Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp5994600ybc; Wed, 27 Nov 2019 13:05:15 -0800 (PST) X-Google-Smtp-Source: APXvYqxgvBR9W80fv5xkkO3UFvd9XMf40IexfkiWFXcHwqPLa/K787YE2KYCwKmYjKnKCboeNFlt X-Received: by 2002:a17:907:20d2:: with SMTP id qq18mr50983358ejb.305.1574888715029; Wed, 27 Nov 2019 13:05:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574888715; cv=none; d=google.com; s=arc-20160816; b=t0m8ljWbF9ULX/EEjRNdqsleA8j6mtuQZwvDqZHG7ObnL98OGcyNjKz/aRp6AO0aWO h3xy41odXlhZS+wW9TImvaoLlIR3EiSBxJxyLZLhF4Wj/D0gKchAHSn7YX1l8YtkIB8p p8lZTri7VYwm78iYrACJeg29qzzLLlS9ScbT8fnbvX2uX7FNWD1Ill4ekj49asvdrW0O 63fyxym8ryzfc0v9W7/qvtgWEKS6EZD5P2U2fKsZ0+Ay1PV2rA2C3pOVFCGux1H/iNC3 2kSBkU3XROoiDvA3aahUG2QH7aoejnblaz2XNfJvpURoQmUaeLsW5UhEQbDdm5aEpTZn 9mrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=iprU2NqVTLZitKuAz/Bc0S3VFQPU8NBImeErrJBAYsk=; b=QwoZUzhfgB3TPhvDq/r0ggFypjAn4JMlHIFbqRVJr4riNwE3qceDVWmMUph5fL2FpB s+OPny29pwdjQU75xxUZByti4MFprykIZ7RHrPt2hj3a/y3P/TZxFGEXItmGDu72z7c8 Nc3TGxw4op05BNVCS24917yPgfHgdZ43FM16spn8RebTR9CPC7hCGEIYrMVEbIuOcWs4 kQQqudzTueoVDi5IEJdvCaD1ydIkBD/KWY7erNqHAGXXohTjaG9MwjH0g6kMmR7vj8OU I+277svkV+zyyfn4UuvJvl64ZbYGKuznpIUZm7257tgOtzu4bj8hbocwoHATdm5o0Fwf KknQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="G5H/7Ybj"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id ks14si9914856ejb.87.2019.11.27.13.04.51; Wed, 27 Nov 2019 13:05:15 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="G5H/7Ybj"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731761AbfK0VDx (ORCPT + 99 others); Wed, 27 Nov 2019 16:03:53 -0500 Received: from mail.kernel.org ([198.145.29.99]:57064 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731766AbfK0VDr (ORCPT ); Wed, 27 Nov 2019 16:03:47 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2CE3B20637; Wed, 27 Nov 2019 21:03:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1574888626; bh=huh3IRdKqGi5hDvKHS1LXuAEpu3NxCzkYXsQqRKcB2I=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=G5H/7Ybjhdg5m2+lfYODBXHgtXAqNlEj2/OyZ1jPOC0cty+b6104MVSgDQPno0pkx NCbcUeOb2bOxC/DOXB0+JrddcEB+OG1kddrbDzJAuBlRf1R4fm+JFAHC4BIrdGNHaj imcVymgC63XCUzy67J3CeKLya85DuIy+CbLT4yG8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Richard Guy Briggs , Paul Moore , Sasha Levin Subject: [PATCH 4.19 207/306] audit: print empty EXECVE args Date: Wed, 27 Nov 2019 21:30:57 +0100 Message-Id: <20191127203130.256247291@linuxfoundation.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191127203114.766709977@linuxfoundation.org> References: <20191127203114.766709977@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Richard Guy Briggs [ Upstream commit ea956d8be91edc702a98b7fe1f9463e7ca8c42ab ] Empty executable arguments were being skipped when printing out the list of arguments in an EXECVE record, making it appear they were somehow lost. Include empty arguments as an itemized empty string. Reproducer: autrace /bin/ls "" "/etc" ausearch --start recent -m execve -i | grep EXECVE type=EXECVE msg=audit(10/03/2018 13:04:03.208:1391) : argc=3 a0=/bin/ls a2=/etc With fix: type=EXECVE msg=audit(10/03/2018 21:51:38.290:194) : argc=3 a0=/bin/ls a1= a2=/etc type=EXECVE msg=audit(1538617898.290:194): argc=3 a0="/bin/ls" a1="" a2="/etc" Passes audit-testsuite. GH issue tracker at https://github.com/linux-audit/audit-kernel/issues/99 Signed-off-by: Richard Guy Briggs [PM: cleaned up the commit metadata] Signed-off-by: Paul Moore Signed-off-by: Sasha Levin --- kernel/auditsc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b2d1f043f17fb..1513873e23bd1 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1107,7 +1107,7 @@ static void audit_log_execve_info(struct audit_context *context, } /* write as much as we can to the audit log */ - if (len_buf > 0) { + if (len_buf >= 0) { /* NOTE: some magic numbers here - basically if we * can't fit a reasonable amount of data into the * existing audit buffer, flush it and start with -- 2.20.1