www: Move horizontal rule and update year
Hi Going back a few versions, it seems this hr was used to separate the past from the future. So put it back in the right place. While here also correct the year for future events, or should that be replaced by "None currently scheduled"? Best, Martin diff --git a/events.html b/events.html index a10a3e50a..1d3f0fd65 100644 --- a/events.html +++ b/events.html @@ -40,7 +40,9 @@ like-minded people. Future events: -2022 +2023 + + Past events: @@ -94,8 +96,6 @@ Sep 15-18, 2022, Vienna, Austria - -
pf.conf(5): document new anchors limit
Hi This is a diff to document the new anchors limit in pf.conf(5). I inserted it as second-to-last item, as the following paragraph talks about NMBCLUSTERS. While here: Is the double entry for table-entries intentional? Best, Martin Index: pf.conf.5 === RCS file: /cvs/src/share/man/man5/pf.conf.5,v retrieving revision 1.596 diff -u -p -r1.596 pf.conf.5 --- pf.conf.5 27 May 2022 15:45:02 - 1.596 +++ pf.conf.5 21 Jul 2022 17:00:53 - @@ -1287,6 +1287,7 @@ has the following defaults: .It tables Ta Dv PFR_KTABLE_HIWAT Ta Pq 1000 .It table-entries Ta Dv PFR_KENTRY_HIWAT Ta Pq 20 .It table-entries Ta Dv PFR_KENTRY_HIWAT_SMALL Ta Pq 10 +.It anchors Ta Dv PF_ANCHOR_HIWAT Ta Pq 512 .It frags Ta Dv NMBCLUSTERS Ns /32 Ta Pq platform dependent .El .Pp
ypconnect(2): mention correct return value
Hi While looking at the recent YP changes I noticed that the RETURN VALUES section of the man page is incorrect. Here is an update (I just copied the text from socket(2) and adjusted the function name). Best, Martin Index: ypconnect.2 === RCS file: /cvs/src/lib/libc/sys/ypconnect.2,v retrieving revision 1.2 diff -u -p -r1.2 ypconnect.2 --- ypconnect.2 17 Jul 2022 05:48:26 - 1.2 +++ ypconnect.2 21 Jul 2022 17:08:57 - @@ -45,7 +45,12 @@ general purpose. .Nm is only intended for use by internal libc YP functions. .Sh RETURN VALUES -.Rv -std +If successful, +.Fn ypconnect +returns a non-negative integer, the socket file descriptor. +Otherwise, a value of \-1 is returned and +.Va errno +is set to indicate the error. .Sh ERRORS .Fn ypconnect will fail if:
Re: ssh-add(1): fix NULL in fprintf
ping, diff attached
On Mon, May 16, 2022 at 09:21:42PM +0200, Martin Vahlensieck wrote:
> Hi
>
> What's the status on this? Anthing required from my side? I have
> reattached the patch (with the changes Theo suggested).
>
> Best,
>
> Martin
>
> On Mon, May 09, 2022 at 08:39:38PM +0200, Martin Vahlensieck wrote:
> > On Mon, May 09, 2022 at 10:42:29AM -0600, Theo de Raadt wrote:
> > > Martin Vahlensieck wrote:
> > >
> > > > if (!qflag) {
> > > > - fprintf(stderr, "Identity removed: %s %s (%s)\n", path,
> > > > - sshkey_type(key), comment);
> > > > + fprintf(stderr, "Identity removed: %s %s%s%s%s\n", path,
> > > > + sshkey_type(key), comment ? " (" : "",
> > > > + comment ? comment : "", comment ? ")" : "");
> > >
> > > this is probably better as something like
> > >
> > > > - fprintf(stderr, "Identity removed: %s %s (%s)\n", path,
> > > > - sshkey_type(key), comment ? comment : "no comment");
> > >
> > > Which has a minor ambiguity, but probably harms noone.
> > >
> >
> > Index: ssh-add.c
> > ===
> > RCS file: /cvs/src/usr.bin/ssh/ssh-add.c,v
> > retrieving revision 1.165
> > diff -u -p -r1.165 ssh-add.c
> > --- ssh-add.c 4 Feb 2022 02:49:17 - 1.165
> > +++ ssh-add.c 9 May 2022 18:36:54 -
> > @@ -118,7 +118,7 @@ delete_one(int agent_fd, const struct ss
> > }
> > if (!qflag) {
> > fprintf(stderr, "Identity removed: %s %s (%s)\n", path,
> > - sshkey_type(key), comment);
> > + sshkey_type(key), comment ? comment : "no comment");
> > }
> > return 0;
> > }
> > @@ -392,7 +392,7 @@ add_file(int agent_fd, const char *filen
> > certpath, filename);
> > sshkey_free(cert);
> > goto out;
> > - }
> > + }
> >
> > /* Graft with private bits */
> > if ((r = sshkey_to_certified(private)) != 0) {
>
> Index: ssh-add.c
> ===
> RCS file: /cvs/src/usr.bin/ssh/ssh-add.c,v
> retrieving revision 1.165
> diff -u -p -r1.165 ssh-add.c
> --- ssh-add.c 4 Feb 2022 02:49:17 - 1.165
> +++ ssh-add.c 9 May 2022 18:36:54 -
> @@ -118,7 +118,7 @@ delete_one(int agent_fd, const struct ss
> }
> if (!qflag) {
> fprintf(stderr, "Identity removed: %s %s (%s)\n", path,
> - sshkey_type(key), comment);
> + sshkey_type(key), comment ? comment : "no comment");
> }
> return 0;
> }
> @@ -392,7 +392,7 @@ add_file(int agent_fd, const char *filen
> certpath, filename);
> sshkey_free(cert);
> goto out;
> - }
> + }
>
> /* Graft with private bits */
> if ((r = sshkey_to_certified(private)) != 0) {
>
Index: ssh-add.c
===
RCS file: /cvs/src/usr.bin/ssh/ssh-add.c,v
retrieving revision 1.165
diff -u -p -r1.165 ssh-add.c
--- ssh-add.c 4 Feb 2022 02:49:17 - 1.165
+++ ssh-add.c 9 May 2022 18:36:54 -
@@ -118,7 +118,7 @@ delete_one(int agent_fd, const struct ss
}
if (!qflag) {
fprintf(stderr, "Identity removed: %s %s (%s)\n", path,
- sshkey_type(key), comment);
+ sshkey_type(key), comment ? comment : "no comment");
}
return 0;
}
@@ -392,7 +392,7 @@ add_file(int agent_fd, const char *filen
certpath, filename);
sshkey_free(cert);
goto out;
- }
+ }
/* Graft with private bits */
if ((r = sshkey_to_certified(private)) != 0) {
Re: ssh-add(1): fix NULL in fprintf
Hi
What's the status on this? Anthing required from my side? I have
reattached the patch (with the changes Theo suggested).
Best,
Martin
On Mon, May 09, 2022 at 08:39:38PM +0200, Martin Vahlensieck wrote:
> On Mon, May 09, 2022 at 10:42:29AM -0600, Theo de Raadt wrote:
> > Martin Vahlensieck wrote:
> >
> > > if (!qflag) {
> > > - fprintf(stderr, "Identity removed: %s %s (%s)\n", path,
> > > - sshkey_type(key), comment);
> > > + fprintf(stderr, "Identity removed: %s %s%s%s%s\n", path,
> > > + sshkey_type(key), comment ? " (" : "",
> > > + comment ? comment : "", comment ? ")" : "");
> >
> > this is probably better as something like
> >
> > > - fprintf(stderr, "Identity removed: %s %s (%s)\n", path,
> > > - sshkey_type(key), comment ? comment : "no comment");
> >
> > Which has a minor ambiguity, but probably harms noone.
> >
>
> Index: ssh-add.c
> ===
> RCS file: /cvs/src/usr.bin/ssh/ssh-add.c,v
> retrieving revision 1.165
> diff -u -p -r1.165 ssh-add.c
> --- ssh-add.c 4 Feb 2022 02:49:17 - 1.165
> +++ ssh-add.c 9 May 2022 18:36:54 -
> @@ -118,7 +118,7 @@ delete_one(int agent_fd, const struct ss
> }
> if (!qflag) {
> fprintf(stderr, "Identity removed: %s %s (%s)\n", path,
> - sshkey_type(key), comment);
> + sshkey_type(key), comment ? comment : "no comment");
> }
> return 0;
> }
> @@ -392,7 +392,7 @@ add_file(int agent_fd, const char *filen
> certpath, filename);
> sshkey_free(cert);
> goto out;
> - }
> + }
>
> /* Graft with private bits */
> if ((r = sshkey_to_certified(private)) != 0) {
Index: ssh-add.c
===
RCS file: /cvs/src/usr.bin/ssh/ssh-add.c,v
retrieving revision 1.165
diff -u -p -r1.165 ssh-add.c
--- ssh-add.c 4 Feb 2022 02:49:17 - 1.165
+++ ssh-add.c 9 May 2022 18:36:54 -
@@ -118,7 +118,7 @@ delete_one(int agent_fd, const struct ss
}
if (!qflag) {
fprintf(stderr, "Identity removed: %s %s (%s)\n", path,
- sshkey_type(key), comment);
+ sshkey_type(key), comment ? comment : "no comment");
}
return 0;
}
@@ -392,7 +392,7 @@ add_file(int agent_fd, const char *filen
certpath, filename);
sshkey_free(cert);
goto out;
- }
+ }
/* Graft with private bits */
if ((r = sshkey_to_certified(private)) != 0) {
libcrypto/err_prn.c: skip BIO*
Hi
As far as I can tell, this ends up calling vprintf eventually, so
skip the steps inbetween.
Best,
Martin
Index: err_prn.c
===
RCS file: /home/reposync/cvs/src/lib/libcrypto/err/err_prn.c,v
retrieving revision 1.19
diff -u -p -r1.19 err_prn.c
--- err_prn.c 7 Jan 2022 09:02:18 - 1.19
+++ err_prn.c 7 Jan 2022 16:13:48 -
@@ -92,12 +92,7 @@ ERR_print_errors_cb(int (*cb)(const char
static int
print_fp(const char *str, size_t len, void *fp)
{
- BIO bio;
-
- BIO_set(, BIO_s_file());
- BIO_set_fp(, fp, BIO_NOCLOSE);
-
- return BIO_printf(, "%s", str);
+ return fprintf(fp, "%s", str);
}
void
apply(1): constify two arguments
Index: apply.c
===
RCS file: /cvs/src/usr.bin/apply/apply.c,v
retrieving revision 1.29
diff -u -p -r1.29 apply.c
--- apply.c 1 Apr 2018 17:45:05 - 1.29
+++ apply.c 12 May 2022 21:14:04 -
@@ -54,7 +54,7 @@ char *str;
size_t sz;
void
-stradd(char *p)
+stradd(const char *p)
{
size_t n;
@@ -73,7 +73,7 @@ stradd(char *p)
}
void
-strset(char *p)
+strset(const char *p)
{
if (str != NULL)
str[0] = '\0';
Re: ssh-add(1): fix NULL in fprintf
On Mon, May 09, 2022 at 10:42:29AM -0600, Theo de Raadt wrote:
> Martin Vahlensieck wrote:
>
> > if (!qflag) {
> > - fprintf(stderr, "Identity removed: %s %s (%s)\n", path,
> > - sshkey_type(key), comment);
> > + fprintf(stderr, "Identity removed: %s %s%s%s%s\n", path,
> > + sshkey_type(key), comment ? " (" : "",
> > + comment ? comment : "", comment ? ")" : "");
>
> this is probably better as something like
>
> > - fprintf(stderr, "Identity removed: %s %s (%s)\n", path,
> > - sshkey_type(key), comment ? comment : "no comment");
>
> Which has a minor ambiguity, but probably harms noone.
>
Index: ssh-add.c
===
RCS file: /cvs/src/usr.bin/ssh/ssh-add.c,v
retrieving revision 1.165
diff -u -p -r1.165 ssh-add.c
--- ssh-add.c 4 Feb 2022 02:49:17 - 1.165
+++ ssh-add.c 9 May 2022 18:36:54 -
@@ -118,7 +118,7 @@ delete_one(int agent_fd, const struct ss
}
if (!qflag) {
fprintf(stderr, "Identity removed: %s %s (%s)\n", path,
- sshkey_type(key), comment);
+ sshkey_type(key), comment ? comment : "no comment");
}
return 0;
}
@@ -392,7 +392,7 @@ add_file(int agent_fd, const char *filen
certpath, filename);
sshkey_free(cert);
goto out;
- }
+ }
/* Graft with private bits */
if ((r = sshkey_to_certified(private)) != 0) {
ssh-add(1): fix NULL in fprintf
Hi
When removing an identity from the agent using the private key file,
ssh-add first tries to find the public key file. If that fails,
it loads the public key from the private key file, but no comment
is loaded. This means comment is NULL when it is used inside
delete_one to print `Identity removed: ...'
Below is a diff which only prints the braces and the comment if it
is not NULL. Something similar is done in ssh-keygen.c line
2423-2425.
So with the following setup:
$ ssh-keygen -t ed25519 -f demo -C demo -N ''
$ mv demo.pub demo_pub
$ ssh-add demo
Identity added: demo (demo)
Before:
$ ssh-add -d demo
Identity removed: demo ED25519 ((null))
$ tail -n 1 /var/log/messages
May 9 18:15:53 demo ssh-add: vfprintf %s NULL in "Identity removed: %s %s
(%s) "
After:
$ ssh-add -d demo
Identity removed: demo ED25519
Best,
Martin
P.S.: While here remove a trailing space as well.
Index: ssh-add.c
===
RCS file: /cvs/src/usr.bin/ssh/ssh-add.c,v
retrieving revision 1.165
diff -u -p -r1.165 ssh-add.c
--- ssh-add.c 4 Feb 2022 02:49:17 - 1.165
+++ ssh-add.c 9 May 2022 16:04:14 -
@@ -117,8 +117,9 @@ delete_one(int agent_fd, const struct ss
return r;
}
if (!qflag) {
- fprintf(stderr, "Identity removed: %s %s (%s)\n", path,
- sshkey_type(key), comment);
+ fprintf(stderr, "Identity removed: %s %s%s%s%s\n", path,
+ sshkey_type(key), comment ? " (" : "",
+ comment ? comment : "", comment ? ")" : "");
}
return 0;
}
@@ -392,7 +393,7 @@ add_file(int agent_fd, const char *filen
certpath, filename);
sshkey_free(cert);
goto out;
- }
+ }
/* Graft with private bits */
if ((r = sshkey_to_certified(private)) != 0) {
ssh: sshkey.c: reduce code duplication
Hi
I noticed that sshkey_unshield_private contains a exact duplicate
of the code in private2_check_padding. So by pulling
private2_check_padding up, the code can be reused. Or is there
a reason for this split?
Best,
Martin
P.S.: This diff also removes two trailing spaces while here.
Index: sshkey.c
===
RCS file: /home/reposync/cvs/src/usr.bin/ssh/sshkey.c,v
retrieving revision 1.120
diff -u -p -r1.120 sshkey.c
--- sshkey.c6 Jan 2022 22:05:42 - 1.120
+++ sshkey.c4 May 2022 19:12:16 -
@@ -2079,14 +2079,38 @@ sshkey_shield_private(struct sshkey *k)
return r;
}
+/* Check deterministic padding after private key */
+static int
+private2_check_padding(struct sshbuf *decrypted)
+{
+ u_char pad;
+ size_t i;
+ int r;
+
+ i = 0;
+ while (sshbuf_len(decrypted)) {
+ if ((r = sshbuf_get_u8(decrypted, )) != 0)
+ goto out;
+ if (pad != (++i & 0xff)) {
+ r = SSH_ERR_INVALID_FORMAT;
+ goto out;
+ }
+ }
+ /* success */
+ r = 0;
+ out:
+ explicit_bzero(, sizeof(pad));
+ explicit_bzero(, sizeof(i));
+ return r;
+}
+
int
sshkey_unshield_private(struct sshkey *k)
{
struct sshbuf *prvbuf = NULL;
- u_char pad, *cp, keyiv[SSH_DIGEST_MAX_LENGTH];
+ u_char *cp, keyiv[SSH_DIGEST_MAX_LENGTH];
struct sshcipher_ctx *cctx = NULL;
const struct sshcipher *cipher;
- size_t i;
struct sshkey *kswap = NULL, tmp;
int r = SSH_ERR_INTERNAL_ERROR;
@@ -2148,16 +2172,9 @@ sshkey_unshield_private(struct sshkey *k
/* Parse private key */
if ((r = sshkey_private_deserialize(prvbuf, )) != 0)
goto out;
- /* Check deterministic padding */
- i = 0;
- while (sshbuf_len(prvbuf)) {
- if ((r = sshbuf_get_u8(prvbuf, )) != 0)
- goto out;
- if (pad != (++i & 0xff)) {
- r = SSH_ERR_INVALID_FORMAT;
- goto out;
- }
- }
+
+ if ((r = private2_check_padding(prvbuf)) != 0)
+ goto out;
/* Swap the parsed key back into place */
tmp = *kswap;
@@ -3966,9 +3983,9 @@ sshkey_private_to_blob2(struct sshkey *p
explicit_bzero(salt, sizeof(salt));
if (key != NULL)
freezero(key, keylen + ivlen);
- if (pubkeyblob != NULL)
+ if (pubkeyblob != NULL)
freezero(pubkeyblob, pubkeylen);
- if (b64 != NULL)
+ if (b64 != NULL)
freezero(b64, strlen(b64));
return r;
}
@@ -4192,31 +4209,6 @@ private2_decrypt(struct sshbuf *decoded,
}
sshbuf_free(kdf);
sshbuf_free(decrypted);
- return r;
-}
-
-/* Check deterministic padding after private key */
-static int
-private2_check_padding(struct sshbuf *decrypted)
-{
- u_char pad;
- size_t i;
- int r = SSH_ERR_INTERNAL_ERROR;
-
- i = 0;
- while (sshbuf_len(decrypted)) {
- if ((r = sshbuf_get_u8(decrypted, )) != 0)
- goto out;
- if (pad != (++i & 0xff)) {
- r = SSH_ERR_INVALID_FORMAT;
- goto out;
- }
- }
- /* success */
- r = 0;
- out:
- explicit_bzero(, sizeof(pad));
- explicit_bzero(, sizeof(i));
return r;
}
ssh: mux.c: mark argument as const
Index: mux.c
===
RCS file: /home/reposync/cvs/src/usr.bin/ssh/mux.c,v
retrieving revision 1.92
diff -u -p -r1.92 mux.c
--- mux.c 11 Jan 2022 01:26:47 - 1.92
+++ mux.c 13 Jan 2022 16:27:14 -
@@ -227,7 +227,7 @@ mux_master_control_cleanup_cb(struct ssh
/* Check mux client environment variables before passing them to mux master. */
static int
-env_permitted(char *env)
+env_permitted(const char *env)
{
int i, ret;
char name[1024], *cp;
ssh: channels.c: Fix comment and add a const
Hi
channel_new no longer frees remote_name. So update the comment
accordingly. As remote_name is not modified, it can be const
as well.
Best,
Martin
Index: channels.c
===
RCS file: /home/reposync/cvs/src/usr.bin/ssh/channels.c,v
retrieving revision 1.418
diff -u -p -r1.418 channels.c
--- channels.c 4 May 2022 07:31:22 - 1.418
+++ channels.c 4 May 2022 19:02:14 -
@@ -349,12 +349,11 @@ channel_register_fds(struct ssh *ssh, Ch
}
/*
- * Allocate a new channel object and set its type and socket. This will cause
- * remote_name to be freed.
+ * Allocate a new channel object and set its type and socket.
*/
Channel *
channel_new(struct ssh *ssh, char *ctype, int type, int rfd, int wfd, int efd,
-u_int window, u_int maxpack, int extusage, char *remote_name, int nonblock)
+u_int window, u_int maxpack, int extusage, const char *remote_name, int
nonblock)
{
struct ssh_channels *sc = ssh->chanctxt;
u_int i, found;
Index: channels.h
===
RCS file: /home/reposync/cvs/src/usr.bin/ssh/channels.h,v
retrieving revision 1.142
diff -u -p -r1.142 channels.h
--- channels.h 30 Mar 2022 21:10:25 - 1.142
+++ channels.h 6 Apr 2022 20:26:56 -
@@ -272,7 +272,7 @@ Channel *channel_by_id(struct ssh *, int
Channel*channel_by_remote_id(struct ssh *, u_int);
Channel*channel_lookup(struct ssh *, int);
Channel *channel_new(struct ssh *, char *, int, int, int, int,
- u_int, u_int, int, char *, int);
+ u_int, u_int, int, const char *, int);
voidchannel_set_fds(struct ssh *, int, int, int, int, int,
int, int, u_int);
voidchannel_free(struct ssh *, Channel *);
xmss_hash.c: remove superfluous includes
Hi Neither openssl/evp.h nor openssl/hmac.h are required. Best, Martin Index: xmss_hash.c === RCS file: /cvs/src/usr.bin/ssh/xmss_hash.c,v retrieving revision 1.2 diff -u -p -r1.2 xmss_hash.c --- xmss_hash.c 26 Feb 2018 03:56:44 - 1.2 +++ xmss_hash.c 7 Apr 2022 07:04:19 - @@ -15,8 +15,6 @@ Public domain. #include #include #include -#include -#include int core_hash_SHA2(unsigned char *, const unsigned int, const unsigned char *, unsigned int, const unsigned char *, unsigned long long, unsigned int);
ssh-xmss.c: Add missing includes
Hi malloc(3) and friends require stdlib.h, SIZE_MAX requires stdint.h. Best, Martin Index: ssh-xmss.c === RCS file: /cvs/src/usr.bin/ssh/ssh-xmss.c,v retrieving revision 1.4 diff -u -p -r1.4 ssh-xmss.c --- ssh-xmss.c 19 Oct 2020 22:49:23 - 1.4 +++ ssh-xmss.c 7 Apr 2022 07:14:09 - @@ -19,8 +19,10 @@ #include #include +#include #include #include +#include #include #include "log.h"
readconf.c: Avoid a xstrdup
Hi
There is no need to duplicate options->send_env[i] only free it
in all cases. Just use options->send_env[i] directly.
Best,
Martin
Index: readconf.c
===
RCS file: /cvs/src/usr.bin/ssh/readconf.c,v
retrieving revision 1.366
diff -u -p -r1.366 readconf.c
--- readconf.c 8 Feb 2022 08:59:12 - 1.366
+++ readconf.c 19 Apr 2022 09:38:48 -
@@ -740,19 +740,15 @@ static void
rm_env(Options *options, const char *arg, const char *filename, int linenum)
{
int i, j, onum_send_env = options->num_send_env;
- char *cp;
/* Remove an environment variable */
for (i = 0; i < options->num_send_env; ) {
- cp = xstrdup(options->send_env[i]);
- if (!match_pattern(cp, arg + 1)) {
- free(cp);
+ if (!match_pattern(options->send_env[i], arg + 1)) {
i++;
continue;
}
debug3("%s line %d: removing environment %s",
- filename, linenum, cp);
- free(cp);
+ filename, linenum, options->send_env[i]);
free(options->send_env[i]);
options->send_env[i] = NULL;
for (j = i; j < options->num_send_env - 1; j++) {
sshd_config(5): Use correct path for system-wide known_hosts
Hi The path to the system-wide known_hosts file is /etc/ssh/ssh_known_hosts and not /etc/ssh/known_hosts. See auth2-hostbased.c line 221-223. Best, Martin Index: sshd_config.5 === RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v retrieving revision 1.340 diff -u -p -r1.340 sshd_config.5 --- sshd_config.5 31 Mar 2022 17:58:44 - 1.340 +++ sshd_config.5 10 Apr 2022 20:35:39 - @@ -818,7 +818,7 @@ should ignore the user's during .Cm HostbasedAuthentication and use only the system-wide known hosts file -.Pa /etc/ssh/known_hosts . +.Pa /etc/ssh/ssh_known_hosts . The default is .Dq no . .It Cm Include
rpki-client(8): properly zero terminate pretty printed key
Hi
It seems the pretty printed key is zero terminated only if the size
of hex stays the same or increases between calls. This diff fixes
it, so it is always properly terminated. While here, also drop
*hex != '\0' from the if inside the loop, as it is checked directly
above in the loop condition and constify the argument, as it is not
modified.
Best,
Martin
Index: print.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/print.c,v
retrieving revision 1.5
diff -u -p -r1.5 print.c
--- print.c 10 Feb 2022 17:33:28 - 1.5
+++ print.c 17 Mar 2022 17:46:01 -
@@ -28,19 +28,21 @@
#include "extern.h"
static const char *
-pretty_key_id(char *hex)
+pretty_key_id(const char *hex)
{
static char buf[128]; /* bigger than SHA_DIGEST_LENGTH * 3 */
size_t i;
for (i = 0; i < sizeof(buf) && *hex != '\0'; i++) {
- if (i % 3 == 2 && *hex != '\0')
+ if (i % 3 == 2)
buf[i] = ':';
else
buf[i] = *hex++;
}
if (i == sizeof(buf))
memcpy(buf + sizeof(buf) - 4, "...", 4);
+ else
+ buf[i] = '\0';
return buf;
}
wg: remove argument names from prototypes
None of the other prototypes have argument names. Index: if_wg.c === RCS file: /home/reposync/cvs/src/sys/net/if_wg.c,v retrieving revision 1.22 diff -u -p -r1.22 if_wg.c --- if_wg.c 22 Feb 2022 01:15:02 - 1.22 +++ if_wg.c 15 Mar 2022 21:10:37 - @@ -325,7 +325,7 @@ voidwg_peer_send_buf(struct wg_peer *, void wg_send_initiation(void *); void wg_send_response(struct wg_peer *); void wg_send_cookie(struct wg_softc *, struct cookie_macs *, uint32_t, - struct wg_endpoint *e); + struct wg_endpoint *); void wg_send_keepalive(void *); void wg_peer_clear_secrets(void *); void wg_handshake(struct wg_softc *, struct mbuf *); Index: wg_cookie.c === RCS file: /home/reposync/cvs/src/sys/net/wg_cookie.c,v retrieving revision 1.3 diff -u -p -r1.3 wg_cookie.c --- wg_cookie.c 10 Mar 2021 10:21:48 - 1.3 +++ wg_cookie.c 15 Mar 2022 21:09:29 - @@ -37,7 +37,7 @@ static void cookie_macs_mac2(struct cook static int cookie_timer_expired(struct timespec *, time_t, long); static voidcookie_checker_make_cookie(struct cookie_checker *, uint8_t[COOKIE_COOKIE_SIZE], struct sockaddr *); -static int ratelimit_init(struct ratelimit *, struct pool *pool); +static int ratelimit_init(struct ratelimit *, struct pool *); static voidratelimit_deinit(struct ratelimit *); static voidratelimit_gc(struct ratelimit *, int); static int ratelimit_allow(struct ratelimit *, struct sockaddr *);
two small typos
Index: if_wg.c === RCS file: /home/reposync/cvs/src/sys/net/if_wg.c,v retrieving revision 1.22 diff -u -p -r1.22 if_wg.c --- if_wg.c 22 Feb 2022 01:15:02 - 1.22 +++ if_wg.c 15 Mar 2022 21:10:37 - @@ -2023,7 +2023,7 @@ wg_input(void *_sc, struct mbuf *m, stru /* * Ensure mbuf is contiguous over full length of packet. This is done -* os we can directly read the handshake values in wg_handshake, and so +* so we can directly read the handshake values in wg_handshake, and so * we can decrypt a transport packet by passing a single buffer to * noise_remote_decrypt in wg_decap. */ Index: pf.c === RCS file: /home/reposync/cvs/src/sys/net/pf.c,v retrieving revision 1.1125 diff -u -p -r1.1125 pf.c --- pf.c5 Mar 2022 10:43:32 - 1.1125 +++ pf.c10 Mar 2022 15:53:51 - @@ -1340,7 +1340,7 @@ pf_state_expires(const struct pf_state * * this function may be called by the state purge task while * the state is being modified. avoid inconsistent reads of * state->timeout by having the caller do the read (and any -* chacks it needs to do on the same variable) and then pass +* checks it needs to do on the same variable) and then pass * their view of the timeout in here for this function to use. * the only consequence of using a stale timeout value is * that the state won't be a candidate for purging until the
Re: rpki-client: fix wrong conditional
On Thu, Mar 10, 2022 at 06:15:48PM +0100, Theo Buehler wrote:
> On Thu, Mar 10, 2022 at 06:03:14PM +0100, Claudio Jeker wrote:
> > On Thu, Mar 10, 2022 at 05:54:21PM +0100, Theo Buehler wrote:
> > > On Thu, Mar 10, 2022 at 05:51:46PM +0100, Claudio Jeker wrote:
> > > > On Thu, Mar 10, 2022 at 05:33:28PM +0100, Martin Vahlensieck wrote:
> > > > > Hi
> > > > >
> > > > > This pulls up and adjusts the check if i exceeds the bounds of pfds.
> > > > > Before it was technically wrong, as i > NPFDS means that the last
> > > > > write (i == NPFDS) was already out of bounds.
> > > >
> > > > I see no reason to pull up the check but the if condition should indeed
> > > > be
> > > > greater or equal. One could consider to change this into an assert()
> > > > but I
> > > > think I stick with the errx().
> > >
> > > Agreed. ok for the diff that just changes the checks to >=
> >
> > Actually I was wrong, the check needs to happen at the start of the loop
> > not at the end else it does not work if the list is exactly the number of
> > elements to fill NPFDS.
>
> Ah right, we need to bail out when we would actually go past the limit.
> However, I see no reason to fiddle with the timeout before checking.
> So let's move the check to the beginning.
Here you go:
Index: http.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/http.c,v
retrieving revision 1.53
diff -u -p -r1.53 http.c
--- http.c 10 Feb 2022 11:10:40 - 1.53
+++ http.c 10 Mar 2022 17:28:21 -
@@ -1809,6 +1809,9 @@ proc_http(char *bind_addr, int fd)
timeout = INFTIM;
now = getmonotime();
LIST_FOREACH(conn, , entry) {
+ if (i >= NPFDS)
+ errx(1, "too many connections");
+
if (conn->io_time == 0)
conn->io_time = now + HTTP_IO_TIMEOUT;
@@ -1828,10 +1831,11 @@ proc_http(char *bind_addr, int fd)
pfds[i].events = conn->events;
conn->pfd = [i];
i++;
- if (i > NPFDS)
- errx(1, "too many connections");
}
LIST_FOREACH(conn, , entry) {
+ if (i >= NPFDS)
+ errx(1, "too many connections");
+
if (conn->idle_time <= now)
timeout = 0;
else {
@@ -1844,8 +1848,6 @@ proc_http(char *bind_addr, int fd)
pfds[i].events = POLLIN;
conn->pfd = [i];
i++;
- if (i > NPFDS)
- errx(1, "too many connections");
}
if (poll(pfds, i, timeout) == -1) {
rpki-client: fix wrong conditional
Hi
This pulls up and adjusts the check if i exceeds the bounds of pfds.
Before it was technically wrong, as i > NPFDS means that the last
write (i == NPFDS) was already out of bounds.
Best,
Martin
Index: http.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/http.c,v
retrieving revision 1.53
diff -u -p -r1.53 http.c
--- http.c 10 Feb 2022 11:10:40 - 1.53
+++ http.c 10 Mar 2022 16:28:48 -
@@ -1820,6 +1820,10 @@ proc_http(char *bind_addr, int fd)
if (timeout == INFTIM || diff < timeout)
timeout = diff;
}
+
+ if (i >= NPFDS)
+ errx(1, "too many connections");
+
if (conn->state == STATE_WRITE_DATA)
pfds[i].fd = conn->req->outfd;
else
@@ -1828,8 +1832,6 @@ proc_http(char *bind_addr, int fd)
pfds[i].events = conn->events;
conn->pfd = [i];
i++;
- if (i > NPFDS)
- errx(1, "too many connections");
}
LIST_FOREACH(conn, , entry) {
if (conn->idle_time <= now)
@@ -1840,12 +1842,14 @@ proc_http(char *bind_addr, int fd)
if (timeout == INFTIM || diff < timeout)
timeout = diff;
}
+
+ if (i >= NPFDS)
+ errx(1, "too many connections");
+
pfds[i].fd = conn->fd;
pfds[i].events = POLLIN;
conn->pfd = [i];
i++;
- if (i > NPFDS)
- errx(1, "too many connections");
}
if (poll(pfds, i, timeout) == -1) {
Re: yacc(1): skeleton.c: remove outdated comment
ping, diff reattached On Thu, Feb 10, 2022 at 04:29:53PM +0100, Martin Vahlensieck wrote: > Hi > > yysccsid was removed in 1.30 back in 2009. > > Best, > > Martin > > Index: skeleton.c > === > RCS file: /cvs/src/usr.bin/yacc/skeleton.c,v > retrieving revision 1.40 > diff -u -p -r1.40 skeleton.c > --- skeleton.c3 Feb 2021 01:10:10 - 1.40 > +++ skeleton.c10 Feb 2022 15:29:08 - > @@ -35,10 +35,6 @@ > > #include "defs.h" > > -/* The definition of yysccsid in the banner should be replaced with */ > -/* a #pragma ident directive if the target C compiler supports > */ > -/* #pragma ident directives. > */ > -/* */ > /* If the skeleton is changed, the banner should be changed so that */ > /* the altered version can be easily distinguished from the original. > */ > /* */ > Index: skeleton.c === RCS file: /cvs/src/usr.bin/yacc/skeleton.c,v retrieving revision 1.40 diff -u -p -r1.40 skeleton.c --- skeleton.c 3 Feb 2021 01:10:10 - 1.40 +++ skeleton.c 10 Feb 2022 15:29:08 - @@ -35,10 +35,6 @@ #include "defs.h" -/* The definition of yysccsid in the banner should be replaced with */ -/* a #pragma ident directive if the target C compiler supports */ -/* #pragma ident directives. */ -/* */ /* If the skeleton is changed, the banner should be changed so that */ /* the altered version can be easily distinguished from the original. */ /* */
ssh(1): monitor.c: save a xstrdup
Hi
Tiny diff to save an allocation.
Best,
Martin
Index: monitor.c
===
RCS file: /cvs/src/usr.bin/ssh/monitor.c,v
retrieving revision 1.231
diff -u -p -r1.231 monitor.c
--- monitor.c 28 Jan 2022 06:18:42 - 1.231
+++ monitor.c 23 Feb 2022 16:49:27 -
@@ -658,9 +658,8 @@ mm_answer_pwnamallow(struct ssh *ssh, in
pwent = getpwnamallow(ssh, username);
- authctxt->user = xstrdup(username);
+ authctxt->user = username;
setproctitle("%s [priv]", pwent ? username : "unknown");
- free(username);
sshbuf_reset(m);
yacc(1): skeleton.c: remove outdated comment
Hi yysccsid was removed in 1.30 back in 2009. Best, Martin Index: skeleton.c === RCS file: /cvs/src/usr.bin/yacc/skeleton.c,v retrieving revision 1.40 diff -u -p -r1.40 skeleton.c --- skeleton.c 3 Feb 2021 01:10:10 - 1.40 +++ skeleton.c 10 Feb 2022 15:29:08 - @@ -35,10 +35,6 @@ #include "defs.h" -/* The definition of yysccsid in the banner should be replaced with */ -/* a #pragma ident directive if the target C compiler supports */ -/* #pragma ident directives. */ -/* */ /* If the skeleton is changed, the banner should be changed so that */ /* the altered version can be easily distinguished from the original. */ /* */
Re: quotaon(8): small improvements
Friendly ping
On Fri, Oct 29, 2021 at 10:06:44AM +0200, Martin Vahlensieck wrote:
> Hi
>
> Here are some small changes to quotaon(8). If you want I can split
> them up, but since they are small I am sending one diff. Here is
> a list of changes roughly in the order they appear in the diff:
>
> - Constify some function arguments
>
> - Use __progname instead of separate whoami variable + small KNF
>where the line is touched anyways.
>
> - Order letters in getopt(3) call
>
> - Convert a fprintf(3) + perror(3) to warn(3). warn(3) is
>already used in this function for similar purposes.
>
> - Replace strtok(3) with strsep(3). Is there a more
>elegant way than my solution? (I took the freedom to collect all
>the char * variables into one line).
>
> - Set cp to NULL at the end of the while loop scanning the mount
>options. Otherwise if the last mount option contains a '=' the
>part after it is used as the quota file (of course only if the
>desired userquota/groupquota option isn't found).
>
> - Use strncmp(3) instead of memcmp(3). Looking at the kernel code
>it seems that it is zero terminated. The other code nearby uses
>strcmp(3) already.
>
> - Invert an if condition to prevent an empty body.
>
> Happy to hear feedback, also feel free to only commit parts of it.
>
> Best,
>
> Martin
>
> P.S.: If the prototypes are touched anyways, the names of the
> arguments might be removed as well to comply with KNF. Let me
> know if you want that.
>
> Index: quotaon.c
> ===
> RCS file: /cvs/src/usr.sbin/quotaon/quotaon.c,v
> retrieving revision 1.27
> diff -u -p -r1.27 quotaon.c
> --- quotaon.c 26 Apr 2018 12:42:51 - 1.27
> +++ quotaon.c 29 Oct 2021 07:46:25 -
> @@ -44,6 +44,8 @@
> #include
> #include
>
> +extern char *__progname;
> +
> char *qfname = QUOTAFILENAME;
> char *qfextension[] = INITQFNAMES;
>
> @@ -52,34 +54,31 @@ int gflag; /* operate on group quotas *
> int uflag; /* operate on user quotas */
> int vflag; /* verbose */
>
> -void usage(char *whoami);
> -int hasquota(struct fstab *fs, int type, char **qfnamep, int force);
> -int quotaonoff(struct fstab *fs, int offmode, int type, char *qfpathname);
> -int oneof(char *target, char *list[], int cnt);
> -int readonly(struct fstab *fs);
> +void usage();
> +int hasquota(const struct fstab *fs, int type, char **qfnamep, int force);
> +int quotaonoff(const struct fstab *fs, int offmode, int type, char
> *qfpathname);
> +int oneof(const char *target, char *list[], int cnt);
> +int readonly(const struct fstab *fs);
>
>
> int
> main(int argc, char *argv[])
> {
> struct fstab *fs;
> - char *qfnp, *whoami;
> + char *qfnp;
> long argnum, done = 0;
> int i, offmode = 0, errs = 0;
> extern int optind;
> int ch;
>
> - whoami = strrchr(*argv, '/') + 1;
> - if (whoami == (char *)1)
> - whoami = *argv;
> - if (strcmp(whoami, "quotaoff") == 0)
> + if (strcmp(__progname, "quotaoff") == 0)
> offmode = 1;
> - else if (strcmp(whoami, "quotaon") != 0) {
> + else if (strcmp(__progname, "quotaon") != 0) {
> fprintf(stderr, "Name must be quotaon or quotaoff not %s\n",
> - whoami);
> + __progname);
> exit(1);
> }
> - while ((ch = getopt(argc, argv, "avug")) != -1) {
> + while ((ch = getopt(argc, argv, "aguv")) != -1) {
> switch (ch) {
> case 'a':
> aflag = 1;
> @@ -94,13 +93,13 @@ main(int argc, char *argv[])
> vflag = 1;
> break;
> default:
> - usage(whoami);
> + usage();
> }
> }
> argc -= optind;
> argv += optind;
> if (argc <= 0 && !aflag)
> - usage(whoami);
> + usage();
> if (!gflag && !uflag) {
> gflag = 1;
> uflag = 1;
> @@ -142,22 +141,20 @@ main(int argc, char *argv[])
> }
>
> void
> -usage(char *whoami)
> +usage()
> {
> -
> - fprintf(stderr, "usage: %s [-aguv] filesystem ...\n", whoami);
> + fprintf(stderr, "usage: %s [-aguv] filesystem ...\n", __progname);
> exit(1);
> }
>
> int
> -quotaonoff(struct fstab *fs, int offmode, int type, char *qfpathname
quotaon(8): small improvements
Hi
Here are some small changes to quotaon(8). If you want I can split
them up, but since they are small I am sending one diff. Here is
a list of changes roughly in the order they appear in the diff:
- Constify some function arguments
- Use __progname instead of separate whoami variable + small KNF
where the line is touched anyways.
- Order letters in getopt(3) call
- Convert a fprintf(3) + perror(3) to warn(3). warn(3) is
already used in this function for similar purposes.
- Replace strtok(3) with strsep(3). Is there a more
elegant way than my solution? (I took the freedom to collect all
the char * variables into one line).
- Set cp to NULL at the end of the while loop scanning the mount
options. Otherwise if the last mount option contains a '=' the
part after it is used as the quota file (of course only if the
desired userquota/groupquota option isn't found).
- Use strncmp(3) instead of memcmp(3). Looking at the kernel code
it seems that it is zero terminated. The other code nearby uses
strcmp(3) already.
- Invert an if condition to prevent an empty body.
Happy to hear feedback, also feel free to only commit parts of it.
Best,
Martin
P.S.: If the prototypes are touched anyways, the names of the
arguments might be removed as well to comply with KNF. Let me
know if you want that.
Index: quotaon.c
===
RCS file: /cvs/src/usr.sbin/quotaon/quotaon.c,v
retrieving revision 1.27
diff -u -p -r1.27 quotaon.c
--- quotaon.c 26 Apr 2018 12:42:51 - 1.27
+++ quotaon.c 29 Oct 2021 07:46:25 -
@@ -44,6 +44,8 @@
#include
#include
+extern char *__progname;
+
char *qfname = QUOTAFILENAME;
char *qfextension[] = INITQFNAMES;
@@ -52,34 +54,31 @@ int gflag; /* operate on group quotas *
intuflag; /* operate on user quotas */
intvflag; /* verbose */
-void usage(char *whoami);
-inthasquota(struct fstab *fs, int type, char **qfnamep, int force);
-intquotaonoff(struct fstab *fs, int offmode, int type, char *qfpathname);
-intoneof(char *target, char *list[], int cnt);
-intreadonly(struct fstab *fs);
+void usage();
+inthasquota(const struct fstab *fs, int type, char **qfnamep, int force);
+intquotaonoff(const struct fstab *fs, int offmode, int type, char
*qfpathname);
+intoneof(const char *target, char *list[], int cnt);
+intreadonly(const struct fstab *fs);
int
main(int argc, char *argv[])
{
struct fstab *fs;
- char *qfnp, *whoami;
+ char *qfnp;
long argnum, done = 0;
int i, offmode = 0, errs = 0;
extern int optind;
int ch;
- whoami = strrchr(*argv, '/') + 1;
- if (whoami == (char *)1)
- whoami = *argv;
- if (strcmp(whoami, "quotaoff") == 0)
+ if (strcmp(__progname, "quotaoff") == 0)
offmode = 1;
- else if (strcmp(whoami, "quotaon") != 0) {
+ else if (strcmp(__progname, "quotaon") != 0) {
fprintf(stderr, "Name must be quotaon or quotaoff not %s\n",
- whoami);
+ __progname);
exit(1);
}
- while ((ch = getopt(argc, argv, "avug")) != -1) {
+ while ((ch = getopt(argc, argv, "aguv")) != -1) {
switch (ch) {
case 'a':
aflag = 1;
@@ -94,13 +93,13 @@ main(int argc, char *argv[])
vflag = 1;
break;
default:
- usage(whoami);
+ usage();
}
}
argc -= optind;
argv += optind;
if (argc <= 0 && !aflag)
- usage(whoami);
+ usage();
if (!gflag && !uflag) {
gflag = 1;
uflag = 1;
@@ -142,22 +141,20 @@ main(int argc, char *argv[])
}
void
-usage(char *whoami)
+usage()
{
-
- fprintf(stderr, "usage: %s [-aguv] filesystem ...\n", whoami);
+ fprintf(stderr, "usage: %s [-aguv] filesystem ...\n", __progname);
exit(1);
}
int
-quotaonoff(struct fstab *fs, int offmode, int type, char *qfpathname)
+quotaonoff(const struct fstab *fs, int offmode, int type, char *qfpathname)
{
if (strcmp(fs->fs_file, "/") && readonly(fs))
return (1);
if (offmode) {
if (quotactl(fs->fs_file, QCMD(Q_QUOTAOFF, type), 0, 0) < 0) {
- fprintf(stderr, "quotaoff: ");
- perror(fs->fs_file);
+ warn("%s", fs->fs_file);
return (1);
}
if (vflag)
@@ -180,7 +177,7 @@ quotaonoff(struct fstab *fs, int offmode
* Check to see if target appears in list of size cnt.
*/
int
-oneof(char *target, char *list[], int cnt)
+oneof(const char *target, char *list[], int cnt)
{
int i;
@@ -194,10 +191,9
hkdf.c: Remove unecessary include
Hi Looks like hkdf.c does not need assert.h so remove it. Best, Martin Index: hkdf/hkdf.c === RCS file: /cvs/src/lib/libcrypto/hkdf/hkdf.c,v retrieving revision 1.4 diff -u -p -r1.4 hkdf.c --- hkdf/hkdf.c 21 Nov 2019 20:02:20 - 1.4 +++ hkdf/hkdf.c 25 Aug 2021 09:52:21 - @@ -16,7 +16,6 @@ #include -#include #include #include
swapctl(8): Sync synopsis with usage
Hi swapctl defaults to -l since 2007. This syncs the manpage synopsis with the swapctl usage text. Best, Martin diff --git a/sbin/swapctl/swapctl.8 b/sbin/swapctl/swapctl.8 index 10a76bd6c01..d447f8fee8d 100644 --- a/sbin/swapctl/swapctl.8 +++ b/sbin/swapctl/swapctl.8 @@ -49,7 +49,7 @@ .Fl d .Ar path .Nm swapctl -.Fl l | Fl s +.Op Oo Fl l Oc | Fl s .Op Fl k .Nm swapon .Fl a | Ar path
Re: ssh match.c: Remove always true condition
Ping.
On Tue, Aug 10, 2021 at 04:33:52PM +0200, Martin Vahlensieck wrote:
> Ping, diff reattached with extra context for easier review.
>
> On Wed, Jul 21, 2021 at 12:10:31PM +0200, Martin Vahlensieck wrote:
> > Hi
> >
> > After the last commit where consecutive `*' are folded, *pattern is
> > never '*' here.
> >
> > Best,
> >
> > Martin
> >
> > Index: match.c
> > ===
> > RCS file: /cvs/src/usr.bin/ssh/match.c,v
> > retrieving revision 1.43
> > diff -u -p -r1.43 match.c
> > --- match.c 3 Nov 2020 22:53:12 - 1.43
> > +++ match.c 21 Jul 2021 09:59:59 -
> > @@ -69,7 +69,7 @@ match_pattern(const char *s, const char
> > return 1;
> >
> > /* If next character in pattern is known, optimize. */
> > - if (*pattern != '?' && *pattern != '*') {
> > + if (*pattern != '?') {
> > /*
> > * Look instances of the next character in
> > * pattern, and try to match starting from
> >
>
> Index: match.c
> ===
> RCS file: /cvs/src/usr.bin/ssh/match.c,v
> retrieving revision 1.43
> diff -u -p -U12 -r1.43 match.c
> --- match.c 3 Nov 2020 22:53:12 - 1.43
> +++ match.c 10 Aug 2021 14:31:45 -
> @@ -60,25 +60,25 @@ match_pattern(const char *s, const char
> return !*s;
>
> if (*pattern == '*') {
> /* Skip this and any consecutive asterisks. */
> while (*pattern == '*')
> pattern++;
>
> /* If at end of pattern, accept immediately. */
> if (!*pattern)
> return 1;
>
> /* If next character in pattern is known, optimize. */
> - if (*pattern != '?' && *pattern != '*') {
> + if (*pattern != '?') {
> /*
>* Look instances of the next character in
>* pattern, and try to match starting from
>* those.
>*/
> for (; *s; s++)
> if (*s == *pattern &&
> match_pattern(s + 1, pattern + 1))
> return 1;
> /* Failed. */
> return 0;
> }
>
Index: match.c
===
RCS file: /cvs/src/usr.bin/ssh/match.c,v
retrieving revision 1.43
diff -u -p -U12 -r1.43 match.c
--- match.c 3 Nov 2020 22:53:12 - 1.43
+++ match.c 10 Aug 2021 14:31:45 -
@@ -60,25 +60,25 @@ match_pattern(const char *s, const char
return !*s;
if (*pattern == '*') {
/* Skip this and any consecutive asterisks. */
while (*pattern == '*')
pattern++;
/* If at end of pattern, accept immediately. */
if (!*pattern)
return 1;
/* If next character in pattern is known, optimize. */
- if (*pattern != '?' && *pattern != '*') {
+ if (*pattern != '?') {
/*
* Look instances of the next character in
* pattern, and try to match starting from
* those.
*/
for (; *s; s++)
if (*s == *pattern &&
match_pattern(s + 1, pattern + 1))
return 1;
/* Failed. */
return 0;
}
Re: ssh match.c: Remove always true condition
Ping, diff reattached with extra context for easier review.
On Wed, Jul 21, 2021 at 12:10:31PM +0200, Martin Vahlensieck wrote:
> Hi
>
> After the last commit where consecutive `*' are folded, *pattern is
> never '*' here.
>
> Best,
>
> Martin
>
> Index: match.c
> ===
> RCS file: /cvs/src/usr.bin/ssh/match.c,v
> retrieving revision 1.43
> diff -u -p -r1.43 match.c
> --- match.c 3 Nov 2020 22:53:12 - 1.43
> +++ match.c 21 Jul 2021 09:59:59 -
> @@ -69,7 +69,7 @@ match_pattern(const char *s, const char
> return 1;
>
> /* If next character in pattern is known, optimize. */
> - if (*pattern != '?' && *pattern != '*') {
> + if (*pattern != '?') {
> /*
>* Look instances of the next character in
>* pattern, and try to match starting from
>
Index: match.c
===
RCS file: /cvs/src/usr.bin/ssh/match.c,v
retrieving revision 1.43
diff -u -p -U12 -r1.43 match.c
--- match.c 3 Nov 2020 22:53:12 - 1.43
+++ match.c 10 Aug 2021 14:31:45 -
@@ -60,25 +60,25 @@ match_pattern(const char *s, const char
return !*s;
if (*pattern == '*') {
/* Skip this and any consecutive asterisks. */
while (*pattern == '*')
pattern++;
/* If at end of pattern, accept immediately. */
if (!*pattern)
return 1;
/* If next character in pattern is known, optimize. */
- if (*pattern != '?' && *pattern != '*') {
+ if (*pattern != '?') {
/*
* Look instances of the next character in
* pattern, and try to match starting from
* those.
*/
for (; *s; s++)
if (*s == *pattern &&
match_pattern(s + 1, pattern + 1))
return 1;
/* Failed. */
return 0;
}
ssh match.c: Remove always true condition
Hi
After the last commit where consecutive `*' are folded, *pattern is
never '*' here.
Best,
Martin
Index: match.c
===
RCS file: /cvs/src/usr.bin/ssh/match.c,v
retrieving revision 1.43
diff -u -p -r1.43 match.c
--- match.c 3 Nov 2020 22:53:12 - 1.43
+++ match.c 21 Jul 2021 09:59:59 -
@@ -69,7 +69,7 @@ match_pattern(const char *s, const char
return 1;
/* If next character in pattern is known, optimize. */
- if (*pattern != '?' && *pattern != '*') {
+ if (*pattern != '?') {
/*
* Look instances of the next character in
* pattern, and try to match starting from
Mark ICMP code optional in pf.conf.5
Hi
The code part for icmp{,6}-type is optional. Below is a diff marking
it as such. Should the text be changed as well?
Or am I missing a reason why it is not marked optional?
Best,
Martin
Index: pf.conf.5
===
RCS file: /cvs/src/share/man/man5/pf.conf.5,v
retrieving revision 1.586
diff -u -p -r1.586 pf.conf.5
--- pf.conf.5 1 Feb 2021 00:31:04 - 1.586
+++ pf.conf.5 19 Jul 2021 11:16:39 -
@@ -564,8 +564,8 @@ Similar to
this rule only applies to packets of sockets owned by the specified
.Ar group .
.Pp
-.It Cm icmp-type Ar type Cm code Ar code
-.It Cm icmp6-type Ar type Cm code Ar code
+.It Cm icmp-type Ar type Oo Cm code Ar code Oc
+.It Cm icmp6-type Ar type Oo Cm code Ar code Oc
This rule only applies to ICMP or ICMP6 packets with the specified type
and code.
Text names for ICMP types and codes are listed in
Re: vmd: Fix grammar for random lladdr
Hi Dave
On Tue, Jun 01, 2021 at 08:23:45PM -0400, Dave Voutila wrote:
>
> Martin Vahlensieck writes:
>
> > Hi
> >
> > The grammar for lladdr of interfaces is according to the manpage:
> >
> > [locked] lladdr [etheraddr]
> >
> > This implies that `locked lladdr' is OK but looking at parse.y this
> > does not seem to be the case. Making it optional would lead to a
> > `lladdr' all by itself being valid, which I find weird. So I copied
> > the way ifconfig does it and now the syntax is:
> >
> > [locked] lladdr etheraddr|random
> >
> > so to have a random locked lladdr one would have to write
> >
> > locked lladdr random
> >
> > Is this a good approach?
>
> Part of me thinks just specifying:
>
> locked lladdr
>
> should give you a random address but enable the source mac
> filtering. Having to specify "random" seems odd to me. Thoughts?
Your variant matches what should be possible according to the man
page. It is also how I tried it and discovered it didn't work. I
don't have a preference between the two, a diff to make the syntax
in the man page work is attached. Syntax is OK for the following
config:
vm "test" {
memory 1G
interface {lladdr f0:e4:08:ef:5f:0a}
interface {lladdr}
interface {locked lladdr}
interface {locked lladdr f0:e4:08:ef:5f:0a}
}
>
> I see what you're saying with how ifconfig(8) does it, but it's a bit
> different in this context as there's the "locked" modifier, so it's not
> exactly the same.
>
> I'm not sure about the man page changes regardless. Will need another
> set of eyes on the syntax.
Sure.
Thanks for the feedback!
Best,
Martin
>
> >
> > Best,
> >
> > Martin
> >
> > Index: parse.y
> > ===
> > RCS file: /cvs/src/usr.sbin/vmd/parse.y,v
> > retrieving revision 1.56
> > diff -u -p -r1.56 parse.y
> > --- parse.y 23 Sep 2020 19:18:18 - 1.56
> > +++ parse.y 22 May 2021 07:55:18 -
> > @@ -685,14 +685,16 @@ string: STRING string
> > {
> > lladdr : STRING{
> > struct ether_addr *ea;
> >
> > - if ((ea = ether_aton($1)) == NULL) {
> > + if (strcmp($1, "random") == 0) {
> > + memset($$, 0, ETHER_ADDR_LEN);
> > + } else if ((ea = ether_aton($1)) != NULL) {
> > + memcpy($$, ea, ETHER_ADDR_LEN);
> > + } else {
> > yyerror("invalid address: %s\n", $1);
> > free($1);
> > YYERROR;
> > }
> > free($1);
> > -
> > - memcpy($$, ea, ETHER_ADDR_LEN);
> > }
> > ;
> >
> > Index: vm.conf.5
> > ===
> > RCS file: /cvs/src/usr.sbin/vmd/vm.conf.5,v
> > retrieving revision 1.56
> > diff -u -p -r1.56 vm.conf.5
> > --- vm.conf.5 1 Mar 2021 14:27:44 - 1.56
> > +++ vm.conf.5 22 May 2021 07:55:18 -
> > @@ -237,10 +237,12 @@ The
> > must not be longer than 15 characters or end with a digit,
> > as described in
> > .Xr ifconfig 8 .
> > -.It Oo Cm locked Oc Cm lladdr Op Ar etheraddr
> > +.It Oo Cm locked Oc Cm lladdr Ar etheraddr Ns | Ns Cm random
> > Change the link layer address (MAC address) of the interface on the
> > VM guest side.
> > -If not specified, a randomized address will be assigned by
> > +If
> > +.Cm random
> > +is specified, a randomized address will be assigned by
> > .Xr vmd 8 .
> > If the
> > .Cm locked
>
Index: parse.y
===
retrieving revision 1.56
diff -u -p -r1.56 parse.y
--- parse.y 23 Sep 2020 19:18:18 - 1.56
+++ parse.y 2 Jun 2021 06:48:12 -
@@ -694,6 +694,9 @@ lladdr : STRING{
memcpy($$, ea, ETHER_ADDR_LEN);
}
+ | /* empty */ {
+ memset($$, 0, ETHER_ADDR_LEN);
+ }
;
local : /* empty */ { $$ = 0; }
Re: vmd: Fix grammar for random lladdr
Ping.
On Sat, May 22, 2021 at 09:58:46AM +0200, Martin Vahlensieck wrote:
> Hi
>
> The grammar for lladdr of interfaces is according to the manpage:
>
> [locked] lladdr [etheraddr]
>
> This implies that `locked lladdr' is OK but looking at parse.y this
> does not seem to be the case. Making it optional would lead to a
> `lladdr' all by itself being valid, which I find weird. So I copied
> the way ifconfig does it and now the syntax is:
>
> [locked] lladdr etheraddr|random
>
> so to have a random locked lladdr one would have to write
>
> locked lladdr random
>
> Is this a good approach?
>
> Best,
>
> Martin
>
> Index: parse.y
> ===
> RCS file: /cvs/src/usr.sbin/vmd/parse.y,v
> retrieving revision 1.56
> diff -u -p -r1.56 parse.y
> --- parse.y 23 Sep 2020 19:18:18 - 1.56
> +++ parse.y 22 May 2021 07:55:18 -
> @@ -685,14 +685,16 @@ string : STRING string {
> lladdr : STRING{
> struct ether_addr *ea;
>
> - if ((ea = ether_aton($1)) == NULL) {
> + if (strcmp($1, "random") == 0) {
> + memset($$, 0, ETHER_ADDR_LEN);
> + } else if ((ea = ether_aton($1)) != NULL) {
> + memcpy($$, ea, ETHER_ADDR_LEN);
> + } else {
> yyerror("invalid address: %s\n", $1);
> free($1);
> YYERROR;
> }
> free($1);
> -
> - memcpy($$, ea, ETHER_ADDR_LEN);
> }
> ;
>
> Index: vm.conf.5
> ===
> RCS file: /cvs/src/usr.sbin/vmd/vm.conf.5,v
> retrieving revision 1.56
> diff -u -p -r1.56 vm.conf.5
> --- vm.conf.5 1 Mar 2021 14:27:44 - 1.56
> +++ vm.conf.5 22 May 2021 07:55:18 -
> @@ -237,10 +237,12 @@ The
> must not be longer than 15 characters or end with a digit,
> as described in
> .Xr ifconfig 8 .
> -.It Oo Cm locked Oc Cm lladdr Op Ar etheraddr
> +.It Oo Cm locked Oc Cm lladdr Ar etheraddr Ns | Ns Cm random
> Change the link layer address (MAC address) of the interface on the
> VM guest side.
> -If not specified, a randomized address will be assigned by
> +If
> +.Cm random
> +is specified, a randomized address will be assigned by
> .Xr vmd 8 .
> If the
> .Cm locked
>
vmd: Fix grammar for random lladdr
Hi
The grammar for lladdr of interfaces is according to the manpage:
[locked] lladdr [etheraddr]
This implies that `locked lladdr' is OK but looking at parse.y this
does not seem to be the case. Making it optional would lead to a
`lladdr' all by itself being valid, which I find weird. So I copied
the way ifconfig does it and now the syntax is:
[locked] lladdr etheraddr|random
so to have a random locked lladdr one would have to write
locked lladdr random
Is this a good approach?
Best,
Martin
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/vmd/parse.y,v
retrieving revision 1.56
diff -u -p -r1.56 parse.y
--- parse.y 23 Sep 2020 19:18:18 - 1.56
+++ parse.y 22 May 2021 07:55:18 -
@@ -685,14 +685,16 @@ string: STRING string {
lladdr : STRING{
struct ether_addr *ea;
- if ((ea = ether_aton($1)) == NULL) {
+ if (strcmp($1, "random") == 0) {
+ memset($$, 0, ETHER_ADDR_LEN);
+ } else if ((ea = ether_aton($1)) != NULL) {
+ memcpy($$, ea, ETHER_ADDR_LEN);
+ } else {
yyerror("invalid address: %s\n", $1);
free($1);
YYERROR;
}
free($1);
-
- memcpy($$, ea, ETHER_ADDR_LEN);
}
;
Index: vm.conf.5
===
RCS file: /cvs/src/usr.sbin/vmd/vm.conf.5,v
retrieving revision 1.56
diff -u -p -r1.56 vm.conf.5
--- vm.conf.5 1 Mar 2021 14:27:44 - 1.56
+++ vm.conf.5 22 May 2021 07:55:18 -
@@ -237,10 +237,12 @@ The
must not be longer than 15 characters or end with a digit,
as described in
.Xr ifconfig 8 .
-.It Oo Cm locked Oc Cm lladdr Op Ar etheraddr
+.It Oo Cm locked Oc Cm lladdr Ar etheraddr Ns | Ns Cm random
Change the link layer address (MAC address) of the interface on the
VM guest side.
-If not specified, a randomized address will be assigned by
+If
+.Cm random
+is specified, a randomized address will be assigned by
.Xr vmd 8 .
If the
.Cm locked
libcrypto bio_cb.c: fix mangled debug output
Hi
This fixes mangled output from the openssl(1) -debug option:
Before:
$ openssl aes-256-cbc -out test -debug
BIO[0x9102a7e5ctrl(106) - FILE pointer
BIO[0x9102a7e5ctrl return 1
BIO[0x9102a801ctrl(108) - FILE pointer
BIO[0x9102a801ctrl return 1
...
After:
$ openssl aes-256-cbc -out test -debug
BIO[0x5770f81ce00]:ctrl(106) - FILE pointer
BIO[0x5770f81ce00]:ctrl return 1
BIO[0x5770f81c200]:ctrl(108) - FILE pointer
BIO[0x5770f81c200]:ctrl return 1
BIO[0x5770f81c200]:write(0,8) - FILE pointer
...
The issue is that BIO_debug_callback(3) assumes that the pointer
formatted with %p takes up 6 chars.
Best,
Martin
Index: bio/bio_cb.c
===
RCS file: /cvs/src/lib/libcrypto/bio/bio_cb.c,v
retrieving revision 1.16
diff -u -p -r1.16 bio_cb.c
--- bio/bio_cb.c8 Dec 2014 03:54:19 - 1.16
+++ bio/bio_cb.c24 Mar 2021 09:50:45 -
@@ -70,15 +70,20 @@ BIO_debug_callback(BIO *bio, int cmd, co
BIO *b;
char buf[256];
char *p;
+ int nbuf;
long r = 1;
size_t p_maxlen;
if (BIO_CB_RETURN & cmd)
r = ret;
- snprintf(buf, sizeof buf, "BIO[%p]:", bio);
- p = &(buf[14]);
- p_maxlen = sizeof buf - 14;
+ nbuf = snprintf(buf, sizeof buf, "BIO[%p]:", bio);
+
+ if (nbuf > sizeof buf)
+ nbuf = sizeof buf;
+
+ p = &(buf[nbuf]);
+ p_maxlen = sizeof buf - nbuf;
switch (cmd) {
case BIO_CB_FREE:
snprintf(p, p_maxlen, "Free - %s\n", bio->method->name);
smptd(8) expand.c: Remove unnecessary assignment
Hi
esc is always zero at that point, so no need to store zero in it. Diff
with extra context.
Best,
Martin
--- a/usr.sbin/smtpd/expand.c
+++ b/usr.sbin/smtpd/expand.c
@@ -198,37 +198,36 @@ expand_line_split(char **line, char **ret)
i = 0;
for (s = *line; (*s) && (i < sizeof(buffer)); ++s) {
if (esc) {
buffer[i++] = *s;
esc = 0;
continue;
}
if (*s == '\\') {
esc = 1;
continue;
}
if (*s == ',' && !dq && !sq) {
*ret = buffer;
*line = s+1;
return (1);
}
buffer[i++] = *s;
- esc = 0;
if (*s == '"' && !sq)
dq ^= 1;
if (*s == '\'' && !dq)
sq ^= 1;
}
if (esc || dq || sq || i == sizeof(buffer))
return (-1);
*ret = buffer;
*line = s;
return (i ? 1 : 0);
}
int
expand_line(struct expand *expand, const char *s, int do_includes)
{
makemap(8): Parse aliases similar to expand_line
Hi
While browsing the smtpd(8) source I discovered that makemap(8) uses
strsep(3) to split the alias lines at commas. This is different from
other code which uses expand_line (which uses expand_line_split). This
leads to contrived alias lines such as
martin: "/usr/local/bin/weird_mda abc,def", alias2
to fail, because it splits at the comma in double quotes and then fails
in text_to_expandnode. smtpd(8) on the other hand is fine with the
alias file. Probably an example working with makemap(8) but not
smtpd(8) can be found as well. I think makemap(8) should accept the
same as the other code so I made the make_aliases function more similar
to expand_line. I am not calling expand_line directly to avoid needing
to handle a struct expand around. So expand_line_split has to be
public. With the changes the text argument to make_aliases can be
const.
I only tested with the alias config in base and my contrived example
lines.
What do you think? Is it a problem makemap(8) only works with lines of
less than LINE_MAX now?
Thanks!
Best,
Martin
diff 36c339f786087486bbdf963db577d740fedf8e93
blob - 99b25d51f5e35902fe1fe2fb25f16c008d389f58
file + expand.c
--- expand.c
+++ expand.c
@@ -185,7 +185,7 @@ expand_cmp(struct expandnode *e1, struct expandnode *e
return (0);
}
-static int
+int
expand_line_split(char **line, char **ret)
{
static char buffer[LINE_MAX];
blob - e2a9e465b13bb4b93c69fa45ff397ea16bfd998b
file + makemap.c
--- makemap.c
+++ makemap.c
@@ -49,7 +49,7 @@ static int parse_entry(DB *, int *, char *, size_t, s
static int parse_mapentry(DB *, int *, char *, size_t, size_t);
static int parse_setentry(DB *, int *, char *, size_t, size_t);
static int make_plain(DBT *, char *);
-static int make_aliases(DBT *, char *);
+static int make_aliases(DBT *, const char *);
static char*conf_aliases(char *);
static int dump_db(const char *, DBTYPE);
@@ -407,35 +407,36 @@ make_plain(DBT *val, char *text)
}
static int
-make_aliases(DBT *val, char *text)
+make_aliases(DBT *val, const char *text)
{
struct expandnode xn;
- char *subrcpt;
- char *origtext;
+ charbuffer[LINE_MAX];
+ char *p, *subrcpt;
+ int ret;
val->data = NULL;
val->size = 0;
- origtext = xstrdup(text);
+ memset(buffer, 0, sizeof buffer);
+ if (strlcpy(buffer, text, sizeof buffer) >= sizeof buffer)
+ return 0;
- while ((subrcpt = strsep(, ",")) != NULL) {
- /* subrcpt: strip initial and trailing whitespace. */
+ p = buffer;
+ while ((ret = expand_line_split(, )) > 0) {
subrcpt = strip(subrcpt);
- if (*subrcpt == '\0')
- goto error;
-
+ if (subrcpt[0] == '\0')
+ continue;
if (!text_to_expandnode(, subrcpt))
- goto error;
+ return 0;
}
+
+ /* expand_line_split() returned < 0 */
+ if (ret < 0)
+ return 0;
- val->data = origtext;
- val->size = strlen(origtext) + 1;
+ val->data = xstrdup(text);
+ val->size = strlen(text) + 1;
return (val->size);
-
-error:
- free(origtext);
-
- return 0;
}
static char *
blob - 487573da170bed884e34b15f85142110d28897b5
file + smtpd.h
--- smtpd.h
+++ smtpd.h
@@ -1338,6 +1338,7 @@ void expand_insert(struct expand *, struct expandnode
struct expandnode *expand_lookup(struct expand *, struct expandnode *);
void expand_clear(struct expand *);
void expand_free(struct expand *);
+int expand_line_split(char **, char **);
int expand_line(struct expand *, const char *, int);
int expand_to_text(struct expand *, char *, size_t);
RB_PROTOTYPE(expandtree, expandnode, nodes, expand_cmp);
vacation.1: correct .forward file example
Hi I think the backslash at the beginning of the line is an error. Best, Martin Index: vacation.1 === RCS file: /home/reposync/cvs//src/usr.bin/vacation/vacation.1,v retrieving revision 1.23 diff -u -p -r1.23 vacation.1 --- vacation.1 30 Nov 2015 17:03:05 - 1.23 +++ vacation.1 20 Jan 2021 18:13:50 - @@ -54,7 +54,7 @@ For example, your .Pa .forward file might have: .Bd -literal -offset indent -\eeric, "|/usr/bin/vacation -a allman eric" +eric, "|/usr/bin/vacation -a allman eric" .Ed .Pp which would send messages to you (assuming your login name was eric) and
EVP_{Digest,Encrypt}Init.3: remove duplicate word
Hi there I guess this should only be one one. Best, Martin Index: man/EVP_DigestInit.3 === RCS file: /cvs/src/lib/libcrypto/man/EVP_DigestInit.3,v retrieving revision 1.19 diff -u -p -r1.19 EVP_DigestInit.3 --- man/EVP_DigestInit.324 Jun 2020 16:06:27 - 1.19 +++ man/EVP_DigestInit.34 Jan 2021 22:37:56 - @@ -286,7 +286,7 @@ is a deprecated function to clear a dige before use. Do not use it on a digest context returned from .Fn EVP_MD_CTX_new -or one one that was already used. +or one that was already used. .Pp .Fn EVP_MD_CTX_create , .Fn EVP_MD_CTX_cleanup , Index: man/EVP_EncryptInit.3 === RCS file: /cvs/src/lib/libcrypto/man/EVP_EncryptInit.3,v retrieving revision 1.40 diff -u -p -r1.40 EVP_EncryptInit.3 --- man/EVP_EncryptInit.3 3 Dec 2020 22:47:21 - 1.40 +++ man/EVP_EncryptInit.3 4 Jan 2021 22:37:56 - @@ -454,7 +454,7 @@ is a deprecated function to clear a ciph before use. Do not use it on a cipher context returned from .Fn EVP_CIPHER_CTX_new -or one one that was already used. +or one that was already used. .Pp .Fn EVP_CIPHER_CTX_free clears all information from
Re: tcpdump: Don't link to libl and remove reference to yydebug
On Thu, Dec 03, 2020 at 10:56:17PM +0300, Vitaliy Makkoveev wrote:
> > On 3 Dec 2020, at 13:20, Martin Vahlensieck
> > wrote:
> >
> > Hi
>
> Hi.
>
Hi
> >
> > This is unused. It has been in there since the import from NetBSD.
> > Their logs show that tcpgram.y and tcplex.l have been removed in 1995.
> > I am not sure what the policy is for the getopt(3) call: Should Y be
> > removed in the optstring as well (not done in this diff)?
> >
>
> There are two getopt(3) strings: one in privsep.c and one in tcpdump.c.
> “Y” should be removed from both. With this fix your diff is ok by me
> and I’ll commit it.
Done, updated diff below. Good catch with privsep.c.
Thanks.
Best,
Martin
Index: Makefile
===
RCS file: /cvs/src/usr.sbin/tcpdump/Makefile,v
retrieving revision 1.66
diff -u -p -r1.66 Makefile
--- Makefile21 Jun 2020 05:00:17 - 1.66
+++ Makefile4 Dec 2020 00:02:25 -
@@ -30,8 +30,8 @@ CFLAGS+=-I${.CURDIR}/../../lib/libpcap
CFLAGS+=-DCSLIP -DPPP -DHAVE_FDDI -DETHER_SERVICE -DHAVE_ETHER_NTOHOST -DINET6
-LDADD+=-lpcap -ll -lcrypto
-DPADD+=${LIBL} ${LIBPCAP} ${LIBCRYPTO}
+LDADD+=-lpcap -lcrypto
+DPADD+=${LIBPCAP} ${LIBCRYPTO}
SRCS= tcpdump.c addrtoname.c privsep.c privsep_fdpass.c privsep_pcap.c \
print-ether.c print-ip.c print-arp.c print-tcp.c print-udp.c \
Index: privsep.c
===
RCS file: /cvs/src/usr.sbin/tcpdump/privsep.c,v
retrieving revision 1.54
diff -u -p -r1.54 privsep.c
--- privsep.c 28 Jun 2019 13:32:51 - 1.54
+++ privsep.c 4 Dec 2020 00:02:25 -
@@ -224,7 +224,7 @@ priv_exec(int argc, char *argv[])
/* parse the arguments for required options */
opterr = 0;
while ((i = getopt(argc, argv,
- "aB:c:D:deE:fF:i:lLnNOopPqr:s:StT:vw:xXy:Y")) != -1) {
+ "aB:c:D:deE:fF:i:lLnNOopPqr:s:StT:vw:xXy:")) != -1) {
switch (i) {
case 'n':
nflag++;
Index: tcpdump.c
===
RCS file: /cvs/src/usr.sbin/tcpdump/tcpdump.c,v
retrieving revision 1.94
diff -u -p -r1.94 tcpdump.c
--- tcpdump.c 17 Aug 2020 06:29:29 - 1.94
+++ tcpdump.c 4 Dec 2020 00:02:26 -
@@ -232,7 +232,7 @@ main(int argc, char **argv)
opterr = 0;
while ((op = getopt(argc, argv,
- "AaB:c:D:deE:fF:i:IlLnNOopqr:s:StT:vw:xXy:Y")) != -1)
+ "AaB:c:D:deE:fF:i:IlLnNOopqr:s:StT:vw:xXy:")) != -1)
switch (op) {
case 'A':
@@ -392,15 +392,7 @@ main(int argc, char **argv)
case 'w':
WFileName = optarg;
break;
-#ifdef YYDEBUG
- case 'Y':
- {
- /* Undocumented flag */
- extern int yydebug;
- yydebug = 1;
- }
- break;
-#endif
+
case 'y':
i = pcap_datalink_name_to_val(optarg);
if (i < 0)
>
> > Best,
> >
> > Martin
> >
> > Index: Makefile
> > ===
> > RCS file: /cvs/src/usr.sbin/tcpdump/Makefile,v
> > retrieving revision 1.66
> > diff -u -p -r1.66 Makefile
> > --- Makefile21 Jun 2020 05:00:17 - 1.66
> > +++ Makefile3 Dec 2020 10:15:35 -
> > @@ -30,8 +30,8 @@ CFLAGS+=-I${.CURDIR}/../../lib/libpcap
> >
> > CFLAGS+=-DCSLIP -DPPP -DHAVE_FDDI -DETHER_SERVICE -DHAVE_ETHER_NTOHOST
> > -DINET6
> >
> > -LDADD+=-lpcap -ll -lcrypto
> > -DPADD+=${LIBL} ${LIBPCAP} ${LIBCRYPTO}
> > +LDADD+=-lpcap -lcrypto
> > +DPADD+=${LIBPCAP} ${LIBCRYPTO}
> >
> > SRCS= tcpdump.c addrtoname.c privsep.c privsep_fdpass.c
> > privsep_pcap.c \
> > print-ether.c print-ip.c print-arp.c print-tcp.c print-udp.c \
> > Index: tcpdump.c
> > ===
> > RCS file: /cvs/src/usr.sbin/tcpdump/tcpdump.c,v
> > retrieving revision 1.94
> > diff -u -p -r1.94 tcpdump.c
> > --- tcpdump.c 17 Aug 2020 06:29:29 - 1.94
> > +++ tcpdump.c 3 Dec 2020 10:15:35 -
> > @@ -392,15 +392,7 @@ main(int argc, char **argv)
> > case 'w':
> > WFileName = optarg;
> > break;
> > -#ifdef YYDEBUG
> > - case 'Y':
> > - {
> > - /* Undocumented flag */
> > - extern int yydebug;
> > - yydebug = 1;
> > - }
> > - break;
> > -#endif
> > +
> > case 'y':
> > i = pcap_datalink_name_to_val(optarg);
> > if (i < 0)
> >
>
tcpdump: Don't link to libl and remove reference to yydebug
Hi
This is unused. It has been in there since the import from NetBSD.
Their logs show that tcpgram.y and tcplex.l have been removed in 1995.
I am not sure what the policy is for the getopt(3) call: Should Y be
removed in the optstring as well (not done in this diff)?
Best,
Martin
Index: Makefile
===
RCS file: /cvs/src/usr.sbin/tcpdump/Makefile,v
retrieving revision 1.66
diff -u -p -r1.66 Makefile
--- Makefile21 Jun 2020 05:00:17 - 1.66
+++ Makefile3 Dec 2020 10:15:35 -
@@ -30,8 +30,8 @@ CFLAGS+=-I${.CURDIR}/../../lib/libpcap
CFLAGS+=-DCSLIP -DPPP -DHAVE_FDDI -DETHER_SERVICE -DHAVE_ETHER_NTOHOST -DINET6
-LDADD+=-lpcap -ll -lcrypto
-DPADD+=${LIBL} ${LIBPCAP} ${LIBCRYPTO}
+LDADD+=-lpcap -lcrypto
+DPADD+=${LIBPCAP} ${LIBCRYPTO}
SRCS= tcpdump.c addrtoname.c privsep.c privsep_fdpass.c privsep_pcap.c \
print-ether.c print-ip.c print-arp.c print-tcp.c print-udp.c \
Index: tcpdump.c
===
RCS file: /cvs/src/usr.sbin/tcpdump/tcpdump.c,v
retrieving revision 1.94
diff -u -p -r1.94 tcpdump.c
--- tcpdump.c 17 Aug 2020 06:29:29 - 1.94
+++ tcpdump.c 3 Dec 2020 10:15:35 -
@@ -392,15 +392,7 @@ main(int argc, char **argv)
case 'w':
WFileName = optarg;
break;
-#ifdef YYDEBUG
- case 'Y':
- {
- /* Undocumented flag */
- extern int yydebug;
- yydebug = 1;
- }
- break;
-#endif
+
case 'y':
i = pcap_datalink_name_to_val(optarg);
if (i < 0)
tcpdump: use unsigned char in isprint
Hi
I think this is the way it was meant.
Best,
Martin
Index: util.c
===
RCS file: /cvs/src/usr.sbin/tcpdump/util.c,v
retrieving revision 1.30
diff -u -p -r1.30 util.c
--- util.c 24 Jan 2020 22:46:37 - 1.30
+++ util.c 29 Nov 2020 21:23:37 -
@@ -306,7 +306,7 @@ safeputchar(int c)
unsigned char ch;
ch = (unsigned char)(c & 0xff);
- if (c < 0x80 && isprint(c))
+ if (ch < 0x80 && isprint(ch))
printf("%c", c & 0xff);
else
printf("\\%03o", c & 0xff);
unbound.conf.5.in: remove reference to default pidfile
Hi Unbound on OpenBSD does not have a pidfile, so remove the reference in the manual. As the variable is empty, it also incorrectly formats the description as italic. Best, Martin Index: unbound.conf.5.in === RCS file: /cvs/src/usr.sbin/unbound/doc/unbound.conf.5.in,v retrieving revision 1.34 diff -u -p -r1.34 unbound.conf.5.in --- unbound.conf.5.in 28 Oct 2020 11:31:07 - 1.34 +++ unbound.conf.5.in 7 Nov 2020 11:45:38 - @@ -2360,9 +2360,6 @@ location. .I @ub_conf_file@ unbound configuration file. .TP -.I @UNBOUND_PIDFILE@ -default unbound pidfile with process ID of the running daemon. -.TP .I unbound.log unbound log file. default is to log to \fIsyslog\fR(3).
dhcpd: Put return type on its own line
Hi
Put the return type on its own line. Found while checking dhcpd.h.
Best,
Martin
Index: memory.c
===
RCS file: /cvs/src/usr.sbin/dhcpd/memory.c,v
retrieving revision 1.29
diff -u -p -r1.29 memory.c
--- memory.c6 Apr 2020 17:05:40 - 1.29
+++ memory.c7 Nov 2020 09:37:53 -
@@ -687,7 +687,8 @@ find_lease_by_ip_addr(struct iaddr addr)
addr.iabuf, addr.len);
}
-struct lease *find_lease_by_uid(unsigned char *uid, int len)
+struct lease *
+find_lease_by_uid(unsigned char *uid, int len)
{
return (struct lease *)hash_lookup(lease_uid_hash, uid, len);
}
Index: hash.c
===
RCS file: /cvs/src/usr.sbin/dhcpd/hash.c,v
retrieving revision 1.8
diff -u -p -r1.8 hash.c
--- hash.c 13 Feb 2017 19:13:14 - 1.8
+++ hash.c 7 Nov 2020 09:37:53 -
@@ -89,7 +89,8 @@ do_hash(unsigned char *name, int len, in
return (accum % size);
}
-void add_hash(struct hash_table *table, unsigned char *name, int len,
+void
+add_hash(struct hash_table *table, unsigned char *name, int len,
unsigned char *pointer)
{
int hashno;
base64.c: Remove trailing whitespace
Hi
Remove trailing whitespace.
Best,
Martin
Index: base64.c
===
RCS file: /cvs/src/lib/libc/net/base64.c,v
retrieving revision 1.8
diff -u -p -r1.8 base64.c
--- base64.c16 Jan 2015 16:48:51 - 1.8
+++ base64.c7 Nov 2020 09:30:43 -
@@ -107,9 +107,9 @@ static const char Pad64 = '=';
end of the data is performed using the '=' character.
Since all base64 input is an integral number of octets, only the
- -
+ -
following cases can arise:
-
+
(1) the final quantum of encoding input is an integral
multiple of 24 bits; here, the final unit of encoded
output will be an integral multiple of 4 characters
@@ -152,14 +152,14 @@ b64_ntop(src, srclength, target, targsiz
target[datalength++] = Base64[output[2]];
target[datalength++] = Base64[output[3]];
}
-
+
/* Now we worry about padding. */
if (0 != srclength) {
/* Get what's left. */
input[0] = input[1] = input[2] = '\0';
for (i = 0; i < srclength; i++)
input[i] = *src++;
-
+
output[0] = input[0] >> 2;
output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
dhcpd: Remove prototypes without implementation
Hi pretty_print_option: Removed in options.c in revision 1.4 parse_timestamp: Removed in confpars.c in revision 1.13 tree_host_lookup: Removed in tree.c in revision 1.11 enter_dns_host: Removed in tree.c in revision 1.11 getLong: Removed in convert.c in revision 1.4 getShort: Removes in convert.c in revision 1.4 So I think they can be removed in dhcpd.h as well. No warnings when compiling. Best, Martin Index: dhcpd.h === RCS file: /cvs/src/usr.sbin/dhcpd/dhcpd.h,v retrieving revision 1.67 diff -u -p -r1.67 dhcpd.h --- dhcpd.h 8 May 2019 22:00:55 - 1.67 +++ dhcpd.h 7 Nov 2020 09:07:18 - @@ -311,7 +311,6 @@ void parse_options(struct packet *); voidparse_option_buffer(struct packet *, unsigned char *, int); int cons_options(struct packet *, struct dhcp_packet *, int, struct tree_cache **, int, int, int, u_int8_t *, int); -char *pretty_print_option(unsigned int, unsigned char *, int, int, int); voiddo_packet(struct interface_info *, struct dhcp_packet *, int, unsigned int, struct iaddr, struct hardware *); @@ -364,7 +363,6 @@ char*parse_string(FILE *); struct tree*parse_ip_addr_or_hostname(FILE *, int); struct tree_cache *parse_fixed_addr_param(FILE *); voidparse_option_param(FILE *, struct group *); -time_t parse_timestamp(FILE *); struct lease *parse_lease_declaration(FILE *); voidparse_address_range(FILE *, struct subnet *); time_t parse_date(FILE *); @@ -376,8 +374,6 @@ struct tree *parse_domain_and_comp(FILE /* tree.c */ paircons(caddr_t, pair); struct tree_cache *tree_cache(struct tree *); -struct tree*tree_host_lookup(char *); -struct dns_host_entry *enter_dns_host(char *); struct tree*tree_const(unsigned char *, int); struct tree*tree_concat(struct tree *, struct tree *); struct tree*tree_limit(struct tree *, int); @@ -476,9 +472,7 @@ void initialize_universes(void); /* convert.c */ u_int32_t getULong(unsigned char *); -int32_t getLong(unsigned char *); u_int16_t getUShort(unsigned char *); -int16_t getShort(unsigned char *); void putULong(unsigned char *, u_int32_t); void putLong(unsigned char *, int32_t); void putUShort(unsigned char *, unsigned int);
[PATCH] Fix link in Porting Guide
Hi This refers to the libc function. Best, Martin P.S.: I noticed that e.g. sysmerge(8) is mentioned like this but not a link. Is this intentional? Index: faq/ports/guide.html === RCS file: /cvs/www/faq/ports/guide.html,v retrieving revision 1.91 diff -u -p -r1.91 guide.html --- faq/ports/guide.html15 Jul 2020 21:52:04 - 1.91 +++ faq/ports/guide.html28 Oct 2020 20:01:21 - @@ -1320,7 +1320,7 @@ Another very common problem is the These must be fixed. This is not quite as simple as s/mktemp/mkstemp/g. -Refer to https://man.openbsd.org/mktemp;>mktemp(3) for more +Refer to https://man.openbsd.org/mktemp.3;>mktemp(3) for more information. Correct code using mkstemp includes the source to ed or mail.
[PATCH]: sysupgrade(8) don't create /home/_sysupgrade/keep
Hi
In the last revision install.sub stopped using /home/_sysupgrade/keep,
so unless I miss something this line can be removed.
Best,
Martin
Index: sysupgrade.sh
===
RCS file: /cvs/src/usr.sbin/sysupgrade/sysupgrade.sh,v
retrieving revision 1.37
diff -u -p -r1.37 sysupgrade.sh
--- sysupgrade.sh 26 Jan 2020 22:08:36 - 1.37
+++ sysupgrade.sh 16 Jun 2020 10:40:25 -
@@ -178,8 +178,6 @@ if [[ -n ${DL} ]]; then
unpriv cksum -qC SHA256 ${DL}
fi
-${KEEP} && > keep
-
cat <<__EOT >/auto_upgrade.conf
Location of sets = disk
Pathname to the sets = /home/_sysupgrade/
[PATCH] from.c: stricter pledge(2)
Hey!
This pledge was added with the use of unveil(2), but doesn't require the
getpw promise anymore (it is only needed in mail_spool to get the
username).
This patch makes it stricter.
Best,
Martin
Index: from.c
===
RCS file: /cvs/src/usr.bin/from/from.c,v
retrieving revision 1.26
diff -u -p -r1.26 from.c
--- from.c 8 Aug 2018 17:52:46 - 1.26
+++ from.c 24 May 2020 12:01:06 -
@@ -81,7 +81,7 @@ main(int argc, char *argv[])
if (unveil(file, "r") == -1)
err(1, "unveil");
- if (pledge("stdio rpath getpw", NULL) == -1)
+ if (pledge("stdio rpath", NULL) == -1)
err(1, "pledge");
if ((fp = fopen(file, "r")) == NULL) {
{plus,}67.html: fix link crontab(5)
Hey there! Otherwise it's going to crontab(1). Best, Martin Index: 67.html === RCS file: /cvs/www/67.html,v retrieving revision 1.77 diff -u -p -r1.77 67.html --- 67.html 19 May 2020 18:21:41 - 1.77 +++ 67.html 20 May 2020 17:13:46 - @@ -86,7 +86,7 @@ to 6.7. Rewrote the https://man.openbsd.org/cron;>cron(8) flag-parsing code to be getopt-like, allowing tight formations like -ns and flag repetition. Renamed the "options" field in https://man.openbsd.org/crontab;>crontab(5) to "flags". + href="https://man.openbsd.org/crontab.5;>crontab(5) to "flags". Added https://man.openbsd.org/man5/crontab.5;>crontab(5) -s flag to the command field, indicating that only a single instance of the Index: plus67.html === RCS file: /cvs/www/plus67.html,v retrieving revision 1.2 diff -u -p -r1.2 plus67.html --- plus67.html 6 May 2020 21:48:13 - 1.2 +++ plus67.html 20 May 2020 17:13:47 - @@ -152,7 +152,7 @@ For changes in other releases, click bel Disabled MSI for the AMD Hudson2 https://man.openbsd.org/azalia;>azalia(4) HDA to fix random lock ups. Disabled access for regular users to /dev/audio* and /dev/rmidi*, creating these devices owned by root:_sndiod. -Rewrote the https://man.openbsd.org/cron;>cron(8) flag-parsing code to be getopt-like, allowing tight formations like -ns and flag repetition. Renamed the "options" field in https://man.openbsd.org/crontab;>crontab(5) to "flags". +Rewrote the https://man.openbsd.org/cron;>cron(8) flag-parsing code to be getopt-like, allowing tight formations like -ns and flag repetition. Renamed the "options" field in https://man.openbsd.org/crontab.5;>crontab(5) to "flags". Fixed a panic when using https://man.openbsd.org/pppac;>pppac(4) without https://man.openbsd.org/pipex;>pipex(4). Fixed an incorrect test for root in drm linux compatibility code.
Re: [patch] Check for -1 explicitly in getpeereid.c
On Sun, Apr 26, 2020 at 03:30:51PM -0600, Theo de Raadt wrote: > Patrick Wildt wrote: > > > I don't know userland very well, so I have a question. In the middle of > > 2019 there have been plenty of changes in regards to changing checks of > > syscalls from < 0 to a more strict == -1, like this one in isakmpd: > > > > > > revision 1.26 > > date: 2019/06/28 13:32:44; author: deraadt; state: Exp; lines: +2 -2; > > commitid: JJ6Ck4WTrgUiEjJp; > > When system calls indicate an error they return -1, not some arbitrary > > value < 0. errno is only updated in this case. Change all (most?) > > callers of syscalls to follow this better, and let's see if this strictness > > helps us in the future. > > > > I have about 4000 more changes like that, but I'm stuck with trying to > push it further forward. For various reasons, some of which can be > guessed from this thread. > > > getsockopt(), I think, is also a system call. And the manpage indicates > > that a failure is always -1, and not some arbitrary number: > > > > RETURN VALUES > > Upon successful completion, the value 0 is returned; otherwise the > > value -1 is returned and the global variable errno is set to indicate > > the > > error. > > > > What is the difference between the diff in this mail, and the changes > > done in the middle of last year? > > The difference is this is direct checking of the syscalls. > > Versus checking at a higher layer of abstraction, or conversion of > that result to something else. > > Say you have an interface which returns precisely 0 and -1 for two conditions. > Well then it has a large set of out-of-range values which (a) won't occur > but (b) if they occur, how do you handle them? At which layer? > > The range of numbers returned really express 3 conditions. One which is > impossible, yet if it happens, do you want to convert the impossible to > success, or to failure? > > In the recently supplied diff, a return value of 50 at the system call > layer, is returned into a library returning 0 (success). Furthermore, the > diff itself proposes treating the out-of-range impossible as a success, > and accesses memory which is very probably unintialized. > > > getsockopt() isn't allowed to return > > anything else but 0 and 1, right? Though I guess the current check > > (error != 0) is the one that also catches instances where getsockopt() > > isn't behaving well, even though it shouldn't. But then, with the -1 > > check, wouldn't we be catching more instances of syscalls misbehaving > > if we checked for < -1? > > Correct. I hope you have reached the same indecision point as me. > > I feel uncomfortable changing all checking-points to 3-way decision. > And imagine what a modern compiler would do there... > The way you put it is obvious how stupid my diff was. I did not understand that it does not call the libc wrapper. Evidently there are still some things going on I do not understand. Sorry for all the inconveniences caused. Best, Martin
[patch] Check for -1 explicitly in getpeereid.c
Hi there >From the getsockopt(2) manual page says getsockopt(2) returns -1 on error and 0 on success. Also getpeereid(3) only lists those 2 values. This diff makes the return value check in getpeereid explicit. I guess this is how it is done elsewhere in the tree (there is a commit turning a bunch of "... < 0" to "== -1" I think this falls under that category). Best, Martin Index: net/getpeereid.c === RCS file: /cvs/src/lib/libc/net/getpeereid.c,v retrieving revision 1.1 diff -u -p -r1.1 getpeereid.c --- net/getpeereid.c1 Jul 2010 19:15:30 - 1.1 +++ net/getpeereid.c26 Apr 2020 20:28:50 - @@ -28,7 +28,7 @@ getpeereid(int s, uid_t *euid, gid_t *eg error = getsockopt(s, SOL_SOCKET, SO_PEERCRED, , ); - if (error) + if (error == -1) return (error); *euid = creds.uid; *egid = creds.gid;
[patch] ps.c mark usage() as __dead
Hi
I'm not sure this is worth a diff, but here it is anyway.
Best,
Martin
Index: ps.c
===
RCS file: /cvs/src/bin/ps/ps.c,v
retrieving revision 1.76
diff -u -p -r1.76 ps.c
--- ps.c16 Dec 2019 19:21:16 - 1.76
+++ ps.c6 Apr 2020 09:54:47 -
@@ -69,10 +69,10 @@ int needcomm, needenv, neednlist, comman
enum sort { DEFAULT, SORTMEM, SORTCPU } sortby = DEFAULT;
-static char*kludge_oldps_options(char *);
-static int pscomp(const void *, const void *);
-static void scanvars(void);
-static void usage(void);
+static char*kludge_oldps_options(char *);
+static int pscomp(const void *, const void *);
+static void scanvars(void);
+static void __dead usage(void);
char dfmt[] = "pid tt state time command";
char tfmt[] = "pid tid tt state time command";
@@ -482,7 +482,7 @@ kludge_oldps_options(char *s)
return (newopts);
}
-static void
+static void __dead
usage(void)
{
(void)fprintf(stderr,
[patch] Remove old sshd_config(5) keyword from authpf(8) manual
Hi! >From my research in the cvs history of sshd_config.5 the `Protocol' keyword was removed in 2016, so remove it here as well. Best, Martin Index: authpf.8 === RCS file: /cvs/src/usr.sbin/authpf/authpf.8,v retrieving revision 1.54 diff -u -p -r1.54 authpf.8 --- authpf.81 Nov 2015 21:26:48 - 1.54 +++ authpf.85 Apr 2020 09:01:48 - @@ -379,7 +379,6 @@ must be properly configured to detect an To that end, the following options should be added to .Xr sshd_config 5 : .Bd -literal -offset indent -Protocol 2 ClientAliveInterval 15 ClientAliveCountMax 3 .Ed
[patch]: Change kern_unveil to [] array derefs
Hi!
This makes these array derefs consistent with the others in the file.
Also I believe this is the preferred way to do this.
Best,
Martin
Index: kern_unveil.c
===
RCS file: /cvs/src/sys/kern/kern_unveil.c,v
retrieving revision 1.39
diff -u -p -r1.39 kern_unveil.c
--- kern_unveil.c 22 Mar 2020 20:23:36 - 1.39
+++ kern_unveil.c 4 Apr 2020 17:08:00 -
@@ -204,7 +204,7 @@ unveil_destroy(struct process *ps)
size_t i;
for (i = 0; ps->ps_uvpaths != NULL && i < ps->ps_uvvcount; i++) {
- struct unveil *uv = ps->ps_uvpaths + i;
+ struct unveil *uv = >ps_uvpaths[i];
struct vnode *vp = uv->uv_vp;
/* skip any vnodes zapped by unveil_removevnode */
@@ -244,8 +244,8 @@ unveil_copy(struct process *parent, stru
child->ps_uvncount = 0;
for (i = 0; parent->ps_uvpaths != NULL && i < parent->ps_uvvcount;
i++) {
- struct unveil *from = parent->ps_uvpaths + i;
- struct unveil *to = child->ps_uvpaths + i;
+ struct unveil *from = >ps_uvpaths[i];
+ struct unveil *to = >ps_uvpaths[i];
struct unvname *unvn, *next;
to->uv_vp = from->uv_vp;
@@ -267,8 +267,8 @@ unveil_copy(struct process *parent, stru
}
child->ps_uvvcount = parent->ps_uvvcount;
if (parent->ps_uvpcwd)
- child->ps_uvpcwd = child->ps_uvpaths +
- (parent->ps_uvpcwd - parent->ps_uvpaths);
+ child->ps_uvpcwd =
+ >ps_uvpaths[parent->ps_uvpcwd - parent->ps_uvpaths];
child->ps_uvdone = parent->ps_uvdone;
child->ps_uvshrink = parent->ps_uvshrink;
}
Re: [patch] mandoc: Remove argument names from function prototypes
Hi Ingo On Fri, Apr 03, 2020 at 01:55:56PM +0200, Ingo Schwarze wrote: > Hi Martin, > > Martin Vahlensieck wrote on Thu, Apr 02, 2020 at 10:57:04AM +0200: > > > I think these are superfluous. > > Correct, and it is irritating to have a general style of not using > argument names in prototypes in mandoc, but then a few scattered > names here and there, so i committed your patch. > Thanks for sending it. > > In the future, when sending patches, could you please restore your > last name to the From: header? I consider it disrespectful forcing > developers who want to commit your patches to waste time on the > extra, useless work of searching for your name. I meant no disrespect. Thanks for pointing it out. Fixed. > For an extremely simple, probably not Copyright-worthy patch like > this one, it may not matter much, but as soon as you send a patch > that (even potentially) might meet the threshold of originality > with respect to Copyright, it becomes important that the developer > committing the patch mentions the full real name of the person who > sent in the patch in the commit message, such that it is clear who > owns the Copyright on the changes and, by implication, who the > person is putting these changes under the license displayed at the > top of the file. > > Thanks, > Ingo > Best, Martin
[patch] Remove "do not return a value" from libcrypto/libssl manpages
Hi there! I found some more. Best, Martin Index: libcrypto/man/RC4.3 === RCS file: /cvs/src/lib/libcrypto/man/RC4.3,v retrieving revision 1.7 diff -u -p -r1.7 RC4.3 --- libcrypto/man/RC4.3 6 Jun 2019 01:06:59 - 1.7 +++ libcrypto/man/RC4.3 29 Mar 2020 00:48:17 - @@ -112,11 +112,6 @@ yield a continuous key stream. Since RC4 is a stream cipher (the input is XOR'ed with a pseudo-random key stream to produce the output), decryption uses the same function calls as encryption. -.Sh RETURN VALUES -.Fn RC4_set_key -and -.Fn RC4 -do not return values. .Sh SEE ALSO .Xr blowfish 3 , .Xr EVP_EncryptInit 3 , Index: libcrypto/man/X509_STORE_CTX_set_verify_cb.3 === RCS file: /cvs/src/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3,v retrieving revision 1.4 diff -u -p -r1.4 X509_STORE_CTX_set_verify_cb.3 --- libcrypto/man/X509_STORE_CTX_set_verify_cb.322 Mar 2018 17:38:08 - 1.4 +++ libcrypto/man/X509_STORE_CTX_set_verify_cb.329 Mar 2020 00:48:17 - @@ -108,9 +108,6 @@ In some cases (such as S/MIME verificati structure is created and destroyed internally and the only way to set a custom verification callback is by inheriting it from the associated .Vt X509_STORE . -.Sh RETURN VALUES -.Fn X509_STORE_CTX_set_verify_cb -does not return a value. .Sh EXAMPLES Default callback operation: .Bd -literal Index: libcrypto/man/X509_STORE_set_verify_cb_func.3 === RCS file: /cvs/src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3,v retrieving revision 1.8 diff -u -p -r1.8 X509_STORE_set_verify_cb_func.3 --- libcrypto/man/X509_STORE_set_verify_cb_func.3 27 Mar 2018 17:35:50 - 1.8 +++ libcrypto/man/X509_STORE_set_verify_cb_func.3 29 Mar 2020 00:48:17 - @@ -86,11 +86,6 @@ structure when it is initialized. This can be used to set the verification callback when the .Vt X509_STORE_CTX is otherwise inaccessible (for example during S/MIME verification). -.Sh RETURN VALUES -.Fn X509_STORE_set_verify_cb -and -.Fn X509_STORE_set_verify_cb_func -do not return a value. .Sh SEE ALSO .Xr X509_STORE_CTX_set_verify_cb 3 , .Xr X509_STORE_new 3 Index: libssl/man/SSL_set_verify_result.3 === RCS file: /cvs/src/lib/libssl/man/SSL_set_verify_result.3,v retrieving revision 1.4 diff -u -p -r1.4 SSL_set_verify_result.3 --- libssl/man/SSL_set_verify_result.3 27 Mar 2018 17:35:50 - 1.4 +++ libssl/man/SSL_set_verify_result.3 29 Mar 2020 00:48:17 - @@ -79,9 +79,6 @@ The valid codes for .Fa verify_result are documented in .Xr openssl 1 . -.Sh RETURN VALUES -.Fn SSL_set_verify_result -does not provide a return value. .Sh SEE ALSO .Xr openssl 1 , .Xr ssl 3 ,
[patch] ERR_print_errors.3
Hi there Unless I miss something ERR_print_errors_cb returns no value as well. Best, Martin Index: ERR_print_errors.3 === RCS file: /cvs/src/lib/libcrypto/man/ERR_print_errors.3,v retrieving revision 1.7 diff -u -p -r1.7 ERR_print_errors.3 --- ERR_print_errors.3 27 Mar 2018 17:35:50 - 1.7 +++ ERR_print_errors.3 28 Mar 2020 20:03:35 - @@ -104,9 +104,10 @@ respective error code. If there is no text string registered for the given error code, the error string will contain the numeric code. .Sh RETURN VALUES -.Fn ERR_print_errors -and +.Fn ERR_print_errors , .Fn ERR_print_errors_fp +and +.Fn ERR_print_errors_cb return no values. .Sh SEE ALSO .Xr ERR 3 ,
