Commit f3298dc4f2277874d40cb4fc3a6e277317d6603b
1 parent
4f6b434fee
Exists in
master
and in
4 other branches
sanitize audit_socketcall
* don't bother with allocations * now that it can't fail, make it return void Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Showing 3 changed files with 41 additions and 33 deletions Side-by-side Diff
include/linux/audit.h
... | ... | @@ -446,7 +446,7 @@ |
446 | 446 | extern int __audit_ipc_obj(struct kern_ipc_perm *ipcp); |
447 | 447 | extern int __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); |
448 | 448 | extern int audit_bprm(struct linux_binprm *bprm); |
449 | -extern int audit_socketcall(int nargs, unsigned long *args); | |
449 | +extern void audit_socketcall(int nargs, unsigned long *args); | |
450 | 450 | extern int audit_sockaddr(int len, void *addr); |
451 | 451 | extern int __audit_fd_pair(int fd1, int fd2); |
452 | 452 | extern int audit_set_macxattr(const char *name); |
... | ... | @@ -549,7 +549,7 @@ |
549 | 549 | #define audit_ipc_obj(i) ({ 0; }) |
550 | 550 | #define audit_ipc_set_perm(q,u,g,m) ({ 0; }) |
551 | 551 | #define audit_bprm(p) ({ 0; }) |
552 | -#define audit_socketcall(n,a) ({ 0; }) | |
552 | +#define audit_socketcall(n,a) ((void)0) | |
553 | 553 | #define audit_fd_pair(n,a) ({ 0; }) |
554 | 554 | #define audit_sockaddr(len, addr) ({ 0; }) |
555 | 555 | #define audit_set_macxattr(n) do { ; } while (0) |
kernel/auditsc.c
... | ... | @@ -168,12 +168,6 @@ |
168 | 168 | struct mm_struct *mm; |
169 | 169 | }; |
170 | 170 | |
171 | -struct audit_aux_data_socketcall { | |
172 | - struct audit_aux_data d; | |
173 | - int nargs; | |
174 | - unsigned long args[0]; | |
175 | -}; | |
176 | - | |
177 | 171 | struct audit_aux_data_fd_pair { |
178 | 172 | struct audit_aux_data d; |
179 | 173 | int fd[2]; |
... | ... | @@ -247,6 +241,14 @@ |
247 | 241 | struct audit_tree_refs *trees, *first_trees; |
248 | 242 | int tree_count; |
249 | 243 | |
244 | + int type; | |
245 | + union { | |
246 | + struct { | |
247 | + int nargs; | |
248 | + long args[6]; | |
249 | + } socketcall; | |
250 | + }; | |
251 | + | |
250 | 252 | #if AUDIT_DEBUG |
251 | 253 | int put_count; |
252 | 254 | int ino_count; |
... | ... | @@ -1226,6 +1228,27 @@ |
1226 | 1228 | audit_log_format(ab, " cap_fe=%d cap_fver=%x", name->fcap.fE, name->fcap_ver); |
1227 | 1229 | } |
1228 | 1230 | |
1231 | +static void show_special(struct audit_context *context) | |
1232 | +{ | |
1233 | + struct audit_buffer *ab; | |
1234 | + int i; | |
1235 | + | |
1236 | + ab = audit_log_start(context, GFP_KERNEL, context->type); | |
1237 | + if (!ab) | |
1238 | + return; | |
1239 | + | |
1240 | + switch (context->type) { | |
1241 | + case AUDIT_SOCKETCALL: { | |
1242 | + int nargs = context->socketcall.nargs; | |
1243 | + audit_log_format(ab, "nargs=%d", nargs); | |
1244 | + for (i = 0; i < nargs; i++) | |
1245 | + audit_log_format(ab, " a%d=%lx", i, | |
1246 | + context->socketcall.args[i]); | |
1247 | + break; } | |
1248 | + } | |
1249 | + audit_log_end(ab); | |
1250 | +} | |
1251 | + | |
1229 | 1252 | static void audit_log_exit(struct audit_context *context, struct task_struct *tsk) |
1230 | 1253 | { |
1231 | 1254 | const struct cred *cred; |
... | ... | @@ -1372,13 +1395,6 @@ |
1372 | 1395 | audit_log_execve_info(context, &ab, axi); |
1373 | 1396 | break; } |
1374 | 1397 | |
1375 | - case AUDIT_SOCKETCALL: { | |
1376 | - struct audit_aux_data_socketcall *axs = (void *)aux; | |
1377 | - audit_log_format(ab, "nargs=%d", axs->nargs); | |
1378 | - for (i=0; i<axs->nargs; i++) | |
1379 | - audit_log_format(ab, " a%d=%lx", i, axs->args[i]); | |
1380 | - break; } | |
1381 | - | |
1382 | 1398 | case AUDIT_FD_PAIR: { |
1383 | 1399 | struct audit_aux_data_fd_pair *axs = (void *)aux; |
1384 | 1400 | audit_log_format(ab, "fd0=%d fd1=%d", axs->fd[0], axs->fd[1]); |
... | ... | @@ -1410,6 +1426,9 @@ |
1410 | 1426 | audit_log_end(ab); |
1411 | 1427 | } |
1412 | 1428 | |
1429 | + if (context->type) | |
1430 | + show_special(context); | |
1431 | + | |
1413 | 1432 | if (context->sockaddr_len) { |
1414 | 1433 | ab = audit_log_start(context, GFP_KERNEL, AUDIT_SOCKADDR); |
1415 | 1434 | if (ab) { |
... | ... | @@ -1689,6 +1708,7 @@ |
1689 | 1708 | context->target_pid = 0; |
1690 | 1709 | context->target_sid = 0; |
1691 | 1710 | context->sockaddr_len = 0; |
1711 | + context->type = 0; | |
1692 | 1712 | kfree(context->filterkey); |
1693 | 1713 | context->filterkey = NULL; |
1694 | 1714 | tsk->audit_context = context; |
1695 | 1715 | |
1696 | 1716 | |
1697 | 1717 | |
1698 | 1718 | |
... | ... | @@ -2406,27 +2426,17 @@ |
2406 | 2426 | * @nargs: number of args |
2407 | 2427 | * @args: args array |
2408 | 2428 | * |
2409 | - * Returns 0 for success or NULL context or < 0 on error. | |
2410 | 2429 | */ |
2411 | -int audit_socketcall(int nargs, unsigned long *args) | |
2430 | +void audit_socketcall(int nargs, unsigned long *args) | |
2412 | 2431 | { |
2413 | - struct audit_aux_data_socketcall *ax; | |
2414 | 2432 | struct audit_context *context = current->audit_context; |
2415 | 2433 | |
2416 | 2434 | if (likely(!context || context->dummy)) |
2417 | - return 0; | |
2435 | + return; | |
2418 | 2436 | |
2419 | - ax = kmalloc(sizeof(*ax) + nargs * sizeof(unsigned long), GFP_KERNEL); | |
2420 | - if (!ax) | |
2421 | - return -ENOMEM; | |
2422 | - | |
2423 | - ax->nargs = nargs; | |
2424 | - memcpy(ax->args, args, nargs * sizeof(unsigned long)); | |
2425 | - | |
2426 | - ax->d.type = AUDIT_SOCKETCALL; | |
2427 | - ax->d.next = context->aux; | |
2428 | - context->aux = (void *)ax; | |
2429 | - return 0; | |
2437 | + context->type = AUDIT_SOCKETCALL; | |
2438 | + context->socketcall.nargs = nargs; | |
2439 | + memcpy(context->socketcall.args, args, nargs * sizeof(unsigned long)); | |
2430 | 2440 | } |
2431 | 2441 | |
2432 | 2442 | /** |
net/socket.c
... | ... | @@ -2065,9 +2065,7 @@ |
2065 | 2065 | if (copy_from_user(a, args, nargs[call])) |
2066 | 2066 | return -EFAULT; |
2067 | 2067 | |
2068 | - err = audit_socketcall(nargs[call] / sizeof(unsigned long), a); | |
2069 | - if (err) | |
2070 | - return err; | |
2068 | + audit_socketcall(nargs[call] / sizeof(unsigned long), a); | |
2071 | 2069 | |
2072 | 2070 | a0 = a[0]; |
2073 | 2071 | a1 = a[1]; |