| Age | Commit message (Collapse) | Author |
|---|
|
COPTS+=-fno-ret-clean
|
|
so use COPTS+=-fno-ret-clean
|
|
|
|
This causes the caller to cleans the return address off the stack after
a callq completes. The option is best used in low-level libraries (such as
libc), because libc contains low-level system call stubs. The option
reduces hints (found on the stale parts of the stack) about libc.so's mapping
location, and together with random-relinking, relro got/pic, and xonly
makes some exploit methods more difficult.
ok mortimer, mlarkin, much discussion with kettenis, in snaps for 2 weeks.
|
|
This causes the caller to cleans the return address off the stack after
a callq completes. The option is best used in low-level libraries (such as
libc), because libc contains low-level system call stubs. The option
reduces hints (found on the stale parts of the stack) about libc.so's mapping
location, and together with random-relinking, relro got/pic, and xonly
makes some exploit methods more difficult.
ok mortimer, mlarkin, much discussion with kettenis, in snaps for 2 weeks.
|
|
visibility with kernel printf(9) (thus, onto console and into dmesg) since
the start of development. I want to reduce the dmesg spam, and bring
this more into the attention of the user who ran the command, so let's
try using uprintf(9) which puts it onto the active foreground tty (yes,
there maybe cases where there is no tty, but that's ok. I'll admit
I've considered deleting the logging messages entirely)
tested in snaps for a week
|
|
|
|
Initialize destination address once and fold udp_send_packet()
into send_packet().
While here improve debugging output a bit.
|
|
|
|
pointed out by martijn
|
|
Missed in previous.
|
|
Spotted while hacking on dhcp6leased(8)
|
|
|
|
typo spotted by ccappuc
Input & OK deraadt
|
|
dhcp6leased is a daemon to manage IPv6 prefix delegations. It requests
a prefix from an upstream DHCPv6 server and configures downstream
network interfaces. rad(8) can be used to advertise available prefixes
to clients.
It's a transmogrified dhcpleased(8), so it's a bit rough around the
edges. But it can already request and renew prefixes and configure
interfaces. It's time to hack on it in-tree.
OK deraadt
|
|
ok mglocker@
|
|
|
|
|
|
|
|
Fixes server.device entries disappearing when usb devices are unplugged
while in use. Found, analysed and tested by Laurie Tratt, thanks!
|
|
|
|
requested by jsing on review
|
|
HMAC() and the one-step digests used to support passing a NULL buffer and
would return the digest in a static buffer. This design is firmly from the
nineties, not thread safe and it saves callers a single line. The few ports
that used to rely this were fixed with patches sent to non-hostile (and
non-dead) upstreams. It's early enough in the release cycle that remaining
uses hidden from the compiler should be caught, at least the ones that
matter.
There won't be that many since BoringSSL removed this feature in 2017.
https://boringssl-review.googlesource.com/14528
Add non-null attributes to the headers and add a few missing bounded
attributes.
ok beck jsing
|
|
sshd-session process - reserve them early and fatal if we can't dup2(2)
them later. The pre-split fallback to re-reading the configuration
files is not possible, so sshd-session absolutely requires the fd the
configuration is passed over to be in order.
ok deraadt@
|
|
No binary change.
|
|
When a prefix is discovered on a network interface and and the IP
address has a valid or preferred lifetime configured that value is
used instead of the static value from the configuration.
Limitation pointed out by & man page text proposed by Ryan Vogt.
Slightly tweaked by me.
rad(8) should calculate the minimum of the static value from the
config file and what is configured on the interface. Implementing that
is slightly complicated and is left for a future diff.
|
|
The "auto prefix" feature derives the prefix to announce from a
configured IPv6 address. If that address has a vltime / pltime use
that value in router advertisements instead of statically configured
values.
We also need to count down the vltime / pltime as time progresses.
testing Ryan Vogt
testing & OK bket@, jmatthew@
|
|
Call it once and pass a pointer to the head of the list around when
reconfiguring interfaces.
testing Ryan Vogt
ok benno
testing & OK bket@, jmatthew@
|
|
The subject commonName of a BGPsec Router Certificate is RECOMMENDED to
be "CN=ROUTER-%08x", asn. It thus made perfect sense to deviate from
RFC 6487 and support encoding this as a UTF8String... We have three such
certs in the wild, so punt on complicating the logic at least until the
point where we need more than the fingers of one hand to count them.
ok claudio
|
|
|
|
|
|
Per RFC 6487, the subject and issuer fields of a certificate and the issuer
field of a CRL are subject to the same restrictions: only a commonName and
an optional serialNumber may be present and the commonName must be an ASN.1
printable string.
So far we've only checked the subject of certificates, which covers almost
everything by relying on the verifier to check that the issuer's subject is
identical to the subject's issuer, also for CRLs per X509_V_FLAG_CRL_CHECK.
The only thing missing this way is the TA's issuer.
Since the check is cheap and simple, we're better off doing it ourselves:
Refactor the x509_vaild_subject() helper to take an X509_NAME (which is of
course the appropriate name for a type representing an X.501 distinguished
name). This checks the details of RFC 6487, section 4.4, except that we
still can't check for a printable string since afrinic has ~3000 EE certs
that don't follow the spec, which would knock out ~45% of their ROAs. We're
told that this is going to be fixed this year.
looks good to claudio
ok job
|
|
|
|
like is already done for /tmp/*.shm used by libc.
ok millert@ tb@, same diff landry@
|
|
discussed with naddy and jmc
ok naddy
|
|
At fts_level 1 the state needs to be fully reset since we most probably
exited from a directory at level 1 and entered a new dir at level 1.
Without this empty directories remained since the fts_state.type
was wrong for those entries.
Noticed by job@, OK tb@
|
|
Prevents a panic in pmap_pinit_pd_pae() when applying a lot of memory
pressure and the kernel needs time to recover while swapping.
Reported and fix tested by mvs@, also tested by sthen@
ok mlarkin@, mvs@, kettenis@
|
|
found by smatch, ok tb@
|
|
rpki-client: https://testbed.krill.cloud/rrdp/notification.xml: pulling from network
rpki-client: https://testbed.krill.cloud/rrdp/notification.xml: downloading snapshot (bfb0a57e-d16b-44a1-9502-f15b4bc1ce1a#110135)
rpki-client: parse failed, snapshot element for rsync://testbed.krill.cloud/repo/testbed/0/DDAF321520EE4817D716FA047FC05FE2934204DB.crl too big
rpki-client: https://testbed.krill.cloud/rrdp/notification.xml: parse error at line 135: parsing aborted
rpki-client: https://testbed.krill.cloud/rrdp/notification.xml: load from network failed, fallback to rsync
OK tb@ claudio@
|
|
Noticed by anton@
|
|
Matches amd64 and i386 and unbreaks the RAMDISK build
ok deraadt
|
|
|
|
Over the last weeks the last SCHED_LOCK recursion was removed so this
is now possible and will allow to split up the SCHED_LOCK in a upcoming
step.
Instead of implementing an MP and SP version of SCHED_LOCK this just
always uses the mutex implementation.
While this makes the local s argument unused (the spl is now tracked by
the mutex itself) it is still there to keep this diff minimal.
Tested by many.
OK jca@ mpi@
|
|
|
|
failed was set to 0 at the top of the function, so failure and success
were indistinguishable. Move failed = 0 to the end so it can actually
fail.
|
|
|
|
|
|
When called with a pointer to NULL as an output buffer, one would expect
an i2d API to allocate the buffer and return it. The implementation here
is special and the allocation dance was forgotten, resulting in a SIGSEGV.
Add said dance.
ok jsing
|
|
This is what the (not quite appropriately) referenced ASN1_item_i2d()
page documents for errors, matches what the RETURN VALUE section has
been documenting for ages, matches BoringSSL, it's the usal behavior
for i2d_*. It's also what OpenSSL (of course incorrectly) documents.
discussed with jsing
|
|
|
