Audit: better estimation of execve record length

The audit execve record splitting code estimates the length of the message generated. But it forgot to include the "" that wrap each string in its estimation. This means that execve messages with lots of tiny (1-2 byte) arguments could still cause records greater than 8k to be emitted. Simply fix the estimate. Signed-off-by: Eric Paris <eparis@redhat.com>
author: Eric Paris <eparis@redhat.com> 2009-06-11 14:31:34 -0400
committer: Al Viro <viro@zeniv.linux.org.uk> 2009-06-23 23:50:34 -0400
commit: b87ce6e4187c24b06483c8266822ce5e6b7fa7f3 (patch)
tree: 24b56d53dc03b0a6c8434ad2250c1c40d179d0ce /kernel/auditsc.c
parent: 35aa901c0b66cb3c2eeee23f13624014825a44a8 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 7d6ac7c1f414..b14d234b85f3 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1024,8 +1024,8 @@ static int audit_log_single_execve_arg(struct audit_context *context,
 {
 	char arg_num_len_buf[12];
 	const char __user *tmp_p = p;
-	/* how many digits are in arg_num? 3 is the length of " a=" */
-	size_t arg_num_len = snprintf(arg_num_len_buf, 12, "%d", arg_num) + 3;
+	/* how many digits are in arg_num? 5 is the length of ' a=""' */
+	size_t arg_num_len = snprintf(arg_num_len_buf, 12, "%d", arg_num) + 5;
 	size_t len, len_left, to_send;
 	size_t max_execve_audit_len = MAX_EXECVE_AUDIT_LEN;
 	unsigned int i, has_cntl = 0, too_long = 0;
author	Eric Paris <eparis@redhat.com>	2009-06-11 14:31:34 -0400
committer	Al Viro <viro@zeniv.linux.org.uk>	2009-06-23 23:50:34 -0400
commit	b87ce6e4187c24b06483c8266822ce5e6b7fa7f3 (patch)
tree	24b56d53dc03b0a6c8434ad2250c1c40d179d0ce /kernel/auditsc.c
parent	35aa901c0b66cb3c2eeee23f13624014825a44a8 (diff)