Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp5979292ybc; Wed, 27 Nov 2019 12:48:01 -0800 (PST) X-Google-Smtp-Source: APXvYqyl+jjtG6FJFrVHqfaE3+TsWuMM+ZJjdaB4JXmrbNaQhlHehzEVK/weTMftWYCOnbwBR60U X-Received: by 2002:a17:906:944d:: with SMTP id z13mr51459638ejx.58.1574887681199; Wed, 27 Nov 2019 12:48:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574887681; cv=none; d=google.com; s=arc-20160816; b=gpiSaCsaSCi76/fnI/XBDMw5a9FZAZCiQFmxjZ9r8x+7V4oUBS3+MyDjEjNGnATsQZ BQF7iEbSdudLYS0oC5xJYmSx/WItu9lIa2miY9TAxNp7V8tCP+iGjGHTREuh2T1rMP44 809MWc+j6IL53yaZ08jMKwVT2+gPZtm0t+JtzwzqxEKhiCeOADw3VeOUJQTb9590IuHK 8mXM4URThVajl5fCrZ+HIl4JXV7JlqnTwKgDoiNejTbxhP1tKhJdTHo7ZvQHiyG8B/Gw vab3vphdlRfj2NnToB3ydBDbaAo9vfMlmKk9eLRlcB6G4tpS3X3FugjmQ8G8O4BKl+GN BqIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=D4bwXIjCsjooprkRZOiuvV2I130H9+4xTtrQrpWOq+k=; b=GhwX6PIGBcqWxWCBim6L6wkosysCaVXFQ5nFVu11vxu98acARjXEqEJqaPJOt39IDb vUeiCF09TCKyERkF4Iv9Mja3rxy9YKNQT0JmyJbwIyqOeZiwiNuOReDG0Ag5LGILUKDs 2Db4KHAPptqW36hPdPWYkd00qC8Q8IzrNW4gWwI3yY754VBjjgH4UcgxJH299++JYNXf rdT0liT9Puy/BZwHQm8R3Z2no7Q93c5GqqQNl5ZeTDtwCEl21Ju8Q/npGo6tlYpPgtx2 G4M+jtcZVLuriY3Hh8TOsS5JzsJXcK3W8tsKb6ojliSZUr1umYjrwTMhqGQ3AwP1IA8b T4RQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=WamoV0Jq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w23si3637876edr.447.2019.11.27.12.47.37; Wed, 27 Nov 2019 12:48:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=WamoV0Jq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729398AbfK0UnF (ORCPT + 99 others); Wed, 27 Nov 2019 15:43:05 -0500 Received: from mail.kernel.org ([198.145.29.99]:50142 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727985AbfK0UnC (ORCPT ); Wed, 27 Nov 2019 15:43:02 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 86369217BA; Wed, 27 Nov 2019 20:43:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1574887382; bh=0NAakbf0aFFUr3C1ssYzRRr9w/w1NNglKrosxTZzK+w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WamoV0JqFOmtx6ME1e3D1xKO9o36JA1A2dc+3QsD8dNP9gv1kksWy0gPrNRIWKbce Dfgy1gIs95ooqQF2i1EiW4TqFjJeTHxL6WspF4gYgPVU2W+oyX8K+KnqRnkvnl1vFM PMYa8aQA9sBgSguxaZj6MVdNCEEe9myUiRWpxzwM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Richard Guy Briggs , Paul Moore , Sasha Levin Subject: [PATCH 4.9 089/151] audit: print empty EXECVE args Date: Wed, 27 Nov 2019 21:31:12 +0100 Message-Id: <20191127203037.037579187@linuxfoundation.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191127203000.773542911@linuxfoundation.org> References: <20191127203000.773542911@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Richard Guy Briggs [ Upstream commit ea956d8be91edc702a98b7fe1f9463e7ca8c42ab ] Empty executable arguments were being skipped when printing out the list of arguments in an EXECVE record, making it appear they were somehow lost. Include empty arguments as an itemized empty string. Reproducer: autrace /bin/ls "" "/etc" ausearch --start recent -m execve -i | grep EXECVE type=EXECVE msg=audit(10/03/2018 13:04:03.208:1391) : argc=3 a0=/bin/ls a2=/etc With fix: type=EXECVE msg=audit(10/03/2018 21:51:38.290:194) : argc=3 a0=/bin/ls a1= a2=/etc type=EXECVE msg=audit(1538617898.290:194): argc=3 a0="/bin/ls" a1="" a2="/etc" Passes audit-testsuite. GH issue tracker at https://github.com/linux-audit/audit-kernel/issues/99 Signed-off-by: Richard Guy Briggs [PM: cleaned up the commit metadata] Signed-off-by: Paul Moore Signed-off-by: Sasha Levin --- kernel/auditsc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index c2aaf539728fb..854e90be1a023 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1096,7 +1096,7 @@ static void audit_log_execve_info(struct audit_context *context, } /* write as much as we can to the audit log */ - if (len_buf > 0) { + if (len_buf >= 0) { /* NOTE: some magic numbers here - basically if we * can't fit a reasonable amount of data into the * existing audit buffer, flush it and start with -- 2.20.1