audit_encode_nv_string

AUDIT_ENCODE_NV_STRING(3)       Linux Audit API      AUDIT_ENCODE_NV_STRING(3)



NAME
       audit_encode_nv_string - encode a name/value pair in a string

SYNOPSIS
       #include <libaudit.h>

       char *audit_encode_nv_string(const char *name, const char *value,
       unsigned int vlen)


DESCRIPTION
       This function is used to encode a name/value pair. This should be used
       on any field being logged that potentially contains a space, a double-
       quote, or a control character. Any value containing those have to be
       specially encoded for the auparse library to correctly handle the
       value. The encoding method is designed to prevent log injection attacks
       where malicious values could cause parsing errors.

       To use this function, pass the name string and value strings on their
       respective arguments. If the value is likely to have a NUL value
       embedded within it, you will need to pass a value length that tells in
       bytes how big the value is. Otherwise, you can pass a 0 for vlen and
       the function will simply use strlen against the value pointer. Also be
       aware that the name of the field will cause auparse to do certain
       things when interpretting the value. If the name is uid, a user id
       value in decimal is expected. Make sure that well known names are used
       for their intended purpose or that there is no chance of name collision
       with something new.


RETURN VALUE
       Returns a freshly malloc'ed string that the caller must free or NULL on
       error.


SEE ALSO
       audit_log_user_message(3), audit_log_user_comm_message(3),
       audit_log_user_avc_message(3), audit_log_semanage_message(3).


AUTHOR
       Steve Grubb



Red Hat                            Oct 2010          AUDIT_ENCODE_NV_STRING(3)