| Age | Commit message (Collapse) | Author |
|---|
|
|
|
suggested by deraadt, fixes from jmc, ok millert
|
|
|
|
The 'A' option elevated warnings to errors, and has been the default for some
time. Then warnings were effectively eliminated in favor of everything
being an error, but then the 'a' flag turned real errors into warnings!
Remove the 'a' option entirely. You shouldn't have used it anyway.
ok tb tdeval
|
|
The DESCRIPTION section already referred to "path" in some places.
|
|
the examples.
Diff from Juuso Lapinlampi < wub () partyvan ! eu >, thanks!
ok schwarze@
|
|
and when the file ends without a terminating Ln character,
fgetws(3) discarded any characters read and reported bogus EOF.
Never inspect errno(2) unless right after an error occurred!
OK millert@
|
|
1. When fprintf(fp, "...%ls...", ...) encounters an encoding error,
do not destroy all the fp->_flags, which made the file permanently
unreadable and unwriteable.
2. Do not change fp->_flags at all in case of encoding errors.
Neither the manual nor POSIX ask for it, no other conversions set the
error indicator, and it isn't needed because the return value reports
failure and must be checked anyway.
3. Detect failure in mbrtowc(3), do not silently treat invalid bytes
in the format string as the end of the format string.
4. Detect failure of __find_arguments(), no matter whether due to
out of memory conditions or encoding errors, and gracefully fail
rather than accessing an invalid pointer.
5. Remove the pointless and slightly dangerous errno = EILSEQ overrides
after functions that already do that and are required by the standard
to do so.
OK jca@ on items 1, 2, and 5.
OK millert@ on the complete diff.
"Completely brutal mix of bugs." deraadt@
|
|
Work around this particular case by reseeding whenever pid=1, but as guenther@
notes, directly calling clone(2), and then forking to match another pid,
provides other ways to bypass new process detection on Linux.
Hopefully at some point Linux implements something like MAP_INHERIT_ZERO, and
does not invent a corresponding mechanism to subvert it.
Noted by Sebastian Krahmer and the opmsg team.
See http://stealth.openwall.net/crypto/randup.c for a test program.
ok beck@
|
|
|
|
|
|
validate_junk. from Michal Mazurek
|
|
we expect it to be. This prevents out-of-bounds access or excessive
memory allocation on a malformed ELF header.
Found by Serguey Parkhomovsky with AFL. Improved by and ok kettenis@
|
|
|
|
ok and slight improvement, mmcco@
ok semarie@ and encouragement tedu@ krw@
|
|
ok tb@
|
|
ok tb@
|
|
ok and valuable input from millert@
|
|
if the data is needed. Use O_CLOEXEC on the internal fd as MT paranoia.
Fix cast in offset calculation; delete register keyword;
prefer memset() over bzero()
ok millert@
|
|
ok tedu@
|
|
ok tedu@
|
|
tcpbench (at a minimum) relies on the old behavior of changes all happening
after all event handlers run. in particular, it resets the event for the
listening socket *before* calling accept(), when it is still readable.
kevent then (correctly) says it is readable on the next go through the loop.
silly, subtle, and stupid.
problem reported by kettenis
|
|
Spotted and diff provided by d ! lowe () openmailbox ! org, thanks!
ok schwarze@
|
|
encoding error occurs, so do it.
While here, do not set errno after mbrtowc(3) failure; mbrtowc(3)
already does that, and that behaviour is required by the standard.
ok jca@ guenther@ "nice find" deraadt@
|
|
|
|
|
|
|
|
|
|
which has been disabled for sixteen years.
ok millert@, tb@, sthen@
|
|
version of this diff was reviewed by tb@
|
|
|
|
|
|
|
|
available here: http://sqlite.org/changes.html
Tested in bulk by aja@. ok landry@
|
|
http://sqlite.org/changes.html#version_3_8_7_4
ok landry@
|
|
|
|
|
|
|
|
|
|
|
|
ports using existing file descriptors.
|
|
|
|
millert@
|
|
|
|
|
|
ok tb@
|
|
sixteen years.
ok millert@, tb@, sthen@
|
|
|
|
|
|
NetBSD also turn off this piece of code.
ok tb@
|
