Merge tag 'audit-pr-20200422' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit

Pull audit fix from Paul Moore: "One small audit patch fix, fixing a missing length check on input from userspace, nothing crazy" * tag 'audit-pr-20200422' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: audit: check the length of userspace generated audit records
author: Linus Torvalds <torvalds@linux-foundation.org> 2020-04-23 09:21:53 -0700
committer: Linus Torvalds <torvalds@linux-foundation.org> 2020-04-23 09:21:53 -0700
commit: 6a400063826b6ab7a9dc8eeddcb36a55ebbd7dab (patch)
tree: 260cc5d31cb29406e9b7e0f59c46e4c5e39a4cb7
parent: c578ddb39e565139897124e74e5a43e56538cb33 (diff)
parent: 763dafc520add02a1f4639b500c509acc0ea8e5b (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index b69c8b460341..87f31bf1f0a0 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1326,6 +1326,9 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
 	case AUDIT_FIRST_USER_MSG2 ... AUDIT_LAST_USER_MSG2:
 		if (!audit_enabled && msg_type != AUDIT_USER_AVC)
 			return 0;
+		/* exit early if there isn't at least one character to print */
+		if (data_len < 2)
+			return -EINVAL;
 
 		err = audit_filter(msg_type, AUDIT_FILTER_USER);
 		if (err == 1) { /* match or error */
author	Linus Torvalds <torvalds@linux-foundation.org>	2020-04-23 09:21:53 -0700
committer	Linus Torvalds <torvalds@linux-foundation.org>	2020-04-23 09:21:53 -0700
commit	6a400063826b6ab7a9dc8eeddcb36a55ebbd7dab (patch)
tree	260cc5d31cb29406e9b7e0f59c46e4c5e39a4cb7
parent	c578ddb39e565139897124e74e5a43e56538cb33 (diff)
parent	763dafc520add02a1f4639b500c509acc0ea8e5b (diff)