Last Comment Bug 351482 - audit_log_user_message doesn't exist in all versions of libaudit.so.0
: audit_log_user_message doesn't exist in all versions of libaudit.so.0
Status: RESOLVED FIXED
:
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: 3.11.2
: x86 Linux
: P1 normal (vote)
: 3.11.3
Assigned To: Wan-Teh Chang
:
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-09-05 15:54 PDT by Wan-Teh Chang
Modified: 2006-10-02 15:08 PDT (History)
3 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
Proposed patch (2.39 KB, patch)
2006-09-05 16:41 PDT, Wan-Teh Chang
glenbeasley: review+
rrelyea: superreview+
Details | Diff | Splinter Review
Paranoia patch (1.18 KB, patch)
2006-09-07 17:38 PDT, Wan-Teh Chang
glenbeasley: review+
rrelyea: superreview+
Details | Diff | Splinter Review

Description Wan-Teh Chang 2006-09-05 15:54:38 PDT
The function audit_log_user_message that we use for
FIPS audit logging on Linux doesn't exist in older
versions of libaudit.so.0.  In particular it doesn't
exist in the RHEL 4 configuration that was Common
Criteria evaluated by IBM.

On those systems we can use the function audit_send_user_message
instead.
Comment 1 Wan-Teh Chang 2006-09-05 16:41:36 PDT
Created attachment 236885 [details] [diff] [review]
Proposed patch

Use the preferred function, audit_log_user_message, if available.
Otherwise, fall back on the function audit_send_user_message, which
exists in older versions of libaudit.so.0.
Comment 2 Robert Relyea 2006-09-07 16:22:40 PDT
Comment on attachment 236885 [details] [diff] [review]
Proposed patch

r+

one set of paranoia...
we should probably check that we successfully read all the functions we need and fail if we can't get them (or at least not crash when we attempt to use them).

bob
Comment 3 Wan-Teh Chang 2006-09-07 17:38:22 PDT
Created attachment 237242 [details] [diff] [review]
Paranoia patch

I checked in the proposed patch on the NSS trunk (3.13)
and NSS_3_11_BRANCH (3.11.3).

Checking in fipstokn.c;
/cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v  <--  fipstokn.c
new revision: 1.20; previous revision: 1.19
done

Checking in fipstokn.c;
/cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v  <--  fipstokn.c
new revision: 1.11.2.9; previous revision: 1.11.2.8
done

This patch implements Bob's suggestion.  We need audit_open_func,
audit_close_func, and one of audit_log_user_message_func and
audit_send_user_message_func to work.  So if any of the required
functions is missing, we unload libaudit.so.0 and set the
library handle and function pointers to NULL.  When we use
the function pointers, we test the library handle for non-NULL
first.
Comment 4 Robert Relyea 2006-10-02 11:51:41 PDT
Comment on attachment 237242 [details] [diff] [review]
Paranoia patch

r+
Comment 5 Wan-Teh Chang 2006-10-02 15:08:16 PDT
Comment on attachment 237242 [details] [diff] [review]
Paranoia patch

I checked in the "paranoia patch" on the NSS trunk (NSS 3.12)
and the NSS_3_11_BRANCH (NSS 3.11.4).

Checking in fipstokn.c;
/cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v  <--  fipstokn.c
new revision: 1.21; previous revision: 1.20
done

Checking in fipstokn.c;
/cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v  <--  fipstokn.c
new revision: 1.11.2.10; previous revision: 1.11.2.9
done

Note You need to log in before you can comment on or make changes to this bug.