1AUDIT_ENCODE_NV_STRING(3)       Linux Audit API      AUDIT_ENCODE_NV_STRING(3)
2
3
4

NAME

6       audit_encode_nv_string - encode a name/value pair in a string
7

SYNOPSIS

9       #include <libaudit.h>
10
11       char  *audit_encode_nv_string(const  char  *name,  const  char  *value,
12       unsigned int vlen)
13
14

DESCRIPTION

16       This function is used to encode a name/value pair. This should be  used
17       on  any field being logged that potentially contains a space, a double-
18       quote, or a control character. Any value containing those  have  to  be
19       specially  encoded  for  the  auparse  library  to correctly handle the
20       value. The encoding method is designed to prevent log injection attacks
21       where malicious values could cause parsing errors.
22
23       To  use  this function, pass the name string and value strings on their
24       respective arguments. If the value is likely to have a NUL value embed‐
25       ded within it, you will need to pass a value length that tells in bytes
26       how big the value is. Otherwise, you can pass a  0  for  vlen  and  the
27       function  will  simply  use  strlen  against the value pointer. Also be
28       aware that the name of the field  will  cause  auparse  to  do  certain
29       things  when  interpretting  the  value.  If the name is uid, a user id
30       value in decimal is expected. Make sure that well known names are  used
31       for their intended purpose or that there is no chance of name collision
32       with something new.
33
34

RETURN VALUE

36       Returns a freshly malloc'ed string that the caller must free or NULL on
37       error.
38
39

SEE ALSO

41       audit_log_user_message(3),              audit_log_user_comm_message(3),
42       audit_log_user_avc_message(3), audit_log_semanage_message(3).
43
44

AUTHOR

46       Steve Grubb
47
48
49
50Red Hat                            Oct 2010          AUDIT_ENCODE_NV_STRING(3)
Impressum