On Friday, November 01, 2013 12:24:55 PM Richard Guy Briggs wrote: > On Thu, Oct 31, 2013 at 12:25:55PM -0700, William Roberts wrote: > > > + if (msg_type != AUDIT_USER_TTY) { > > > + char fmt[64]; > > > + strcat(fmt, " msg='%."); > > > + strcat(fmt, "AUDIT_MESSAGE_TEXT_MAX"); > > > + strcat(fmt, "s'"); > > > + audit_log_format(ab, fmt, (char *)data); > > > + } else { > > > > I am ok with this. In fact I was going to do this the first time, but I > > thought their would be some explicit reason to avoid the additional > > run time overhead as the concat could be made at compile time. > > Ok, this was in danger of starting with fmt in an unknown state. Latest > patch: > > diff --git a/kernel/audit.c b/kernel/audit.c > @@ -148,6 +148,8 @@ DEFINE_MUTEX(audit_cmd_mutex); > * should be at least that large. */ > #define AUDIT_BUFSIZ 1024 > > +char usermsg_format[64] = "";
You might want this ^^^ to be static so its not global in scope. -Steve > /* AUDIT_MAXFREE is the number of empty audit_buffers we keep on the > * audit_freelist. Doing so eliminates many kmalloc/kfree calls. */ > #define AUDIT_MAXFREE (2*NR_CPUS) > @@ -714,11 +716,15 @@ static int audit_receive_msg(struct sk_buff *skb, > struct nlmsghdr *nlh) break; > } > audit_log_common_recv_msg(&ab, msg_type); > - if (msg_type != AUDIT_USER_TTY) > - audit_log_format(ab, > - " > msg='%.AUDIT_MESSAGE_TEXT_MAXs'", > + if (msg_type != AUDIT_USER_TTY) { > + if (unlikely(usermsg_format[0] == 0)) > + snprintf(usermsg_format, > + sizeof(usermsg_format), > + " msg=\'%%.%ds\'", > + AUDIT_MESSAGE_TEXT_MAX); > + audit_log_format(ab, usermsg_format, > (char *)data); > - else { > + } else { > int size; > > audit_log_format(ab, " data="); > > - RGB > > -- > Richard Guy Briggs <rbri...@redhat.com> > Senior Software Engineer > Kernel Security > AMER ENG Base Operating Systems > Remote, Ottawa, Canada > Voice: +1.647.777.2635 > Internal: (81) 32635 > Alt: +1.613.693.0684x3545 > > -- > Linux-audit mailing list > Linux-audit@redhat.com > https://www.redhat.com/mailman/listinfo/linux-audit -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit