| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Due to insufficient validation of network-provided data it may have been
possible for a malicious actor to craft a bootp packet which could cause
a stack buffer overflow.
admbugs: 850
Reported by: Reno Robert
Reviewed by: markj
Approved by: so
Security: FreeBSD-SA-18:15.bootpd
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r315733 (imp):
Impelemnt ttys onifexists in init.
Implement a new init(8) option in /etc/ttys. If this option is present
on the entry in /etc/ttys, the entry will be active if and only if it
exists. If the name starts with a '/', it will be considered an
absolute path. If not, it will be a path relative to /dev.
This allows one to turn off video console getty that aren't present
(while running a getty on them even when they aren't the system
console). Likewise with serial ports.
It differs from onifconsole in only requiring the device exist rather
than it be listed as one of the system consoles.
r315737 (ngie):
Unbreak world by adding sys/stat.h for stat(2)
r315740 (imp):
Simplify the code a little.
r330054 (trasz):
Improve missing tty handling in init(8). This removes a check that did
nothing - it was checking for ENXIO, which, with devfs, is no longer
returned - and was badly placed anyway, and replaces it with similar
one that works, and is done just before starting getty, instead of being
done when rereading ttys(5).
From the practical point of view, this makes init(8) handle disappearing
terminals (eg /dev/ttyU*) gracefully, without unneccessary getty restarts
and resulting error messages.
Reported by: Bart Ender, Andre Albsmeier
PR: 228315
Blocks: 11.2-BETA2
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r330710:
tftpd: Flush files as soon as they are fully received
On an RRQ, tftpd doesn't exit as soon as it's finished receiving a file.
Instead, it waits five seconds just in case the client didn't receive the
server's last ACK and decides to resend the final DATA packet.
Unfortunately, this created a 5 second delay from when the client thinks
it's done sending the file, and when the file is available for other
processes.
Fix this bug by closing the file as soon as receipt is finished.
PR: 157700
Reported by: Barry Mishler <barry_mishler@yahoo.com>
r330718:
tftpd: Verify world-writability for WRQ when using relative paths
tftpd(8) says that files may only be written if they already exist and are
publicly writable. tftpd.c verifies that a file is publicly writable if it
uses an absolute pathname. However, if the pathname is relative, that check
is skipped. Fix it.
Note that this is not a security vulnerability, because the transfer
ultimately doesn't work unless the file already exists and is owned by user
nobody. Also, this bug does not affect the default configuration, because
the default uses the "-s" option which makes all pathnames absolute.
PR: 226004
r330719:
tftpd: Abort on an WRQ access violation
On a WRQ (write request) tftpd checks whether the client has access
permission for the file in question. If not, then the write is prevented.
However, tftpd doesn't reply with an ERROR packet, nor does it abort.
Instead, it tries to receive the packet anyway.
The symptom is slightly different depending on the nature of the error. If
the target file is nonexistent and tftpd lacks permission to create it, then
tftpd will willingly receive the file, but not write it anywhere. If the
file exists but is not writable, then tftpd will fail to ACK to WRQ.
PR: 225996
r330720:
tftpd: reject unknown opcodes
If tftpd receives a command with an unknown opcode, it simply exits 1. It
doesn't send an ERROR packet, and the client will hang waiting for one. Fix
it.
PR: 226005
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r330696:
Add some functional tests for tftpd(8)
tftpd(8) is difficult to test in isolation due to its relationship with
inetd. Create a test program that mimics the behavior of tftp(1) and
inetd(8) and verifies tftpd's response in several different scenarios.
These test cases cover all of the basic TFTP protocol, but not the optional
parts.
PR: 157700
PR: 225996
PR: 226004
PR: 226005
Differential Revision: https://reviews.freebsd.org/D14310
r330709:
Commit missing file from r330696
X-MFC-With: 330696
r330742:
tftpd: fix the build of tests on i386 after 330696
It's those darn printf format specifiers again
Reported by: cy, kibab
X-MFC-With: 330696
r331358:
tftpd: misc Coverity cleanup in the tests
A bunch of unchecked return values from open(2) and read(2)
Reported by: Coverity
CID: 1386900, 1386911, 1386926, 1386928, 1386932, 1386942
CID: 1386961, 1386979
X-MFC-With: 330696
|
| |
|
|
| |
rpc.sprayd: raise WARNS to 6
|
| |
|
|
|
|
| |
The need for _WITH_GETLINE and _WITH_DPRINTF was removed in HEAD in
r303524 but is still needed in stable/11 to enable prototypes for these
functions.
|
| |
|
|
|
|
| |
Make rtld_bind_start() debugger friendly. Save link register and annotate
call frame structure so debugger can unwind call frame created by
rtld_bind_start().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was intended to be a non-functional change. It wasn't. The commit
message was thus wrong. In addition it broke arm, and merged crypto
related code.
Revert with prejudice.
This revert skips files touched in r316370 since that commit was since
MFCed. This revert also skips files that require $FreeBSD$ property
changes.
Thank you to those who helped me get out of this mess including but not
limited to gonzo, kevans, rgrimes.
Requested by: gjb (re)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
o Let rtld(1) set up psABI user trap handlers prior to executing the
objects' init functions instead of doing the setup via a constructor
in libc as the init functions may already depend on these handlers
to be in place. This gets us rid of:
- the undefined order in which libc constructors as __guard_setup()
and jemalloc_constructor() are executed WRT __sparc_utrap_setup(),
- the requirement to link libc last so __sparc_utrap_setup() gets
called prior to constructors in other libraries (see r122883).
For static binaries, crt1.o still sets up the user trap handlers.
o Move misplaced prototypes for MD functions in to the MD prototype
section of rtld.h.
o Sprinkle nitems().
|
| |
|
|
|
|
|
| |
These changes are incomplete but are making it difficult
to determine what other changes can/should be merged.
No objections from: pfg
|
| |
|
|
| |
A little tweak for performance
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
rpc.sprayd: Bring some changes from NetBSD.
Most notable, other than some style issues:
CVS 1.11:
do not use LOG_CONS.
CVS 1.13:
consistently use exit instead of return in main().
use LOG_WARNING instead of LOG_ERR for non critical errors.
Obtained from: NetBSD
|
| |
|
|
|
| |
Replace send-mail with the more standarized sendmail, we do not create
links for send-mail in mailwrapper so it did not work anyway.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apply authenticated user context after update of wtmp(5) at start of session,
so that ftpd process is not killed by kernel with SIGXFSZ when user has
"filesize" limit lower than size of system wtmp file. Same applies
to session finalization: revert to super-user context before update of wtmp.
If ftpd hits limit while writing a file at user request,
do not get killed with SIGXFSZ instantly but apparently ignore the signal,
process error and report it to the user, and continue with the session.
PR: 143570
Approved by: mav (mentor)
|
| |
|
|
|
|
| |
Fix some nroff syntax in rtld.1.
PR: 223420
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new getty/gettytab capability to generate an initial message dynamically.
This modification adds a new gettytab(5) option (iM) to specify a
program to run that will generate the initial (banner) message that is
displayed before the login prompt. Such a capability is useful when
dynamic information is needed in the banner message that cannot be
supplied by the set of % substitution sequences available in the "im"
option.
Sponsored by: Dell EMC
|
| |
|
|
|
|
|
| |
Fix markup in gettytab(5).
Approved by: vangyzen (mentor)
Sponsored by: Dell EMC
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Try to fix the old "he capability is stupid" bug in gettytab(5)/getty(8)
There is one capability explicitly documented in gettytab(5) as stupid: he.
And it is indeed. It was meant to facilitate system hostname modification,
but is hardly usable in practice because it allows very limited editing
(e.g., it depends on a particular hostname length, making it non-generic).
Replace it with simple implementation that treats ``he'' as POSIX extended
regular expression which is matched against the hostname. If there are no
parenthesized subexpressions in the pattern, entire matched string is used
as the final hostname. Otherwise, use the first matched subexpression.
If the pattern does not match, the original hostname is not modified.
Using regex(3) gives more freedom, does not complicate the code very much,
and makes a lot more sense, in turn making ``he'' less stupid and actually
useful (e.g., it is now possible to obtain node or domain names from the
original hostname string, without knowing it in advance).
Approved by: vangyzen (mentor)
Sponsored by: Dell EMC
|
| |
|
|
|
|
| |
'obj' is not initialized here.
Sponsored by: DARPA / AFRL
|
| |
|
|
| |
Add serial comma.
|
| |
|
|
|
|
| |
Allow to specify targets by absolute paths in libmap.conf.
PR: 221032
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
hyperv: Add VF bringup scripts and devd rules.
How network VF works with hn(4) on Hyper-V in non-transparent mode:
- Each network VF has a cooresponding hn(4).
- The network VF and the it's cooresponding hn(4) have the same hardware
address.
- Once the network VF is up, e.g. ifconfig VF up:
o All of the transmission should go through the network VF.
o Most of the reception goes through the network VF.
o Small amount of reception may go through the cooresponding hn(4).
This reception will happen, even if the the cooresponding hn(4) is
down. The cooresponding hn(4) will change the reception interface
to the network VF, so that network layer and application layer will
be tricked into thinking that these packets were received by the
network VF.
o The cooresponding hn(4) pretends the physical link is down.
- Once the network VF is down or detached:
o All of the transmission should go through the cooresponding hn(4).
o All of the reception goes through the cooresponding hn(4).
o The cooresponding hn(4) fallbacks to the original physical link
detection logic.
All these features are mainly used to help live migration, during which
the network VF will be detached, while the network communication to the
VM must not be cut off. In order to reach this level of live migration
transparency, we use failover mode lagg(4) with the network VF and the
cooresponding hn(4) attached to it.
To ease user configuration for both network VF and non-network VF, the
lagg(4) will be created by the following rules, and the configuration
of the cooresponding hn(4) will be applied to the lagg(4) automatically.
Sponsored by: Microsoft
Differential Revision: https://reviews.freebsd.org/D11635
|
| |
|
|
|
|
|
| |
atf-sh(3): document atf_init_test_cases(3) fully
The function was missing from the NAME/SYNOPSIS sections. Add a manpage link
to complete the documentation reference.
|
| |
|
|
|
|
| |
libexec: normalize paths using SRCTOP-relative paths or :H when possible
This simplifies make logic/output
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r316552:
atf-c: fix documentation description for atf_utils_wait(3)
atf_utils_wait(3) should be used in combination with atf_utils_fork(3),
not itself (atf_utils_wait(3)).
r319662:
Add MLINKS for atf-sh(3) to each of the functions it implements
This hopefully will make atf-sh(3) easier to understand for newcomers,
without having to go through the atf-sh(3) level of indirection.
|
| |
|
|
| |
Use strlcpy() instead of strncpy() and nul-terminating.
|
| |
|
|
| |
Language improvements.
|
| |
|
|
| |
When reporting undefined symbol, note the version, if specified.
|
| |
|
|
|
|
|
| |
In open_binary_fd: when using buffer size for strl* and snprintf,
always use >= instead of > to avoid truncation.
releng/11.1 candidate.
|
| |
|
|
| |
Use address space guard to implement inter-segment gap.
|
| |
|
|
| |
Add deprecation notices for all rcmd tools
|
| |
|
|
|
|
|
|
|
| |
rtld: fix warnings about redundant declarations
Fix warnings about redundant declarations in rtld
when libthr in increased to WARNS=6.
Sponsored by: Dell EMC
|
| |
|
|
| |
Correct explanation of the dynamic tokens handling.
|
| |
|
|
| |
Document direct execution mode for rtld.
|
| |
|
|
| |
Update my copyright, note The FreeBSD Foundation involvement.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MFC r318313:
Make ld-elf.so.1 directly executable.
MFC r318352 (by jonathan):
Rename rtld's parse_libdir to parse_integer.
MFC r318380:
Pretend that there is some security when executing in direct mode.
MFC r318431 (by jonathan):
Allow rtld direct-exec to take a file descriptor.
MFC r318445:
Fix style, add static keyword before static function definition.
MFC r318739:
For ld.so direct execution mode, implement -p option.
|
| |
|
|
| |
Fix the AT_EXECFD functionality.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Convert absolute links to relative links.
Style.Makefile(9) has been ignored to produce minimal diffs.
MFC r314837
The relative symlink fix causes downstream issues for
EMC DELL Isilon so revert the relative symlink fix
pending a better solution.
Reported by: ngie
MFC r315091
Revert r314833 until the problem with INSTALL_RSYMLINKS can be found
as it appears to break arm release builds.
PR: 217705
Reported by: cyclaero@gmail.com
Approved by: grehan (mentor)
|
| |
|
|
| |
Style.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Improve blacklist support before upgrading libblacklist
The locally declared enum of blacklistd actions needs to be
hidden when the soon to be committed changes to libblacklist
are brought into the tree. Fix the type of the "msg" parameter
to match the library.
There should be no functional changes.
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
| |
Pull the R_AARCH64_TLSDESC code out into a common function and use them in
both the plt and non-plt case.
This fixes an issue where libraries built with LLD can fail with
"Unhandled relocation 1031"
|
| |
|
|
|
|
|
|
|
|
|
| |
Increase WARNS for rtld-elf tests
ATF tests have a default WARNS of 0, unlike other usermode programs.
Reviewed by: ngie, julian
MFC after: 3 weeks
Sponsored by: Spectra Logic Corporation
Differential Revision: https://reviews.freebsd.org/D9933
|
| |
|
|
|
|
|
|
|
|
| |
Implement LD_BIND_NOT knob for rtld.
MFC r315337:
Disable LD_BIND_NOT for setugid processes.
MFC r315429 (by jilles):
Document that LD_BIND_NOT is unset for setugid processes.
|
| |
|
|
| |
Fix _mips_rtld_bind() to handle ELF filters.
|
| |
|
|
| |
Avoid bind lock recursion.
|
| |
|
|
| |
Handle protected symbols in rtld.
|
| |
|
|
|
|
| |
Conditionalize all code that uses tcpd.h behind `LIBWRAP` guard
This will allow the code to stand by itself without libwrap
|
| |
|
|
| |
Fix races and logic errors around dlclose().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On rela architectures GNU BFD ld and gold store the relocation addend
in GOT entries (in addition to the relocation's r_addend field).
rtld previously relied on this to access its own _DYNAMIC symbol in
order to apply its own relocations.
However, recording addends in the GOT is not specified by the ABI,
and some versions of LLVM's LLD linker leave the GOT uninitialized on
rela architectures.
BFD ld does not populate the GOT on sparc64, and sparc64 rtld has a
machine-dependent rtld_dynamic_addr() function that returns the
_DYNAMIC address. Use the same approach on amd64, obtaining the %rip-
relative _DYNAMIC address following a suggestion from Rafael EspĂndola.
Architectures other than amd64 should be addressed in future work.
|
