On 2019-06-11 10:07, Ondrej Mosnacek wrote: > These strings may come from untrusted sources (e.g. file xattrs) so they > need to be properly escaped. > > Reproducer: > # setenforce 0 > # touch /tmp/test > # setfattr -n security.selinux -v 'kuřecí řízek' /tmp/test > # runcon system_u:system_r:sshd_t:s0 cat /tmp/test > (look at the generated AVCs) > > Actual result: > type=AVC [...] trawcon=kuřecí řízek > > Expected result: > type=AVC [...] trawcon=6B75C5996563C3AD20C599C3AD7A656B > > Fixes: fede148324c3 ("selinux: log invalid contexts in AVCs") > Cc: stable@xxxxxxxxxxxxxxx # v5.1+ > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> Acked-by: Richard Guy Briggs <rgb@xxxxxxxxxx> > --- > security/selinux/avc.c | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > > diff --git a/security/selinux/avc.c b/security/selinux/avc.c > index 8346a4f7c5d7..a99be508f93d 100644 > --- a/security/selinux/avc.c > +++ b/security/selinux/avc.c > @@ -739,14 +739,20 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a) > rc = security_sid_to_context_inval(sad->state, sad->ssid, &scontext, > &scontext_len); > if (!rc && scontext) { > - audit_log_format(ab, " srawcon=%s", scontext); > + if (scontext_len && scontext[scontext_len - 1] == '\0') > + scontext_len--; > + audit_log_format(ab, " srawcon="); > + audit_log_n_untrustedstring(ab, scontext, scontext_len); > kfree(scontext); > } > > rc = security_sid_to_context_inval(sad->state, sad->tsid, &scontext, > &scontext_len); > if (!rc && scontext) { > - audit_log_format(ab, " trawcon=%s", scontext); > + if (scontext_len && scontext[scontext_len - 1] == '\0') > + scontext_len--; > + audit_log_format(ab, " trawcon="); > + audit_log_n_untrustedstring(ab, scontext, scontext_len); > kfree(scontext); > } > } > -- > 2.20.1 > > -- > Linux-audit mailing list > Linux-audit@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/linux-audit - RGB -- Richard Guy Briggs <rgb@xxxxxxxxxx> Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635