Age | Commit message (Collapse) | Author |
|
descriptor keeps CLOEXEC flag then it will be closed unexpectedly by
exec().
ok tedu florian
|
|
larger types really is a range reduction...
Almost any cast to (unsigned) is a bug.
ok millert tb benno
|
|
results in a warning. Use either the original string value or use a cast.
This makes both clang and gcc happy.
OK guenther@
|
|
|
|
Found via snmpctl snmp walk 127.0.0.1 oid 1
OK claudio@
|
|
|
|
(and other lexers too)
This commit rectifies earlier change:
in the lex... even inside quotes, a \ followed by space or tab should
expand to space or tab, and a \ followed by newline should be ignored
(as a line continuation). compatible with the needs of hoststated
(which has the most strict quoted string requirements), and ifstated
(where one commonly does line continuations in strings).
OK deraadt@, OK millert@
|
|
"looks good" gilles@ halex@
|
|
OK millert@ gsoares@
|
|
|
|
ok claudio@
|
|
possible stack overflow due to recursion in ber_free_elements().
ok claudio@
|
|
ok claudio@
|
|
ok claudio@
|
|
This way the size is the same on all archs and 32bit should be good enough.
OK rob@
|
|
api uses read and write buffers (byte streams) that are utilized by calling
applications which may or may not use sockets.
ok claudio@
buffer byte streams that applications then use for
|
|
ok claudio@, jca@
|
|
out of memory log_warn(). i.e. ("%s", __func__) instead of manual
function names and redundant verbiage about which wrapper detected the
out of memory condition.
ok henning@
|
|
calloc or strdup), we just need to log that we ran out of memory in a
particular function.
Recommended by florian@ and deraadt@
ok benno@ henning@ tb@
|
|
After the removal of fd-based read/writes I could have trimmed the code
further.
- no socket-based reads so ber_read() doesn't need to loop until it gets
the desired amount of data
- return either the requested amount of data or -1/ECANCELED, the caller
shouldn't have to handle partial reads itself
- inline ber_readbuf() into ber_read()
ok rob@ claudio@ tb@
|
|
running out of memory.
Next step, be correct *and* consistent.
ok dennis@ tb@ benno@ schwarze@
|
|
|
|
|
|
can call ber_readbuf() in all cases. This resolves a problem previously
encountered with SNMPv3 authentication, simplifies the code, and completes a
full synchronization of all ber instances.
Proposed by claudio@. Problematic use case in snmpd tested by sthen@ and me.
ldap(s) appear happy as well.
looks good to claudio@
|
|
Ok benno@
|
|
See usr.sbin/snmpd/ber.c revision 1.24 commit log for a summary of these
changes (e.g. SNMPv2 traps, User-based Security Model, callback for USM HMAC
calculations).
There is one final ber piece to copy from the snmpd instance related to
ber_getc() which will be done in a separate diff.
"looks good to me" deraadt@
|
|
|
|
Ok reyk@
|
|
with snmpd. More tweaks to come once things are fully synchronized.
Feedback from claudio and Robert Klein.
Ok claudio@
|
|
OK jca@
|
|
passwords. A similar fix was applied to snmpd in 2010 (rev 1.23).
Pointers from Reyk.
Ok claudio@
|
|
Thanks to otto@ for the initial diff.
OK benno@
|
|
OK jmatthew@
|
|
ldapd failed when the specified limits were reached instead of
exceeded. This fixes search queries that define such a limit, for
example with "ldapsearch -z 1".
Thanks to Christophe Simon for the bug report, analysis, and fix!
OK jmatthew@
|
|
OK benno@ jmatthew@
|
|
Pointed out by jmc@
|
|
This can be used to allow users to change their password (and a few
other things) but not their entire dn. For example:
allow read access to any by self
allow write access to any attribute userPassword by self
This is currently only supported for "write" (modify, add, delete) and
not "read" (search) filter rules.
OK jmatthew@
|
|
ok benno@
|
|
Delete a bunch of unnecessary #includes and sort to match style(9)
while doing the above cleanup.
ok deraadt@ krw@
|
|
This mechanism is already unused and annotated with lots of XXX's, no
need to keep it around. ok claudio@
|
|
Off-by-one pointed out by and diff from Kris Katterjohn katterjohn AT
gmail, thanks!
chris@ pointed out that more than httpd(8) is effected.
OK gilles@
|
|
OK gsoares who says that he forgot about the same diff for months and
that millert@ had OK'ed it.
|
|
has already read the buffer from kernel to user land. I have blindly
copied this code from libevent for syslogd(8) TLS, remove it together
with the bug. It caused hangs in ldapd(8).
report, analysis, testing, OK Seiya Kawashima, Robert Klein, gsoares@
|
|
Fixing the CHECK_RANGE macro in r1.4 revealed that the seconds check
accidentally relied on the macro being broken. While looking into this I
noticed that the timezone check was also wrong, treating the timezone as
optional for generalized times.
investigation and diff mostly by Seiya Kawashima.
|
|
Reported and initial diagnosis from Allan Streib, help/ok millert deraadt
|
|
needs to use "do {} while 0" idiom; all callers need repair also.
Discovered by jsg
|
|
OK jmatthew
|
|
warn with the same severity. Switch log_warn() to LOG_ERR and keep
fatal() at LOG_CRIT.
OK reyk@ florian@
|
|
4k read buffer. This can hang ldapd(8). Setting both to 16k
improves the situation.
report Seiya Kawashima; feedback Robert Klein; test and OK gsoares@
|
|
|