Closed Bug 351482 Opened 19 years ago Closed 19 years ago

audit_log_user_message doesn't exist in all versions of libaudit.so.0

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Version:
3.11.2
Platform:
x86
Linux
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.11.3

People

(Reporter: wtc, Assigned: wtc)

Details

Attachments

(2 files)

Proposed patch
2.39 KB, patch
glenbeasley
: review+
rrelyea
: superreview+
Details | Diff | Splinter Review
Paranoia patch
1.18 KB, patch
glenbeasley
: review+
rrelyea
: superreview+
Details | Diff | Splinter Review
The function audit_log_user_message that we use for FIPS audit logging on Linux doesn't exist in older versions of libaudit.so.0. In particular it doesn't exist in the RHEL 4 configuration that was Common Criteria evaluated by IBM. On those systems we can use the function audit_send_user_message instead.
Attached patch Proposed patchSplinter Review
Use the preferred function, audit_log_user_message, if available. Otherwise, fall back on the function audit_send_user_message, which exists in older versions of libaudit.so.0.
Attachment #236885 - Flags: superreview?(rrelyea)
Attachment #236885 - Flags: review?(glen.beasley)
Attachment #236885 - Flags: review?(glen.beasley) → review+
Comment on attachment 236885 [details] [diff] [review] Proposed patch r+ one set of paranoia... we should probably check that we successfully read all the functions we need and fail if we can't get them (or at least not crash when we attempt to use them). bob
Attachment #236885 - Flags: superreview?(rrelyea) → superreview+
Attached patch Paranoia patchSplinter Review
I checked in the proposed patch on the NSS trunk (3.13) and NSS_3_11_BRANCH (3.11.3). Checking in fipstokn.c; /cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v <-- fipstokn.c new revision: 1.20; previous revision: 1.19 done Checking in fipstokn.c; /cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v <-- fipstokn.c new revision: 1.11.2.9; previous revision: 1.11.2.8 done This patch implements Bob's suggestion. We need audit_open_func, audit_close_func, and one of audit_log_user_message_func and audit_send_user_message_func to work. So if any of the required functions is missing, we unload libaudit.so.0 and set the library handle and function pointers to NULL. When we use the function pointers, we test the library handle for non-NULL first.
Attachment #237242 - Flags: superreview?(rrelyea)
Attachment #237242 - Flags: review?(glen.beasley)
Attachment #237242 - Flags: review?(glen.beasley) → review+
Status: NEW → RESOLVED
Closed: 19 years ago
Priority: -- → P1
Resolution: --- → FIXED
Target Milestone: --- → 3.11.3
Comment on attachment 237242 [details] [diff] [review] Paranoia patch r+
Attachment #237242 - Flags: superreview?(rrelyea) → superreview+
Comment on attachment 237242 [details] [diff] [review] Paranoia patch I checked in the "paranoia patch" on the NSS trunk (NSS 3.12) and the NSS_3_11_BRANCH (NSS 3.11.4). Checking in fipstokn.c; /cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v <-- fipstokn.c new revision: 1.21; previous revision: 1.20 done Checking in fipstokn.c; /cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v <-- fipstokn.c new revision: 1.11.2.10; previous revision: 1.11.2.9 done
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: