auditctl: reject invalid key separators

stevegrubb · stevegrubb · commit 52d52520edcc · 2026-03-24T17:31:28.000-04:00
diff --git a/src/auditctl.c b/src/auditctl.c
@@ -992,8 +992,10 @@ static int process_key_option(const char *optarg, char *key,
 		audit_msg(LOG_ERR, "key option exceeds size limit");
 		return OPT_ERROR_NO_REPLY;
 	}
-	if (strchr(optarg, AUDIT_KEY_SEPARATOR))
+	if (strchr(optarg, AUDIT_KEY_SEPARATOR)) {
 		audit_msg(LOG_ERR, "key %s has illegal character", optarg);
+		return OPT_ERROR_NO_REPLY;
+	}
 	if (key[0]) {
 		strcat(key, key_sep);
 		(*keylen)--;
@@ -1889,4 +1891,3 @@ static void get_reply(void)
 		}
 	}
 }
-

Original file line number	Diff line number	Diff line change
`@@ -992,8 +992,10 @@ static int process_key_option(const char optarg, char key,`
`992`	`992`	`audit_msg(LOG_ERR, "key option exceeds size limit");`
`993`	`993`	`return OPT_ERROR_NO_REPLY;`
`994`	`994`	`}`
`995`		`- if (strchr(optarg, AUDIT_KEY_SEPARATOR))`
	`995`	`+ if (strchr(optarg, AUDIT_KEY_SEPARATOR)) {`
`996`	`996`	`audit_msg(LOG_ERR, "key %s has illegal character", optarg);`
	`997`	`+ return OPT_ERROR_NO_REPLY;`
	`998`	`+ }`
`997`	`999`	`if (key[0]) {`
`998`	`1000`	`strcat(key, key_sep);`
`999`	`1001`	`(*keylen)--;`
`@@ -1889,4 +1891,3 @@ static void get_reply(void)`
`1889`	`1891`	`}`
`1890`	`1892`	`}`
`1891`	`1893`	`}`
`1892`		`-`