Merge tag 'audit-pr-20250121' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit

Pull audit update from Paul Moore: "A single audit patch that fixes a problem when collecting pathnames for audit PATH records that was caused by some faulty pathname matching logic" * tag 'audit-pr-20250121' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: audit: fix suffixed '/' filename matching
2025-12-07 20:06:24 +00:00 · 2025-01-21 20:12:24 -08:00
parent 690ffcd817 e92eebb0d6
commit c4b9570cfb
1 changed files with 11 additions and 4 deletions
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1319,13 +1319,20 @@ int audit_compare_dname_path(const struct qstr *dname, const char *path, int par
 	if (pathlen < dlen)
 		return 1;

-	parentlen = parentlen == AUDIT_NAME_FULL ? parent_len(path) : parentlen;
-	if (pathlen - parentlen != dlen)
-		return 1;
+	if (parentlen == AUDIT_NAME_FULL)
+		parentlen = parent_len(path);

 	p = path + parentlen;

-	return strncmp(p, dname->name, dlen);
+	/* handle trailing slashes */
+	pathlen -= parentlen;
+	while (p[pathlen - 1] == '/')
+		pathlen--;
+
+	if (pathlen != dlen)
+		return 1;
+
+	return memcmp(p, dname->name, dlen);
 }

 int audit_filter(int msgtype, unsigned int listtype)