NAME
audit_encode_nv_string - encode a name/value pair in a string
SYNOPSIS
#include <libaudit.h>
int audit_encode_nv_string(const char *name, const char *value,
unsigned int vlen)
DESCRIPTION
This function is used to encode a name/value pair. This should be used
on any field being logged that potentially contains a space, a double-
quote, or a control character. Any value containing those have to be
specially encoded for the auparse library to correctly handle the
value. The encoding method is designed to prevent log injection attacks
where malicious values could cause parsing errors.
To use this function, pass the name string and value strings on their
respective arguments. If the value is likely to have a NUL value
embedded within it, you will need to pass a value length that tells in
bytes how big the value is. Otherwise, you can pass a 0 for vlen and
the function will simply use strlen against the value pointer. Also be
aware that the name of the field will cause auparse to do certain
things when interpretting the value. If the name is uid, a user id
value in decimal is expected. Make sure that well known names are used
for their intended purpose or that there is no chance of name collision
with something new.
RETURN VALUE
Returns a freshly malloc’ed string that the caller must free or NULL on
error.
SEE ALSO
audit_log_user_message(3), audit_log_user_comm_message(3),
audit_log_user_avc_message(3), audit_log_semanage_message(3).
AUTHOR
Steve Grubb