--- openssh-4.3p2/loginrec.c.inject-fix	2007-06-20 21:18:00.000000000 +0200
+++ openssh-4.3p2/loginrec.c	2007-07-13 15:25:35.000000000 +0200
@@ -1389,11 +1389,44 @@
 #endif /* USE_WTMPX */
 
 #ifdef HAVE_LINUX_AUDIT
+static void
+_audit_hexscape(const char *what, char *where, unsigned int size)
+{
+	const char *ptr = what;
+	const char *hex = "0123456789ABCDEF";
+
+	while (*ptr) {
+		if (*ptr == '"' || *ptr < 0x21 || *ptr > 0x7E) {
+			unsigned int i;
+			ptr = what;
+			for (i = 0; *ptr && i+2 < size; i += 2) {
+				where[i] = hex[((unsigned)*ptr & 0xF0)>>4]; /* Upper nibble */
+				where[i+1] = hex[(unsigned)*ptr & 0x0F];   /* Lower nibble */
+				ptr++;
+			}
+			where[i] = '\0';
+			return;
+		}
+		ptr++;
+	}
+	where[0] = '"';
+	if ((unsigned)(ptr - what) < size - 3)
+	{
+		size = ptr - what + 3;
+	}
+	strncpy(where + 1, what, size - 3);
+	where[size-2] = '"';
+	where[size-1] = '\0';
+}
+
+#define AUDIT_LOG_SIZE 128
+#define AUDIT_ACCT_SIZE (AUDIT_LOG_SIZE - 8)
+
 int
 linux_audit_record_event(int uid, const char *username,
 	const char *hostname, const char *ip, const char *ttyn, int success)
 {
-	char buf[64];
+	char buf[AUDIT_LOG_SIZE];
 	int audit_fd, rc;
 
 	audit_fd = audit_open();
@@ -1406,8 +1439,11 @@
 	}
 	if (username == NULL)
 		snprintf(buf, sizeof(buf), "uid=%d", uid);
-	else
-		snprintf(buf, sizeof(buf), "acct=%s", username);
+	else {
+		char encoded[AUDIT_ACCT_SIZE];
+		_audit_hexscape(username, encoded, sizeof(encoded));
+		snprintf(buf, sizeof(buf), "acct=%s", encoded);
+	}
 	rc = audit_log_user_message(audit_fd, AUDIT_USER_LOGIN,
 		buf, hostname, ip, ttyn, success);
 	close(audit_fd);