Gary Winiger wrote:
> I'm self sponsoring this case.  I believe it qualifies for self-review and
> am marking it "closed approved automatic."   I am happy to turn it into a
> fast track and set the timer if anyone believes I've misjudged.
>   

Looks good to me, and self-review in scope is appropriate.  However, 
here's a proactive +1 in case anyone wants it to follow fast track 
rules. :-)

    - Garrett
> The case requests a Patch Release Binding and an unchanged Contracted Project
> Private Interface Taxonomy.  The project team has no current plan to backport.
> No current uses of adt_alloc_event() are affected by this change.
>
> A full diffmarked man page is in the case directory.
>
> Gary..
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Background:
> ==========
> PSARC/2000/517 "Thread-safe audit API" introduced a number of user land
> (Contracted) Project Private interfaces for generating Solaris Audit
> records.  PSARC/2003/397 "Contracted audit interfaces for open source"
> further discussed the Contracts for those interfaces.  The interfaces can
> be used without checking whether Solaris Audit is enable or that the audit
> service, auditd(1m) is active.
>
> In looking over the code, I noticed that adt_alloc_event() should be able
> to return an error for invalid parameters.  Doing so has the potential to
> save applications from a segment fault.
>       adt_event_data_t *adt_alloc_event(const adt_session_data_t
>           *session_data, au_event_t event_id);
> returns an event structure to be filled in by the application based on the
> event (event_id) passed to it.  Even if audit is off, it always returns the
> structure.  If for some reason the event_id passed in isn't valid,
> adt_alloc_event will presently return a adt_event_data_t pointer
> (adt_event_data_t is a union of the defined events).  This could lead the
> application to try to fill in memory outside of the memory allocated.  While
> this should never happen because the use is contracted, thus the application
> and structure should always be in sync, it is easy to return an error if it
> does occur.
>
> Proposal:
> =========
> Add EINVAL to the returns for adt_alloc_event.
>
> adt_alloc_event(3adt)
>
> DESCRIPTION
>      This set of three functions are used to generate audit records
>      within the current audit session context defined by the
>      session_data parameter to adt_alloc_event().  See the union
>      adt_event_data definition in adt_event.h for the name of the
>      structure that corresponds to the event_id.  For example,
>      event_id ADT_login structure name is adt_login_t.
>
>      adt_alloc_event() returns a pointer to memory allocated for an
>      event of type event_id.  This structure is to be filled in by the
>      caller to provide the user-specific data contained in the audit
>      record.  The allocated memory structure includes linkage to the
>      audit session handle.  It is the responsibility of the caller to
>      free the event memory by calling adt_free_event() when it is
>      no longer needed.
>
> RETURN VALUES
>      adt_alloc_event():
>         != NULL OK
>       == NULL error; errno is set to one of the following:
>
> +     EINVAL -- invalid event_id value
>       ENOMEM  unable to allocate memory
>   


Reply via email to