| Age | Commit message (Collapse) | Author |
|---|
|
Thanks to Ben Maddison for helping create a test case
OK claudio@
|
|
OK deraadt@
|
|
Based on a diff from and ok dv@
|
|
viornd did not mask the descriptor value in the avialable ring
allowing guest values to read past the end of the descriptor table.
While here, change fatal to fatalx because errno is not set.
Reported by Ilja van Sprundel
ok mlarkin@
|
|
Guest can cause out of bounds read with a malformed descriptor. In same
loop, also fix a chunk size calculation.
Reported by Ilja van Sprundel.
ok mlarkin@
|
|
If {c,m}alloc fail, info could be NULL and result in NULL deref.
Reported by Ilja van Sprundel.
ok mlarkin@
|
|
Reported by Ilja van Sprundel.
ok mlarkin@
|
|
Used originally to aid dev. Unneeded.
ok mlarkin@
|
|
|
|
|
|
Change the default -w from 5 to 3 seconds, reducing the time it waits
for a response. John proposed using 1 second for this, but several
of us are familiar with networks where that would be likely to
remove hops, 3 seems reasonable and still saves 6 seconds on a
non-responding hop (there's always mtr if you need faster output).
Feedback from various, ok phessler@ kn@ florian@
|
|
|
|
From Scott Bennett, thanks!
|
|
ok claudio@
|
|
|
|
|
|
if all possible sources have been used to ta_fetch() this simplifies the
logic in the rsync and http done cases.
Additionally when -R is used, skip https URI and only connect via rsync.
If the TAL file has no rsync URI then the system will fall back to the
cache and not try https instead.
This makes -R a only use rsync flag.
With and OK job@
|
|
has a serial lower than what the client synced to last time. This could
happen if the CDN has a bad server that distributes old data.
Instead of falling back to a snapshot just ignore this case and consider
the repo synced. Hopefully the next run will bring everything back to normal.
OK job@ benno@
|
|
the sort of thing which should actually be used (a proper random string
rather than a common word, and especially not a common word that is the
default for much SNMP software). The example here is restricted to
127.0.0.1 but it's easy to adapt to something where it's more unsafe
so better not to give the example. ok martijn@
|
|
This caused listen on tcp lines to fail to parse.
OK sthen@
|
|
|
|
OK sthen
|
|
Suggested by schwarze@
|
|
This way we can have a global listen statement, but add an additional
listener on with different flags on specific interfaces (e.g. allow
snmpv2c on localhost for easier testing)
OK sthen@
|
|
This is a convenient shorthand for
listen on 0.0.0.0
listen on ::
and was already the default behaviour if no listen on statement is present.
This way it's easier to add additional listeners to the default (like trap
receivers).
Manpage feedback sthen@ schwarze@
Manpage OK jmc@
OK sthen@
|
|
Diff by jmc@, who can't commit right now.
Thanks.
|
|
The previous engineid was based aronud the engine boottime and a random
value, which gives problems when sending/receiving unacknowledged PDUs
(trapv2) over SNMPv3 with authentication enabled, which need a consistent
engineid across restarts to determine the correct user from the sender.
The new default engineid takes a sha256 hash (chosen for its longer output)
of gethostname(3) and places the first 27 bytes after the new format number
129. This should give us a very low probability of collisions, assuming
all machines have a unique name.
The other formats as specified in SNMP-FRAMEWORK-MIB (RFC3411) are also
supported as well as arbitrary formats in the range 128-255 for other
private enterprise numbers in hex format.
OK jmatthew@
|
|
- don't adjust the file object, just extract_to_fh
- for may_check_digest, explicitly pass the path instead of a file object
|
|
add $self->extract_to_fh, only for IsFile objects, so that they can be
written to a temporary file without needing to adjust the file object's name
|
|
- in both extract and tie, $self has the right file names
- move the possible creation of the directory into find_safe_dir (passing
state as the only parameter, since we have everything else in self), thus
getting rid of an XXX
should have zero effect on anything
|
|
such URI. The http client in rpki-client does not support http authentication
since it only accesses public websites.
OK jca@ job@
|
|
To work properly also a neighbor needs to be selected. The assumption
here is that the peer will use the same path-id for the same peer
accross all its routes. The RFC does not require this and it is valid
to assign path-ids randomly. The path-id only matters for one specific
path but most BGP implementations seem to assign the same path-id to
multiple routes when originated from the same source.
OK benno@
|
|
side of RFC7911 and the send portion will follow.
The path-id is extracted from the NLRI encoding an put into struct
prefix. To do this the prefix_by_peer() function gets a path-id
argument. If a session is not path-id enabled this argument will
be always 0. If a session is path-id enabled the value is taken
from the NLRI and can be anything, including 0. The value has no
meaning in itself. Still to make sure the decision process is able
to break a tie the path-id is checked as the last step (this is not
part of the RFC but required).
OK benno@
|
|
Practical experience on several machines after updates suggests the snmp
world isn't really ready for hmac-sha2-256, and the HMAC construction doesn't
require collision resistance (which is the weakness of MD5/SHA1; see e.g.
"New proofs for NMAC and HMAC: Security without collision-resistance",
Bellare 2014).
Feedback from martijn@ (who would prefer to keep using the sha2 hmac),
deraadt@, tb@.
|
|
|
|
and formats a bit nicer;
while here, wrap lines to <80;
|
|
Most other 2xx status codes are still not expected and therefor considered
an error. The GET requests issued by this code should not result in other
2xx result codes.
Also handle and ignore the 1xx Informational headers but again only 100
and 103 are handled and 101 Switching Protocols and 102 Processing are
not expected and are considered an error.
OK deraadt@
|
|
This may help to spot encoding errors a bit more easily.
|
|
|
|
bounce report.
From Erik Brens
|
|
also clean up a comment
OK tb@
|
|
This is a type-O that snuck in when merging traphandler into snmpe.
OK jmatthew@
|
|
OK jmatthew@
|
|
OK benno@
|
|
Ensure the maxLength is greater than or equal to the length of
the accompanying prefix, and less than or equal to the length
(in bits) of an IP address in the address family (32 for IPv4
and 128 for IPv6). The same checks are applied when reading VRPs
from configuration on disk.
OK claudio@
|
|
|
|
millert@ thinks its useful.
|
|
|
|
* maxLength may not be zero or negative
* maxLength can't be lower than the prefixlength of ip_addr
* maxLength can't be higher than the maximum prefix length
OK claudio@
|
|
|
