diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2015-07-08 09:33:38 -0700 |
|---|---|---|
| committer | Sasha Levin <alexander.levin@verizon.com> | 2016-08-22 12:23:15 -0400 |
| commit | a59a2f6bd81b18232b0f51bde12629f182c4de9d (patch) | |
| tree | 074e4ed9857853f6697d8fa095323a54931d6a2a /kernel | |
| parent | c786cc5ea29cca704eed6af508d32c9e0d498b77 (diff) | |
Fix broken audit tests for exec arg len
[ Upstream commit 45820c294fe1b1a9df495d57f40585ef2d069a39 ]
The "fix" in commit 0b08c5e5944 ("audit: Fix check of return value of
strnlen_user()") didn't fix anything, it broke things. As reported by
Steven Rostedt:
"Yes, strnlen_user() returns 0 on fault, but if you look at what len is
set to, than you would notice that on fault len would be -1"
because we just subtracted one from the return value. So testing
against 0 doesn't test for a fault condition, it tests against a
perfectly valid empty string.
Also fix up the usual braindamage wrt using WARN_ON() inside a
conditional - make it part of the conditional and remove the explicit
unlikely() (which is already part of the WARN_ON*() logic, exactly so
that you don't have to write unreadable code.
Reported-and-tested-by: Steven Rostedt <rostedt@goodmis.org>
Cc: Jan Kara <jack@suse.cz>
Cc: Paul Moore <pmoore@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/auditsc.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index c06f13fa5a99..b3b4f22a03ae 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1046,8 +1046,7 @@ static int audit_log_single_execve_arg(struct audit_context *context, * for strings that are too long, we should not have created * any. */ - if (unlikely((len == 0) || len > MAX_ARG_STRLEN - 1)) { - WARN_ON(1); + if (WARN_ON_ONCE(len < 0 || len > MAX_ARG_STRLEN - 1)) { send_sig(SIGKILL, current, 0); return -1; } |