| Age | Commit message (Collapse) | Author |
|---|
|
Pointed out by Michael McConville
|
|
ok deraadt@
|
|
|
|
ok benno
|
|
drop the reply messages when "check icmp" is used with many hosts.
ok reyk benno
|
|
ok millert krw
|
|
|
|
protocols would be ignored, reported and fixed by J. Fischer (lists
-AT- mistrust -DOT- net) and reminded by (trondd -AT- kagu-tsuchi -DOT-
com), thanks!
ok deraadt@
|
|
|
|
ok jmc@
|
|
|
|
allows snmpd to properly handle ping messages from agentx subagents
ok reyk@
|
|
we would consume large ammounts of memory.
Found by Matthew Martin <matt DOT a DOT martin AT gmail DOT com> in
httpd, fixed in httpd by florian@
feedback from florian, reyk and bluhm, ok bluhm, reyk
|
|
the states that Claudio introduced. No functional change.
OK claudio@ benno@
|
|
Pointed out by Markus Elfring
OK mikeb@ millert@
|
|
to better track the connection state of a session and stops doing double
opens in certain situations using http relays. Using a state field to
simplify the logic since relay_connect() is called multiple times.
OK benno@, bluhm@ and running in production for more than a week
|
|
is non-portable. Also add missing asprintf() return value checks.
OK deraadt@ guenther@ doug@
|
|
|
|
returning early the key and value memory got leaked on HTTP header kvs
since their type was never set.
OK benno@
|
|
|
|
process on shutdown.
Found while working on tame(2).
OK benno@
|
|
ok reyk@
|
|
client or server writes multiple requests or chunks in a single
transfer, relayd invokes the libevent callback manually for the
next data. If the callback closes the session, this resulted in
an use after free.
Instead of the more complicated fix suggested by Bertrand PROVOST,
just move the invocation of the callback to the end of the function.
So in case the callback frees any structures, they are not accessed.
OK benno@ reyk@
|
|
second line is a key-value header. So you cannot append to the
previous key-value before line three. Also reset the last header
when all headers are purged to avoid a use after free.
OK benno@ reyk@
|
|
Pointed out by Alex Greif
OK jmc@
|
|
from trondd
|
|
- fix a TAILQ corruption because of a use after free
- do not reinit the SSL engine since that fails
OK sthen, benno
|
|
parsig the HTTP header, the session was never destroyed. This
resulted in a file descriptor leak.
Add a check wether the protocol knows how much data to expect. If
relayd is reading unlimited data or is expecting nothing to read,
ignore the end-of-file. Otherwise it is a protocol violation, so
close the session immediately.
While there, make relayd compile with DEBUG defined.
Based on a diff from claudio@; tested by claudio@; OK claudio@ benno@
|
|
se_log evbuffer.
(Same problem as the one just fixed in httpd(8))
OK benno
|
|
|
|
ok benno@
|
|
OK krw@ benno@
Based on revision 1.66 of usr.sbin/httpd/parse.y:
Make httpd TLSv1.2-only by default. Some older browsers, like IE 10,
will be incompatible with this change. We do this early in the
release cycle, so there is a good chance to get more experience with
the impact of it and the upcoming restricted cipher modes.
OK jsing@ deraadt@ benno@ bmercer@ krw@ florian@
|
|
OK henning@
|
|
for developers, not sysadmins
original diff from yasuoka@
|
|
As discussed with beck@ jsing@ and others
OK beck@
|
|
manual review. Based on common practice, relayd.h now includes the
necessary headers for itself.
OK benno@
|
|
|
|
Repeat after me: "Lines are not longer than 80 characters long" and
"mg(1) is the only true editor, I'll use ESC-q to wrap the lines".
|
|
the internal and long-serving ssl_ctx_load_verify_memory() function
with a call to the SSL_CTX_load_verify_mem() API function. The
ssl_privsep.c file with hacks for using OpenSSL in privsep'ed
processes can now go away; portable versions of smtpd and relayd
should start depending on LibreSSL or they have to carry ssl_privsep.c
in openbsd-compat to work with legacy OpenSSL. No functional change.
Based on previous discussions with gilles@ bluhm@ and many others
OK bluhm@ (as part of the libcrypto/libssl/libtls diff)
|
|
ports is ready, <net/pfvar.h> will stop including a pile of balony.
|
|
is no need to keep a local copy in ssl_privsep.c. This adds a little
burden on OpenSMTPD-portable because it will have to put it in
openbsd-compat for compatibility with legacy OpenSSL.
OK gilles@
|
|
ok millert
|
|
using the name of relayd relay or smtpd pki, use a 32 byte arc4random
buffer that should be unique for the context. This fixes an issue in
OpenSMTPD when a long pki name could break the configuration.
OK gilles@ benno@
|
|
|
|
ok reyk@
|
|
Date: from asctime to the preferred HTTP/1.1 format, and use the
popular "Comic Sans" style (can be changed in the configuration).
|
|
OK validator.w3.org (This document was successfully checked as HTML5!)
|
|
|
|
|
|
in redirections. Thanks for help and input from jsg and yasuoka who
reminded me to dig out and update these old diffs for pf and relayd.
ok jsg@
|
