| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The changes were derived from what has been committed to NetBSD, with
modifications. These are:
1. Preserve the existsing GLOB_LIMIT behaviour by including the number
of matches to the set of parameters to limit.
2. Change some of the limits to avoid impacting normal use cases:
GLOB_LIMIT_STRING - change from 65536 to ARG_MAX so that glob(3)
can still provide a full command line of expanded names.
GLOB_LIMIT_STAT - change from 128 to 1024 for no other reason than
that 128 feels too low (it's not a limit that impacts the
behaviour of the test program listed in CVE-2010-2632).
GLOB_LIMIT_PATH - change from 1024 to 65536 so that glob(3) can
still provide a fill command line of expanded names.
3. Protect against buffer overruns when we hit the GLOB_LIMIT_STAT or
GLOB_LIMIT_READDIR limits. We append SEP and EOS to pathend in
those cases. Return GLOB_ABORTED instead of GLOB_NOSPACE when we
would otherwise overrun the buffer.
This change also modifies the existing behaviour of glob(3) in case
GLOB_LIMIT is specifies by limiting the *new* matches and not all
matches. This is an important distinction when GLOB_APPEND is set or
when the caller uses a non-zero gl_offs. Previously pre-existing
matches or the value of gl_offs would be counted in the number of
matches even though the man page states that glob(3) would return
GLOB_NOSPACE when gl_matchc or more matches were found.
The limits that cannot be circumvented are GLOB_LIMIT_STRING and
GLOB_LIMIT_PATH all others can be crossed by simply calling glob(3)
again and with GLOB_APPEND set.
The entire description above applies only when GLOB_LIMIT has been
specified of course. No limits apply when this flag isn't set!
Obtained from: Juniper Networks, Inc
|
| |
|
|
|
|
| |
equivalent to malloc(size). This eliminates the conditional expression
used for calling either realloc() or malloc() when realloc() will do
all the time.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
free and clear the gl_pathv pointer in the glob_t structure. Such
breaks the invariant of the glob_t structure, as stated in the comment
right in front of the globextend() function. If gl_pathv was non-NULL,
then gl_pathc was > 0. Making gl_pathv a NULL pointer without also
setting gl_pathc to 0 is wrong.
Since we otherwise don't free the memory associated with a glob_t in
error cases, it's unlikely that this change will cause a memory leak
that wasn't already there to begin with. Callers of glob(3) must
call globfree(3) irrespective of whether glob(3) returned an error
or not.
|
| |
|
|
|
|
|
|
|
| |
written. Use clearer text for this.
PR: docs/174023
Submitted by: Paul Procacci <pprocacci@gmail.com>
Approved by: bcr (mentor)
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds a new mode option 'e' that must follow any 'b', '+' and/or
'x' options. C11 is clear about the 'x' needing to follow 'b' and/or '+' and
that is what we implement; therefore, require a strict position for 'e' as
well.
For freopen() with a non-NULL path argument and fopen(), the close-on-exec
flag is set iff the 'e' mode option is specified. For freopen() with a NULL
path argument and fdopen(), the close-on-exec flag is turned on if the 'e'
mode option is specified and remains unchanged otherwise.
Although the same behaviour for fopen() can be obtained by open(O_CLOEXEC)
and fdopen(), this needlessly complicates the calling code.
Apart from the ordering requirement, the new option matches glibc.
PR: kern/169320
|
| |
|
|
| |
Reviewed by: glebius
|
| |
|
|
| |
MFC after: 1 week
|
| |
|
|
| |
MFC after: 3 days
|
| |
|
|
|
|
| |
- whitespace nit
Reviewed by: glebius
|
| | |
|
| |
|
|
|
|
| |
due to the invoked copyout(9).
Reviewed by: davidxu
|
| |
|
|
| |
MFC after: 2 weeks
|
| |
|
|
| |
Reviewed by: glebius
|
| |
|
|
|
|
| |
PR: standards/170346
Submitted by: "Jukka A. Ukkonen" <jau@iki.fi>
MFC after: 1 month
|
| |
|
|
|
|
| |
PR: standards/170346
Submitted by: "Jukka A. Ukkonen" <jau@iki.fi>
MFC after: 1 month
|
| |
|
|
|
|
|
|
| |
static linking with libc and libm work.
Requested by: jilles
MFC after: 1 week
X-MFC-With: 242879
|
| |
|
|
|
|
|
|
|
|
|
| |
libc.a and libc_p.a. In addition, define isnan in libm.a and libm_p.a,
but not in libm.so.
This makes it possible to statically link executables using both isnan
and isnanf with libc and libm.
Tested by: kargl
MFC after: 1 week
|
| |
|
|
| |
MFC after: 2 weeks
|
| |
|
|
| |
MFC after: 3 days
|
| |
|
|
| |
MFC after: 1 week
|
| |
|
|
| |
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
| |
checks. Also indicate killpg(2) is POSIX compliant.
Reviewed by: jilles
Reviewed by: wblock
Approved by: cperciva
MFC after: 3 days
|
| |
|
|
|
| |
Approved by: cperciva
MFC after: 1 week
|
| |
|
|
| |
Submitted by: alc
|
| |
|
|
|
|
|
|
|
|
|
| |
output and replace it with a new visible sysctl kern.ipc.acceptqueue
of the same functionality. It specifies the maximum length of the
accept queue on a listen socket.
The old kern.ipc.somaxconn remains available for reading and writing
for compatibility reasons so that existing programs, scripts and
configurations continue to work. There no plans to ever remove the
orginal and now hidden kern.ipc.somaxconn.
|
| |
|
|
|
|
|
|
|
| |
This adds two features:
* uid_from_user() and gid_from_group() as the reverse of user_from_uid()
and groups_from_gid().
* pwcache_userdb() and pwcache_groupdb() which allow alternative lookup
functions to be used. For example lookups from passwd and group
databases in a non-standard location.
|
| |
|
|
| |
not NULL.
|
| |
|
|
|
|
|
|
| |
in devices and mount paths, encoded as \s or \040.
PR: bin/117687
Submitted by: Martin Kammerhofer
Discussed on: arch
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
srandomdev(). This doesn't actually work
with any modern C compiler:
In particular, both clang and modern gcc
verisons silently elide any xor operation
with 'junk'.
Approved by: secteam
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
| |
After further discussion, instead of pretending to use
uid_t and gid_t as upstream Solaris and linux try to, we
are better using u_int, which is in fact what the code
can handle and best approaches the range of values used
by uid and gid.
Discussed with: bde
Reviewed by: bde
|
| |
|
|
|
|
|
|
|
|
| |
The previous change (based on Solaris) doesn't work properly either
as the casting only has the effect of quieting the compiler.
Move back to the previous solution but adjust the sizeof()
type in xdr_array(). This should mostly work (by accident).
Reported by: bde
|
| |
|
|
|
|
|
|
|
| |
1) Don't iterate the loop from the environment array beginning each time,
iterate it under the last place we deactivate instead.
2) Call __rebuild_environ() not on each iteration but once, only at the end
of whole loop (of course, only in case if something is changed).
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of the previous commit, uses of xdr_int() were replaced
with xdr_u_int(). This has undesired effects as the second
argument doesn't match exactly uid_t or gid_t. It also breaks
assumptions in the size of the provided types.
To work around those issues we revert back to the use of xdr_int()
but provide proper casting so the behaviour doesn't change.
While here fix a style issue in the affected lines.
Reported by: bde
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When creating a client with clnt_tli_create, it uses strdup to copy
strings for these fields if nconf is passed in. clnt_dg_destroy frees
these strings already. Make sure clnt_vc_destroy frees them in the same
way.
This change matches the reference (OpenSolaris) implementation.
Tested by: David Wolfskill
Obtained from: Bull GNU/Linux NFSv4 Project (libtirpc)
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
__rpc_getconfip is supposed to return the first netconf
entry supporting tcp or udp, respectively. The code will
currently return the *last* entry, plus it will leak
memory when there is more than one such entry.
This change matches the reference (OpenSolaris)
implementation.
Tested by: David Wolfskill
Obtained from: Bull GNU/linux NFSv4 Project (libtirpc)
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
This matches what upstream (OpenSolaris) does.
Tested by: David Wolfskill
Obtained from: Bull GNU/Linux NFSv4 project (libtirpc)
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
| |
to craft environment variables with similar names like that:
a=1
a=2
...
unsetenv("a") should remove them all to make later getenv("a") impossible.
Fix it to do so (this is GNU autoconf test #3 failure too).
PR: 172273
MFC after: 1 week
|
| |
|
|
|
| |
Approved by: wblock
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
| |
This fixes a race condition where another thread may fork() before CLOEXEC
is set, unintentionally passing the descriptor to the child process.
This commit only adds O_CLOEXEC flags to open() or openat() calls where no
fcntl(fd, F_SETFD, FD_CLOEXEC) follows. The separate fcntl() call still
leaves a race window so it should be fixed later.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Because fts keeps internal file descriptors open across calls, making such
descriptors close-on-exec helps not only multi-threaded applications but
also single-threaded applications.
In particular, this prevents passing a temporary file descriptor for saving
the current directory to processes created via find -exec.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The attempt to merge changes from the linux libtirpc caused
rpc.lockd to exit after startup under unclear conditions.
After many hours of selective experiments and inconsistent results
the conclusion is that it's better to just revert everything and
restart in a future time with a much smaller subset of the
changes.
____
MFC after: 3 days
Reported by: David Wolfskill
Tested by: David Wolfskill
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Passing an invalid pointer results in undefined behaviour.
The wrappers in libthr access some of the data pointed to by the arguments
in userland, so that an invalid pointer will cause a signal and not an
[EFAULT] error return.
Furthermore, if the [EFAULT] error occurs when the kernel is writing, it is
not a proper error in the sense that the call still commits (changing the
signal disposition or accepting the signal).
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following change caused rpc.lockd to exit after startup:
____
libtirpc: be sure to free cl_netid and cl_tp
When creating a client with clnt_tli_create, it uses strdup to copy
strings for these fields if nconf is passed in. clnt_dg_destroy frees
these strings already. Make sure clnt_vc_destroy frees them in the
same way.
____
MFC after: 3 days
Reported by: David Wolfskill
Tested by: David Wolfskill
|
| | |
|
| | |
|
| |
|
|
|
| |
Messages for known signals looked like "Terminated: 15" instead of
"Terminated".
|
| |
|
|
|
| |
Approved by: cperciva
MFC after: 3 days
|
| |
|
|
|
|
|
| |
ptsname may set errno, so avoid saving and restoring errno across the
function.
PR: standards/171572
|
