Commit a4664afa authored by Linus Torvalds's avatar Linus Torvalds Committed by Sasha Levin

Fix broken audit tests for exec arg len

[ Upstream commit 45820c29 ]

The "fix" in commit 0b08c5e5 ("audit: Fix check of return value of
strnlen_user()") didn't fix anything, it broke things.  As reported by
Steven Rostedt:

 "Yes, strnlen_user() returns 0 on fault, but if you look at what len is
  set to, than you would notice that on fault len would be -1"

because we just subtracted one from the return value.  So testing
against 0 doesn't test for a fault condition, it tests against a
perfectly valid empty string.

Also fix up the usual braindamage wrt using WARN_ON() inside a
conditional - make it part of the conditional and remove the explicit
unlikely() (which is already part of the WARN_ON*() logic, exactly so
that you don't have to write unreadable code.
Reported-and-tested-by: default avatarSteven Rostedt <rostedt@goodmis.org>
Cc: Jan Kara <jack@suse.cz>
Cc: Paul Moore <pmoore@redhat.com>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: default avatarSasha Levin <alexander.levin@verizon.com>
parent a49b282f
...@@ -1023,8 +1023,7 @@ static int audit_log_single_execve_arg(struct audit_context *context, ...@@ -1023,8 +1023,7 @@ static int audit_log_single_execve_arg(struct audit_context *context,
* for strings that are too long, we should not have created * for strings that are too long, we should not have created
* any. * any.
*/ */
if (unlikely((len == 0) || len > MAX_ARG_STRLEN - 1)) { if (WARN_ON_ONCE(len < 0 || len > MAX_ARG_STRLEN - 1)) {
WARN_ON(1);
send_sig(SIGKILL, current, 0); send_sig(SIGKILL, current, 0);
return -1; return -1;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment