I'm self sponsoring this case. I believe it qualifies for self-review and
am marking it "closed approved automatic." I am happy to turn it into a
fast track and set the timer if anyone believes I've misjudged.
The case requests a Patch Release Binding and an unchanged Contracted Project
Private Interface Taxonomy. The project team has no current plan to backport.
No current uses of adt_alloc_event() are affected by this change.
A full diffmarked man page is in the case directory.
Gary..
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Background:
==========
PSARC/2000/517 "Thread-safe audit API" introduced a number of user land
(Contracted) Project Private interfaces for generating Solaris Audit
records. PSARC/2003/397 "Contracted audit interfaces for open source"
further discussed the Contracts for those interfaces. The interfaces can
be used without checking whether Solaris Audit is enable or that the audit
service, auditd(1m) is active.
In looking over the code, I noticed that adt_alloc_event() should be able
to return an error for invalid parameters. Doing so has the potential to
save applications from a segment fault.
adt_event_data_t *adt_alloc_event(const adt_session_data_t
*session_data, au_event_t event_id);
returns an event structure to be filled in by the application based on the
event (event_id) passed to it. Even if audit is off, it always returns the
structure. If for some reason the event_id passed in isn't valid,
adt_alloc_event will presently return a adt_event_data_t pointer
(adt_event_data_t is a union of the defined events). This could lead the
application to try to fill in memory outside of the memory allocated. While
this should never happen because the use is contracted, thus the application
and structure should always be in sync, it is easy to return an error if it
does occur.
Proposal:
=========
Add EINVAL to the returns for adt_alloc_event.
adt_alloc_event(3adt)
DESCRIPTION
This set of three functions are used to generate audit records
within the current audit session context defined by the
session_data parameter to adt_alloc_event(). See the union
adt_event_data definition in adt_event.h for the name of the
structure that corresponds to the event_id. For example,
event_id ADT_login structure name is adt_login_t.
adt_alloc_event() returns a pointer to memory allocated for an
event of type event_id. This structure is to be filled in by the
caller to provide the user-specific data contained in the audit
record. The allocated memory structure includes linkage to the
audit session handle. It is the responsibility of the caller to
free the event memory by calling adt_free_event() when it is
no longer needed.
RETURN VALUES
adt_alloc_event():
!= NULL OK
== NULL error; errno is set to one of the following:
+ EINVAL -- invalid event_id value
ENOMEM unable to allocate memory
