untrustedstring(struct audit_buffer *ab, size_t len, - const char *string) +void audit_log_n_untrustedstring(struct audit_buffer *ab, size_t len, + const char *string) { - const unsigned char *p; - - for (p = string; p < (const unsigned char *)string + len && *p; p++) { - if (*p == '"' || *p < 0x21 || *p > 0x7f) { - audit_log_hex(ab, string, len); - return string + len + 1; - } - } - audit_log_n_string(ab, len, string); - return p + 1; + if (audit_string_contains_control(string, len)) + audit_log_hex(ab, string, len); + else + audit_log_n_string(ab, len, string); } /** @@ -1386,9 +1395,9 @@ const char *audit_log_n_untrustedstring(struct audit_buffer *ab, size_t len, * Same as audit_log_n_untrustedstring(), except that strlen is used to * determine string length. */ -const char *audit_log_untrustedstring(struct audit_buffer *ab, const char *string) +void audit_log_untrustedstring(struct audit_buffer *ab, const char *string) { - return audit_log_n_untrustedstring(ab, strlen(string), string); + audit_log_n_untrustedstring(ab, strlen(string), string); } /* This is a helper-function to print the escaped d_path */ |