Closed
Bug 351482
Opened 18 years ago
Closed 18 years ago
audit_log_user_message doesn't exist in all versions of libaudit.so.0
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11.3
People
(Reporter: wtc, Assigned: wtc)
Details
Attachments
(2 files)
2.39 KB,
patch
|
glenbeasley
:
review+
rrelyea
:
superreview+
|
Details | Diff | Splinter Review |
1.18 KB,
patch
|
glenbeasley
:
review+
rrelyea
:
superreview+
|
Details | Diff | Splinter Review |
The function audit_log_user_message that we use for FIPS audit logging on Linux doesn't exist in older versions of libaudit.so.0. In particular it doesn't exist in the RHEL 4 configuration that was Common Criteria evaluated by IBM. On those systems we can use the function audit_send_user_message instead.
Assignee | ||
Comment 1•18 years ago
|
||
Use the preferred function, audit_log_user_message, if available. Otherwise, fall back on the function audit_send_user_message, which exists in older versions of libaudit.so.0.
Attachment #236885 -
Flags: superreview?(rrelyea)
Attachment #236885 -
Flags: review?(glen.beasley)
Updated•18 years ago
|
Attachment #236885 -
Flags: review?(glen.beasley) → review+
Comment 2•18 years ago
|
||
Comment on attachment 236885 [details] [diff] [review] Proposed patch r+ one set of paranoia... we should probably check that we successfully read all the functions we need and fail if we can't get them (or at least not crash when we attempt to use them). bob
Attachment #236885 -
Flags: superreview?(rrelyea) → superreview+
Assignee | ||
Comment 3•18 years ago
|
||
I checked in the proposed patch on the NSS trunk (3.13) and NSS_3_11_BRANCH (3.11.3). Checking in fipstokn.c; /cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v <-- fipstokn.c new revision: 1.20; previous revision: 1.19 done Checking in fipstokn.c; /cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v <-- fipstokn.c new revision: 1.11.2.9; previous revision: 1.11.2.8 done This patch implements Bob's suggestion. We need audit_open_func, audit_close_func, and one of audit_log_user_message_func and audit_send_user_message_func to work. So if any of the required functions is missing, we unload libaudit.so.0 and set the library handle and function pointers to NULL. When we use the function pointers, we test the library handle for non-NULL first.
Attachment #237242 -
Flags: superreview?(rrelyea)
Attachment #237242 -
Flags: review?(glen.beasley)
Updated•18 years ago
|
Attachment #237242 -
Flags: review?(glen.beasley) → review+
Assignee | ||
Updated•18 years ago
|
Status: NEW → RESOLVED
Closed: 18 years ago
Priority: -- → P1
Resolution: --- → FIXED
Target Milestone: --- → 3.11.3
Comment 4•18 years ago
|
||
Comment on attachment 237242 [details] [diff] [review] Paranoia patch r+
Attachment #237242 -
Flags: superreview?(rrelyea) → superreview+
Assignee | ||
Comment 5•18 years ago
|
||
Comment on attachment 237242 [details] [diff] [review] Paranoia patch I checked in the "paranoia patch" on the NSS trunk (NSS 3.12) and the NSS_3_11_BRANCH (NSS 3.11.4). Checking in fipstokn.c; /cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v <-- fipstokn.c new revision: 1.21; previous revision: 1.20 done Checking in fipstokn.c; /cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v <-- fipstokn.c new revision: 1.11.2.10; previous revision: 1.11.2.9 done
You need to log in
before you can comment on or make changes to this bug.
Description
•