| Age | Commit message (Collapse) | Author |
|---|
|
behavior. All tests are run once with pf fragment reassembly and
once with pf disabled and IP input reassembly. Three sub tests are
currently disabled as the IP stack behaves differently than pf.
|
|
|
|
doesn't seem to cause any side effects with other guest types.
|
|
|
|
noticed by deraadt@ and job@
OK benno@ deraadt@ job@
|
|
ok/feedback sthen@ jmc@
|
|
|
|
|
|
style string by including NUL in imsg and set the pointer in the struct
passed over imsg to NULL in the receiving process to be sure nothing
tries to use it.
Avoids a crash when specifying an empty style string reported by
Karl-Andre' Skevik. ok bluhm@
|
|
-------------
identify the case where SSHFP records are missing but other DNS RR
types are present and display a more useful error message for this
case; patch by Thordur Bjornsson; bz#2501; ok dtucker@
-------------
This caused unexpected failures when VerifyHostKeyDNS=yes, SSHFP results
are missing but the user already has the key in known_hosts
Spotted by dtucker@
|
|
verbiage.
|
|
it a logical OR intead of a binary OR.
From Artturi Alm
|
|
|
|
that running the regression test with wrong environment is reported
as failure. Keep the fatal there to avoid interfering with other
setups for portable ssh.
OK dtucker@
|
|
|
|
Mueller in GitHub issue 1073.
|
|
is correct. Use generic redo functions. Do syntax check for all
Perl files.
|
|
- save product type for future use
|
|
|
|
an architecture argument and the second with an invalid one.
Bug found by jsg@ with afl(1).
|
|
on any sensible posix system (in which time_t must be an integer type)
ok deraadt@ millert@
|
|
Adapt tests.
|
|
open. These sockets are used for sending UDP packets if there is
a UDP loghost in syslog.conf(5). If syslogd is started with -u,
they can receive packets, otherwise they are disabled with
shutdown(SHUT_RD). In case syslogd does neither send nor receive,
close the sockets after reading the configuration file. This gives
us a cleaner netstat output, and the ports are not reported by port
scanners. This has no security implication.
OK benno@ jca@ sthen@ deraadt@
|
|
from <ScottCheloha at gmail dot com>
|
|
|
|
|
|
|
|
from <ScottCheloha at gmail dot com>
|
|
count.
Iterating over the routing table implies using SRP which bump the refcount
of routes for a short period of time. Depending on how work is schedule
the second ifconfig(8) command might run before the timer dereference the
route.
Should fix races on bluhm@'s test setup.
|
|
member name.
Fix an of by one found by sthen@ with MALLOC_OPTIONS=C.
From Matthew Martin, ok deraadt@
|
|
|
|
functionnalities are available in GENERIC.
ok jasper@, deraadt@, guenther@, dlg@
|
|
the corresponding struct definitions.
ok dlg@
|
|
ok patrick@
|
|
|
|
|
|
Previously we tracked the remote channel IDs in an int, but this is
strictly incorrect: the wire protocol uses uint32 and there is nothing
in-principle stopping a SSH implementation from sending, say, 0xffff0000.
In practice everyone numbers their channels sequentially, so this has
never been a problem.
ok markus@
|
|
Move static state to a "struct ssh_channels" that is allocated at
runtime and tracked as a member of struct ssh.
Explicitly pass "struct ssh" to all channels functions.
Replace use of the legacy packet APIs in channels.c.
Rework sshd_config PermitOpen handling: previously the configuration
parser would call directly into the channels layer. After the refactor
this is not possible, as the channels structures are allocated at
connection time and aren't available when the configuration is parsed.
The server config parser now tracks PermitOpen itself and explicitly
configures the channels code later.
ok markus@
|
|
a redzone means something else on amd64, so im renaming this to
avoid confusion.
|
|
this protects the process control block. it also makes the kernel
fault hard when the guard page gets hit by the stack, allowing
debugging of the problem set of function calls at the time the
problem occurs. without this, a big stack can overwrite the pcb,
which makes the thread generate a fault when it is switched back
onto a cpu, which is way too late.
discussed with guenther@
ok deraadt@
|
|
Theo already clamped down on these devices last year.
Triggered by a question from Nan Xiao <xiaonan830818 at gmail dot com>.
OK deraadt@
|
|
iovec_mem() populates an iovec array based on guest physical
addresses. this allows the use of things like readv and writev for
moving data between the guest and a disk image file without having
to bounce the memory.
vaddr_mem() provides a vmd usable pointer based on a guests physical
address. this makes it possible to directly reference things like
virtio rings without having to bounce that memory either. however,
it assumes that a contiguous range of guest physical memory will
sit in a single vm memory range. mlarkin@ says this is right.
ok mlarkin@
|
|
they make bit fiddling easier to read in later diffs.
ok mlarkin@
|
|
Michael Nickerson in GitHub issue 1068.
|
|
|
|
found by clang warning
|
|
ok gilles@
|
|
This makes it possible to measure just the ellapsed user time, which
is what we really care about when benchmarking an algorithm.
OK deraadt@
|
|
in sorflush(), but in other places it is. See CID 1453099. The
flags SB_NOINTR and M_WAITOK should avoid failure. Put an assert
there to be sure.
OK visa@ mpi@
|
|
spotted by deraadt@, fix turns out to be identical to more recent binutils.
|
