1AUDIT_ENCODE_NV_STRING(3) Linux Audit API AUDIT_ENCODE_NV_STRING(3)
2
3
4
6 audit_encode_nv_string - encode a name/value pair in a string
7
9 #include <libaudit.h>
10
11 char *audit_encode_nv_string(const char *name, const char *value, un‐
12 signed int vlen)
13
14
16 This function is used to encode a name/value pair. This should be used
17 on any field being logged that potentially contains a space, a double-
18 quote, or a control character. Any value containing those have to be
19 specially encoded for the auparse library to correctly handle the
20 value. The encoding method is designed to prevent log injection attacks
21 where malicious values could cause parsing errors.
22
23 To use this function, pass the name string and value strings on their
24 respective arguments. If the value is likely to have a NUL value embed‐
25 ded within it, you will need to pass a value length that tells in bytes
26 how big the value is. Otherwise, you can pass a 0 for vlen and the
27 function will simply use strlen against the value pointer. Also be
28 aware that the name of the field will cause auparse to do certain
29 things when interpreting the value. If the name is uid, a user id value
30 in decimal is expected. Make sure that well known names are used for
31 their intended purpose or that there is no chance of name collision
32 with something new.
33
34
36 Returns a freshly malloc'ed string that the caller must free or NULL on
37 error.
38
39
41 audit_log_user_message(3), audit_log_user_comm_message(3), au‐
42 dit_log_user_avc_message(3), audit_log_semanage_message(3).
43
44
46 Steve Grubb
47
48
49
50Red Hat Oct 2010 AUDIT_ENCODE_NV_STRING(3)