summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2014-01-03Do not raise the securelevel when transitioning from catatonia toTodd C. Miller
multiuser since we are not actually going multiuser. Fixes a problem where the securelevel was raised for rc.shutdown even when reboot was run from single user mode. OK deraadt@
2013-12-30Do not leak symtab fd (if at fd limit might even prevent correct operation)Theo de Raadt
from Loganaden Velvindron
2013-12-30Replace yet another hand-rolled list with a TAILQ. reject_list thisKenneth R Westerback
time.
2013-12-28Remove unused variable 'token'. Spotted by deraadt@Kenneth R Westerback
2013-12-27from netbsd, free(bbp) in error paths. Coverity CID 274748.Theo de Raadt
via Loganaden Velvindron
2013-12-22Setting format id to 't' when it's already 't' is a waste ofKenneth R Westerback
time.
2013-12-22No need to change format id 'X' (ascii or hex) to 'x' (hex) whileKenneth R Westerback
pretty printing, when 'X' is not used in the next switch statement. Just keep 'X'. Makes the code a touch less mysterious.
2013-12-22Don't look for two semi-colons when encountering an unrecognizedKenneth R Westerback
statement in dhclient.conf.
2013-12-21Introduce pretty_print_string() and use for printing both textKenneth R Westerback
valued options and previously snprintf()'d filename and servername lease attributes. Should fix "string constant too long" errors when reading back a lease with filename or servername attributes with escaped characters. Reported by Rivo Nurges.
2013-12-18Code existed to print non-printable characters in strings writtenKenneth R Westerback
to the leases file. No code existed to correctly read back the strings so written. Redo both sides and use vis()/strnunvis() instead of handrolling more parsing. As a side-effect allow embedded NUL characters rather than skipping them.
2013-12-17Xr mount_tmpfs, trivial ok deraadt@Marc Espie
2013-12-15Update timestamps in 'effective' lease before printing out theKenneth R Westerback
lease.
2013-12-14enable tmpfs so it gets tested some more.Marc Espie
okay kettenis@, martin@, beck@, krw@, tedu@, millert@
2013-12-14Start cleanup/fixup of pretty printing of option data. Use snprintf()Kenneth R Westerback
exclusively and thus simplify error checking/overflow detection. Bail out when unknown format character found. Don't ignore last character if it's unprintable. Print embedded NULs rather than ignoring them.
2013-12-14When cloning leases remember to clone address, next_server andKenneth R Westerback
resolv_conf fields. Makes 'effective' lease written by '-L' a bit more useful.
2013-12-12Delete spurious blank line.Kenneth R Westerback
2013-12-12Eliminate (most) double decrements of remaining space in the prettyKenneth R Westerback
print buffer. Use consistant idiom to increment pointer to data being consumed, instead of hiding some increments.
2013-12-12Assemble outgoing packets using iovec to combine the (optional)Kenneth R Westerback
ethernet header, the ip header, the udp header and the packet. Rather than manually concatenating the headers and then using iovec to bundle in the packet. Eliminates some memcpy()s and convoluted data copying.
2013-12-11Stray memcpy() using src size.Kenneth R Westerback
2013-12-10Oops. Missed file.Kenneth R Westerback
Rework [priv_]write_file() and associated struct imsg_write_file to use imsg_composev() rather than allocating memory, copying data into it, and then passing it to imsg_compose() to copy data again into imsg buffer. ok pelikan@
2013-12-10Rework [priv_]write_file() and associated struct imsg_write_fileKenneth R Westerback
to use imsg_composev() rather than allocating memory, copying data into it, and then passing it to imsg_compose() to copy data again into imsg buffer. ok pelikan@
2013-12-09Refactor processing of classless static routes option (121). AddKenneth R Westerback
more data validation, reduce magic number count, shorter parameter name, reduce mem*() usage, etc.
2013-12-09distingush between sa_msgid not set and 0; otherwise we startMarkus Friedl
dropping messages if we usually are the initiator and the peer initiates rekeying first. ok mikeb@
2013-12-08Reduce in_addr memcpy() dances by simply using assignments where the sourceKenneth R Westerback
variable has been copied to [cm]alloc'ed memory and thus properly aligned.
2013-12-06Having stopped pretending we handle anything but ethernet packets,Kenneth R Westerback
replace the 'struct hardware' abstraction layer and use 'struct ether_addr' where hardware addresses are of interest. ok matthew@, confirmed by reyk@ not to impact DHCP-over-IPSec support.
2013-12-05Stop pretending we still support FDDI or token ring hardware types.Kenneth R Westerback
idea ok deraadt@ matthew@
2013-12-05Use destination size as size of memcpy(). Use <in_addr> rather thanKenneth R Westerback
<in_addr>.s_addr to shorten code. ok deraadt@ matthew@ as part of larger diff
2013-12-05Nuke local #define ETHER_HEADER_SIZE and use the identical value'dKenneth R Westerback
ETHER_HDR_LEN from if_ether.h. dhclient change ok matthew@ as part of larger diff.
2013-12-04When we receive a /32 IP address assignment, mimick ISC DHCP by addingMatthew Dempsky
a direct route for the default gateway IP with equivalent to route add -net $gw -netmask 255.255.255.255 -cloning -iface $myip so that the subsequent route add default $gw can succeed. Magic route(8) incantation thanks to claudio. Tested successfully on Compute Engine. Committing now so additional testing/discussion can happen in-tree. Discussed with deraadt, krw, claudio.
2013-12-04Oops. Missed a chunk. Give up on classless static routes ifKenneth R Westerback
size of mask is > 4 bytes. Don't keep looping on the data hoping it gets better.
2013-12-04More memcpy() stylistic repairs and size checks.Kenneth R Westerback
2013-12-04Be more careful to ensure memcpy'd data will fit.Kenneth R Westerback
Potential problems pointed out by matthew@.
2013-12-04Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup.Mike Belopuhov
Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus.
2013-12-03never cast to sockaddr_storage, always cast to the abstract 'class' sockaddrMarkus Friedl
this fixes an out-of-bounds-memcpy in pfkey_process(); ok mikeb@
2013-12-01Make ifconfig scan show the nwid, channel, and bssid for IBSS networks.Stefan Sperling
These were only shown for access points, so getting useful information about IBSS networks in the area was somewhat difficult. ok deraadt
2013-11-28mark replaced flows as 'not loaded'; this can happen if bothMarkus Friedl
sides negotiate the same flow, but only one flow is active in the kernel; ok mikeb@
2013-11-28don't leak duplicate flows; ok mikeb@Markus Friedl
2013-11-28drop duplicate requestsMarkus Friedl
otherwise IKE_AUTH requests might be accepted twice, leading to TWO child-SAs with the same remote SPI, but different local SPIs, leading to corrupt child-SA tables. with & ok mikeb@
2013-11-28document sa_msgid & sa_reqid; ok mikeb@Markus Friedl
2013-11-28sa_lookup: don't compare with sh_rspi if rspi is not setMarkus Friedl
otherwise this can happen: initiator retransmits SA_INIT with rspi of zero, sa_lookup for responder fails, and it creates a new SA, that cannot be inserted in the SA tree
2013-11-28sa_new(): discard & free duplicate IKESAs; ok mibek@Markus Friedl
2013-11-28include hexdump in debug output only for -vvv; ok mikeb@Markus Friedl
2013-11-28support raw pubkey authentication w/o x509 certificates;Markus Friedl
mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
2013-11-25use u_char for buffers in yylex, for ctype callsSebastian Benoit
found by millert@, from deraadt@
2013-11-25use u_char for buffers in yylex, for ctype callsSebastian Benoit
found by millert@, ok deraadt@
2013-11-22Kirk was being waaaay too chummy with the compiler when he trustedPhilip Guenther
it to not optimize away a comparison against NULL-1. Add (unsigned char) casts for some ctype calls. Teach fsck_ext2fs about MAXPARTITIONS, letting it operate on partitions 'i' through 'p'. ok deraadt@ millert@ otto@
2013-11-22Whole bunch of (unsigned char) casts carefully added for ctype calls.Theo de Raadt
Careful second audit by millert
2013-11-22Whole bunch of (unsigned char) casts carefully added for ctype calls.Theo de Raadt
Careful second audit by millert
2013-11-21Keep the flow until last IPsec SA is deleted, if the flow is shared byYASUOKA Masahiko
multiple IPsec SAs in NAT-T case. This fixes a problem that L2TP/IPsec connections are disconnected improper in case multiple Windows clients are connected from behind one NAT. ok markus
2013-11-21Make the bit string u_char * in print_bits(). In practice weTodd C. Miller
shouldn't have chars > 127 in these but it is better not to assume this. OK deraadt@