Gary Winiger wrote: > I'm self sponsoring this case. I believe it qualifies for self-review and > am marking it "closed approved automatic." I am happy to turn it into a > fast track and set the timer if anyone believes I've misjudged. >
Looks good to me, and self-review in scope is appropriate. However, here's a proactive +1 in case anyone wants it to follow fast track rules. :-) - Garrett > The case requests a Patch Release Binding and an unchanged Contracted Project > Private Interface Taxonomy. The project team has no current plan to backport. > No current uses of adt_alloc_event() are affected by this change. > > A full diffmarked man page is in the case directory. > > Gary.. > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Background: > ========== > PSARC/2000/517 "Thread-safe audit API" introduced a number of user land > (Contracted) Project Private interfaces for generating Solaris Audit > records. PSARC/2003/397 "Contracted audit interfaces for open source" > further discussed the Contracts for those interfaces. The interfaces can > be used without checking whether Solaris Audit is enable or that the audit > service, auditd(1m) is active. > > In looking over the code, I noticed that adt_alloc_event() should be able > to return an error for invalid parameters. Doing so has the potential to > save applications from a segment fault. > adt_event_data_t *adt_alloc_event(const adt_session_data_t > *session_data, au_event_t event_id); > returns an event structure to be filled in by the application based on the > event (event_id) passed to it. Even if audit is off, it always returns the > structure. If for some reason the event_id passed in isn't valid, > adt_alloc_event will presently return a adt_event_data_t pointer > (adt_event_data_t is a union of the defined events). This could lead the > application to try to fill in memory outside of the memory allocated. While > this should never happen because the use is contracted, thus the application > and structure should always be in sync, it is easy to return an error if it > does occur. > > Proposal: > ========= > Add EINVAL to the returns for adt_alloc_event. > > adt_alloc_event(3adt) > > DESCRIPTION > This set of three functions are used to generate audit records > within the current audit session context defined by the > session_data parameter to adt_alloc_event(). See the union > adt_event_data definition in adt_event.h for the name of the > structure that corresponds to the event_id. For example, > event_id ADT_login structure name is adt_login_t. > > adt_alloc_event() returns a pointer to memory allocated for an > event of type event_id. This structure is to be filled in by the > caller to provide the user-specific data contained in the audit > record. The allocated memory structure includes linkage to the > audit session handle. It is the responsibility of the caller to > free the event memory by calling adt_free_event() when it is > no longer needed. > > RETURN VALUES > adt_alloc_event(): > != NULL OK > == NULL error; errno is set to one of the following: > > + EINVAL -- invalid event_id value > ENOMEM unable to allocate memory >