| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
fingerprints. Default changes from MD5 to SHA256 and format
from hex to base64.
Feedback and ok naddy@ markus@
|
|
and apropos(1) mode. While here, put a space character between
options and option arguments in error messages.
Both reported by Alessandro DE LAURENZIS <just22 dot adl at gmail dot com>.
|
|
- introduce explicit STORAGE classes for the shadow stack entries
- delay freeing definitions if they're in-use, keep them in a simple array.
okay millert@
|
|
ok schwarze@
|
|
1) rew_sub(): Make sure REWIND_MORE is acted upon even when followed by
REWIND_NONE. This prevents .It from ending up inside other children of .Bl.
2) blk_exp_close(): Only allow extension of .Bl when it has at least
one .It. Otherwise, a broken child block could be moved in front of
the .Bl, effectively resulting in a .Bl that ended before it began.
|
|
|
|
|
|
ok millert doug
|
|
by calling assert() when valid user input exceeds it is a bad idea.
Allocate the terminal font stack dynamically instead of crashing
above 10 entries. Issue found by jsg@ with afl.
|
|
It accepted invalid byte sequences like 0xc080-c1bf, 0xe08080-e09fbf,
0xeda080-edbfbf, and 0xf0808080-f08fbfbf, produced valid roff Unicode
escape sequences from them, and the algorithm contained strong
defenses against any attempt to fix it.
This cures an assertion failure in the terminal formatter caused
by sneaking in ASCII 0x08 (backspace) by "encoding" it as an (invalid)
multibyte UTF-8 sequence, found by jsg@ with afl.
As a bonus, the new algorithm also reduces the code in the function
by about 20%.
|
|
|
|
"openssl dgst".
feedback/ok jmc@
|
|
MaxAuthTries; ok deraadt@
|
|
Fixes an assertion found by jsg@ with afl.
|
|
ok schwarze
|
|
the first .It. Otherwise, move it out together with whatever
follows. Fixing an assertion failure found by jsg@ with afl.
|
|
macro (for example .Xo) and never closed again, the item ends up
without a body block. This can even happen for list types that
usually don't have heads in the first place. So even in this
case, check for the existence of the body before accessing it.
NULL pointer access found by jsg@ with afl.
|
|
Found by jsg@ with afl.
|
|
already closed. In this respect, also consider lists closed
that have broken another block, their closure pending until the
end of the broken block. This avoids syntax tree corruption
leading to a NULL pointer access found by jsg@ with afl.
|
|
as the first man(1) command line argument without -s:
Accept digits like "1", "2"; digit+letter like "3p", "1X"; and "n".
Issue reported by Svyatoslav Mishyn <juef at openmailbox dot org> (Crux Linux).
|
|
would abort the table in an unclean way, causing assertion failures
found by jsg@.
|
|
and change the name of \(-~ to \(|= to agree with groff;
difference found by Carsten dot Kunze at arcor dot de
|
|
legitiate use of this is to set the sender name which should be
handled specifically by a different option.
|
|
address expansion and document it. Previously, this behavior was
always enabled. Also document how address expansion is performed,
which used to only be described in the (no longer installed) Mail
Reference Manual. CVE-2014-7844
|
|
echo command for expansion which could result in arbitrary command
execution. CVE-2004-2771
|
|
just like explicit block macros themselves.
Fixing an assertion failure jsg@ found with afl.
|
|
but ends without the final delimiter, the parse point was advanced
one character too far and the invalid pointer returned to the
caller of roff_parseln(). Later use could potentially advance
the pointer even further and maybe even write to it.
Fixing a buffer overrun found by jsg@ with afl (the most severe so far).
|
|
Avoids a crash in strftime() found with the afl fuzzer.
ok guenther@
|
|
character of input, treat it as false, do not retry it as a string
comparison condition. This also fixes a read buffer overrun that
happened when the numerical condition advanced to the end of the
input line before erroring out, found by jsg@ with afl.
|
|
When negated, they still count as false.
Found when investigating crashes jsg@ found with afl.
Not completely fixing the crashes yet.
|
|
|
|
reported by Carsten dot Kunze at arcor dot de
|
|
show the open(n) Tcl manual, as documented in man(1). Issue reported
by Svyatoslav Mishyn <juef at openmailbox dot org> (Crux Linux).
|
|
|
|
patch from Jan Stary <hans at stare dot cz> some time ago.
|
|
|
|
Michael Graczyk.
|
|
|
|
and ctime presentation, but combined with the numeric form ala 0<"root">.
Do username and groupname presentation on syscall arguments and retvals.
ok millert@ otto@
|
|
OK krw@ naddy@ sthen@ "commit it now" deraadt@
I won't remove the files in src/usr.bin/man, such that we can quickly
switch back in case a problem is found.
|
|
|
|
EC_GROUP_free() all have implicit NULL checks.
|
|
|
|
Prevents arbitrary ed command executions in following lines.
ok millert
|
|
|
|
Do not show bogus quotes when .Bl -column phrases are quoted.
|
|
case of out of memory conditions, Plan B can step in. In many cases, NULL
value is not properly handled, so use xstrdup here (it's outside Plan A/B
patching, which means that even Plan B relies on successful operations).
|
|
of a diff from Sebastien Marie to prevent a crash found by Sebastien
with the afl fuzzer.
|
