Closed Bug 351482 Opened 18 years ago Closed 18 years ago

audit_log_user_message doesn't exist in all versions of libaudit.so.0

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Version:
3.11.2
Platform:
x86
Linux
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.11.3

People

(Reporter: wtc, Assigned: wtc)

Details

Attachments

(2 files)

Proposed patch
2.39 KB, patch
glenbeasley
: review+
rrelyea
: superreview+
Details | Diff | Splinter Review
Paranoia patch
1.18 KB, patch
glenbeasley
: review+
rrelyea
: superreview+
Details | Diff | Splinter Review 
The function audit_log_user_message that we use for
FIPS audit logging on Linux doesn't exist in older
versions of libaudit.so.0.  In particular it doesn't
exist in the RHEL 4 configuration that was Common
Criteria evaluated by IBM.

On those systems we can use the function audit_send_user_message
instead.
Attached patch Proposed patchSplinter Review 
Use the preferred function, audit_log_user_message, if available.
Otherwise, fall back on the function audit_send_user_message, which
exists in older versions of libaudit.so.0.
Attachment #236885 - Flags: superreview?(rrelyea)
Attachment #236885 - Flags: review?(glen.beasley)
Attachment #236885 - Flags: review?(glen.beasley) → review+
Comment on attachment 236885 [details] [diff] [review]
Proposed patch

r+

one set of paranoia...
we should probably check that we successfully read all the functions we need and fail if we can't get them (or at least not crash when we attempt to use them).

bob
Attachment #236885 - Flags: superreview?(rrelyea) → superreview+
Attached patch Paranoia patchSplinter Review 
I checked in the proposed patch on the NSS trunk (3.13)
and NSS_3_11_BRANCH (3.11.3).

Checking in fipstokn.c;
/cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v  <--  fipstokn.c
new revision: 1.20; previous revision: 1.19
done

Checking in fipstokn.c;
/cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v  <--  fipstokn.c
new revision: 1.11.2.9; previous revision: 1.11.2.8
done

This patch implements Bob's suggestion.  We need audit_open_func,
audit_close_func, and one of audit_log_user_message_func and
audit_send_user_message_func to work.  So if any of the required
functions is missing, we unload libaudit.so.0 and set the
library handle and function pointers to NULL.  When we use
the function pointers, we test the library handle for non-NULL
first.
Attachment #237242 - Flags: superreview?(rrelyea)
Attachment #237242 - Flags: review?(glen.beasley)
Attachment #237242 - Flags: review?(glen.beasley) → review+
Status: NEW → RESOLVED
Closed: 18 years ago
Priority: -- → P1
Resolution: --- → FIXED
Target Milestone: --- → 3.11.3
Comment on attachment 237242 [details] [diff] [review]
Paranoia patch

r+
Attachment #237242 - Flags: superreview?(rrelyea) → superreview+
Comment on attachment 237242 [details] [diff] [review]
Paranoia patch

I checked in the "paranoia patch" on the NSS trunk (NSS 3.12)
and the NSS_3_11_BRANCH (NSS 3.11.4).

Checking in fipstokn.c;
/cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v  <--  fipstokn.c
new revision: 1.21; previous revision: 1.20
done

Checking in fipstokn.c;
/cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v  <--  fipstokn.c
new revision: 1.11.2.10; previous revision: 1.11.2.9
done
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: