selinux: log raw contexts as untrusted strings

author Ondrej Mosnacek <omosnace@redhat.com>

Tue, 11 Jun 2019 08:07:19 +0000 (10:07 +0200)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Wed, 19 Jun 2019 06:00:01 +0000 (08:00 +0200)
author Ondrej Mosnacek <omosnace@redhat.com>
Tue, 11 Jun 2019 08:07:19 +0000 (10:07 +0200)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 19 Jun 2019 06:00:01 +0000 (08:00 +0200)
diff --git a/security/selinux/avc.c b/security/selinux/avc.c

index 8346a4f7c5d7802289371f2dc786d02133be863b..a99be508f93d0dbfa9e939a82c60d06bb6b15e0c 100644 (file)
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -739,14 +739,20 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a)
         rc = security_sid_to_context_inval(sad->state, sad->ssid, &scontext,
                                            &scontext_len);
         if (!rc && scontext) {
-               audit_log_format(ab, " srawcon=%s", scontext);
+               if (scontext_len && scontext[scontext_len - 1] == '\0')
+                       scontext_len--;
+               audit_log_format(ab, " srawcon=");
+               audit_log_n_untrustedstring(ab, scontext, scontext_len);
                 kfree(scontext);
         }
  
         rc = security_sid_to_context_inval(sad->state, sad->tsid, &scontext,
                                            &scontext_len);
         if (!rc && scontext) {
-               audit_log_format(ab, " trawcon=%s", scontext);
+               if (scontext_len && scontext[scontext_len - 1] == '\0')
+                       scontext_len--;
+               audit_log_format(ab, " trawcon=");
+               audit_log_n_untrustedstring(ab, scontext, scontext_len);
                 kfree(scontext);
         }
  }
author	Ondrej Mosnacek <omosnace@redhat.com>
	Tue, 11 Jun 2019 08:07:19 +0000 (10:07 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 19 Jun 2019 06:00:01 +0000 (08:00 +0200)