| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
for diff reduction purposes.
MFC r317315,r317437:
r317315:
Note that getpagesize(3) can return -1 on failure
r317437 (by kib):
getpagesize(3) cannot fail.
|
| |
|
|
|
|
|
|
|
| |
getbsize(3): clarify that underflow/overflow warnings in regard to $BLOCKSIZE
gets output via warnx(3)
This helps set expectations for how one might deal with those messages, i.e.,
mute output from /dev/stderr today, since that's where vwarn(3) outputs messages
to today.
|
| |
|
|
|
|
| |
err(3): use `NULL`, aka `(void*)0` per POSIX instead of `(FILE *)0`
This is being done to aid humans and static analysis checkers.
|
| |
|
|
| |
Correct signatures of several pthreads stubs.
|
| |
|
|
| |
Do not leak syslog_mutex on cancellation.
|
| |
|
|
| |
Make semaphore names list mutex non-recursive.
|
| |
|
|
| |
Restructure normal (non-error) control flow in sem_close().
|
| |
|
|
| |
Style.
|
| |
|
|
| |
getpagesize(3) cannot fail.
|
| |
|
|
|
|
|
|
|
|
| |
When application reads large directory, calling telldir() for each entry,
like Samba does, it creates exponential performance drop as number of
entries reach tenths to hundreds of thousands. It is caused by full search
through the internal list, that never finds matches in that scenario, but
creates O(n^2) delays. This patch optimizes that search, limiting it to
entries of the same buffer, turning time closer to O(n) in case of linear
directory scan.
|
| |
|
|
|
|
|
|
|
|
| |
Fix an out-of-bounds write when a zero-length buffer is passed.
Found with ttyname_test and CHERI bounds checking.
Reviewed by: emaste
Obtained from: CheriBSD
Sponsored by: DARPA, AFRL
|
| |
|
|
| |
Fix reporting of _SC_SEM_NSEMS_MAX and _SC_SEM_VALUE_MAX.
|
| |
|
|
| |
style(9): sort #includes
|
| |
|
|
|
|
|
|
| |
Discard first 3072 bytes of RC4 keystream, this is a bandaid
that allows us to work on switching to a more modern PRNG.
Submitted by: Steven Chamberlain <steven pyro eu org>
Approved by: so
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r279154 (by jilles):
nice(): Correct return value and [EPERM] error.
PR: 189821
Obtained from: NetBSD
Relnotes: yes
r279397 (by jilles):
nice(): Put back old return value, keeping [EPERM] error.
Commit r279154 changed the API and ABI significantly, and {NZERO} is still
wrong.
Also, preserve errno on success instead of setting it to 0.
PR: 189821
Relnotes: yes
|
| |
|
|
|
|
|
|
|
| |
Properly sign extend the result of jrand48() and mrand48().
These functions are supposed to return a value between [-2^31, 2^31).
This doesn't seem to work on 64-bit systems, where we return a value
between [0, 3^32). Patch up the function to use proper casts to int32_t.
While there, fix some other style bugs.
|
| |
|
|
|
|
|
|
|
|
|
| |
r297790 (by pfg):
libc: replace 0 with NULL for pointers.
While here also cleanup some surrounding code; particularly
drop some malloc() casts.
Found with devel/coccinelle.
|
| |
|
|
|
|
|
|
|
|
|
| |
Specifically, use .Ta instead of tabs to separate column entries. While
here fix a few other things:
- Use .Sy for all column headers (previously only the first column header
was bold)
- Use .Dv to markup constants used for MIB names.
- Use "1234" and "4321" for the byte order descriptions without
thousands separators.
- Mark up header files in the first table with .In.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In existing implementations including FreeBSD, there is no reason to use
readdir_r() in the common case where potentially multiple threads each list
their own directory. Code using readdir() is simpler.
What's more, although readdir_r() can safely be used on FreeBSD because
NAME_MAX is forced to 255, it cannot be used safely on systems where
{NAME_MAX} is not fixed. As a concrete example, FAT/NTFS filenames can be up
to 255 UTF-16 code units long, which can be up to 765 UTF-8 bytes.
Deprecating readdir_r() in POSIX has been proposed in
http://www.austingroupbugs.net/view.php?id=696
and glibc wants to deprecate it as well.
|
| |
|
|
|
| |
Since r101651 in 2002, getvfsbyname() has written *vfc using userland
memcpy(), so the [EFAULT] error no longer occurs.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r303088,r303142,r303208,r303210,r303530,r303536,r303564,r303565,
r303706
In short:
1) All situations with glob(3) error return codes are well defined by
POSIX, so rewrite old sporadic errors processing to match those
definitions.
Including subcases:
Both C99 and POSIX directly prohibits any standard function to set errno
to 0. Breaking this rule in 2001 NetBSD hack was imported which attempts
to workaround very limited glob(3) return codes amount.
Use POSIX-compatible workaround now with E2BIG which can't comes from
other functions used instead of prohibited 0.
Process errors happpens in (*readdirfunc)() too, as POSIX requires.
Per POSIX GLOB_NOCHECK should return original pattern,
unmodified, if no matches found. But our code strips all '\'
returning it. Rewrite the code to allow to return original pattern.
GLOB_ERR and gl_errfunc are supposed to work only for real directories
per POSIX, so don't act on missing or plain files for ENOENT or ENOTDIR
(as TODO in the code suggested).
Remove the hack in the manpage describing how to skip ENOENT and ENOTDIR
in gl_errfunc, it is unneeded now.
Per POSIX GLOB_ERR must be considered even if gl_errfunc is not set,
old code skips it in that case.
2) For near MAXPATHLEN long pathes old glob(3) code can operate on
truncated results, prevent it in several places.
3) Results was not sorted according to collate as POSIX requires.
4) globtilde() forget to convert expanded user home dir from multibyte to
wide chars. Moreover, those chars are addded as not protected, so
can be treated as special chars.
5) Backward hack for EILSEQ in g_Ctoc() was not implemented, so all
pathes with illegal byte sequences are skipped as result, implement it now.
6) GLOB_BRACE was somehow broken. First it repeatedly calls glob0() in
globexp1() recursive calls, but glob0() was not supposed to be called
repeatedly in the original code. It finalize results by possible adding
original pattern for no match case, may return GLOB_NOMATCH error and
by sorting all things. Original pattern adding or GLOB_NOMATCH error
can happens each time glob0() called repeatedly, and sorting happens
for one item only, all things are never sorted. Second, f.e. "a{a"
pattern does not match "a{a" file but match "a" file instead.
Third, some errors (f.e. for limits or overflow) can be ignored
by GLOB_BRACE code because it forces return (0).
Add non-finalizing flag to glob0() and make globexp0() wrapper around
recursively called globexp1() to finalize things like glob0() does.
Reorganize braces code to work correctly.
7) Don't allow MB_CUR_MAX * strlen overallocation hits GLOB_LIMIT_STRING
(ARG_MAX) limit, use final string length, not malloced space for it.
|
| |
|
|
| |
Fix an infinite loop in setnetgrent(3) with NIS netgroups.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
1) Eliminate possibility to call __*collate_range_cmp() with inclomplete
locale (which cause core dump) by removing whole 'table' argument
by which it passed.
2) Restore __collate_range_cmp() in __sccl().
3) Collating [a-z] range in regcomp() works for single byte locales only
(we can't do it for other ones). In previous state only first 256
wide chars are considered and all others are just silently dropped from the
range.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Don't leak olinep if malloc() fails.
If malloc() fails to allocate linep, then free olinep (if it exists)
before returning to avoid a memory leak.
Reported by: Coverity
CID: 1016716
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D6755
|
| |
|
|
| |
FTS: Remove stale reference to nfs4 fs which was removed in r192578.
|
| |
|
|
|
|
|
|
|
| |
Fix Coverity CID 1016714 Resource leak in process_file_actions_entry()
Don't leak a file descriptor of _dup2() fails (shouldn't happen).
Reported by: Coverity
CID: 1016714
|
| |
|
|
|
|
|
|
|
| |
Fix 1016718 Resource leak.
Don't leak a file descriptor if fchdir() fails.
Reported by: Coverity
CID: 1016718
|
| |
|
|
|
| |
Remove trailing whitespace and use `nitems(mib)` instead of `2` when
calling sysctl(3)
|
| |
|
|
| |
Make libc __pthread_map_stacks_exec() interposed.
|
| |
|
|
|
|
| |
Fix readpassphrase(3) when it's called with stdin being closed.
Approved by: re (delphij)
|
| |
|
|
|
|
|
|
|
|
|
| |
fails.
This bug could be reproduced easily by calling sem_open() with O_CREAT |
O_EXCL on a semaphore that is already open in the process. The struct
sem_nameinfo would be freed while still in sem_list and later calls to
sem_open() or sem_close() could access freed memory.
PR: 206396
|
| |
|
|
|
|
|
|
| |
Move fdopen() up near other resource allocation like malloc(); do proper
deallocation on failure later on in the function.
Approved by: jhb
Sponsored by: Panasas, Inc.
|
| |
|
|
| |
Fix lockf(3) cancellation behaviour.
|
| |
|
|
| |
contain cwd.
|
| |
|
|
|
|
|
| |
Unbreak compiling getnetgrent.c with -DDEBUG after r236402 by adding a
missing "}"
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
|
|
| |
Remove a set but unused variable in __getgroupmembership to fix a gcc 4.9+ warning
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
|
|
| |
The old code was exponential in the number of asterisks in the pattern.
However, once a match has been found upto the next asterisk, the previous
asterisks are no longer relevant.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Shell syntax is too complicated to detect command substitution and unquoted
operators reliably without implementing much of sh's parser. Therefore, have
sh do this detection.
While changing sh's support anyway, also read input from a pipe instead of
arguments to avoid {ARG_MAX} limits and improve privacy, and output count
and length using 16 instead of 8 digits.
The basic concept is:
execl("/bin/sh", "sh", "-c", "freebsd_wordexp ${1:+\"$1\"} -f "$2",
"", flags & WRDE_NOCMD ? "-p" : "", <pipe with words>);
The WRDE_BADCHAR error is still implemented in libc. POSIX requires us to
fail strings containing unquoted braces with code WRDE_BADCHAR. Since this
is normally not a syntax error in sh, there is still a need for checking
code in libc, we_check().
The new we_check() is an optimistic check that all the characters
<newline> | & ; < > ( ) { }
are quoted. To avoid duplicating too much sh logic, such characters are
permitted when quoting characters are seen, even if the quoting characters
may themselves be quoted. This code reports all WRDE_BADCHAR errors; bad
characters that get past it and are a syntax error in sh return WRDE_SYNTAX.
Although many implementations of WRDE_NOCMD erroneously allow some command
substitutions (and ours even documented this), there appears to be code that
relies on its security (codesearch.debian.net shows quite a few uses).
Passing untrusted data to wordexp() still exposes a denial of service
possibility and a fairly large attack surface.
This is also a MFC of r286830 to reduce conflicts. I changed the code
somewhat to avoid changes from r286941; in particular, WRDE_BADVAL can still
only be returned if WRDE_UNDEF was passed.
Relnotes: yes
Security: fixes command execution with wordexp(untrusted, WRDE_NOCMD)
|
| |
|
|
|
|
|
|
|
|
| |
Switch libc from using _sig{procmask,action,suspend} symbols, which
are aliases for the syscall stubs and are plt-interposed, to the
libc-private aliases of internally interposed sigprocmask() etc.
MFC r287300:
Use libthr interposed functions instead of syscalls, in posix_spawn()'
child.
|
| |
|
|
|
|
|
|
|
| |
if possible.
The kern.proc.umask.<pid> sysctl allows querying the umask without
temporarily modifying it.
r280713 is the actual change, while r279084 is a whitespace change.
|
| |
|
|
|
| |
PR: 200942
Submitted by: Conrad Meyer
|
| |
|
|
|
|
|
|
| |
Fix sysctl(3) so it returns the intended values for all mib names in
the 'user' sysctl tree, which have all been coming back 0 or empty
since r240176.
Approved by: re
|
| |
|
|
|
| |
Reassign copyright statements on several files from Advanced
Computing Technologies LLC to Hudson River Trading LLC.
|
| |
|
|
|
| |
Remove the note about seekdir() removing telldir() cookies. That was
removed back in r269204.
|
| |
|
|
| |
Remove the write-only variable phent.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tweak seekdir, telldir and readdir so that when htere are deletes going on,
as seek to teh last location saved will still work. This is needed for Samba
to be able to correctly handle delete requests from windows. This does not
completely fix seekdir when deletes are present but fixes the worst of the
problems. The real solution must involve some changes to the API for eh VFS
and getdirentries(2).
Obtained from: Panzura inc
MFH: r282550 (jhb@)
A few style fixes and expand the comment a bit on what _fixtelldir() is
doing.
MFH: r282560 (jhb@)
Tweak the comment here some more. In particular, the previous opening
sentence was a bit confusing.
Noted by: kib
|
| |
|
|
|
| |
Remove code to support the top of the stack layout for FreeBSD 1.x/2.x
kernel.
|
| |
|
|
| |
Make wait6(2), waitid(3) and ppoll(2) cancellation points.
|
| |
|
|
|
|
|
|
|
| |
Per Austin group issue #884, sh should not import IFS from the environment
but always set it to $' \t\n'. For wordexp(), however, it is documented and
useful for it to use IFS from the environment.
Since sh currently imports IFS from the environment, this change has no
functional effect.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When following symlinks, fts returned FTS_SLNONE when fstatat(flag=0)
failed, but a subsequent fstatat(flag=AT_SYMLINK_NOFOLLOW) succeeded. This
incorrectly triggered if a filename existed to be read from the directory,
was deleted before the fstatat(flag=0) and created again after the
fstatat(flag=0).
Fix this by only returning FTS_SLNONE if the result from
fstatat(flag=AT_SYMLINK_NOFOLLOW) is actually a symlink. If it is not a
symlink, treat it as if fstatat(flag=0) succeeded.
PR: 196724
|
