summaryrefslogtreecommitdiffstats
path: root/lib/libc/gen
Commit message (Collapse)AuthorAgeFilesLines
...
* libc: Make various internal file descriptors close-on-exec.jilles2012-12-107-12/+12
| | | | These are obtained via fopen().
* libc: Use the new 'e' fopen() mode option to simplify fstab.c.jilles2012-12-041-11/+1
| | | | No functional change is intended.
* Protect against DoS attacks, such as being described in CVE-2010-2632.marcel2012-12-011-22/+79
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The changes were derived from what has been committed to NetBSD, with modifications. These are: 1. Preserve the existsing GLOB_LIMIT behaviour by including the number of matches to the set of parameters to limit. 2. Change some of the limits to avoid impacting normal use cases: GLOB_LIMIT_STRING - change from 65536 to ARG_MAX so that glob(3) can still provide a full command line of expanded names. GLOB_LIMIT_STAT - change from 128 to 1024 for no other reason than that 128 feels too low (it's not a limit that impacts the behaviour of the test program listed in CVE-2010-2632). GLOB_LIMIT_PATH - change from 1024 to 65536 so that glob(3) can still provide a fill command line of expanded names. 3. Protect against buffer overruns when we hit the GLOB_LIMIT_STAT or GLOB_LIMIT_READDIR limits. We append SEP and EOS to pathend in those cases. Return GLOB_ABORTED instead of GLOB_NOSPACE when we would otherwise overrun the buffer. This change also modifies the existing behaviour of glob(3) in case GLOB_LIMIT is specifies by limiting the *new* matches and not all matches. This is an important distinction when GLOB_APPEND is set or when the caller uses a non-zero gl_offs. Previously pre-existing matches or the value of gl_offs would be counted in the number of matches even though the man page states that glob(3) would return GLOB_NOSPACE when gl_matchc or more matches were found. The limits that cannot be circumvented are GLOB_LIMIT_STRING and GLOB_LIMIT_PATH all others can be crossed by simply calling glob(3) again and with GLOB_APPEND set. The entire description above applies only when GLOB_LIMIT has been specified of course. No limits apply when this flag isn't set! Obtained from: Juniper Networks, Inc
* In globextend(), take advantage of the fact that realloc(NULL, size) ismarcel2012-12-011-3/+2
| | | | | | equivalent to malloc(size). This eliminates the conditional expression used for calling either realloc() or malloc() when realloc() will do all the time.
* In globextend() when the pathv vector cannot be (re-)allocated, don'tmarcel2012-12-011-6/+1
| | | | | | | | | | | | | | free and clear the gl_pathv pointer in the glob_t structure. Such breaks the invariant of the glob_t structure, as stated in the comment right in front of the globextend() function. If gl_pathv was non-NULL, then gl_pathc was > 0. Making gl_pathv a NULL pointer without also setting gl_pathc to 0 is wrong. Since we otherwise don't free the memory associated with a glob_t in error cases, it's unlikely that this change will cause a memory leak that wasn't already there to begin with. Callers of glob(3) must call globfree(3) irrespective of whether glob(3) returned an error or not.
* mdoc: Use the Ev macro for environmental variables.joel2012-11-161-3/+3
|
* Complete man page.grog2012-11-161-11/+27
| | | | MFC after: 2 weeks
* Implement the waitid() SUSv4 function using wait6() system call.kib2012-11-133-1/+67
| | | | | | PR: standards/170346 Submitted by: "Jukka A. Ukkonen" <jau@iki.fi> MFC after: 1 month
* Add an explanatory comment to lib/libc/gen/isnan.c about the fix to makedim2012-11-111-0/+5
| | | | | | | | static linking with libc and libm work. Requested by: jilles MFC after: 1 week X-MFC-With: 242879
* Only define isnan, isnanf, __isnan and __isnanf in libc.so, not indim2012-11-101-0/+2
| | | | | | | | | | | libc.a and libc_p.a. In addition, define isnan in libm.a and libm_p.a, but not in libm.so. This makes it possible to statically link executables using both isnan and isnanf with libc and libm. Tested by: kargl MFC after: 1 week
* Replace our version of the pwcache(3) API with NetBSD's implementation.brooks2012-10-194-207/+8
| | | | | | | | | This adds two features: * uid_from_user() and gid_from_group() as the reverse of user_from_uid() and groups_from_gid(). * pwcache_userdb() and pwcache_groupdb() which allow alternative lookup functions to be used. For example lookups from passwd and group databases in a non-standard location.
* Fix my last commit. Only call strunvis after properly checking the argument isstefanf2012-10-111-5/+7
| | | | not NULL.
* Decode the first two fstab fields with strunvis(3). This allows having spacesstefanf2012-10-111-0/+5
| | | | | | | | in devices and mount paths, encoded as \s or \040. PR: bin/117687 Submitted by: Martin Kammerhofer Discussed on: arch
* Apply some style. Checked with md5.stefanf2012-10-111-25/+26
|
* libc: Use O_CLOEXEC for various internal file descriptors.jilles2012-09-299-11/+13
| | | | | | | | | This fixes a race condition where another thread may fork() before CLOEXEC is set, unintentionally passing the descriptor to the child process. This commit only adds O_CLOEXEC flags to open() or openat() calls where no fcntl(fd, F_SETFD, FD_CLOEXEC) follows. The separate fcntl() call still leaves a race window so it should be fixed later.
* libc/fts: Use O_CLOEXEC for internal file descriptors.jilles2012-09-272-10/+14
| | | | | | | | | Because fts keeps internal file descriptors open across calls, making such descriptors close-on-exec helps not only multi-threaded applications but also single-threaded applications. In particular, this prevents passing a temporary file descriptor for saving the current directory to processes created via find -exec.
* Add the same warning to rand48(3) as to rand(3) and random(3).des2012-09-111-4/+10
| | | | MFC after: 3 days
* Avoid segfault if name is invalid. Basically, onlytrhodes2012-09-061-2/+5
| | | | | | | check for CTL_USER if the sysctl fails with ENOENT. PR: 169056 Reviewed by: jhb
* Remove trailing whitespace.joel2012-08-211-1/+1
|
* Add manual pages for clock_getcpuclockid and pthread_getcpuclockid.davidxu2012-08-212-1/+96
|
* Fix prototype. Also the function should return error code instead ofdavidxu2012-08-211-2/+4
| | | | -1 on error.
* Implement syscall clock_getcpuclockid2, so we can get a clock iddavidxu2012-08-174-5/+41
| | | | | | | | for process, thread or others we want to support. Use the syscall to implement POSIX API clock_getcpuclock and pthread_getcpuclockid. PR: 168417
* Rename aux.c to auxv.c.ed2012-08-112-1/+1
| | | | | | | | | | | On Windows, AUX is the auxiliary device, usually pointing to COM1. Therefore it is forbidden to create a file named aux.c. To make it a bit easier for Windows users to check out our source code, rename this file to auxv.c. MFC after: 1 month Discussed with: kib Suggested by: Eric van Gyzen <eric vangyzen net>
* nftw(): POSIX says directories causing loops should be silently skipped.jilles2012-08-091-3/+2
| | | | Formerly, loops caused nftw() to abort the traversal with ELOOP.
* Refresh with OpenBSD RCS ID changes to reflect that we now have essentionallydelphij2012-08-091-7/+1
| | | | the same file.
* ftw(): Do not check the maxfds argument against OPEN_MAX.jilles2012-08-091-2/+1
| | | | | | | | | | Apart from the fact that nothing should have OPEN_MAX as a limit (as opposed to RLIMIT_NOFILE from getrlimit() or _SC_OPEN_MAX from sysconf()), POSIX does not require us to check this. POSIX does have a requirement on the application that maxfds not exceed {OPEN_MAX}, but does not require the implementation to check it ("may fail"). PR: 95239
* nftw(): Do not check the maxfds argument against OPEN_MAX.jilles2012-08-091-2/+1
| | | | | | | | | Apart from the fact that nothing should have OPEN_MAX as a limit (as opposed to RLIMIT_NOFILE from getrlimit() or _SC_OPEN_MAX from sysconf()), POSIX does not require us to check this. PR: 95239 Submitted by: Todd Miller
* Use calloc().delphij2012-08-011-2/+1
|
* Document the behavior (from 4.4-lite) that tokens returned by telldir() arebrooks2012-07-051-2/+15
| | | | | | | single use. Sponsored by: DARPA, AFRL MFC after: 3 days
* Prefer sysctl to open/read/close for obtaining random data.pjd2012-07-041-5/+35
| | | | | | | | | This method is more sandbox-friendly and also should be faster as only one syscall is needed instead of three. In case of an error fall back to the old method. Reviewed by: simon, gleb MFC after: 2 weeks
* Optimize the handling of SC_NPROCESSORS_CONF, by using auxv AT_NCPUkib2012-06-271-0/+4
| | | | | | value if present. MFC after: 1 week
* Remove the assert added in r237286eadler2012-06-241-2/+0
| | | | | | | | | The use of assertions in libraries is not widely accepted. Requested by: bde, scottl Approved by: cperciva MFC after: 3 days X-MFC-With: r237286
* Use struct vdso_timehands data to implement fast gettimeofday(2) andkib2012-06-221-0/+15
| | | | | | | | | | | | | | | clock_gettime(2) functions if supported. The speedup seen in microbenchmarks is in range 4x-7x depending on the hardware. Only amd64 and i386 architectures are supported. Libc uses rdtsc and kernel data to calculate current time, if enabled by kernel. Hopefully, this code is going to migrate into vdso in some future. Discussed with: bde Reviewed by: jhb Tested by: flo MFC after: 1 month
* Don't close an uninitialized descriptor. [1]eadler2012-06-201-2/+6
| | | | | | | | | | Add a sanity check for the validity of the passed fd. PR: kern/139080 [1] Submitted by: Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua> [1] Reviewed by: pjd (briefly) Approved by: cperciva MFC after: 1 week
* More style.kib2012-06-161-19/+14
| | | | MFC after: 3 days
* Revert part of the r235740 which changed separate allocation of thekib2012-06-161-2/+7
| | | | | | | | | | | | | | string buffer for each linelist l_line into one large string. Since linelists parsed out during the previous passes store the pointers to previously allocated l_lines, the reallocation caused undefined behaviour on accessing the buffers, and quite deterministic fault on freeing them (in mountd(8) startup). This fixes reading of netgroup(5) file which contains more then one netgroup. Discussed with: ghelmer MFC after: 3 days
* mandoc fixes.joel2012-06-161-14/+5
| | | | Obtained from: OpenBSD
* Make sure that fstab fd is not leaked on exec.kib2012-06-141-1/+11
| | | | | | PR: kern/169023 Submitted by: Jukka Ukkonen <jau iki fi> MFC after: 1 week
* mdoc: minor Bl improvements.joel2012-06-021-1/+1
|
* Style(9) improvements: remove unnecessary parenthesis, improve orderghelmer2012-06-011-50/+52
| | | | | | | of local variable declarations, remove bogus casts, and resolve long lines. Reviewed by: bde
* Add checks for memory allocation failures in appropriate places, andghelmer2012-05-211-12/+27
| | | | | | | | avoid creating bad entries in the grp list as a result of memory allocation failures while building new entries. PR: bin/83340 Reviewed by: delphij (prior version of patch)
* Apply style(9) to return and switch/case statements.ghelmer2012-05-211-19/+22
| | | | Reviewed by: delphij (prior version of the patch)
* Put my name as copyright owner of lib/libc/gen/dirfd.c added in r235647.gleb2012-05-191-7/+4
| | | | Requested by: kib@
* Hide DIR definition by making it an opaque struct typedef.gleb2012-05-1913-7/+127
| | | | | | | | | | Introduce dirfd() libc exported symbol replacing macro with same name, preserve _dirfd() macro for internal use. Replace dirp->dd_fd with dirfd() call. Avoid using dirfd as variable name to prevent shadowing global symbol. Sponsored by: Google Summer Of Code 2011
* Use the .Bx macro instead of BSDeadler2012-04-261-1/+3
| | | | | | | Submitted by: ru Approved by: ru MFC after: 3 days X-MFC-With: r234700
* Document the standardization status of err* and warn*eadler2012-04-261-1/+11
| | | | | | | PR: docs/164939 Submitted by: Niclas Zeising <zeising@daemonic.se> Approved by: bcr MFC after: 3 days
* Import jemalloc a8f8d7540d66ddee7337db80c92890916e1063ca (dev branch,jasone2012-04-221-12/+12
| | | | | | | | | prior to 3.0.0 release). This fixes several bugs related to memory initialization. Mangle __jemalloc_a0{malloc,calloc,free}() just like all the other library-internal symbols in jemalloc, and adjust the tls allocation code in libc to use the mangled names.
* Import jemalloc 9ef7f5dc34ff02f50d401e41c8d9a4a928e7c2aa (dev branch,jasone2012-04-171-9/+14
| | | | | | | | prior to 3.0.0 release) as contrib/jemalloc, and integrate it into libc. The code being imported by this commit diverged from lib/libc/stdlib/malloc.c in March 2010, which means that a portion of the jemalloc 1.0.0 ChangeLog entries are relevant, as are the entries for all subsequent releases.
* sem_open: Make sure to fail an O_CREAT|O_EXCL open, even if that semaphorejilles2012-04-091-4/+10
| | | | | | | | | | | | is already open in this process. If the named semaphore is already open, sem_open() only increments a reference count and did not take the flags into account (which otherwise happens by passing them to open()). Add an extra check for O_CREAT|O_EXCL. PR: kern/166706 Reviewed by: davidxu MFC after: 10 days
* In sem_post, the field _has_waiters is no longer used, because somedavidxu2012-04-051-16/+8
| | | | | | | application destroys semaphore after sem_wait returns. Just enter kernel to wake up sleeping threads, only update _has_waiters if it is safe. While here, check if the value exceed SEM_VALUE_MAX and return EOVERFLOW if this is true.
OpenPOWER on IntegriCloud