| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r303088,r303142,r303208,r303210,r303530,r303536,r303564,r303565,
r303706
In short:
1) All situations with glob(3) error return codes are well defined by
POSIX, so rewrite old sporadic errors processing to match those
definitions.
Including subcases:
Both C99 and POSIX directly prohibits any standard function to set errno
to 0. Breaking this rule in 2001 NetBSD hack was imported which attempts
to workaround very limited glob(3) return codes amount.
Use POSIX-compatible workaround now with E2BIG which can't comes from
other functions used instead of prohibited 0.
Process errors happpens in (*readdirfunc)() too, as POSIX requires.
Per POSIX GLOB_NOCHECK should return original pattern,
unmodified, if no matches found. But our code strips all '\'
returning it. Rewrite the code to allow to return original pattern.
GLOB_ERR and gl_errfunc are supposed to work only for real directories
per POSIX, so don't act on missing or plain files for ENOENT or ENOTDIR
(as TODO in the code suggested).
Remove the hack in the manpage describing how to skip ENOENT and ENOTDIR
in gl_errfunc, it is unneeded now.
Per POSIX GLOB_ERR must be considered even if gl_errfunc is not set,
old code skips it in that case.
2) For near MAXPATHLEN long pathes old glob(3) code can operate on
truncated results, prevent it in several places.
3) Results was not sorted according to collate as POSIX requires.
4) globtilde() forget to convert expanded user home dir from multibyte to
wide chars. Moreover, those chars are addded as not protected, so
can be treated as special chars.
5) Backward hack for EILSEQ in g_Ctoc() was not implemented, so all
pathes with illegal byte sequences are skipped as result, implement it now.
6) GLOB_BRACE was somehow broken. First it repeatedly calls glob0() in
globexp1() recursive calls, but glob0() was not supposed to be called
repeatedly in the original code. It finalize results by possible adding
original pattern for no match case, may return GLOB_NOMATCH error and
by sorting all things. Original pattern adding or GLOB_NOMATCH error
can happens each time glob0() called repeatedly, and sorting happens
for one item only, all things are never sorted. Second, f.e. "a{a"
pattern does not match "a{a" file but match "a" file instead.
Third, some errors (f.e. for limits or overflow) can be ignored
by GLOB_BRACE code because it forces return (0).
Add non-finalizing flag to glob0() and make globexp0() wrapper around
recursively called globexp1() to finalize things like glob0() does.
Reorganize braces code to work correctly.
7) Don't allow MB_CUR_MAX * strlen overallocation hits GLOB_LIMIT_STRING
(ARG_MAX) limit, use final string length, not malloced space for it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a mask of optional ptrace() events.
302900:
Add a test for user signal delivery.
This test verifies we get the correct ptrace event details when a signal
is posted to a traced process from userland.
302902:
Add a mask of optional ptrace() events.
ptrace() now stores a mask of optional events in p_ptevents. Currently
this mask is a single integer, but it can be expanded into an array of
integers in the future.
Two new ptrace requests can be used to manipulate the event mask:
PT_GET_EVENT_MASK fetches the current event mask and PT_SET_EVENT_MASK
sets the current event mask.
The current set of events include:
- PTRACE_EXEC: trace calls to execve().
- PTRACE_SCE: trace system call entries.
- PTRACE_SCX: trace syscam call exits.
- PTRACE_FORK: trace forks and auto-attach to new child processes.
- PTRACE_LWP: trace LWP events.
The S_PT_SCX and S_PT_SCE events in the procfs p_stops flags have
been replaced by PTRACE_SCE and PTRACE_SCX. PTRACE_FORK replaces
P_FOLLOW_FORK and PTRACE_LWP replaces P2_LWP_EVENTS.
The PT_FOLLOW_FORK and PT_LWP_EVENTS ptrace requests remain for
compatibility but now simply toggle corresponding flags in the
event mask.
While here, document that PT_SYSCALL, PT_TO_SCE, and PT_TO_SCX both
modify the event mask and continue the traced process.
302921:
Rename PTRACE_SYSCALL to LINUX_PTRACE_SYSCALL.
303461:
Note that not all optional ptrace events use SIGTRAP.
New child processes attached due to PTRACE_FORK use SIGSTOP instead of
SIGTRAP. All other ptrace events use SIGTRAP.
304009:
Remove description of P_FOLLOWFORK as this flag was removed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
292894:
Add ptrace(2) reporting for LWP events.
Add two new LWPINFO flags: PL_FLAG_BORN and PL_FLAG_EXITED for reporting
thread creation and destruction. Newly created threads will stop to report
PL_FLAG_BORN before returning to userland and exiting threads will stop to
report PL_FLAG_EXIT before exiting completely. Both of these events are
only enabled and reported if PT_LWP_EVENTS is enabled on a process.
292896:
Document the recently added support for ptrace(2) LWP events.
|
| |
|
|
| |
Remove empty initializer for the once facility.
|
| |
|
|
| |
Fix an infinite loop in setnetgrent(3) with NIS netgroups.
|
| |
|
|
|
|
|
|
|
|
| |
- Add a sigevent(3) manpage to give a general overview of the sigevent
structure and the available notification mechanisms.
- Document that AIO requests contain a nested sigevent structure that can
be used to request completion notification.
- Expand the sigevent details in other manuals to note details such as
the extra values stored in a queued signal's information or in a posted
kevent.
|
| |
|
|
|
|
|
|
|
|
|
| |
r261644 (MFC of r260553) added missing C++ typinfos to libcxxrt's
version script. It appears that a number of duplicate mangled symbols
were added due to a cut and paste error. Switch the second instances to
_ZTS*, typeinfo name for *.
Found by lld, which produces an error or warning for duplicate symbols.
Sponsored by: The FreeBSD Foundation
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
1) Eliminate possibility to call __*collate_range_cmp() with inclomplete
locale (which cause core dump) by removing whole 'table' argument
by which it passed.
2) Restore __collate_range_cmp() in __sccl().
3) Collating [a-z] range in regcomp() works for single byte locales only
(we can't do it for other ones). In previous state only first 256
wide chars are considered and all others are just silently dropped from the
range.
|
| |
|
|
|
|
| |
MFV r302218: file 5.28.
Relnotes: yes
|
| |
|
|
|
|
|
|
|
| |
Revert r301707
getnetent_p doesn't return NULL like getnetent does. coccinelle got confused and
I didn't verify that it worked before committing the change
Pointyhat to: ngie
|
| |
|
|
|
|
|
| |
Use NULL instead of `0` in _ht_getnetbyname(..)
- getnetent returns NULL on completion/error.
- .h_aliases is NULL terminated.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix multiple Coverity Out-of-bounds access false postive issues in CAM
The currently used idiom for clearing the part of a ccb after its
header generates one or two Coverity errors for each time it is
used. All instances generate an Out-of-bounds access (ARRAY_VS_SINGLETON)
error because of the treatment of the header as a two element array,
with a pointer to the non-existent second element being passed as
the starting address to bzero(). Some instances also alsp generate
Out-of-bounds access (OVERRUN) errors, probably because the space
being cleared is larger than the sizeofstruct ccb_hdr).
In addition, this idiom is difficult for humans to understand and
it is error prone. The user has to chose the proper struct ccb_*
type (which does not appear in the surrounding code) for the sizeof()
in the length calculation. I found several instances where the
length was incorrect, which could cause either an actual out of
bounds write, or incompletely clear the ccb.
A better way is to write the code to clear the ccb itself starting
at sizeof(ccb_hdr) bytes from the start of the ccb, and calculate
the length based on the specific type of struct ccb_* being cleared
as specified by the union ccb member being used. The latter can
normally be seen in the nearby code. This is friendlier for Coverity
and other static analysis tools because they will see that the
intent is to clear the trailing part of the ccb.
Wrap all of the boilerplate code in a convenient macro that only
requires a pointer to the desired union ccb member (or a pointer
to the union ccb itself) as an argument.
Reported by: Coverity
CID: 1007578, 1008684, 1009724, 1009773, 1011304, 1011306
CID: 1011307, 1011308, 1011309, 1011310, 1011311, 1011312
CID: 1011313, 1011314, 1011315, 1011316, 1011317, 1011318
CID: 1011319, 1011320, 1011321, 1011322, 1011324, 1011325
CID: 1011326, 1011327, 1011328, 1011329, 1011330, 1011374
CID: 1011390, 1011391, 1011392, 1011393, 1011394, 1011395
CID: 1011396, 1011397, 1011398, 1011399, 1011400, 1011401
CID: 1011402, 1011403, 1011404, 1011405, 1011406, 1011408
CID: 1011409, 1011410, 1011411, 1011412, 1011413, 1011414
CID: 1017461, 1018387, 1086860, 1086874, 1194257, 1229897
CID: 1229968, 1306229, 1306234, 1331282, 1331283, 1331294
CID: 1331295, 1331535, 1331536, 1331539, 1331540, 1341623
CID: 1341624, 1341637, 1341638, 1355264, 1355324
Reviewed by: scottl, ken, delphij, imp
MFH: 1 month
Differential Revision: https://reviews.freebsd.org/D6496
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update libarchive to 3.2.1 (bugfix and security fix release)
List of vendor fixes:
- fix exploitable heap overflow vulnerability in Rar decompression
(vendor issue 719, CVE-2016-4302, TALOS-2016-0154)
- fix exploitable stack based buffer overflow vulnebarility in mtree
parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153)
- fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo
(vendor issue 718, CVE-2016-4300, TALOS-2016-152)
- fix integer overflow when computing location of volume descriptor
(vendor issue 717)
- fix buffer overflow when reading a crafred rar archive (vendor issue 521)
- fix possible buffer overflow when reading ISO9660 archives on machines
where sizeof(int) < sizeof(size_t) (vendor issue 711)
- tar and cpio should fail if an input file named on the command line is
missing (vendor issue 708)
- fix incorrect writing of gnutar filenames that are exactly 512 bytes
long (vendor issue 682)
- allow tests to be run from paths that are equal or longer than 128
characters (vendor issue 657)
- add memory allocation errors in archive_entry_xattr.c (vendor PR 603)
- remove dead code in archive_entry_xattr_add_entry() (vendor PR 716)
- fix broken decryption of ZIP files (vendor issue 553)
- manpage style, typo and description fixes
Post-3.2.1 vendor fixes:
- fix typo in cpio version reporting (Vendor PR 725, 726)
- fix argument range of ctype functions in libarchive_fe/passphrase.c
- fix ctype use and avoid empty loop bodies in WARC reader
Security: CVE-2016-4300, CVE-2016-4301, CVE-2016-4302
|
| |
|
|
|
|
|
| |
r302125 and r302171:
Added multiple new LibUSB v1.0 API functions.
Refer to the individual commits for more details.
|
| |
|
|
|
|
|
|
| |
Implement code to stop all USB endpoints before executing a USB device
reset command, alternate setting command or set configuration
command. Else LibUSB v1.0 will not re-open the endpoints which the
kernel closes and the USB application might wait infinitely for
transfers to complete.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Let l64a() properly null terminate its result.
Though the buffer used by l64a() is initialized with null bytes,
repetetive calls may end up having trailing garbage of previous
invocations because we don't end up terminating the string.
Instead of importing NetBSD's fix, use this opportunity to simplify this
function dramatically, for example by just storing the Base64 character
set in a string. There is also no need to do the bitmasking, as we can
just use the proper integer type from <stdint.h>.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libc: regexec(3) adjustment.
Change the behavior of when REG_STARTEND is combined with REG_NOTBOL.
From the original posting[1]:
"Enable the assumption that pmatch[0].rm_so is a continuation offset
to a string and allows us to do a proper assessment of the character
in regards to it's word position ('^' or '\<'), without risking going
into unallocated memory."
This change makes us similar to how glibc handles REG_STARTEND |
REG_NOTBOL, and is closely related to a soon-to-land fix to sed.
Special thanks to Martijn van Duren and Ingo Schwarze for working
out some consistent behaviour.
Differential Revision: https://reviews.freebsd.org/D6257
Taken from: openbsd-tech 2016-05-24 [1] (Martijn van Duren)
|
| |
|
|
| |
"PTHREAD_PROCESSES_PRIVATE".
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r299529,r299540:
Update libarchive to 3.2.0
New features:
- new bsdcat command-line utility
- LZ4 compression (in src only via external utility from ports)
- Warc format support
- 'Raw' format writer
- Zip: Support archives >4GB, entries >4GB
- Zip: Support encrypting and decrypting entries
- Zip: Support experimental streaming extension
- Identify encrypted entries in several formats
- New --clear-nochange-flags option to bsdtar tries to remove noschg and
similar flags before deleting files
- New --ignore-zeros option to bsdtar to handle concatenated tar archives
- Use multi-threaded LZMA decompression if liblzma supports it
- Expose version info for libraries used by libarchive
r299576,r299896:
Fix broken cpio behavior.
Relnotes: yes
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Don't leak olinep if malloc() fails.
If malloc() fails to allocate linep, then free olinep (if it exists)
before returning to avoid a memory leak.
Reported by: Coverity
CID: 1016716
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D6755
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't leak addrinfo if ai->ai_addrlen <= minsiz test fails.
If the ai->ai_addrlen <= minsiz test fails, then freeaddrinfo()
does not get called to free the memory just allocated by getaddrinfo().
Fix by moving ai->ai_addrlen <= minsiz to a separate nested if
block, and keep freeaddrinfo() in the outer block so that freeaddrinfo()
will be called whenever getaddrinfo() succeeds.
Reported by: Coverity
CID: 1273652
Reviewed by: ume
Differential Revision: https://reviews.freebsd.org/D6756
|
| |
|
|
|
| |
Mark jail(2), and the sysctls that it (and only it) uses as deprecated.
jail(8) has long used jail_set(2), and those sysctl only cause confusion.
|
| |
|
|
| |
Test for strchr(3) returning NULL, not 0
|
| |
|
|
|
|
|
|
|
|
| |
r299511 (by cem):
print_positional_test: Fix misuse of wchar APIs
These APIs take unit length, not byte length parameters.
CIDs: 1338543, 1338544, 1338545
|
| |
|
|
|
|
|
|
|
|
|
|
| |
r299510 (by cem):
libmp: Fix trivial buffer overrun
fgetln yields a non-NUL-terminated buffer and its length. This routine
attempted to NUL-terminate it, but did not allocate space for the NUL. So,
allocate space for the NUL.
CID: 1017457
|
| |
|
|
|
|
|
|
|
|
|
| |
r299502 (by cem):
nss/gethostby_test: fix broken vector iteration of gethostbyaddr h_aliases
h_aliases is a NULL-terminated rather than fixed-length array. nitems() is not
a valid way to determine its end; instead, check for NULL.
CID: 1346578
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fix up r300385
I accidentally glossed over the fact that tmp is manipulated via strchr, so
if we tried to free `tmp` after r300385, it would have crashed.
Create a separate pointer (tmp2) to track the original allocation of `tmp`,
and free `tmp2` if `p->nc_lookups` can't be malloced
CID: 1356026
|
| |
|
|
| |
Don't leak `tmp` if `p->nc_lookups` can't be malloced
|
| |
|
|
|
|
|
| |
Don't leak `handle` if svc_tp_create(..) succeeds and allocating a new
struct xlist object fails
CID: 978277
|
| |
|
|
|
|
|
|
| |
Remove NO_WERROR from libbsnmp/Makefile.inc
This has been compiling without warnings with clang/gcc for a while now
Tested with: clang 3.8.0, gcc 4.2.x, gcc 5.x
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r300387:
getnetid(..): consistently fclose fd at the end of the function
This mutes a false positive with cppcheck, but also helps eliminate future
potential issues with this variable
r300388:
Call endnetconfig on nc_handle sooner to avoid leaking nc_handle if tmpnconf
was NULL
This would theoretically happen if the netconfig protocol family and protocol
semantics were never matched.
CID: 978179
r300389:
nis_rpcent: don't leak resultbuf from yp_first(..)/yp_next(..)
If the buffer couldn't be adequately resized to accomodate an additional "\n",
it would leak resultbuf by breaking from the loop early
CID: 1016702
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r300620:
Use reallocf instead of malloc to fix leak with outbuf_pmap
The previous code overwrote outbuf_pmap's memory with malloc once per
loop iteration, which leaked its memory; use reallocf instead to ensure
that memory is properly free'd each loop iteration.
Add a outbuf_pmap = NULL in the failure case to avoid a double-free
at the bottom of the function.
CID: 1038776
r300621:
Remove redundant NULLing of outbuf_pmap
If reallocf ever failed, outbuf_pmap would already be NULL
|
| |
|
|
| |
Update fetch.1 and fetch.3 to reflect libfetch's actual use of CA bundles
|
| |
|
|
|
|
| |
Don't use fixup for C99 and up, the compiler result is already correct.
Suggested by: bde
|
| |
|
|
|
| |
Reflect error indication according to POSIX and what those functions
currently do.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
1) Unifdef USE_WEAK_SEEDING since it is too obsolete to support and makes
reading hard.
2) Instead of doing range transformation in each and every function here,
do it single time directly in do_rand(). One "mod" operation overhead is not
a big deal, but the code looks nicer and possible future functions additions
or PRNG change do not miss range transformations neither have unneeded ones.
3) Use POSIX argument types for visible functions (cosmetic).
|
| |
|
|
|
| |
can't be merged without conflicts and require merging of other versions
too and I don't want to go deep in that unmerged commits chain.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Unifdef USE_WEAK_SEEDING it is too obsolete to support and makes reading
harder.
2) ACM paper require seed to be in [1, 2^31-2] range, so use the same range
shifting as already done for rand(3). Also protect srandomdev() + TYPE_0 case
(non default) from negative seeds.
3) Don't check for valid "type" range in setstate(), it is always valid as
calculated. Instead add a check that rear pointer not exceeed end pointer.
MFC: r300965
Micro optimize: C standard guarantees that right shift for unsigned value
fills left bits with zero, and we have exact 32bit unsigned value
(uint32_t), so there is no reason to add "& 0x7fffffff" here.
|
| |
|
|
| |
FTS: Remove stale reference to nfs4 fs which was removed in r192578.
|
| |
|
|
|
|
|
| |
the character after the one this conversion stopped at.
PR: 209907
Submitted by: Roel Standaert <roel@abittechnical.com> (partially)
|
| |
|
|
|
|
|
| |
Call closedir() before returning from fetchListFile() to avoid a leak.
Reported by: Coverity
CID: 1016697
|
| |
|
|
|
|
|
| |
Don't leak addrinfo in fetch_bind()
Submitted by: Coverity
CID: 1225038
|
| |
|
|
|
|
|
|
|
| |
Fix Coverity CID 978183 Resource leak in rexec().
Close the socket if connect() fails to avoid leaking it.
Reported by: Coverity
CID: 978183
|
| |
|
|
|
|
|
|
|
| |
Fix Coverity CID 1016714 Resource leak in process_file_actions_entry()
Don't leak a file descriptor of _dup2() fails (shouldn't happen).
Reported by: Coverity
CID: 1016714
|
| |
|
|
|
|
|
|
|
| |
Fix 1016718 Resource leak.
Don't leak a file descriptor if fchdir() fails.
Reported by: Coverity
CID: 1016718
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make both the loader and kernel use the interface-mtu option if the
dhcp server provides it. Made up of these (semi-)related changes...
[kernel...] If the dhcp server provides an interface-mtu option, parse
the value and set that mtu on the interface.
[libstand...]
Garbage collect the bswap routines from libstand, use sys/endian.h.
If the dhcp server delivers an interface-mtu option, parse it and store
the value in a new global intf_mtu for use by the application.
[loader...]
If the dhcp server provided an interface-mtu option, transcribe the value
to the boot.netif.mtu env var, which will be picked up by pre-existing code
in nfs_mountroot() and used to configure the interface accordingly.
PR: 187094
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
libc/regex: fix two buffer underruns.
Fix some rather complex regex issues found on OpenBSD as part of some
ongoing work to fix a sed(1) bug.
Curiously the OpenBSD tests don't trigger segfaults on FreeBSD but the
bugs were confirmed by running a port of FreeBSD's regex under OpenBSD's
malloc. Huge thanks to Ingo for confirming the behavior.
Obtained from: OpenBSD (CVS 1.20, 1.21)
|
| |
|
|
| |
application code.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) POSIX prohibits printing errors to stderr here and require
returning NULL:
"Upon successful completion, initstate() and setstate() shall return a
pointer to the previous state array; otherwise, a null pointer shall
be returned.
Although some implementations of random() have written messages to
standard error, such implementations do not conform to POSIX.1-2008."
2) Move error detections earlier to prevent state modifying.
|
