From: Alexander Viro <aviro@redhat.com>
Date: Mon, 8 Dec 2008 02:44:52 -0500
Subject: [audit] control character detection is off-by-one
Message-id: 20081208074452.GD9939@shell.devel.redhat.com
O-Subject: [rhel5.4][bz#475150] kernel/audit.c control character detection is off-by-one
Bugzilla: 475150
RH-Acked-by: Jiri Pirko <jpirko@redhat.com>
RH-Acked-by: Pete Zaitcev <zaitcev@redhat.com>
RH-Acked-by: Eric Paris <eparis@redhat.com>

[on top of rhel5 git][mainline commit 1d6c9649e236caa2e93e3647256216e57172b011]

If audit_string_contains_control() detects control characters, then the
string is hex-encoded. But the hex=0x7f dec=127, DEL-character, is not
detected.

I guess this could have at least some minor security implications, since a
user can create a filename with 0x7f in it, causing logged filename to
possibly look different when someone reads it on the terminal.

Signed-off-by: Vesa-Matti Kari <vmkari@cc.helsinki.fi>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

diff --git a/kernel/audit.c b/kernel/audit.c
index b81717c..efd7703 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1429,7 +1429,7 @@ int audit_string_contains_control(const char *string, size_t len)
 {
 	const unsigned char *p;
 	for (p = string; p < (const unsigned char *)string + len; p++) {
-		if (*p == '"' || *p < 0x21 || *p > 0x7f)
+		if (*p == '"' || *p < 0x21 || *p > 0x7e)
 			return 1;
 	}
 	return 0;