| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
|
|
It may take a few iterations to get the tone right.
previously discussed with millert
|
|
observed by jonas termansen
|
|
|
|
to returning strong random by default, source from arc4random(3).
Parameters to the seeding functions are ignored, and the subsystems remain
in strong random mode. If you wish the standardized deterministic mode,
call srand_deterministic(), srandom_determistic(), srand48_deterministic(),
seed48_deterministic() or lcong48_deterministic() instead.
The re-entrant functions rand_r(), erand48(), nrand48(), jrand48() are
unaffected by this change and remain in deterministic mode (for now).
Verified as a good roadmap forward by auditing 8800 pieces of software.
Roughly 60 pieces of software will need adaptation to request the
deterministic mode.
Violates POSIX and C89, which violate best practice in this century.
ok guenther tedu millert
|
|
|
|
|
|
Some 64-bit platforms (e.g. Windows 64) have a 32-bit long. So, shifting
1UL 32-bits to the left causes an overflow. This replaces the constant 1UL with
(size_t)1 so that we get the correct constant size for the platform.
discussed with tedu@ & deraadt@
|
|
breaking the hardlink between file system entries, confusing apropos(1).
Split malloc.conf(5) out of malloc(3) as suggested by deraadt@.
Feedback and OK jmc@, OK deraadt@ tedu@ jasper@.
|
|
The former is not used anywhere in NetBSD, FreeBSD, or DragonFly
and not supported by groff, so i'm going to delete it from mandoc(1).
We don't need two macros for the same thing.
|
|
|
|
|
|
Remove the bug about rand() being faster.
Add a bug about historical implementations seeding very poorly.
|
|
the same text from random.3.
|
|
Would be nice to document when/where this originated (in glibc?) if
anyone knows...
tweaks by schwarze@
ok jmc@ espie@ kettenis@ schwarze@ dimitry(at)google.com
|
|
troff displays these as typographic quotes, but nroff implementations
almost always print them literally, which rarely has the intended effect
with modern fonts, even in stock xterm.
These uses of `` '' can be replaced either with more semantic alternatives
or with Dq, which prints typographic quotes in a UTF-8 locale (but will
automatically fall back to `` '' in an ASCII locale).
improvements and ok schwarze@
|
|
|
|
don't want to give people the idea that this is non-portable (it
has been present since C89). OK deraadt@ schwarze@
|
|
Suggested by millert@ and schwarze@.
OK schwarze@, millert@
|
|
ok deraadt@
|
|
Remove excessive technicalities on zero-sized objects as suggested by deraadt@.
contributions and ok deraadt@, ok jmc@ on an earlier version
|
|
and fix two instances of "new sentence, new line" while here
feedback and ok jmc@, ok doug@
|
|
The old man page had a lot of useful information, but it was all mixed
together which made it difficult to reference. The main theme in this
commit is that the sections are more focused:
* DESCRIPTION describes the overall behavior
* RETURN VALUES describes what it may return (including implementation
defined values)
* EXAMPLES shows why we recently started an audit on malloc and realloc
usage in the tree.
* Added CAVEATS which describes what is implementation defined, gotchas
and security implications of misusing these functions
* Added IDIOMS which describes how these functions should or
should not be used
The MALLOC_OPTIONS section was left unchanged. Function names were
added to DIAGNOSTICS and STANDARDS. The MALLOC_OPTIONS and DIAGNOSTICS
sections were pushed down in the page so more pertinent information is
higher up.
This has gone through several revisions thanks to input from deraadt@
and schwarze@. Ingo also helped with some of the mandoc formatting.
OK schwarze@ (as far as it is a good starting point and the code
snippets look ok)
|
|
|
|
millert@ made changes to realpath.c based on FreeBSD's version. I merged
Todd's changes into dl_realpath.c.
ok millert@, guenther@
|
|
ok tedu@
|
|
in case something wants to create massive amounts of environment, like
a bit more than 1/4 of a 32-bit address space. unrealistic -- but why
audit one code path, and not treat others the same? then you have to
re-engage everytime you see the code. read the news, that isn't what
developers do. At least if the code paths look the same, there is hope,
because they are easier to verify for correctness. developers need
to give other developers a chance to want to care.
|
|
Mention that invalid bases do set EINVAL (as required by POSIX);
this part of the change uses part of an earlier patch by millert@.
Minor mdoc(7) cleanup and sync between the two pages while here.
Feedback and ok jmc@ and millert@.
|
|
required by the C standard when called with an invalid base:
strtoll(), strtoimax(), strtoul(), strtoull(), and strtoumax().
Same behaviour for strtoq() and strtouq() even though not standardized.
No functional change in strtol(), it was the only one already correct.
While here, simplify the conditional expression for checking the base
and sync whitespace and comments among the six files.
ok millert@
|
|
found with the new mandoc(1) MANDOCERR_AN_MISSING warning;
no text changes
|
|
to hold the malloc lock across mmap syscalls in all cases. dropping it
allows another thread to access the existing chunk cache if necessary.
could be improved to be a bit more aggressive, but i've been testing this
simple diff for some time now with good results.
|
|
circular lists. Amazingly, they managed to extend the requirements to no
longer match the behavior of the VAX instructions they were modeled after,
so the trivial VAX ASM versions have to go. Nice job breaking it, X/Open!
Based on a diff from enh (at) google.com
ok miod@
|
|
|
|
Reminded by Rafael Neves
|
|
|
|
align with POSIX and other systems.
Pointed out by Elliott Hughes on tech
ok deraadt
|
|
and random(). Sigh.
|
|
|
|
|
|
high bit as required by posix. wouldn't want to break any standards.
idea and ok deraadt
|
|
__atexit tables and touches global variables. From Srinavasa Nagaraju
through Android/Elliott Hughes.
ok tedu@, guenther@
|
|
ok deraadt
|
|
handlers. if this happens, restart the loop.
ok kettenis matthew millert miod
|
|
ok otto
|
|
|
|
improve the random stream itself (it doesn't), but to introduce
noise in the arc4random calling pattern. Thanks to matthew@ who
pointed out bias in a previous diff, ok deraadt@ matthew@
|
