From 41fdc3054e23e3229edea27053522fe052d02ec2 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Sat, 7 Jan 2012 10:41:04 -0800 Subject: audit: treat s_id as an untrusted string The use of s_id should go through the untrusted string path, just to be extra careful. Signed-off-by: Kees Cook Acked-by: Mimi Zohar Signed-off-by: Eric Paris --- security/integrity/ima/ima_audit.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'security/integrity/ima') diff --git a/security/integrity/ima/ima_audit.c b/security/integrity/ima/ima_audit.c index c5c5a72c30be..2ad942fb1e23 100644 --- a/security/integrity/ima/ima_audit.c +++ b/security/integrity/ima/ima_audit.c @@ -56,9 +56,11 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode, audit_log_format(ab, " name="); audit_log_untrustedstring(ab, fname); } - if (inode) - audit_log_format(ab, " dev=%s ino=%lu", - inode->i_sb->s_id, inode->i_ino); + if (inode) { + audit_log_format(ab, " dev="); + audit_log_untrustedstring(ab, inode->i_sb->s_id); + audit_log_format(ab, " ino=%lu", inode->i_ino); + } audit_log_format(ab, " res=%d", !result ? 0 : 1); audit_log_end(ab); } -- cgit v1.2.3