Skip to content

Commit e7e1e67

Browse files
stevegrubbstevegrubb
committed
Duplicate key‑processing code in auditctl
The logic that validates and appends audit rule keys appears twice in src/auditctl.c (lines ~1000 and ~1175) with a FIXME to refactor. Replaced the ad hoc key-processing logic in opt_field with a call to the new helper, preserving error propagation through retval.
1 parent 7b80e71 commit e7e1e67

File tree

1 file changed

+33
-35
lines changed

1 file changed

+33
-35
lines changed

src/auditctl.c

Lines changed: 33 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -976,6 +976,32 @@ static int opt_syscall(opt_handler_params_t *args)
976976
return retval;
977977
}
978978

979+
/*
980+
* process_key_option - append key string while enforcing limits
981+
* @optarg: key string to append
982+
* @key: destination key buffer
983+
* @keylen: remaining buffer length
984+
* Returns 0 on success or OPT_ERROR_NO_REPLY on error.
985+
*/
986+
static int process_key_option(const char *optarg, char *key,
987+
unsigned int *keylen)
988+
{
989+
if ((strlen(optarg) + strlen(key) + (!!key[0])) >
990+
AUDIT_MAX_KEY_LEN) {
991+
audit_msg(LOG_ERR, "key option exceeds size limit");
992+
return OPT_ERROR_NO_REPLY;
993+
}
994+
if (strchr(optarg, AUDIT_KEY_SEPARATOR))
995+
audit_msg(LOG_ERR, "key %s has illegal character", optarg);
996+
if (key[0]) {
997+
strcat(key, key_sep);
998+
(*keylen)--;
999+
}
1000+
strncat(key, optarg, *keylen);
1001+
*keylen = AUDIT_MAX_KEY_LEN - strlen(key);
1002+
return 0;
1003+
}
1004+
9791005
static int opt_field(opt_handler_params_t *args)
9801006
{
9811007
int retval = args->retval, rc;
@@ -994,22 +1020,9 @@ static int opt_field(opt_handler_params_t *args)
9941020
// Keys need to get handled differently
9951021
if (strncmp(optarg, "key=", 4) == 0) {
9961022
optarg += 4;
997-
// goto process_keys;
998-
if ((strlen(optarg)+strlen(key)+(!!key[0])) >
999-
AUDIT_MAX_KEY_LEN) {
1000-
audit_msg(LOG_ERR, "key option exceeds size limit");
1001-
retval = OPT_ERROR_NO_REPLY;
1002-
} else {
1003-
if (strchr(optarg, AUDIT_KEY_SEPARATOR))
1004-
audit_msg(LOG_ERR,
1005-
"key %s has illegal character", optarg);
1006-
if (key[0]) { // Add the separator if we need to
1007-
strcat(key, key_sep);
1008-
keylen--;
1009-
}
1010-
strncat(key, optarg, keylen);
1011-
keylen = AUDIT_MAX_KEY_LEN - strlen(key);
1012-
}
1023+
rc = process_key_option(optarg, key, &keylen);
1024+
if (rc)
1025+
retval = rc;
10131026
return retval;
10141027
}
10151028

@@ -1156,7 +1169,7 @@ static int opt_remove_watch(opt_handler_params_t *args)
11561169

11571170
static int opt_key(opt_handler_params_t *args)
11581171
{
1159-
int retval = args->retval;
1172+
int rc, retval = args->retval;
11601173
if (!(_audit_syscalladded || _audit_permadded ||
11611174
_audit_exeadded || _audit_filterfsadded) ||
11621175
(add == AUDIT_FILTER_UNSET && del == AUDIT_FILTER_UNSET)) {
@@ -1168,24 +1181,9 @@ static int opt_key(opt_handler_params_t *args)
11681181
return OPT_ERROR_NO_REPLY;
11691182
}
11701183

1171-
// FIXME refactor this to a function
1172-
// process_keys:
1173-
if ((strlen(optarg) + strlen(key) + (!!key[0])) >
1174-
AUDIT_MAX_KEY_LEN) {
1175-
audit_msg(LOG_ERR, "key option exceeds size limit");
1176-
retval = -1;
1177-
} else {
1178-
if (strchr(optarg, AUDIT_KEY_SEPARATOR))
1179-
audit_msg(LOG_ERR,
1180-
"key %s has illegal character",
1181-
optarg);
1182-
if (key[0]) { // Add the separator if we need to
1183-
strcat(key, key_sep);
1184-
keylen--;
1185-
}
1186-
strncat(key, optarg, keylen);
1187-
keylen = AUDIT_MAX_KEY_LEN - strlen(key);
1188-
}
1184+
rc = process_key_option(optarg, key, &keylen);
1185+
if (rc)
1186+
retval = rc;
11891187
return retval;
11901188
}
11911189

0 commit comments

Comments
 (0)