Age | Commit message (Collapse) | Author |
|
mount_mfs(8) no monger mounts "/build" with the following fstab(5) entry:
/dev/sd0b /build mfs rw,noperm,nodev,nosuid,-s=2064348,noauto
as found out by bluhm the hard way.
|
|
If the requested path contained a slash, opendev(3) blindly opened the file
and returned a file descriptor to it.
Check for block or character devices (according to OPENDEV_BLCK) and fail
for other types.
Spotted through installboot(8) which happily opened a stage file as device
when forgetting the device argument:
# installboot -v ./biosboot
Using / as root
installing bootstrap on ./biosboot
using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot
installboot: disklabel: ./biosboot: Inappropriate ioctl for device
This makes it fail earlier, as expected:
# installboot -v ./biosboot
installboot: open: ./biosboot: Block device required
The case where opendev(3) is passed a string not containing a slash, i.e.
a supposed DUID, is fine, as diskmap(4) will ensure that only valid device
paths are returned, if the DUID is valid.
Feedback OK millert
|
|
ok op@ claudio@
|
|
From Matthew Martin.
|
|
Unsigned overflows are not a bug in C but we have to make sure that
requested buffer sizes will be actually available.
If not, set errno to ERANGE and return an error value.
ok deraadt, millert
|
|
custom implementation that only allowed matching all files in a
directory.
ok millert
|
|
This matches the prototypes in glibc and musl libc.
From Matthew Martin. OK tb@
|
|
jmc@ dislikes a comma before "then" in a conditional, so leave those
untouched.
ok jmc@
|
|
fixed by tb@ in rev 1.20. Spotted by tb@
|
|
ok millert@
|
|
person. Rewrite or use singular they.
ok thfr@ sthen@ daniel@ ian@ job@ kmos@ jcs@ ratchov@ phessler@ and
others I'm likely missing on an earlier version.
feedback tj@, feedback and ok jmc@
|
|
to memcpy() is UB no matter if len is 0.
Reported by fouzhe on openbgpd-portable github page.
OK tb@
|
|
|
|
From martijn, discussed with claudio, ok sthen
|
|
3rd (variadic) mode_t parameter is irrelevant. Many developers in the past
have passed mode_t (0, 044, 0644, or such), which might lead future people
to copy this broken idiom, and perhaps even believe this parameter has some
meaning or implication or application. Delete them all.
This comes out of a conversation where tb@ noticed that a strange (but
intentional) pledge behaviour is to always knock-out high-bits from
mode_t on a number of system calls as a safety factor, and his bewilderment
that this appeared to be happening against valid modes (at least visually),
but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef.
ok millert
|
|
This flips the returned signedness and adds the weight of 2 for
parent-child relationship in both direction.
This makes ober_oid_cmp consistent with the rest of the *_cmp based
functions.
OK tb@
|
|
and an omission below HISTORY
|
|
snmpd(8).
OK jmatthew@
OK deraadt@ for bumping libutil now.
|
|
As found by djm by fuzzing ssh, scan_scaled can overflow for negative
numbers when rescaling is needed. This is because the rescaled fractional
part is added without taking the sign into account.
ok ian jca
|
|
and avoid an over-long source line while here;
OK martijn@ jmc@
|
|
the first byte of the imsg they belong to.
idea, tweaks and ok claudio@
|
|
|
|
|
|
respect literal line breaks. This has the unwanted side effect of
rendering the authors section using a monospace font over at
man.openbsd.org. Instead use br macros to force line breaks.
With help from and ok jmc@
|
|
Discussed with claudio@
Feedback jmc@
|
|
This allows us to do ber-type checking inside ober_scanf_elements, which
will allow for stricter ASN.1 parsing in the future.
Manpage feedback and OK claudio@, jmc@
OK claudio@
|
|
This allows us to enforce end of sequence/set without having to manually
check be_next for NULL.
No lib bump needed according to millert@
OK millert@ rob@
|
|
ober_scanf_elements().
OK martijn@
|
|
check to ensure we avoid a possible (undefined) negative shift. Found
with clang static analyzer.
Tweaked and OK martijn@
|
|
OK martijn@ mvs@ deraadt@
|
|
|
|
|
|
ok guenther tb millert
|
|
Tweaks and OK tb@
OK jmc@
|
|
double check and OK tb@
|
|
returned.
OK deraadt@ tb@
|
|
Clang 10 warns about the expression sizeof(cdata) / sizeof(uint64_t) as
cdata is an array of uint32_t and it expects that the intent of this is
to compute the number of array elements. Use BCRYPT_WORDS / 2 instead.
Same diff as millert's commit sys/lib/libsa/bcrypt_pbkdf.c -r1.2, which
was ok kettenis. deraadt confirms that this satisfies clang 10.
|
|
wild fits inside 32 elements, like UsmUserEntry objects.
OK rob@, claudio@
|
|
|
|
ok deraadt
|
|
ober_add_string.3 and as it was before the ber -> ober rename.
|
|
so move our BER API to the unused ober_* prefix to avoid some
breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but
there are many others as pointed out by sthen.
tests & ok rob
ok sthen (who had an almost identical diff for libutil)
"go head hit it" deraadt
|
|
(more unclear is if anything in ports uses this, as our base no longer does)
|
|
missed during code scan.
|
|
OK claudio@
|
|
|
|
current ber element.
OK claudio@
Seems sensible to deraadt@
|
|
Right now all consumers use 'e' at the end of the list, so no regressions
should be introduced.
OK claudio@
Seems sensible to deraadt@
|
|
where ber is utilized. This also allows us to remove the ber->be_next
check, which can cause weird behaviour, because a NULL be_next would result
in parsing the last element twice.
OK claudio@ on previous version
OK rob@
|
|
OIDS. This can result in false equality matches.
OK claudio@
|