summaryrefslogtreecommitdiffstats
path: root/kernel/auditsc.c
diff options
context:
space:
mode:
authorRichard Guy Briggs <rgb@redhat.com>2018-10-10 16:22:57 -0400
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2019-12-01 09:14:03 +0100
commit92a69ad6ae0b4bed047b7574189f037de61b3db8 (patch)
tree3dd8383fd3f5b29613f70df661dfa850c239fc69 /kernel/auditsc.c
parent231b0b5a42316dd3c23145dcbcd34cd04a4cdf7e (diff)
downloadlinux-stable-92a69ad6ae0b4bed047b7574189f037de61b3db8.tar.gz
linux-stable-92a69ad6ae0b4bed047b7574189f037de61b3db8.tar.bz2
linux-stable-92a69ad6ae0b4bed047b7574189f037de61b3db8.zip
audit: print empty EXECVE args
[ Upstream commit ea956d8be91edc702a98b7fe1f9463e7ca8c42ab ] Empty executable arguments were being skipped when printing out the list of arguments in an EXECVE record, making it appear they were somehow lost. Include empty arguments as an itemized empty string. Reproducer: autrace /bin/ls "" "/etc" ausearch --start recent -m execve -i | grep EXECVE type=EXECVE msg=audit(10/03/2018 13:04:03.208:1391) : argc=3 a0=/bin/ls a2=/etc With fix: type=EXECVE msg=audit(10/03/2018 21:51:38.290:194) : argc=3 a0=/bin/ls a1= a2=/etc type=EXECVE msg=audit(1538617898.290:194): argc=3 a0="/bin/ls" a1="" a2="/etc" Passes audit-testsuite. GH issue tracker at https://github.com/linux-audit/audit-kernel/issues/99 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> [PM: cleaned up the commit metadata] Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r--kernel/auditsc.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 76d789d6cea0..ffa8d64f6fef 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1102,7 +1102,7 @@ static void audit_log_execve_info(struct audit_context *context,
}
/* write as much as we can to the audit log */
- if (len_buf > 0) {
+ if (len_buf >= 0) {
/* NOTE: some magic numbers here - basically if we
* can't fit a reasonable amount of data into the
* existing audit buffer, flush it and start with