audit: format user messages to size of MAX_AUDIT_MESSAGE_LENGTH
Messages of type AUDIT_USER_TTY were being formatted to 1024 octets, truncating messages approaching MAX_AUDIT_MESSAGE_LENGTH (8970 octets). Set the formatting to 8560 characters, given maximum estimates for prefix and suffix budgets. See the problem discussion: https://www.redhat.com/archives/linux-audit/2009-January/msg00030.html And the new size rationale: https://www.redhat.com/archives/linux-audit/2013-September/msg00016.html Test ~8k messages with: auditctl -m "$(for i in $(seq -w 001 820);do echo -n "${i}0______";done)" Reported-by: LC Bruzenak <lenny@magitekltd.com> Reported-by: Justin Stephenson <jstephen@redhat.com> Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
parent
6e4664525b
commit
b50eba7e2d
@ -358,6 +358,12 @@ enum {
|
||||
#define AUDIT_PERM_READ 4
|
||||
#define AUDIT_PERM_ATTR 8
|
||||
|
||||
/* MAX_AUDIT_MESSAGE_LENGTH is set in audit:lib/libaudit.h as:
|
||||
* 8970 // PATH_MAX*2+CONTEXT_SIZE*2+11+256+1
|
||||
* max header+body+tailer: 44 + 29 + 32 + 262 + 7 + pad
|
||||
*/
|
||||
#define AUDIT_MESSAGE_TEXT_MAX 8560
|
||||
|
||||
struct audit_status {
|
||||
__u32 mask; /* Bit mask for valid entries */
|
||||
__u32 enabled; /* 1 = enabled, 0 = disabled */
|
||||
|
@ -715,7 +715,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
|
||||
}
|
||||
audit_log_common_recv_msg(&ab, msg_type);
|
||||
if (msg_type != AUDIT_USER_TTY)
|
||||
audit_log_format(ab, " msg='%.1024s'",
|
||||
audit_log_format(ab, " msg='%.*s'",
|
||||
AUDIT_MESSAGE_TEXT_MAX,
|
||||
(char *)data);
|
||||
else {
|
||||
int size;
|
||||
|
Loading…
Reference in New Issue
Block a user