summaryrefslogtreecommitdiff
path: root/lib/libutil
AgeCommit message (Collapse)Author
2022-08-26Backout "Only return file descriptors to block or character devices"Klemens Nanni
mount_mfs(8) no monger mounts "/build" with the following fstab(5) entry: /dev/sd0b /build mfs rw,noperm,nodev,nosuid,-s=2064348,noauto as found out by bluhm the hard way.
2022-08-25Only return file descriptors to block or character devicesKlemens Nanni
If the requested path contained a slash, opendev(3) blindly opened the file and returned a file descriptor to it. Check for block or character devices (according to OPENDEV_BLCK) and fail for other types. Spotted through installboot(8) which happily opened a stage file as device when forgetting the device argument: # installboot -v ./biosboot Using / as root installing bootstrap on ./biosboot using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot installboot: disklabel: ./biosboot: Inappropriate ioctl for device This makes it fail earlier, as expected: # installboot -v ./biosboot installboot: open: ./biosboot: Block device required The case where opendev(3) is passed a string not containing a slash, i.e. a supposed DUID, is fine, as diskmap(4) will ensure that only valid device paths are returned, if the DUID is valid. Feedback OK millert
2022-05-19Document that imsg_add(3) frees its msg argument on failure.Stefan Sperling
ok op@ claudio@
2022-05-11Mark pw_error as __dead in prototype to match the function definition.Todd C. Miller
From Matthew Martin.
2022-04-23Verify sizes before arithmetic operationsTobias Stoeckmann
Unsigned overflows are not a bug in C but we have to make sure that requested buffer sizes will be actually available. If not, set errno to ERANGE and return an error value. ok deraadt, millert
2022-04-20Use glob to expand wildcards in "other device" paths rather than aJoshua Stein
custom implementation that only allowed matching all files in a directory. ok millert
2022-04-20Make the termp and winp arguments for openpty, et al. const.Todd C. Miller
This matches the prototypes in glibc and musl libc. From Matthew Martin. OK tb@
2022-03-31man pages: add missing commas between subordinate and main clausesChristian Weisgerber
jmc@ dislikes a comma before "then" in a conditional, so leave those untouched. ok jmc@
2022-03-11Revert previous commit. The problem it was attempting to fix was alreadyDarren Tucker
fixed by tb@ in rev 1.20. Spotted by tb@
2022-03-11Check for underflow as well as overflow when scaling negative numbers.Darren Tucker
ok millert@
2022-02-18Avoid gendered language in man pages when not referring to a specificJonathan Gray
person. Rewrite or use singular they. ok thfr@ sthen@ daniel@ ian@ job@ kmos@ jcs@ ratchov@ phessler@ and others I'm likely missing on an earlier version. feedback tj@, feedback and ok jmc@
2022-01-28Only memcpy() into imsg->data if datalen is not 0. Passing a NULL pointerClaudio Jeker
to memcpy() is UB no matter if len is 0. Reported by fouzhe on openbgpd-portable github page. OK tb@
2021-10-31bump major after struct size changeTheo Buehler
2021-10-31Bump BER_MAX_OID_LEN to 128Theo Buehler
From martijn, discussed with claudio, ok sthen
2021-10-24For open/openat, if the flags parameter does not contain O_CREAT, theTheo de Raadt
3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
2021-10-21Sync ober_oid_cmp with ax_oid_cmp from libagentx.Martijn van Duren
This flips the returned signedness and adds the weight of 2 for parent-child relationship in both direction. This makes ober_oid_cmp consistent with the rest of the *_cmp based functions. OK tb@
2021-08-29fix an obvious mixup regarding the order of lines in the SYNOPSIS,Ingo Schwarze
and an omission below HISTORY
2021-08-29Add ober_dup. Needed for upcoming SNMPv3 support for trap receiver inMartijn van Duren
snmpd(8). OK jmatthew@ OK deraadt@ for bumping libutil now.
2021-06-20scan_scaled: fix rescaling for negative numbersTheo Buehler
As found by djm by fuzzing ssh, scan_scaled can overflow for negative numbers when rescaling is needed. This is because the rescaled fractional part is added without taking the sign into account. ok ian jca
2021-03-31tweak column widths of a .Bl -column tableIngo Schwarze
and avoid an over-long source line while here; OK martijn@ jmc@
2021-03-31change the barrier so that fd's are always passed and received withEric Faurot
the first byte of the imsg they belong to. idea, tweaks and ok claudio@
2021-03-12fix previousJonathan Gray
2021-03-12spellingJonathan Gray
2021-03-05Stop abusing display blocks under the authors section in order toanton
respect literal line breaks. This has the unwanted side effect of rendering the authors section using a monospace font over at man.openbsd.org. Instead use br macros to force line breaks. With help from and ok jmc@
2021-03-03s/byte/characterMartijn van Duren
Discussed with claudio@ Feedback jmc@
2021-02-22Make the ober_get_* set of function to accept a NULL-pointer.Martijn van Duren
This allows us to do ber-type checking inside ober_scanf_elements, which will allow for stricter ASN.1 parsing in the future. Manpage feedback and OK claudio@, jmc@ OK claudio@
2021-01-28Add '$' to ober_scanf_elements().Martijn van Duren
This allows us to enforce end of sequence/set without having to manually check be_next for NULL. No lib bump needed according to millert@ OK millert@ rob@
2021-01-22Gracefully handle any erroneous closing bracket/brace trailers inrob
ober_scanf_elements(). OK martijn@
2021-01-22Valid integer and enumerated types always have non-zero length. Performrob
check to ensure we avoid a possible (undefined) negative shift. Found with clang static analyzer. Tweaked and OK martijn@
2021-01-13Make imsg.h a bit more self-contained by prototyping struct iovec.Claudio Jeker
OK martijn@ mvs@ deraadt@
2020-12-15typo fix from aisha tammy; ok nicmJason McIntyre
2020-10-16double word fixes; from varik valeforJason McIntyre
2020-10-12make fixed-sized fixed-value mib[] arrays be constTheo de Raadt
ok guenther tb millert
2020-09-04Create ERRORS section for ober_read_elements.Martijn van Duren
Tweaks and OK tb@ OK jmc@
2020-09-03Missed one case of errno not being set in previous.Martijn van Duren
double check and OK tb@
2020-09-03Make sure ober_read_elements sets errno on every case where NULL isMartijn van Duren
returned. OK deraadt@ tb@
2020-08-02Squelch warning by using idiom from libc bcrypt(3)Theo Buehler
Clang 10 warns about the expression sizeof(cdata) / sizeof(uint64_t) as cdata is an array of uint32_t and it expects that the intent of this is to compute the number of array elements. Use BCRYPT_WORDS / 2 instead. Same diff as millert's commit sys/lib/libsa/bcrypt_pbkdf.c -r1.2, which was ok kettenis. deraadt confirms that this satisfies clang 10.
2019-12-31Increase BER_MAX_OID_LEN from 32 to 64. Not every snmp OID found in theMartijn van Duren
wild fits inside 32 elements, like UsmUserEntry objects. OK rob@, claudio@
2019-11-21zero tmpout too. reminded by related diff from timTed Unangst
2019-11-21overwrite the key in failure modes in case the caller doesn't check.Ted Unangst
ok deraadt
2019-10-25Adjust whitespace, so Ta macros are aligned vertically as already done inTheo Buehler
ober_add_string.3 and as it was before the ber -> ober rename.
2019-10-24The ber_* namespace is used by liblber since time immemorial,Theo Buehler
so move our BER API to the unused ober_* prefix to avoid some breakage in ports. Problem diagnosed by jmatthew with ber_free() in samba, but there are many others as pointed out by sthen. tests & ok rob ok sthen (who had an almost identical diff for libutil) "go head hit it" deraadt
2019-08-30uucplock(3) is incorrectly named in some places, it is actually uu_lock(3)Theo de Raadt
(more unclear is if anything in ports uses this, as our base no longer does)
2019-08-15Revert previous. There were some users of the quirky behaviour that wereMartijn van Duren
missed during code scan.
2019-08-14Fix argument list for ber_set_writecallbackMartijn van Duren
OK claudio@
2019-08-14wonky comma;Jason McIntyre
2019-08-14Document that ber_scanf_elements' 'p' and 't' attribute don't eat theMartijn van Duren
current ber element. OK claudio@ Seems sensible to deraadt@
2019-08-14Make ber_scanf_elements's 'e' attribute eat the element.Martijn van Duren
Right now all consumers use 'e' at the end of the list, so no regressions should be introduced. OK claudio@ Seems sensible to deraadt@
2019-08-14Make sure that ber in ber_scanf_elements is not NULL before parsing formatMartijn van Duren
where ber is utilized. This also allows us to remove the ber->be_next check, which can cause weird behaviour, because a NULL be_next would result in parsing the last element twice. OK claudio@ on previous version OK rob@
2019-08-05Don't use a 0 element to determine the end of an OID when comparing twoMartijn van Duren
OIDS. This can result in false equality matches. OK claudio@