Note: There are a few cases of duplicates in user autocompletion which are being worked on.

audit_log_user_message doesn't exist in all versions of libaudit.so.0

RESOLVED FIXED in 3.11.3

Status

NSS
Libraries
P1
normal
RESOLVED FIXED
11 years ago
11 years ago

People

(Reporter: Wan-Teh Chang, Assigned: Wan-Teh Chang)

Tracking

3.11.2
3.11.3
x86
Linux

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

(Assignee)

Description

11 years ago
The function audit_log_user_message that we use for
FIPS audit logging on Linux doesn't exist in older
versions of libaudit.so.0.  In particular it doesn't
exist in the RHEL 4 configuration that was Common
Criteria evaluated by IBM.

On those systems we can use the function audit_send_user_message
instead.
(Assignee)

Comment 1

11 years ago
Created attachment 236885 [details] [diff] [review]
Proposed patch

Use the preferred function, audit_log_user_message, if available.
Otherwise, fall back on the function audit_send_user_message, which
exists in older versions of libaudit.so.0.
Attachment #236885 - Flags: superreview?(rrelyea)
Attachment #236885 - Flags: review?(glen.beasley)

Updated

11 years ago
Attachment #236885 - Flags: review?(glen.beasley) → review+

Comment 2

11 years ago
Comment on attachment 236885 [details] [diff] [review]
Proposed patch

r+

one set of paranoia...
we should probably check that we successfully read all the functions we need and fail if we can't get them (or at least not crash when we attempt to use them).

bob
Attachment #236885 - Flags: superreview?(rrelyea) → superreview+
(Assignee)

Comment 3

11 years ago
Created attachment 237242 [details] [diff] [review]
Paranoia patch

I checked in the proposed patch on the NSS trunk (3.13)
and NSS_3_11_BRANCH (3.11.3).

Checking in fipstokn.c;
/cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v  <--  fipstokn.c
new revision: 1.20; previous revision: 1.19
done

Checking in fipstokn.c;
/cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v  <--  fipstokn.c
new revision: 1.11.2.9; previous revision: 1.11.2.8
done

This patch implements Bob's suggestion.  We need audit_open_func,
audit_close_func, and one of audit_log_user_message_func and
audit_send_user_message_func to work.  So if any of the required
functions is missing, we unload libaudit.so.0 and set the
library handle and function pointers to NULL.  When we use
the function pointers, we test the library handle for non-NULL
first.
Attachment #237242 - Flags: superreview?(rrelyea)
Attachment #237242 - Flags: review?(glen.beasley)

Updated

11 years ago
Attachment #237242 - Flags: review?(glen.beasley) → review+
(Assignee)

Updated

11 years ago
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Priority: -- → P1
Resolution: --- → FIXED
Target Milestone: --- → 3.11.3

Comment 4

11 years ago
Comment on attachment 237242 [details] [diff] [review]
Paranoia patch

r+
Attachment #237242 - Flags: superreview?(rrelyea) → superreview+
(Assignee)

Comment 5

11 years ago
Comment on attachment 237242 [details] [diff] [review]
Paranoia patch

I checked in the "paranoia patch" on the NSS trunk (NSS 3.12)
and the NSS_3_11_BRANCH (NSS 3.11.4).

Checking in fipstokn.c;
/cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v  <--  fipstokn.c
new revision: 1.21; previous revision: 1.20
done

Checking in fipstokn.c;
/cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v  <--  fipstokn.c
new revision: 1.11.2.10; previous revision: 1.11.2.9
done
You need to log in before you can comment on or make changes to this bug.