Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp5983518ybc; Wed, 27 Nov 2019 12:53:28 -0800 (PST) X-Google-Smtp-Source: APXvYqz7D+gU4ulymjgOGAha//La4ep8xuQwZeCCxDV36wdCgYAbe54RJEV2JG6HJFcEFcV/HWy7 X-Received: by 2002:a17:906:4304:: with SMTP id j4mr51019351ejm.10.1574888008015; Wed, 27 Nov 2019 12:53:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574888008; cv=none; d=google.com; s=arc-20160816; b=yNsW+vGjM56xXhaZ532tAD3CLO9wmzshf4vjrZodLImUVOvBEkURClIK7odzFgLgve gZxx4iloWU3sGgl8/ld91l/si0C3YQBJdal4AVNv4Or4p4KbDbvy/1MtuKApvhmeaJVH qv3VkgfM/lFSAQQJdr7ZSl5AsnBG8ne7p+rPpzF7GIaFGHQhhAh8T0BkKEIh4tdPLZt7 renn48mJW5CR2uEV4VgBPEUokiQX52iUW37rWAFSPX5+9p71zS6VlLQ4bnPJ0ZTUoxWX ncWM5/7ZzX+Mkl9VRaTeC2kf+GF+WvPBOnvGtgc5VHfelD5zD8K1pehPpmH7/WsT721A wt+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=weZYxBjW7qC71OTfG9oLMqktO0EU0Yy9QAwSER6Egew=; b=EHB2kZ8eIGrIR37oMKxgXRbbegan/ZsT50Aqmmsqx+47QmGtlq3/9BdGVNyFwWwTqA 7058R6RZNy4LELg1CXOIfdfdrxRyzbwGSpQ/c3rtQG4EGBgXYWV26whYIr4+oXVvC9k3 QgnRIglJlz4dr99jXrOstgam0S9GlHvV4i9+nXpAVhMoumdR+Oo+o+QnNgshJKKT/EQ9 pYcr3Y3alWb06XSZyVgkXjbZ0iobyd7XPLoZtB3FVNUPt7sUDxex+sVp+Y88b4UqY/kj 9vxpcDv4VSZM1duxHdr9K2og3nU2Cp/bJy68nsjZit+6eI6oj3lzQfzCEkTOgbHQlqf2 80XA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=LLMrOdAn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id bx7si4051529edb.403.2019.11.27.12.53.04; Wed, 27 Nov 2019 12:53:28 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=LLMrOdAn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730481AbfK0Uv2 (ORCPT + 99 others); Wed, 27 Nov 2019 15:51:28 -0500 Received: from mail.kernel.org ([198.145.29.99]:38118 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729796AbfK0UvZ (ORCPT ); Wed, 27 Nov 2019 15:51:25 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6857221847; Wed, 27 Nov 2019 20:51:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1574887884; bh=Mv4ZG/FKh2Sre3UqDdN6MVRYBL3K8PTWXp77f0CNeMQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=LLMrOdAnBNPFhmoZLnSKWKXZUj75rCm9ln4Qp4Cb/L0vCpJKC1HlCQPACiLGYLXqU QmTyQBOmcpOYtvYvGqH9D+MlhDzlKkvDRDlq/eBUv1g6iWIap+WEOEJ2rq6WqfB+dt DNXDgxQ6cKpNW6erKryP4fJPdkO7AA1mck43M7X0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Richard Guy Briggs , Paul Moore , Sasha Levin Subject: [PATCH 4.14 131/211] audit: print empty EXECVE args Date: Wed, 27 Nov 2019 21:31:04 +0100 Message-Id: <20191127203106.442951575@linuxfoundation.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191127203049.431810767@linuxfoundation.org> References: <20191127203049.431810767@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Richard Guy Briggs [ Upstream commit ea956d8be91edc702a98b7fe1f9463e7ca8c42ab ] Empty executable arguments were being skipped when printing out the list of arguments in an EXECVE record, making it appear they were somehow lost. Include empty arguments as an itemized empty string. Reproducer: autrace /bin/ls "" "/etc" ausearch --start recent -m execve -i | grep EXECVE type=EXECVE msg=audit(10/03/2018 13:04:03.208:1391) : argc=3 a0=/bin/ls a2=/etc With fix: type=EXECVE msg=audit(10/03/2018 21:51:38.290:194) : argc=3 a0=/bin/ls a1= a2=/etc type=EXECVE msg=audit(1538617898.290:194): argc=3 a0="/bin/ls" a1="" a2="/etc" Passes audit-testsuite. GH issue tracker at https://github.com/linux-audit/audit-kernel/issues/99 Signed-off-by: Richard Guy Briggs [PM: cleaned up the commit metadata] Signed-off-by: Paul Moore Signed-off-by: Sasha Levin --- kernel/auditsc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 76d789d6cea06..ffa8d64f6fef4 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1102,7 +1102,7 @@ static void audit_log_execve_info(struct audit_context *context, } /* write as much as we can to the audit log */ - if (len_buf > 0) { + if (len_buf >= 0) { /* NOTE: some magic numbers here - basically if we * can't fit a reasonable amount of data into the * existing audit buffer, flush it and start with -- 2.20.1