| Age | Commit message (Collapse) | Author |
|---|
|
|
|
to make the test more stable.
debugged by Anton Borowka
|
|
interface and check which of the packets are dropped by pf. The
bad packets appear in pflog0 tcpdump. This regress is testing rules
with and without allow-opts.
|
|
based on the syzkaller reproducer.
|
|
Preventing a use after free discovered by syzkaller.
ok visa@
Reported-by: syzbot+a2649c1d77e9d2463f33@syzkaller.appspotmail.com
Reported-by: syzbot+182df9087f5f182daa44@syzkaller.appspotmail.com
Reported-by: syzbot+46d03139d7ed5e81ed2f@syzkaller.appspotmail.com
Reported-by: syzbot+892e886a6113db341da1@syzkaller.appspotmail.com
|
|
|
|
|
|
|
|
This also makes validation stricter and inline with X.690 - we now reject
zero length inputs (rather than treating them as zero values) and enforce
minimal encoding.
ok tb@
|
|
Currently, every time an ASN.1 identifier and length is decoded it is
stored in a tag/length cache for potential reuse. However, the only time
this is actually of benefit is when decoding CHOICE or SEQUENCE with
OPTIONAL fields (or MSTRING and ANY due to less than ideal
implementation). For CHOICE and SEQUENCE with OPTIONAL fields the
current code attempts to decode the first option and if that fails, it
moves onto the next option and attempts to decode it, repeating until
it succeeds (or runs out of options).
There are a number of problems with the cache. Firstly, it adds complexity
to the ASN.1 decoder since it has to be passed up and down through the
various layers. Secondly, there is nothing that keeps the cached data in
synchronisation with the input stream. This makes it fragile and a
potential security risk. Thirdly, the type is in the public headers and
API, meaning that we cannot readily change the types or fields to improve
the code.
Testing also suggests that in typical decoding cases we actually get a
small performance increase by removing the cache. There are also several
other options that would improve decoding performance, which we can visit
once we have simpler and more robust code.
ok beck@ inoguchi@ tb@
|
|
and never produce output at the place of their invocation.
Minibugs found while investigating unrelated afl(1) reports from tb@.
|
|
|
|
we need a somewhat complete updateset so we can proceed with handling
dependencies.
The case where the signature is equal is not an issue, but the case
where we need to keep the package because it still contains oldlibs is!
So we do that AFTER dependencies so that dependencies have been updated
and we possibly depend on old libs (which may happen even if the signature
didn't change)
|
|
exactly going on, if one day we trust wantlib enough to be accurate
(hello libsets)
|
|
clearer those message are grouped together
|
|
|
|
other call in vop_generic_revoke().
OK semarie@
|
|
On Intel/VMX, the tracepoint for vm exits was before extracting the
vm exit reason meaning we either reported stack garbage (on first
exit) or the prior exit reason. Move the tracepoint to after
extraction and refactor the logic to collect all exit info processing
in one place. (We were extracting the guest RFLAGS register state
before checking the exit info extraction success.)
On AMD/SVM, the tracepoint was always triggered even on unsuccessful
vm entry leading to garbage data. Tuck the tracepoint into the If
block and merge them.
ok mlarkin@
|
|
|
|
1. The combination \z\h is a no-op whatever the argument may be.
In the past, the \z only affected the first space character generated
by the \h, which was wrong.
2. For the conbination \zX\h with a positive argument, the first
space resulting from the \h is not printed but consumed by the \z.
3. For the combination \zX\h with a negative argument, application
of the \z needs to be completed before the \h can be started.
In the past, if this combination occurred at the beginning of an
output line, the \h backed up to the beginning of the line and
after that, the \z attempted to back up even further, triggering
an assertion.
Bugs found during an audit of assignments to termp->col that i
started after the bugfix tbl_term.c rev. 1.65. The assertion
triggered by bug 3 was *not* yet found by afl(1).
|
|
|
|
|
|
so there's no longer a need to document that they are undocumented.
|
|
ok inoguchi@ tb@
|
|
The previous value set years ago was causing amd64 kernels to spin
out when run with MP_LOCKDEBUG during boot.
ok kettenis@
|
|
|
|
The minimum length of a hostname is 1 according to RFC 2132.
Found the hard way by Ibrahim Khalifa (ibo AT trukonsult.se) with DHCP
Relay on a Cisco ASA in the installer where we don't have a hostname
yet.
Ibrahim also provided a diff which I simplified a bit.
OK tb
|
|
This is needed because the TERMP_MULTICOL mode is designed such
that term_tbl() buffers all the cells of the table row before the
normal reset logic near the end of term_flushln() can be reached.
This fixes an assertion failure triggered by \z near the end
of a table cell, found by tb@ using afl(1).
|
|
Apart from making sense in the first place, this fixes an assertion
failure that happened when the calculated implicit tag did not match
the string value of the first child of the node,
Bug found by tb@ using afl(1).
|
|
|
|
cpu frequency sensor for each core. This works on many "modern" Intel and
AMD cpus (probably anything that has some kind of turbo mode).
OK kettenis@
|
|
microsoft.com. ok djm@
|
|
that on architectures with an IOMMU, DMA addresses are translated
properly.
Fixes radeondrm(4) and amdgpu(4) on powerpc64, sparc64 and arm64 machines
with smmu(4).
ok jsg@
|
|
and expose new DISK_[read|write]bytes() functions.
Eliminates many bytes <-> sector i/o dances and makes the code
much easier to understand.
Be a bit more careful to consistently write only bytes that
checksums are calculated over.
No intentional functional change.
|
|
Based information from the linux k10temp driver.
OK brynet@
|
|
the GPT and calculating them when writing the GPT to disk.
No need to update them in add_partition().
Pointed out by jmatthew@
|
|
Thanks Marco D'Itri
|
|
|
|
|
|
|
|
another enclosing .while loop at the same time.
Instead, postpone the closing until the next iteration of ROFF_RERUN.
This prevents one-line constructions like ".while 0 .while 0 something"
and ".while rx .while rx .rr x" (which admittedly aren't particularly
useful) from dying of abort(3), which was a bug tb@ found with afl(1).
|
|
index but use 0 instead of the argument, just like groff.
Warn about the invalid argument.
While here, fix the column number in another warning message.
Segfault reported by tb@, found with afl(1).
|
|
RPKI Signed Objects are not malleable; this means the SHA256 digest
of an input file containing a signed object is a very stable identifier
to associate with the decoded (validated) output shown in filemode.
The SHA256 in hash_id is base64 encoded (just like hashes on manifest listings).
OK tb@
|
|
interest is checked, not before.
Less confusing error messages.
|
|
doesn't fit packets into the host's rx buffer until it's full, it keeps
going as long as it has space in its own receive buffer, and then
truncates to fit the usb transfer. The packet descriptors are at the end,
so this means losing all the packets in the buffer. At 32kB, it's fairly
easy to overrun, but 62kB seems fine.
tested by and ok mlarkin@
|
|
Also switch to freeing and allocating, rather than attempting to recycle.
While here, factor out the flags ASN1_STRING_FLAG_BITS_LEFT bit bashing
and use the name "unused bits" rather than "bits left", to be more inline
with X.690 wording.
ok inoguchi@ tb@
|
|
This allows us to make direct use of c2i_ASN1_OBJECT_cbs().
ok inoguchi@ tb@
|
|
|
|
|
|
|
