.TH "AUDIT_ENCODE_NV_STRING" "3" "Oct 2010" "Red Hat" "Linux Audit API"
.SH NAME
audit_encode_nv_string \- encode a name/value pair in a string
.SH SYNOPSIS
.nf
.B #include <libaudit.h>
.PP
.BI "char *audit_encode_nv_string(const char *" name ", const char *" value ", unsigned int " vlen )"
.fi

.SH DESCRIPTION
This function is used to encode a name/value pair. This should be used on any field being logged that potentially contains a space, a double-quote, or a control character. Any value containing those have to be specially encoded for the auparse library to correctly handle the value. The encoding method is designed to prevent log injection attacks where malicious values could cause parsing errors.

To use this function, pass the \fIname\fP string and \fIvalue\fP strings on their respective arguments. If the value is likely to have a NUL byte embedded within it, you will need to pass a length in \fIvlen\fP bytes that tells how big the value is. Otherwise, you can pass a 0 for \fIvlen\fP and the function will simply use strlen against the \fIvalue\fP pointer. Also be aware that the \fIname\fP of the field will cause auparse to do certain things when interpreting the value. If the \fIname\fP is uid, a user id value in decimal is expected. Make sure that well known names are used for their intended purpose or that there is no chance of name collision with something new.

.SH "RETURN VALUE"

Returns a freshly malloc'ed string that the caller must free or NULL on error.

.SH "SEE ALSO"

.BR audit_log_user_message (3),
.BR audit_log_user_comm_message (3),
.BR audit_log_user_avc_message (3),
.BR audit_log_semanage_message (3).

.SH AUTHOR
Steve Grubb