On Friday, November 01, 2013 12:24:55 PM Richard Guy Briggs wrote:
> On Thu, Oct 31, 2013 at 12:25:55PM -0700, William Roberts wrote:
> > > +                       if (msg_type != AUDIT_USER_TTY) {
> > > +                               char fmt[64];
> > > +                               strcat(fmt, " msg='%.");
> > > +                               strcat(fmt, "AUDIT_MESSAGE_TEXT_MAX");
> > > +                               strcat(fmt, "s'");
> > > +                               audit_log_format(ab, fmt, (char *)data);
> > > +                       } else {
> > 
> > I am ok with this. In fact I was going to do this the first time, but I
> > thought their would be some explicit reason to avoid the additional
> > run time overhead as the concat could be made at compile time.
> 
> Ok, this was in danger of starting with fmt in an unknown state.  Latest
> patch:
> 
> diff --git a/kernel/audit.c b/kernel/audit.c
> @@ -148,6 +148,8 @@ DEFINE_MUTEX(audit_cmd_mutex);
>   * should be at least that large. */
>  #define AUDIT_BUFSIZ 1024
> 
> +char usermsg_format[64] = "";

You might want this ^^^  to be static so its not global in scope.

-Steve


>  /* AUDIT_MAXFREE is the number of empty audit_buffers we keep on the
>   * audit_freelist.  Doing so eliminates many kmalloc/kfree calls. */
>  #define AUDIT_MAXFREE  (2*NR_CPUS)
> @@ -714,11 +716,15 @@ static int audit_receive_msg(struct sk_buff *skb,
> struct nlmsghdr *nlh) break;
>                       }
>                       audit_log_common_recv_msg(&ab, msg_type);
> -                     if (msg_type != AUDIT_USER_TTY)
> -                             audit_log_format(ab,
> -                                              " 
> msg='%.AUDIT_MESSAGE_TEXT_MAXs'",
> +                     if (msg_type != AUDIT_USER_TTY) {
> +                             if (unlikely(usermsg_format[0] == 0))
> +                                     snprintf(usermsg_format,
> +                                             sizeof(usermsg_format),
> +                                             " msg=\'%%.%ds\'",
> +                                             AUDIT_MESSAGE_TEXT_MAX);
> +                             audit_log_format(ab, usermsg_format,
>                                                (char *)data);
> -                     else {
> +                     } else {
>                               int size;
> 
>                               audit_log_format(ab, " data=");
> 
> - RGB
> 
> --
> Richard Guy Briggs <rbri...@redhat.com>
> Senior Software Engineer
> Kernel Security
> AMER ENG Base Operating Systems
> Remote, Ottawa, Canada
> Voice: +1.647.777.2635
> Internal: (81) 32635
> Alt: +1.613.693.0684x3545
> 
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit

--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit

Reply via email to