| Age | Commit message (Collapse) | Author |
|---|
|
|
|
recallocarray(), with its guarantee that memory becoming unallocated is
explicitly discarded, is too slow. In rpki-client forming one particular
ibuf takes more then 4mins because every recallocarray() call ends up
doing a fresh malloc + memcpy + freezero call.
For sensitive data use ibuf_open() instead of ibuf_dynamic() to avoid
any memory reallocations.
OK tb@
|
|
Right now only sys/queue.h is required to be included for imsg.h. The
only exception is if imsg_composev() is used, then sys/uio.h is needed
to access struct iovec.
OK tb@
|
|
|
|
Document all new functions added and adjust examples in imsg_init.3
to follow the new way of handling messages.
OK tb@
|
|
For ibufs:
- various getters for ibufs (ibuf_get* and ibuf_skip)
- additional ibuf set/add functions that don't alter byte order
- ibuf_truncate and ibuf_rewind
- ibuf_from_buffer and ibuf_from_ibuf to populate a reader ibuf
- a getter for the msgbuf queuelen
For imsg:
- various getters for imsg (especially imsg_get_data() which can be used
in most cases as a simple one call api with all error checks).
All the imsg.hdr fields can also be accessed by getters.
- The imsg data is now actually an ibuf but the old imsg.data pointer is
kept for now to not break every imsg application.
- Introduce imsg_forward to simply forward a message from one channel to
an other (used in the control socket code).
Since this requires a major bump take the oportunity to also cleanup some
function signatures to use size_t for length fields. Also internal data
structures are removed from the public header.
With and OK tb@
|
|
OK tb@
|
|
just call it id. This only targets the function arguments but not the
struct imsg_hdr field since that is a major API break.
OK tb@
|
|
struct ibuf and just causes confusion for little gain.
OK tb@ stsp@
|
|
ober_scanf_elements(). This allows us to move down and back up multiple
levels in with nested sequences and sets.
While here, on failure, make sure we free (and unlink if needed) all
elements we created.
OK claudio@, tb@
|
|
In imsg_free() close any fd that was not claimed automatically to prevent
filedescriptor leaks. In ibuf_dequeue() remvoe code which is now part of
imsg_free().
OK tb@
|
|
|
|
from <Lucas at sexy dot is>
|
|
Ok martijn@
|
|
|
|
- missing full stop
|
|
Functions extending ibuf_add to work with more specific data types
ibuf_add_buf, ibuf_add_zero, ibuf_add_n8, ibuf_add_n16, ibuf_add_n32,
ibuf_add_n64
Functions replacing ibuf_seek where data at a specific offset is modified
ibuf_set, ibuf_set_n8, ibuf_set_n16, ibuf_set_n32, ibuf_set_n64
Functions to check, get and set the filedescriptor stored on the ibuf
ibuf_fd_avail, ibuf_fd_get, ibuf_fd_set
and ibuf_data() to access the data buffer, to be used together with ibuf_size()
On top of this add an optimized imsg_compose_ibuf() where an ibuf is wrapped
into an imsg in an efficent way.
Finally remove msgbuf_drain since it is not used by anything outside of
the ibuf code. Because of this removal bump the major of libutil.
Remove ibuf_data() in iked since the same function is now provided by libutil.
OK tb@
|
|
ibuf_open() will return an error in this case while ibuf_dynamic() accepts
a 0 len argument and just initialized the buffer and length to zero.
A later ibuf_realloc() call will take care of allocating the buffer.
Additionally switch from malloc() to calloc() when allocating the buffer
this way the buffer is initalized and in ibuf_reserve() an addtional
memset() is used to make sure that the reserved data is zeroed.
OK tb@
|
|
ok miod@ millert@
|
|
NetBSD fsck.8 rev 1.35 fsutil.h rev 1.14 pathnames.h rev 1.2
netgroup_mkdb.8 rev 1.9 netgroup_mkdb.c rev 1.18 str.c rev 1.7
str.h rev 1.4 rdate.8 rev 1.11 rdate.c rev 1.19 extern.h rev 1.14
getnetgrent.c rev 1.41 netgroup.h rev 1.10
fparseln.3 rev 1.4 fparseln.c rev 1.10
our stringlist.c/stringlist.h are derived from getnetgrent.c
rfc868time.c from rdate.c
newfs/pathnames.h from fsck/pathnames.h
https://mail-index.netbsd.org/source-changes/2009/10/21/msg002182.html
Not all files are covered as some had copyright assigned to TNF in 1998.
|
|
any changes not taken noted on tech, but chiefly here i did not take the
cancelation - cancellation changes;
|
|
- We don't create an uninitialized element when there are no subelements to
decode
- If subelements overflow we return EINVAL
While here fix an eyesore of a line continuation.
OK claudio@
|
|
mount_mfs(8) no monger mounts "/build" with the following fstab(5) entry:
/dev/sd0b /build mfs rw,noperm,nodev,nosuid,-s=2064348,noauto
as found out by bluhm the hard way.
|
|
If the requested path contained a slash, opendev(3) blindly opened the file
and returned a file descriptor to it.
Check for block or character devices (according to OPENDEV_BLCK) and fail
for other types.
Spotted through installboot(8) which happily opened a stage file as device
when forgetting the device argument:
# installboot -v ./biosboot
Using / as root
installing bootstrap on ./biosboot
using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot
installboot: disklabel: ./biosboot: Inappropriate ioctl for device
This makes it fail earlier, as expected:
# installboot -v ./biosboot
installboot: open: ./biosboot: Block device required
The case where opendev(3) is passed a string not containing a slash, i.e.
a supposed DUID, is fine, as diskmap(4) will ensure that only valid device
paths are returned, if the DUID is valid.
Feedback OK millert
|
|
ok op@ claudio@
|
|
From Matthew Martin.
|
|
Unsigned overflows are not a bug in C but we have to make sure that
requested buffer sizes will be actually available.
If not, set errno to ERANGE and return an error value.
ok deraadt, millert
|
|
custom implementation that only allowed matching all files in a
directory.
ok millert
|
|
This matches the prototypes in glibc and musl libc.
From Matthew Martin. OK tb@
|
|
jmc@ dislikes a comma before "then" in a conditional, so leave those
untouched.
ok jmc@
|
|
fixed by tb@ in rev 1.20. Spotted by tb@
|
|
ok millert@
|
|
person. Rewrite or use singular they.
ok thfr@ sthen@ daniel@ ian@ job@ kmos@ jcs@ ratchov@ phessler@ and
others I'm likely missing on an earlier version.
feedback tj@, feedback and ok jmc@
|
|
to memcpy() is UB no matter if len is 0.
Reported by fouzhe on openbgpd-portable github page.
OK tb@
|
|
|
|
From martijn, discussed with claudio, ok sthen
|
|
3rd (variadic) mode_t parameter is irrelevant. Many developers in the past
have passed mode_t (0, 044, 0644, or such), which might lead future people
to copy this broken idiom, and perhaps even believe this parameter has some
meaning or implication or application. Delete them all.
This comes out of a conversation where tb@ noticed that a strange (but
intentional) pledge behaviour is to always knock-out high-bits from
mode_t on a number of system calls as a safety factor, and his bewilderment
that this appeared to be happening against valid modes (at least visually),
but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef.
ok millert
|
|
This flips the returned signedness and adds the weight of 2 for
parent-child relationship in both direction.
This makes ober_oid_cmp consistent with the rest of the *_cmp based
functions.
OK tb@
|
|
and an omission below HISTORY
|
|
snmpd(8).
OK jmatthew@
OK deraadt@ for bumping libutil now.
|
|
As found by djm by fuzzing ssh, scan_scaled can overflow for negative
numbers when rescaling is needed. This is because the rescaled fractional
part is added without taking the sign into account.
ok ian jca
|
|
and avoid an over-long source line while here;
OK martijn@ jmc@
|
|
the first byte of the imsg they belong to.
idea, tweaks and ok claudio@
|
|
|
|
|
|
respect literal line breaks. This has the unwanted side effect of
rendering the authors section using a monospace font over at
man.openbsd.org. Instead use br macros to force line breaks.
With help from and ok jmc@
|
|
Discussed with claudio@
Feedback jmc@
|
|
This allows us to do ber-type checking inside ober_scanf_elements, which
will allow for stricter ASN.1 parsing in the future.
Manpage feedback and OK claudio@, jmc@
OK claudio@
|
|
This allows us to enforce end of sequence/set without having to manually
check be_next for NULL.
No lib bump needed according to millert@
OK millert@ rob@
|
|
ober_scanf_elements().
OK martijn@
|
