| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Fix an off by one error to avoid overflowing rp[].
Reported by: Coverity
CID: 1007579
|
|
|
|
|
|
|
| |
Increase size of argv[] array to avoid running off the end.
Reported by: Coverity
CID: 1193819
|
|
|
|
|
|
|
|
|
|
| |
Set retval in the empty password case to avoid a path through the
code that fails to set retval before falling through to the final
return().
Reported by: emaste
Reported by: Coverity
CID: 1018711
|
|
|
|
|
|
|
|
|
| |
Read the contents of the snapshot files properly
- Use fgetln instead of fgets; localize complexity related to fgetln(3)
inside the loop.
- Skip over blank lines.
- Skip over lines (properly) that start with a "#"
|
|
|
|
|
|
|
|
|
|
| |
Hoist the getpwnam() call outside the first if/else block in
pam_sm_chauthtok(). Set user = getlogin() inside the true
branch so that it is initialized for the following PAM_LOG()
call. This is how it is done in pam_sm_authenticate().
Reported by: Coverity
CID: 272498
|
|
|
|
|
|
|
|
| |
Don't call free_addrselectpolicy(&policyhead) before policyhead has been
initialized.
Reported by: Coverity
CID: 1018727
|
|
|
|
|
|
|
|
|
| |
NULL releasedfl after calling deallocate_file_lock() which frees it
to avoid a use-after-free error in the debuglog() call at the top
of the loop.
Reported by: Coverity
CID: 1006080
|
|
|
|
|
|
|
|
| |
pdu_delete(request) frees request, so move the call after
login_new_response(request) to avoid a use-after-free error
Reported by: Coverity
CID: 1331219, 1331220
|
|
|
|
|
|
|
|
| |
Don't free fnamebuf before we calling cfgfile_add(). This changes a
use-after-free error into a minor memory leak.
Reported by: Coverity
CID: 1006084
|
|
|
|
| |
Check for overflow and return EINVAL if detected. Use unsigned index.
|
|
|
|
|
|
|
|
|
| |
Make "-S" a default option for mountd.
After a discussion on freebsd-fs@ there seemed to be a consensus that
the "-S" option for mountd should become the default.
Since the only known issue w.r.t. using "-S" was fixed by r299201,
this commit adds "-S" to the default mountd_flags.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't increment srvrpccnt[] for the NFSv4.1 operations.
When support for NFSv4.1 was added to the NFS server, it broke
the server rpc count stats, since newnfsstats.srvrpccnt[] doesn't
have entries for the new NFSv4.1 operations.
Without this patch, the code was incrementing bogus entries in
newnfsstats for the new NFSv4.1 operations.
This patch is an interim fix. The nfsstats structure needs to be
updated and that will come in a future commit.
|
| |
|
|
|
|
|
|
| |
This is a direct commit to stable/10.
Security: CVE-2015-2304
|
|
|
|
|
|
|
| |
The requirement is for a GCC-compatible compiler and not necessarily
GCC itself. However, we currently expect any compiler used for building
the whole of FreeBSD to be GCC-compatible and many things will break if
not; there's no longer a need to have an explicit test for this in csu.
|
|
|
|
|
|
|
|
| |
The files compiled into libgcc_s.so.1 did not have -g on
compiler command line, making generated .debug quite
pointless.
PR: 206381
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r299879 | truckman | 2016-05-15 18:30:32 -0700 (Sun, 15 May 2016) | 7 lines
Likely a false positive ... but make sure that -1 can't be used as an
array index by splitting up a test.
r299880 | truckman | 2016-05-15 18:38:24 -0700 (Sun, 15 May 2016) | 8 lines
Since rdata is only used as an argument to the immediately following
call to res_nopt_rdata(), revert r299879 and fix CID 603941 by moving
rdata = &buf[n];
inside the if block.
Reported by: Coverity
CID: 603941
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use strlcpy() instead of strncpy() when copying ifname to ensure
that it is NUL terminated. Additional NUL padding is not required
for short names.
Use sizeof(destination) in a few places instead of IFNAMSIZ.
Cast afp->af_ridreq and afp->af_addreq to make the intent of
the code more obvious.
Reported by: Coverity
CID: 1009628, 1009630, 1009631, 1009632, 1009633, 1009635, 1009638
CID: 1009639, 1009640, 1009641, 1009642, 1009643, 1009644, 1009645
CID: 1009646, 1009647, 1010049, 1010050, 1010051, 1010052, 1010053
CID: 1010054, 1011293, 1011294, 1011295, 1011296, 1011297, 1011298
CID: 1011299, 1305821, 1351720, 1351721
|
|
|
|
|
|
|
|
|
| |
Use strlcpy() instead of strncpy() when copying ifname to ensure
that it is NUL terminated. Additional NUL padding is not required
for short names.
Reported by: Coverity
CID: 1009974
|
|
|
|
|
|
|
|
|
| |
Use strlcpy() instead of strncpy() when copying ifname to ensure
that it is NUL terminated. Additional NUL padding is not required
for short names.
Reported by: Coverity
CID: 991863, 991864, 991865
|
|
|
|
|
|
|
|
|
| |
Use strlcpy() instead of strncpy() when copying ifname to ensure
that it is NUL terminated. Additional NUL padding is not required
for short names.
Reported by: Coverity
CID: 974860, 1009972, 1009973
|
|
|
|
|
|
|
|
|
| |
Use strlcpy() instead of strncpy() when copying ifname to ensure
that it is NUL terminated. Additional NUL padding is not required
for short names.
Reported by: Coverity
CID: 974852
|
|
|
|
|
| |
When handling SIOCSIFNAME ensure that the new interface name is NUL
terminated. Reject the rename attempt if the name is too long.
|
|
|
|
|
|
|
| |
Properly compute the size argument to pass to malloc().
Reported by: Coverity
CID: 1198856
|
|
|
|
|
|
|
|
| |
Move a call to cam_freeccb() to avoid a use after free error and
a later double free.
Reported by: Coverity
CID: 1018507
|
|
|
|
|
|
|
|
|
|
| |
Always return either a dynamically allocated string or NULL from
expand(). Never return the name parameter, which could be a the buf[]
buffer which is allocated on the stack by getdeadletter() and which
would then be used after getdeadletter() has returned.
Reported by: Coverity
CID: 1199383
|
|
|
|
|
|
|
|
|
| |
Declare line[] in the outermost scope of retrieve() instead of
declaring it in an inner scope and then using it via a pointer
in the outer scope.
Reported by: Coverity
CID: 605895
|
|
|
|
|
|
|
|
|
| |
Use strlcpy() instead of strncpy() to ensure that qf->fsname is NUL
terminated. Don't bother checking for truncation since the subsequent
stat() call should detect that and fail.
Reported by: Coverity
CID: 1018189
|
|
|
|
|
|
|
|
|
| |
Use strlcpy() instead of strncpy() to ensure that ret->name is
NUL terminated. The source and destination buffers are the same
size and the source *should* be NUL terminated, but be paranoid.
Reported by: Coverity
CID: 1011274
|
|
|
|
|
|
|
|
|
| |
Use strlcpy() instead of strncpy() to ensure that qup->fsname is NUL
terminated. Don't bother checking for truncation since the subsequent
quota_read() should detect that and fail.
Reported by: Coverity
CID: 1009980
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r299577 | truckman | 2016-05-12 16:14:31 -0700 (Thu, 12 May 2016) | 15 lines
Avoid Coverity NUL termination warning about strncpy() by using
memcpy() instead. It's probably a bit more optimal in this case
anyway. [1]
The program logic leading up to the creation of the strncpy/memcpy
destination buffer is a bit hairy. Add a call to assert() to make
it clear what is happening here and detect any potential buffer
overruns in the future.
Check a couple syscall error returns. Ignore the EEXIST error from
link() to preserve existing behavior. [2] [3]
r299578 | truckman | 2016-05-12 16:37:58 -0700 (Thu, 12 May 2016) | 2 lines
If fchdir() fails, call err() instead of warn().
r299589 | truckman | 2016-05-12 22:49:02 -0700 (Thu, 12 May 2016) | 4 lines
Instead of ignoring the EEXIST from link(), unconditionally unlink
the terget before calling link(). This should prevent links to an
old copy of the file from being retained.
Reported by: Coverity
CID: 1009659 [1], 1009349 [2], 1009350 [3]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r290903 is needed to prevent a conflict whem merging r299573
r290903 | araujo | 2015-11-15 19:18:40 -0800 (Sun, 15 Nov 2015) | 5 lines
Don't need cast malloc.
r299573 | truckman | 2016-05-12 14:35:40 -0700 (Thu, 12 May 2016) | 10 lines
Use strlcpy() instead of strncpy() when copying to dom_domain to
ensure that the latter is NUL terminated since it is passed
as an argument to *printf().
Warn about NIS domains that are too long.
Reported by: Coverity
CID: 1009620, 1009621
|
|
|
|
|
|
|
|
|
| |
Use strlcpy() instead of strncpy() when copying date and subj
to ensure that these are properly NUL terminated since they
are passed to printf().
Reported by: Coverity
CID: 974770
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use strlcpy() instead of strncpy() when copying the encoding value
to ensure that the destination is NUL terminated. Length truncation
of one more character should not be an issue since encoding values
that long are not supported by libc. The destination string is
treated as a NUL terminated string, but it is only passed to strcmp()
for comparison to a set of shorter, fixed length strings, so this
is not a serious problem.
Reported by: Coverity
CID: 974769
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Give mountd -S priority over outstanding RPC requests when suspending the nfsd.
It was reported via email that under certain heavy RPC loads
long delays before the exports would be updated was observed
when using "mountd -S". This patch reverses the priority between
the exclusive lock request to suspend the nfsd threads and the
shared lock request for performing RPCs.
As such, when mountd attempts to suspend the nfsd threads, it
gets priority over outstanding RPC requests to do this.
I suspect that the case reported was an artificial test load,
but this patch did fix the problem for the reporter.
|
|
|
|
|
| |
PR: D6271
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is a direct commit to stable.
This was done in head in r264661 and is needed to force certain options off
for ports.
PR: D6271
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r298420 | asomers | 2016-04-21 10:43:15 -0600 (Thu, 21 Apr 2016) | 10 lines
Notify userspace listeners when geom disk attributes have changed
sys/geom/geom_disk.c:
disk_attr_changed(): Generate a devctl event of type GEOM:<attr> for
every call.
r298439 | asomers | 2016-04-21 15:13:41 -0600 (Thu, 21 Apr 2016) | 10 lines
DRY on buffer sizes. Update to r298420.
sys/geom/geom_disk.c:
In disk_attr_changed, don't repeat a buffer size.
r298644 | asomers | 2016-04-26 08:48:58 -0600 (Tue, 26 Apr 2016) | 8 lines
Add GEOM::physpath documentation to devd.conf(5)
|
|
|
|
| |
Build libpam modules in parallel.
|
|
|
|
| |
Use vfs_hash_ref(9) to eliminate LK_EXCLOTHER kludge.
|
|
|
|
|
| |
Add vfs_hash_ref(9) function, which finds a vnode by the hash value
and returns it referenced.
|
|
|
|
| |
Style: wrap long lines.
|
|
|
|
|
|
|
|
|
| |
fsck_msdosfs: Adjust a check.
The on-disk FAT array does not include anything before CLUST_FIRST,
compensate in size check.
Obtained from: NetBSD (CVS Rev. 1.20)
|
|
|
|
|
|
| |
Submitted by: C Turt <cturt hardenedbsd.org>
Security: SA-16:19
Security: CVE-2016-1887
|
|
|
|
|
|
| |
Submitted by: C Turt <cturt hardenedbsd.org>
Security: SA-16:18
Security: CVE-2016-1886
|
|
|
|
|
|
|
| |
Minor spelling fixes in:
sys/dev, sys/sys
Many of these have user-visible strings.
|
|
|
|
|
|
|
|
| |
Add missing parameters -N and -l to reroot and halt usage()
Approved by: bapt
Sponsored by: Rubicon Communications (Netgate)
Differential Revision: https://reviews.freebsd.org/D6173
|
|
|
|
|
| |
Note: no MFC stable/9 because it has become quite out of date with head,
so the merge would be quite labourious and, thus, risky.
|