| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r303088,r303142,r303208,r303210,r303530,r303536,r303564,r303565,
r303706
In short:
1) All situations with glob(3) error return codes are well defined by
POSIX, so rewrite old sporadic errors processing to match those
definitions.
Including subcases:
Both C99 and POSIX directly prohibits any standard function to set errno
to 0. Breaking this rule in 2001 NetBSD hack was imported which attempts
to workaround very limited glob(3) return codes amount.
Use POSIX-compatible workaround now with E2BIG which can't comes from
other functions used instead of prohibited 0.
Process errors happpens in (*readdirfunc)() too, as POSIX requires.
Per POSIX GLOB_NOCHECK should return original pattern,
unmodified, if no matches found. But our code strips all '\'
returning it. Rewrite the code to allow to return original pattern.
GLOB_ERR and gl_errfunc are supposed to work only for real directories
per POSIX, so don't act on missing or plain files for ENOENT or ENOTDIR
(as TODO in the code suggested).
Remove the hack in the manpage describing how to skip ENOENT and ENOTDIR
in gl_errfunc, it is unneeded now.
Per POSIX GLOB_ERR must be considered even if gl_errfunc is not set,
old code skips it in that case.
2) For near MAXPATHLEN long pathes old glob(3) code can operate on
truncated results, prevent it in several places.
3) Results was not sorted according to collate as POSIX requires.
4) globtilde() forget to convert expanded user home dir from multibyte to
wide chars. Moreover, those chars are addded as not protected, so
can be treated as special chars.
5) Backward hack for EILSEQ in g_Ctoc() was not implemented, so all
pathes with illegal byte sequences are skipped as result, implement it now.
6) GLOB_BRACE was somehow broken. First it repeatedly calls glob0() in
globexp1() recursive calls, but glob0() was not supposed to be called
repeatedly in the original code. It finalize results by possible adding
original pattern for no match case, may return GLOB_NOMATCH error and
by sorting all things. Original pattern adding or GLOB_NOMATCH error
can happens each time glob0() called repeatedly, and sorting happens
for one item only, all things are never sorted. Second, f.e. "a{a"
pattern does not match "a{a" file but match "a" file instead.
Third, some errors (f.e. for limits or overflow) can be ignored
by GLOB_BRACE code because it forces return (0).
Add non-finalizing flag to glob0() and make globexp0() wrapper around
recursively called globexp1() to finalize things like glob0() does.
Reorganize braces code to work correctly.
7) Don't allow MB_CUR_MAX * strlen overallocation hits GLOB_LIMIT_STRING
(ARG_MAX) limit, use final string length, not malloced space for it.
|
| |
|
|
| |
Fix an infinite loop in setnetgrent(3) with NIS netgroups.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
1) Eliminate possibility to call __*collate_range_cmp() with inclomplete
locale (which cause core dump) by removing whole 'table' argument
by which it passed.
2) Restore __collate_range_cmp() in __sccl().
3) Collating [a-z] range in regcomp() works for single byte locales only
(we can't do it for other ones). In previous state only first 256
wide chars are considered and all others are just silently dropped from the
range.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Don't leak olinep if malloc() fails.
If malloc() fails to allocate linep, then free olinep (if it exists)
before returning to avoid a memory leak.
Reported by: Coverity
CID: 1016716
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D6755
|
| |
|
|
| |
FTS: Remove stale reference to nfs4 fs which was removed in r192578.
|
| |
|
|
|
|
|
|
|
| |
Fix Coverity CID 1016714 Resource leak in process_file_actions_entry()
Don't leak a file descriptor of _dup2() fails (shouldn't happen).
Reported by: Coverity
CID: 1016714
|
| |
|
|
|
|
|
|
|
| |
Fix 1016718 Resource leak.
Don't leak a file descriptor if fchdir() fails.
Reported by: Coverity
CID: 1016718
|
| |
|
|
|
| |
Remove trailing whitespace and use `nitems(mib)` instead of `2` when
calling sysctl(3)
|
| |
|
|
| |
Make libc __pthread_map_stacks_exec() interposed.
|
| |
|
|
|
|
| |
Fix readpassphrase(3) when it's called with stdin being closed.
Approved by: re (delphij)
|
| |
|
|
|
|
|
|
|
|
|
| |
fails.
This bug could be reproduced easily by calling sem_open() with O_CREAT |
O_EXCL on a semaphore that is already open in the process. The struct
sem_nameinfo would be freed while still in sem_list and later calls to
sem_open() or sem_close() could access freed memory.
PR: 206396
|
| |
|
|
|
|
|
|
| |
Move fdopen() up near other resource allocation like malloc(); do proper
deallocation on failure later on in the function.
Approved by: jhb
Sponsored by: Panasas, Inc.
|
| |
|
|
| |
Fix lockf(3) cancellation behaviour.
|
| |
|
|
| |
contain cwd.
|
| |
|
|
|
|
|
| |
Unbreak compiling getnetgrent.c with -DDEBUG after r236402 by adding a
missing "}"
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
|
|
| |
Remove a set but unused variable in __getgroupmembership to fix a gcc 4.9+ warning
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
|
|
| |
The old code was exponential in the number of asterisks in the pattern.
However, once a match has been found upto the next asterisk, the previous
asterisks are no longer relevant.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Shell syntax is too complicated to detect command substitution and unquoted
operators reliably without implementing much of sh's parser. Therefore, have
sh do this detection.
While changing sh's support anyway, also read input from a pipe instead of
arguments to avoid {ARG_MAX} limits and improve privacy, and output count
and length using 16 instead of 8 digits.
The basic concept is:
execl("/bin/sh", "sh", "-c", "freebsd_wordexp ${1:+\"$1\"} -f "$2",
"", flags & WRDE_NOCMD ? "-p" : "", <pipe with words>);
The WRDE_BADCHAR error is still implemented in libc. POSIX requires us to
fail strings containing unquoted braces with code WRDE_BADCHAR. Since this
is normally not a syntax error in sh, there is still a need for checking
code in libc, we_check().
The new we_check() is an optimistic check that all the characters
<newline> | & ; < > ( ) { }
are quoted. To avoid duplicating too much sh logic, such characters are
permitted when quoting characters are seen, even if the quoting characters
may themselves be quoted. This code reports all WRDE_BADCHAR errors; bad
characters that get past it and are a syntax error in sh return WRDE_SYNTAX.
Although many implementations of WRDE_NOCMD erroneously allow some command
substitutions (and ours even documented this), there appears to be code that
relies on its security (codesearch.debian.net shows quite a few uses).
Passing untrusted data to wordexp() still exposes a denial of service
possibility and a fairly large attack surface.
This is also a MFC of r286830 to reduce conflicts. I changed the code
somewhat to avoid changes from r286941; in particular, WRDE_BADVAL can still
only be returned if WRDE_UNDEF was passed.
Relnotes: yes
Security: fixes command execution with wordexp(untrusted, WRDE_NOCMD)
|
| |
|
|
|
|
|
|
|
|
| |
Switch libc from using _sig{procmask,action,suspend} symbols, which
are aliases for the syscall stubs and are plt-interposed, to the
libc-private aliases of internally interposed sigprocmask() etc.
MFC r287300:
Use libthr interposed functions instead of syscalls, in posix_spawn()'
child.
|
| |
|
|
|
|
|
|
|
| |
if possible.
The kern.proc.umask.<pid> sysctl allows querying the umask without
temporarily modifying it.
r280713 is the actual change, while r279084 is a whitespace change.
|
| |
|
|
|
| |
PR: 200942
Submitted by: Conrad Meyer
|
| |
|
|
|
|
|
|
| |
Fix sysctl(3) so it returns the intended values for all mib names in
the 'user' sysctl tree, which have all been coming back 0 or empty
since r240176.
Approved by: re
|
| |
|
|
|
| |
Reassign copyright statements on several files from Advanced
Computing Technologies LLC to Hudson River Trading LLC.
|
| |
|
|
|
| |
Remove the note about seekdir() removing telldir() cookies. That was
removed back in r269204.
|
| |
|
|
| |
Remove the write-only variable phent.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tweak seekdir, telldir and readdir so that when htere are deletes going on,
as seek to teh last location saved will still work. This is needed for Samba
to be able to correctly handle delete requests from windows. This does not
completely fix seekdir when deletes are present but fixes the worst of the
problems. The real solution must involve some changes to the API for eh VFS
and getdirentries(2).
Obtained from: Panzura inc
MFH: r282550 (jhb@)
A few style fixes and expand the comment a bit on what _fixtelldir() is
doing.
MFH: r282560 (jhb@)
Tweak the comment here some more. In particular, the previous opening
sentence was a bit confusing.
Noted by: kib
|
| |
|
|
|
| |
Remove code to support the top of the stack layout for FreeBSD 1.x/2.x
kernel.
|
| |
|
|
| |
Make wait6(2), waitid(3) and ppoll(2) cancellation points.
|
| |
|
|
|
|
|
|
|
| |
Per Austin group issue #884, sh should not import IFS from the environment
but always set it to $' \t\n'. For wordexp(), however, it is documented and
useful for it to use IFS from the environment.
Since sh currently imports IFS from the environment, this change has no
functional effect.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When following symlinks, fts returned FTS_SLNONE when fstatat(flag=0)
failed, but a subsequent fstatat(flag=AT_SYMLINK_NOFOLLOW) succeeded. This
incorrectly triggered if a filename existed to be read from the directory,
was deleted before the fstatat(flag=0) and created again after the
fstatat(flag=0).
Fix this by only returning FTS_SLNONE if the result from
fstatat(flag=AT_SYMLINK_NOFOLLOW) is actually a symlink. If it is not a
symlink, treat it as if fstatat(flag=0) succeeded.
PR: 196724
|
| |
|
|
|
|
|
|
|
| |
As a result, the kernel needs to process shorter pathnames if fts is not
changing directories (if fts follows symlinks (-L option to utilities), fts
cannot open "." or FTS_NOCHDIR was specified).
Side effect: If pathnames exceed PATH_MAX, [ENAMETOOLONG] is not hit at the
stat stage but later (opendir or application fts_accpath) or not at all.
|
| |
|
|
|
|
|
|
|
|
|
| |
setmode(3): Make sure that setmode sets errno on failure.
Our man page already documented this partially but now
we provide more consistent behavior.
PR: 136669
Obtained from: NetBSD (CVS rev. 1.31, 1.33)
Relnotes: yes
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Update most userspace consumers of capability.h to use capsicum.h instead.
auditdistd is not updated as I will make the change upstream and then do a
vendor import sometime in the next week or two.
Note that a significant fraction does not apply, as FreeBSD 10 doesn't
contain a Capsicumised ping, casperd, libcasper, etc. When these features
are merged, the capsicum.h change will need to be merged with them.
Sponsored by: Google, Inc.
|
| |
|
|
|
|
| |
Update system man pages for s/capability.h/capsicum.h/.
Sponsored by: Google, Inc.
|
| |
|
|
| |
Fix typo.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ulimit(3): Fix broken check.
The existing implementation had a broken comparison that could
overflow and return confusing values. Replace this with a check
that avoids the overflow before it happens.
Consistently return a maximum value also on the case of negative
arguments since negative is considered an overflow and means
infinity for our current setrlimit().
New revamped version is credited to Bruce Evans.
CID: 1199295
|
| |
|
|
|
|
|
|
|
|
|
| |
getdiskbyname(): plug resource leak
Variable cq going out of scope leaks the storage it points to.
CID: 270511
Phabric: D1775
Reviewed by: imp
Obtained from: NetBSD (CVS rev. 1.34)
|
| |
|
|
| |
Properly interpose libc spinlocks, was missed in r276630.
|
| |
|
|
|
|
|
| |
Also, make sure to document the return values and errors for all three
functions in the man page.
PR: 191931
|
| |
|
|
|
|
| |
Adjust the test that used to fail because of this bug.
PR: 191936
|
| |
|
|
|
|
|
|
| |
The error code is per Austin Group issue #315.
I provided different wording for the manual page change.
Submitted by: pluknet
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(or loading a dso linked to libthr.so into process which was not
linked against threading library).
MFC r276630:
Remove interposing, fix malloc, reinstall signal handlers wrappers on
libthr load.
MFC r276681:
Avoid calling internal libc function through PLT or accessing data
though GOT.
MFC r277032:
Reduce the size of the interposing table and amount of
cancellation-handling code in the libthr.
MFC note:
r276646 ("do not erronously export 'openat' symbol from rtld") is not
applicable to stable/10 yet, since PATHFDS support was not merged.
|
| |
|
|
|
| |
Add rtld private interface for dso to detect dynamic loading
vs. static linking.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Reinstitate send() after syslogd restarts.
In r228193 the test of CONNPRIV have been moved to before the _usleep
and send in vsyslog(). When syslogd restarts, this would prevent the
message being logged after the disconnect/connect dance for
scenario #1.
PR: 194751
Submitted by: Peter Creath <pjcreath+freebsd gmail com>
Reviewed By: glebius
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Linux LD_ITERATE_PHDR(3):
The dlpi_name field is a null-terminated string giving the
pathname from which the shared object was loaded.
That functionality is much more useful than returning just the short
name.
Update dl_iterate_phdr(3) to follow r272842
MFC of r272842 and r272848
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Always seek back to the beginning of a regular directory, even if the
previous seek location was 0. Without this, readdir() would see
dd_loc of zero and call getdirentries() which would start reading
entries at the current seek location of the directory ignoring the
first batch of entries. Also, rewinddir() should always seek so that
it reads the directory from the beginning to get updated entries.
PR: 192935
Approved by: re (gjb)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix various edge cases with rewinddir(), seekdir(), and telldir():
- In the unionfs case, opendir() and fdopendir() read the directory's full
contents and cache it. This cache is not refreshed when rewinddir() is
called, so rewinddir() will not notice updates to a directory. Fix this
by splitting the code to fetch a directory's contents out of
__opendir_common() into a new _filldir() function and call this from
rewinddir() when operating on a unionfs directory.
- If rewinddir() is called on a directory opened with fdopendir() before
any directory entries are fetched, rewinddir() will not adjust the seek
location of the backing file descriptor. If the file descriptor passed
to fdopendir() had a non-zero offset, the rewinddir() will not rewind to
the beginning. Fix this by always seeking back to 0 in rewinddir().
This means the dd_rewind hack can also be removed.
- Add missing locking to rewinddir()
- POSIX says that passing a location returned by telldir() to seekdir()
after an intervening call to rewinddir() is undefined, so reclaim any
pending telldir() cookies in the directory when rewinddir() is called.
- If telldir() is called immediately after a call to seekdir(), POSIX
requires the return value of telldir() to equal the value passed to
seekdir(). The current seekdir code with SINGLEUSE enabled breaks
this case as each call to telldir() allocates a new cookie. Instead,
remove the SINGLEUSE code and change telldir() to look for an existing
cookie for the directory's current location rather than always creating
a new cookie.
PR: 121656
|
| |
|
|
|
|
| |
a 0 status with a NULL pointer for the login name (result).
Obtained from: Juniper Networks, Inc.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libc/gen: small updates to code originating at OpenBSD
arc4random.c
- CVS rev. 1.22
Change arc4random_uniform() to calculate ``2**32 % upper_bound'' as
``-upper_bound % upper_bound''. Simplifies the code and makes it the
same on both ILP32 and LP64 architectures, and also slightly faster on
LP64 architectures by using a 32-bit remainder instead of a 64-bit
remainder.
- CVS rev. 1.23
Spacing
readpassphrase.c
-CVS rev. v 1.24
most obvious unsigned char casts for ctype
Obtained from: OpenBSD
|
| |
|
|
| |
Implement sysconf(_SC_GETGR_R_SIZE_MAX) and sysconf(_SC_GETPW_R_SIZE_MAX).
|
