Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp768812ybc; Sat, 16 Nov 2019 08:21:34 -0800 (PST) X-Google-Smtp-Source: APXvYqx+VQ274pRaySMrGe5DpfhMDCgs+RQA6mtiMOi5YMULTPUeFK2YLdy26kwptVdqcMEaYTmx X-Received: by 2002:a17:906:2615:: with SMTP id h21mr11004907ejc.212.1573921294604; Sat, 16 Nov 2019 08:21:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573921294; cv=none; d=google.com; s=arc-20160816; b=VeAlRqsy1zYQgTYbVYISUtJ1sjSoWpGFECb0bmYVXHQ1f1SRWzfv6+BsLpuKZLSGk2 rpZFLh1XFl7T1QJMddXf4KEICjzCfG+567C+faQKPoOAJctfPDLpoRB3oufdWp+3TRua BbLyNPq2J7O3FGbrONlU/SOOaC4R3qer2qhr9J81QIkKpA1BYtEhw4WjGXklI6+ygh7t c/K6pqoNnTOxaakiDho343877PZl8NDISMeXG5Wt+r0c/H+rR2dEhi3Kg6iQGiZcKgj5 saBMOScM/+oE1vX+ufMhKwMoCak3CV5kd0V2CxRFO0BtPBcBta6l617x4Wss11OSmfy1 QNPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=iprU2NqVTLZitKuAz/Bc0S3VFQPU8NBImeErrJBAYsk=; b=nvZtqq75Wk0cRd+hXIwZO/xy8KJVoZdoErry4n1aM4TPtZc2VZ1jK+FCzaJSL+M0jn 0rmSIXF1/LWG1QPNH0fPON5t5WCvDTcIK6tzlwpfmTdXTJHnr3ANE4gETSfU+WRb9MWR WDmLb9COMLlLtPqhBD5Ar9WgIiK5e39VBasNY79mrJxq0D/gdmauuLvVNCS7+9cf0OkC r7fPwcXPoIog9gN0XMb+7s2EpyFaNUm2U5eZYsU46GDPlJxDlCYN0SOGudHWCXFL0OTZ /SAFE81cuGF/d/TnR0qZyVuMuPcmXnP+W/cKRiMxyFqu1pp0TIDFshK6oAqNV+rxxQIt i6mA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=MYdPWd+3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z2si9172501edd.140.2019.11.16.08.21.10; Sat, 16 Nov 2019 08:21:34 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=MYdPWd+3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730300AbfKPQS6 (ORCPT + 99 others); Sat, 16 Nov 2019 11:18:58 -0500 Received: from mail.kernel.org ([198.145.29.99]:52690 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729356AbfKPPqV (ORCPT ); Sat, 16 Nov 2019 10:46:21 -0500 Received: from sasha-vm.mshome.net (unknown [50.234.116.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3534D20855; Sat, 16 Nov 2019 15:46:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1573919181; bh=huh3IRdKqGi5hDvKHS1LXuAEpu3NxCzkYXsQqRKcB2I=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=MYdPWd+31hBcaRVJKysLtxBgKpnrlyjREWww4B/py2LFt1/ZtQLuZP9VZxYXXZ5ZC T3mm5z2xh8JZL4Qb3ZTl76ITv2QEvdghSkYjaXK1FtRBO+5j0AUUWoSIUvZlL7GlQJ Ss4GtYEWN8OTiinQsg8SV9Q2f/StEfU+Z/hUxxUc= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Richard Guy Briggs , Paul Moore , Sasha Levin Subject: [PATCH AUTOSEL 4.19 190/237] audit: print empty EXECVE args Date: Sat, 16 Nov 2019 10:40:25 -0500 Message-Id: <20191116154113.7417-190-sashal@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191116154113.7417-1-sashal@kernel.org> References: <20191116154113.7417-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Richard Guy Briggs [ Upstream commit ea956d8be91edc702a98b7fe1f9463e7ca8c42ab ] Empty executable arguments were being skipped when printing out the list of arguments in an EXECVE record, making it appear they were somehow lost. Include empty arguments as an itemized empty string. Reproducer: autrace /bin/ls "" "/etc" ausearch --start recent -m execve -i | grep EXECVE type=EXECVE msg=audit(10/03/2018 13:04:03.208:1391) : argc=3 a0=/bin/ls a2=/etc With fix: type=EXECVE msg=audit(10/03/2018 21:51:38.290:194) : argc=3 a0=/bin/ls a1= a2=/etc type=EXECVE msg=audit(1538617898.290:194): argc=3 a0="/bin/ls" a1="" a2="/etc" Passes audit-testsuite. GH issue tracker at https://github.com/linux-audit/audit-kernel/issues/99 Signed-off-by: Richard Guy Briggs [PM: cleaned up the commit metadata] Signed-off-by: Paul Moore Signed-off-by: Sasha Levin --- kernel/auditsc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b2d1f043f17fb..1513873e23bd1 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1107,7 +1107,7 @@ static void audit_log_execve_info(struct audit_context *context, } /* write as much as we can to the audit log */ - if (len_buf > 0) { + if (len_buf >= 0) { /* NOTE: some magic numbers here - basically if we * can't fit a reasonable amount of data into the * existing audit buffer, flush it and start with -- 2.20.1