man7.org > Linux > man-pages

Linux/UNIX system programming training

audit_encode_nv_string(3) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | RETURN VALUE | SEE ALSO | AUTHOR | COLOPHON 

AUDIT_ENCODE_NV_STRING(3)    Linux Audit API    AUDIT_ENCODE_NV_STRING(3)

NAME         top

       audit_encode_nv_string - encode a name/value pair in a string

SYNOPSIS         top

       #include <libaudit.h>

       char *audit_encode_nv_string(const char *name, const char *value, unsigned int vlen)"

DESCRIPTION         top

       This function formats a name/value pair for logging by the audit
       system.  This should be used on any field being logged that might
       contain a space, a double-quote, a C0 control byte, a DEL byte, or
       a non-ASCII byte. Values containing those bytes have to be
       specially encoded for the auparse library to correctly handle the
       value. The encoding method is designed to prevent log injection
       attacks where malicious values could cause parsing errors.

       To use this function, pass the name string and value string in
       their respective arguments.  The name argument must not be NULL,
       and is copied as-is before the '=' separator.  The value is
       checked with audit_value_needs_encoding(3).  If encoding is
       needed, the returned string has the form name=HEX, where HEX is
       the uppercase hexadecimal encoding of the value bytes. If encoding
       is not needed, the returned string has the form name=value.

       If value is NULL, a question mark is used as the value. If vlen is
       0, the function uses strlen(3) to determine the value length. If
       the value may contain an embedded NUL byte, pass the value length
       in vlen bytes.

       Also be aware that the name of the field will cause auparse to do
       certain things when interpreting the value. If the name is uid, a
       user id value in decimal is expected. Make sure that well known
       names are used for their intended purpose or that there is no
       chance of name collision with something new.

RETURN VALUE         top

       Returns a freshly malloc'ed string that the caller must free or
       NULL on error.

SEE ALSO         top

       audit_log_user_message(3), audit_log_user_comm_message(3),
       audit_log_user_avc_message(3), audit_log_semanage_message(3),
       audit_encode_value(3), audit_value_needs_encoding(3).

AUTHOR         top

       Steve Grubb

COLOPHON         top

       This page is part of the audit (Linux Audit) project.  Information
       about the project can be found at 
       ⟨http://people.redhat.com/sgrubb/audit/⟩.  If you have a bug report
       for this manual page, send it to linux-audit@redhat.com.  This
       page was obtained from the project's upstream Git repository
       ⟨https://github.com/linux-audit/audit-userspace.git⟩ on
       2026-05-24.  (At that time, the date of the most recent commit
       that was found in the repository was 2026-05-17.)  If you discover
       any rendering problems in this HTML version of the page, or you
       believe there is a better or more up-to-date source for the page,
       or you have corrections or improvements to the information in this
       COLOPHON (which is not part of the original manual page), send a
       mail to man-pages@man7.org

Red Hat                          May 2026       AUDIT_ENCODE_NV_STRING(3)

Pages that refer to this page: audit_encode_value(3)audit_value_needs_encoding(3)

HTML rendering created 2026-05-24 by Michael Kerrisk, author of The Linux Programming Interface.

For details of in-depth Linux/UNIX system programming training courses that I teach, look here.

Hosting by jambit GmbH.

Cover of TLPI