selinux: log raw contexts as untrusted strings

These strings may come from untrusted sources (e.g. file xattrs) so they need to be properly escaped. Reproducer: # setenforce 0 # touch /tmp/test # setfattr -n security.selinux -v 'kuřecí řízek' /tmp/test # runcon system_u:system_r:sshd_t:s0 cat /tmp/test (look at the generated AVCs) Actual result: type=AVC [...] trawcon=kuřecí řízek Expected result: type=AVC [...] trawcon=6B75C5996563C3AD20C599C3AD7A656B Fixes: fede148324c3 ("selinux: log invalid contexts in AVCs") Cc: stable@vger.kernel.org # v5.1+ Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Acked-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Ondrej Mosnacek <omosnace@redhat.com> 2019-06-11 10:07:19 +0200
committer: Paul Moore <paul@paul-moore.com> 2019-06-11 18:35:51 -0400
commit: aff7ed4851680d0d28ad9f52cd2f99213e1371b2 (patch)
tree: 7cbf055d91e90dadc8116ab0da46148adb8bd1b7 /security
parent: 05174c95b83f8aca0c47b87115abb7a6387aafa5 (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 8346a4f7c5d7..a99be508f93d 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -739,14 +739,20 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a)
 	rc = security_sid_to_context_inval(sad->state, sad->ssid, &scontext,
 					   &scontext_len);
 	if (!rc && scontext) {
-		audit_log_format(ab, " srawcon=%s", scontext);
+		if (scontext_len && scontext[scontext_len - 1] == '\0')
+			scontext_len--;
+		audit_log_format(ab, " srawcon=");
+		audit_log_n_untrustedstring(ab, scontext, scontext_len);
 		kfree(scontext);
 	}
 
 	rc = security_sid_to_context_inval(sad->state, sad->tsid, &scontext,
 					   &scontext_len);
 	if (!rc && scontext) {
-		audit_log_format(ab, " trawcon=%s", scontext);
+		if (scontext_len && scontext[scontext_len - 1] == '\0')
+			scontext_len--;
+		audit_log_format(ab, " trawcon=");
+		audit_log_n_untrustedstring(ab, scontext, scontext_len);
 		kfree(scontext);
 	}
 }
author	Ondrej Mosnacek <omosnace@redhat.com>	2019-06-11 10:07:19 +0200
committer	Paul Moore <paul@paul-moore.com>	2019-06-11 18:35:51 -0400
commit	aff7ed4851680d0d28ad9f52cd2f99213e1371b2 (patch)
tree	7cbf055d91e90dadc8116ab0da46148adb8bd1b7 /security
parent	05174c95b83f8aca0c47b87115abb7a6387aafa5 (diff)