[Apparmor-dev] [rfr] Handle escaped strings in name2= and
profile= audit fields in logprof.
Steve Beattie
sbeattie at suse.de
Sat Sep 15 10:26:44 MDT 2007
On Sat, Sep 15, 2007 at 12:59:41AM -0700, jesse michael wrote:
> We currently use audit_log_untrustedstring() to escape strings that are
> passed through the audit subsystem for the "name", "name2", and "profile"
> fields, but logprof/genprof only does the proper conversion back for the
> "name" field.
>
> Here's a simple patch to also handle escaped name2 and profile strings.
> ---
> utils/SubDomain.pm | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> Index: forge/utils/SubDomain.pm
> ===================================================================
> --- forge.orig/utils/SubDomain.pm
> +++ forge/utils/SubDomain.pm
> @@ -2077,11 +2077,13 @@ sub parse_log_record_v_2_1 ($) {
>
> s/\s$//;
>
> + # audit_log_untrustedstring() is used for name, name2, and profile in
> + # order to escape strings with special characters
> for my $key (keys %$e) {
> - # if we have an even number of hex characters...
> - if ($key eq "name" && $e->{$key} =~ /^([0-9a-f]{2})+$/i) {
> - # unpack the hex string.
> - # NOTE: this might need unpack("h", ...) instead of "H"
> + next unless $key =~ /^(name|name2|profile)$/;
s/tab/ / here?
> + # needs to be an even number of hex characters
> + if ($e->{$key} =~ /^([0-9a-f]{2})+$/i) {
> + # convert the hex string back to a raw string
> $e->{$key} = pack("H*", $e->{$key});
> }
> }
While it probably doesn't need to be a case insensitive pattern match, I
don't think it will hurt to leave it as is.
Looks fine to me.
--
Steve Beattie
SUSE Labs, Novell Inc.
<sbeattie at suse.de>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070915/9ad2c7e9/attachment.pgp
More information about the Apparmor-dev
mailing list