From 136e6e616fab0e50805dfabd0150ebad52788a07 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Tue, 26 Aug 2014 12:04:25 -0600
Subject: [PATCH] Add trivial dirty word check to the sample output logging
 function.

---
 plugins/sample/sample_plugin.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/plugins/sample/sample_plugin.c b/plugins/sample/sample_plugin.c
index 41e39a618..24f057342 100644
--- a/plugins/sample/sample_plugin.c
+++ b/plugins/sample/sample_plugin.c
@@ -226,7 +226,7 @@ build_command_info(const char *command)
 	asprintf(&command_info[i++], "runas_uid=%ld", (long)runas_uid) == -1) {
 	return NULL;
     }
-    if (runas_gid != -1) {
+    if (runas_gid != (gid_t)-1) {
 	if (asprintf(&command_info[i++], "runas_gid=%ld", (long)runas_gid) == -1 ||
 	    asprintf(&command_info[i++], "runas_egid=%ld", (long)runas_gid) == -1) {
 	    return NULL;
@@ -456,8 +456,22 @@ io_log_input(const char *buf, unsigned int len)
 static int
 io_log_output(const char *buf, unsigned int len)
 {
+    const char *cp, *ep;
+    bool rval = true;
+
     ignore_result(fwrite(buf, len, 1, output));
-    return true;
+    /*
+     * If we find the string "honk!" in the buffer, reject it.
+     * In practice we'd want to be able to detect the word
+     * broken across two buffers.
+     */
+    for (cp = buf, ep = buf + len; cp < ep; cp++) {
+	if (cp + 5 < ep && memcmp(cp, "honk!", 5) == 0) {
+	    rval = false;
+	    break;
+	}
+    }
+    return rval;
 }
 
 struct policy_plugin sample_policy = {
-- 
2.49.0