Gary Winiger wrote:
> I'm self sponsoring this case. I believe it qualifies for self-review and
> am marking it "closed approved automatic." I am happy to turn it into a
> fast track and set the timer if anyone believes I've misjudged.
>
Looks good to me, and self-review in scope is appropriate. However,
here's a proactive +1 in case anyone wants it to follow fast track
rules. :-)
- Garrett
> The case requests a Patch Release Binding and an unchanged Contracted Project
> Private Interface Taxonomy. The project team has no current plan to backport.
> No current uses of adt_alloc_event() are affected by this change.
>
> A full diffmarked man page is in the case directory.
>
> Gary..
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Background:
> ==========
> PSARC/2000/517 "Thread-safe audit API" introduced a number of user land
> (Contracted) Project Private interfaces for generating Solaris Audit
> records. PSARC/2003/397 "Contracted audit interfaces for open source"
> further discussed the Contracts for those interfaces. The interfaces can
> be used without checking whether Solaris Audit is enable or that the audit
> service, auditd(1m) is active.
>
> In looking over the code, I noticed that adt_alloc_event() should be able
> to return an error for invalid parameters. Doing so has the potential to
> save applications from a segment fault.
> adt_event_data_t *adt_alloc_event(const adt_session_data_t
> *session_data, au_event_t event_id);
> returns an event structure to be filled in by the application based on the
> event (event_id) passed to it. Even if audit is off, it always returns the
> structure. If for some reason the event_id passed in isn't valid,
> adt_alloc_event will presently return a adt_event_data_t pointer
> (adt_event_data_t is a union of the defined events). This could lead the
> application to try to fill in memory outside of the memory allocated. While
> this should never happen because the use is contracted, thus the application
> and structure should always be in sync, it is easy to return an error if it
> does occur.
>
> Proposal:
> =========
> Add EINVAL to the returns for adt_alloc_event.
>
> adt_alloc_event(3adt)
>
> DESCRIPTION
> This set of three functions are used to generate audit records
> within the current audit session context defined by the
> session_data parameter to adt_alloc_event(). See the union
> adt_event_data definition in adt_event.h for the name of the
> structure that corresponds to the event_id. For example,
> event_id ADT_login structure name is adt_login_t.
>
> adt_alloc_event() returns a pointer to memory allocated for an
> event of type event_id. This structure is to be filled in by the
> caller to provide the user-specific data contained in the audit
> record. The allocated memory structure includes linkage to the
> audit session handle. It is the responsibility of the caller to
> free the event memory by calling adt_free_event() when it is
> no longer needed.
>
> RETURN VALUES
> adt_alloc_event():
> != NULL OK
> == NULL error; errno is set to one of the following:
>
> + EINVAL -- invalid event_id value
> ENOMEM unable to allocate memory
>
