PERFORCE change 149299 for review
Wayne Salamon
wsalamon at FreeBSD.org
Sat Sep 6 00:34:14 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=149299
Change 149299 by wsalamon at vh2 on 2008/09/06 00:33:31
Use an sbuf when composing the string that the MAC framework sends
to the Audit system on behalf of a policy that is annotating an audit
record.
Affected files ...
.. //depot/projects/trustedbsd/audit_mac/src/sys/security/mac/mac_audit.c#5 edit
Differences ...
==== //depot/projects/trustedbsd/audit_mac/src/sys/security/mac/mac_audit.c#5 (text+ko) ====
@@ -42,6 +42,7 @@
#include <sys/libkern.h>
#include <sys/param.h>
#include <sys/module.h>
+#include <sys/sbuf.h>
#include <sys/vnode.h>
#include <security/audit/audit.h>
@@ -118,13 +119,12 @@
int
mac_audit_text(char *text, struct mac_policy_conf *mpc)
{
- char *sanitized;
- const char *name;
- int i, size, plen, len;
+ struct sbuf sb;
+ char *buf;
+ int i, size, plen, len, ret;
- name = mpc->mpc_name;
len = strlen(text);
- plen = 2 + strlen(name);
+ plen = 2 + strlen(mpc->mpc_name); /* 2 chars for the ": " below */
if (plen + len >= MAC_AUDIT_DATA_LIMIT)
return (EINVAL);
@@ -137,14 +137,17 @@
return (EINVAL);
size = len + plen + 1;
- /* XXX Should we use a malloc area for MAC storage (M_AUDITMAC)? */
- sanitized = (char *)malloc(size, M_TEMP, M_WAITOK);
+ buf = (char *)malloc(size, M_TEMP, M_WAITOK);
+ sbuf_new(&sb, buf, size, SBUF_FIXEDLEN);
- strcpy(sanitized, name);
- strcat(sanitized, ": ");
- strcat(sanitized, text);
+ sbuf_printf(&sb, "%s: %s", mpc->mpc_name, text);
+ sbuf_finish(&sb);
- return (audit_mac_data(MAC_AUDIT_TEXT_TYPE, size, sanitized));
+ /* The data buffer is free'd in the Audit side */
+ ret = audit_mac_data(MAC_AUDIT_TEXT_TYPE, sbuf_len(&sb),
+ sbuf_data(&sb));
+ sbuf_delete(&sb);
+ return (ret);
}
int
More information about the p4-projects
mailing list