audit_encode_nv_string(3) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | RETURN VALUE | SEE ALSO | AUTHOR | COLOPHON

AUDIT_ENCODE_NV_STRING(3)    Linux Audit API   AUDIT_ENCODE_NV_STRING(3)

NAME         top

       audit_encode_nv_string - encode a name/value pair in a string

SYNOPSIS         top

       #include <libaudit.h>

       char *audit_encode_nv_string(const char *name, const char *value,
       unsigned int vlen)

DESCRIPTION         top

       This function is used to encode a name/value pair. This should be
       used on any field being logged that potentially contains a space,
       a double-quote, or a control character. Any value containing
       those have to be specially encoded for the auparse library to
       correctly handle the value. The encoding method is designed to
       prevent log injection attacks where malicious values could cause
       parsing errors.

       To use this function, pass the name string and value strings on
       their respective arguments. If the value is likely to have a NUL
       value embedded within it, you will need to pass a value length
       that tells in bytes how big the value is. Otherwise, you can pass
       a 0 for vlen and the function will simply use strlen against the
       value pointer. Also be aware that the name of the field will
       cause auparse to do certain things when interpreting the value.
       If the name is uid, a user id value in decimal is expected. Make
       sure that well known names are used for their intended purpose or
       that there is no chance of name collision with something new.

RETURN VALUE         top

       Returns a freshly malloc'ed string that the caller must free or
       NULL on error.

SEE ALSO         top

       audit_log_user_message(3), audit_log_user_comm_message(3),
       audit_log_user_avc_message(3), audit_log_semanage_message(3).

AUTHOR         top

       Steve Grubb

COLOPHON         top

       This page is part of the audit (Linux Audit) project.
       Information about the project can be found at 
       ⟨http://people.redhat.com/sgrubb/audit/⟩.  If you have a bug
       report for this manual page, send it to [email protected].
       This page was obtained from the project's upstream Git repository
       ⟨https://github.com/linux-audit/audit-userspace.git⟩ on
       2024-06-14.  (At that time, the date of the most recent commit
       that was found in the repository was 2024-06-12.)  If you
       discover any rendering problems in this HTML version of the page,
       or you believe there is a better or more up-to-date source for
       the page, or you have corrections or improvements to the
       information in this COLOPHON (which is not part of the original
       manual page), send a mail to [email protected]

Red Hat                         Oct 2010       AUDIT_ENCODE_NV_STRING(3)

Pages that refer to this page: audit_encode_value(3)audit_value_needs_encoding(3)