audit: check the length of userspace generated audit records

[mirror_ubuntu-jammy-kernel.git] / kernel / audit.c

diff --git a/kernel/audit.c b/kernel/audit.c
index 9ddfe2aa6671ff3d6558ee86c97cb64c5a9b3189..87f31bf1f0a0c80304a6ff82cc4207aee1194ca7 100644 (file)
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1326,6 +1326,9 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
        case AUDIT_FIRST_USER_MSG2 ... AUDIT_LAST_USER_MSG2:
                if (!audit_enabled && msg_type != AUDIT_USER_AVC)
                        return 0;
+               /* exit early if there isn't at least one character to print */
+               if (data_len < 2)
+                       return -EINVAL;
 
                err = audit_filter(msg_type, AUDIT_FILTER_USER);
                if (err == 1) { /* match or error */
@@ -1800,6 +1803,7 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
        }
 
        audit_get_stamp(ab->ctx, &t, &serial);
+       audit_clear_dummy(ab->ctx);
        audit_log_format(ab, "audit(%llu.%03lu:%u): ",
                         (unsigned long long)t.tv_sec, t.tv_nsec/1000000, serial);