diff options
| author |   Linus Torvalds <torvalds@linux-foundation.org> | 2025-01-21 20:12:24 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2025-01-21 20:12:24 -0800 |
| commit | c4b9570cfb63501638db720f3bee9f6dfd044b82 (patch) | |
| tree | f9d66f1207dd88d3dcc161ba0968a5d2b02fa6a9 | |
| parent | Merge tag 'selinux-pr-20250121' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux (diff) | |
| parent | audit: fix suffixed '/' filename matching (diff) | |
| download | wireguard-linux-c4b9570cfb63501638db720f3bee9f6dfd044b82.tar.xz wireguard-linux-c4b9570cfb63501638db720f3bee9f6dfd044b82.zip | |
Merge tag 'audit-pr-20250121' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit
Pull audit update from Paul Moore:
"A single audit patch that fixes a problem when collecting pathnames
for audit PATH records that was caused by some faulty pathname
matching logic"
* tag 'audit-pr-20250121' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
audit: fix suffixed '/' filename matching
Diffstat (limited to '')
| -rw-r--r-- | kernel/auditfilter.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index bceb9f58a09e..e3f42018ed46 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1319,13 +1319,20 @@ int audit_compare_dname_path(const struct qstr *dname, const char *path, int par if (pathlen < dlen) return 1; - parentlen = parentlen == AUDIT_NAME_FULL ? parent_len(path) : parentlen; - if (pathlen - parentlen != dlen) - return 1; + if (parentlen == AUDIT_NAME_FULL) + parentlen = parent_len(path); p = path + parentlen; - return strncmp(p, dname->name, dlen); + /* handle trailing slashes */ + pathlen -= parentlen; + while (p[pathlen - 1] == '/') + pathlen--; + + if (pathlen != dlen) + return 1; + + return memcmp(p, dname->name, dlen); } int audit_filter(int msgtype, unsigned int listtype) |