On Tuesday, June 02, 2015 05:08:29 PM Jan Kara wrote: > strnlen_user() returns 0 when it hits fault, not -1. Fix the test in > audit_log_single_execve_arg(). Luckily this shouldn't ever happen unless > there's a kernel bug so it's mostly a cosmetic fix. > > CC: Paul Moore <pmo...@redhat.com> > Signed-off-by: Jan Kara <j...@suse.cz> > --- > kernel/auditsc.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > index 9fb9d1cb83ce..bb947ceeee4d 100644 > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -1023,7 +1023,7 @@ static int audit_log_single_execve_arg(struct > audit_context *context, * for strings that are too long, we should not have > created > * any. > */ > - if (unlikely((len == -1) || len > MAX_ARG_STRLEN - 1)) { > + if (unlikely((len == 0) || len > MAX_ARG_STRLEN - 1)) {
While we're at it, should we make it just "len > MAX_ARG_STRLEN" as well? Reading the comments in include/uapi/linux/binfmts.h as well as valid_arg_len() that seems to be the correct logic. > WARN_ON(1); > send_sig(SIGKILL, current, 0); > return -1; -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit