Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 6 Sep 2008 00:34:12 GMT
From:      Wayne Salamon <wsalamon@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 149299 for review
Message-ID:  <200809060034.m860YCNB041019@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help 
http://perforce.freebsd.org/chv.cgi?CH=149299

Change 149299 by wsalamon@vh2 on 2008/09/06 00:33:31

	Use an sbuf when composing the string that the MAC framework sends
	to the Audit system on behalf of a policy that is annotating an audit
	record.

Affected files ...

.. //depot/projects/trustedbsd/audit_mac/src/sys/security/mac/mac_audit.c#5 edit

Differences ...

==== //depot/projects/trustedbsd/audit_mac/src/sys/security/mac/mac_audit.c#5 (text+ko) ====

@@ -42,6 +42,7 @@
 #include <sys/libkern.h>
 #include <sys/param.h>
 #include <sys/module.h>
+#include <sys/sbuf.h>
 #include <sys/vnode.h>
 
 #include <security/audit/audit.h>
@@ -118,13 +119,12 @@
 int
 mac_audit_text(char *text, struct mac_policy_conf *mpc)
 {
-	char *sanitized;
-	const char *name;
-	int i, size, plen, len;
+	struct sbuf sb;
+	char *buf;
+	int i, size, plen, len, ret;
 
-	name = mpc->mpc_name;
 	len = strlen(text);
-	plen = 2 + strlen(name);
+	plen = 2 + strlen(mpc->mpc_name);	/* 2 chars for the ": " below */
 	if (plen + len >= MAC_AUDIT_DATA_LIMIT)
 		return (EINVAL);
 
@@ -137,14 +137,17 @@
 			return (EINVAL);
 
 	size = len + plen + 1;
-	/* XXX Should we use a malloc area for MAC storage (M_AUDITMAC)? */
- 	sanitized = (char *)malloc(size, M_TEMP, M_WAITOK);
+	buf = (char *)malloc(size, M_TEMP, M_WAITOK);
+	sbuf_new(&sb, buf, size, SBUF_FIXEDLEN);
 
-	strcpy(sanitized, name);
-	strcat(sanitized, ": ");
-	strcat(sanitized, text);
+	sbuf_printf(&sb, "%s: %s", mpc->mpc_name, text);
+	sbuf_finish(&sb);
 
-	return (audit_mac_data(MAC_AUDIT_TEXT_TYPE, size, sanitized));
+	/* The data buffer is free'd in the Audit side */
+	ret = audit_mac_data(MAC_AUDIT_TEXT_TYPE, sbuf_len(&sb),
+	    sbuf_data(&sb));
+	sbuf_delete(&sb);
+	return (ret);
 }
 
 int

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809060034.m860YCNB041019>