Fix possible reads past the end of the buffer.
Found by random fuzz testing (zzuf). Without the fix the fuzzer crashes
in several seconds; with the patch, the fuzzer runs clean for hours.
Index: midiplay.c
===
RCS file: /cvs/src/usr.
On 2016-04-27 18:20, Joerg Sonnenberger wrote:
This
[...snip...]
and this disagree?
I... am so sorry. You're right of course; I don't know how that patch
happened.
Correct patch:
diff --git a/src/sys/sys/siginfo.h b/src/sys/sys/siginfo.h
index 814e8f2..1e8365f 100644
--- a/src/sys/sys/sigin
On Wed, Apr 27, 2016 at 06:04:32PM -0400, i80...@foxquill.com wrote:
> POSIX specifies that siginfo_t.si_addr must be void*. OpenBSD currently
> defines it as caddr_t. This breaks some userspace programs, such as the
> following minimal case:
This
> The following patch builds the base system cle
POSIX specifies that siginfo_t.si_addr must be void*. OpenBSD currently
defines it as caddr_t. This breaks some userspace programs, such as the
following minimal case:
#include
#include
void handler(int, siginfo_t *info, void*) {
std::cout << "Foo" << info->si_addr << "bar\n";
}
Currently, the info in "gzip -l" only accounts for the last stream
in the file. For example:
$ gzip.old -l valgrind-3.10.1p9.tgz
compressed uncompressed ratio uncompressed_name
2122549 9048576 76.5% valgrind-3.10.1p9.tar
$ gzip.new -l /usr/ports/packages/amd64/all/valgrind-3.10.1p9
On Wed, Apr 27, 2016 at 03:45:45PM +, Alexey Suslikov wrote:
> Theo de Raadt cvs.openbsd.org> writes:
>
> >
> > Most of these bug reports completely stink.
> >
> > ALWAYS include *ALL* information in a report.
>
> In an idealistic world, yes.
>
> Above are not parts of the "chain", but di
> On 27/04/16(Wed) 15:45, Alexey Suslikov wrote:
> > Theo de Raadt cvs.openbsd.org> writes:
> >
> > >
> > > Most of these bug reports completely stink.
> > >
> > > ALWAYS include *ALL* information in a report.
> >
> > In an idealistic world, yes.
>
> In an idealistic world their would be no b
On 27/04/16(Wed) 15:45, Alexey Suslikov wrote:
> Theo de Raadt cvs.openbsd.org> writes:
>
> >
> > Most of these bug reports completely stink.
> >
> > ALWAYS include *ALL* information in a report.
>
> In an idealistic world, yes.
In an idealistic world their would be no bug.
> Above are not p
gif(4) is the only p2p interface for which the kernel does some kind of
link-layer address resolution when it comes to IPv6 & ND.
I don't believe this is necessary because we do not install any cloning
route on p2p interfaces. However the rt_checkgate() call *is* necessary
because your default IP
Reduces ping jitter when the block ack window encounters gaps.
Index: ieee80211_node.h
===
RCS file: /cvs/src/sys/net80211/ieee80211_node.h,v
retrieving revision 1.59
diff -u -p -r1.59 ieee80211_node.h
--- ieee80211_node.h11 Feb 2
I'm investigating latency issues with 11n block ack on iwn.
There's a dedicated command to update RXON flags while associated.
Use this command instead of whacking the whole firmware node table
and restoring it. The firmware node table contains block ack state
and we shouldn't mess with that.
Ind
Theo de Raadt cvs.openbsd.org> writes:
>
> Most of these bug reports completely stink.
>
> ALWAYS include *ALL* information in a report.
In an idealistic world, yes.
Above are not parts of the "chain", but different statements of the
same bug. To have both blue screen and ddb, I need to keep
Most of these bug reports completely stink.
ALWAYS include *ALL* information in a report.
If you are told your report is missing information, write a completely
fresh report that includes ALL INFORMATION. Don't reply in a series
of emails adding more and more information. People who submit repo
Stuart Henderson spacehopper.org> writes:
> There should be some lines printed before you get dumped into DDB
> (probably a uvm_fault), the information in them is important.
I either have a screenshot, or ddb. Not both at the same time.
Here is one of screenshots from 5.9 transcribed:
uvm_faul
Another one from my collection.
Apr 16:
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
pool_do_get() at pool_do_get+0x90
pool_get() at pool_get+0xb5
m_get() at m_get+0x28
sbappendaddr() at sbappendaddr+0x9a
uipc_usrreq() at uipc_usrreq+0x3b8
sosend() at sosend+0x3d8
dosendsyslog() at
On 2016/04/27 13:54, Alexey Suslikov wrote:
> Another one from my collection.
>
> Apr 16:
>
> ddb{0}> show panic
> the kernel did not panic
There should be some lines printed before you get dumped into DDB
(probably a uvm_fault), the information in them is important.
> ddb{0}> trace
> pool_do_
On Sun, Mar 13, 2016 at 09:26:55AM +0200, Lars Nood??n wrote:
> It looks like sshd(8) has permitted for a while both AllowUsers and
> DenyUsers in sshd_config(5) to use addresses in CIDR address/masklen
> format. If so, it would be useful to mention in the manual page.
>
> /Lars
>
fixed, thanks
Olivier Cherrier symacx.com> writes:
> ddb{2}> show register
> rdi 0x1
> rsi0x292
> rbp 0x800022519b50
> rbx 0x817195a0systqmp+0x1860
Maybe not related, but I have had the following during one of
On Wed, Apr 27, 2016 at 02:57:31PM +0200, Olivier Cherrier wrote:
> On Wed, Apr 27, 2016 at 09:13:40AM +, alexey.susli...@gmail.com wrote:
> > Hi tech@.
> >
> > (Maybe related to http://marc.info/?l=openbsd-bugs&m=146174654219490&w=2).
>
> ;-)
>
> > Crashing server acts as a carp backup
ok benno@
Stefan Sperling(s...@stsp.name) on 2016.04.27 13:36:51 +0200:
> I'd like to add some 802.11n-related counters to netstat -W output.
>
> The first diff below is for the kernel, the second for netstat.
>
> ok?
>
> Index: ieee80211_input.c
> ==
Hi,
For text content the response HTTP header "Content-Type: text/plain" is
commonly used. This patch changes it in the httpd.conf(5) documentation:
Index: httpd.conf.5
===
RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
retrieving
On Wed, Apr 27, 2016 at 09:13:40AM +, alexey.susli...@gmail.com wrote:
> Hi tech@.
>
> (Maybe related to http://marc.info/?l=openbsd-bugs&m=146174654219490&w=2).
;-)
> Crashing server acts as a carp backup (master has same hardware config but
> don't crash, in contrast to backup). Will post
Copy out some 11n information to net80211 ioctl node records.
Use a subset of this info to display the highest AP Rx rate during scan.
Since 11n implies support for 11a/b/g rates up to 54Mbit/s, we
only show a legacy rate if the AP doesn't support 11n.
In theory, 11n rate suport is not symmetric,
Hi,
The following patch for httpd fixes unbalanced va_start() and va_end() macros.
This is in style with the rest of httpd. Also POSIX says:
"Each invocation of the va_start() and va_copy() macros shall be matched by a
corresponding invocation of the va_end() macro in the same function."
http://
Hi,
The following patch for httpd makes sure the value of the asprintf buffer is
zeroed on error and not relied upon, so at the 'done' label free(body) and
free(hstsheader) is safe.
from asprintf(3):
"The asprintf() and vasprintf() functions return the number of
characters
that
On 27/04/16(Wed) 09:13, Alexey Suslikov wrote:
> Hi tech@.
>
> (Maybe related to http://marc.info/?l=openbsd-bugs&m=146174654219490&w=2).
Maybe maybe not. Please keep send your bug reports to bugs@ with all
the required informations.
I'd like to add some 802.11n-related counters to netstat -W output.
The first diff below is for the kernel, the second for netstat.
ok?
Index: ieee80211_input.c
===
RCS file: /cvs/src/sys/net80211/ieee80211_input.c,v
retrieving revi
On Sun, Apr 24, 2016 at 08:47:46AM +0200, Stefan Sperling wrote:
> On Sun, Apr 24, 2016 at 01:25:31PM +0800, Nathanael Rensen wrote:
> > The diff below also introduces dedicated timers for AMRR and for scan
> > instead of using the RT2860 GP interrupt, which also improves consistency
> > with the w
Hi tech@.
(Maybe related to http://marc.info/?l=openbsd-bugs&m=146174654219490&w=2).
Crashing server acts as a carp backup (master has same hardware config but
don't crash, in contrast to backup). Will post additional information if
necessary.
There's a collection of crashes (including pre 5.9)
Following diff replaces /dev/bpf[0-9] with only /dev/bpf and /dev/bpf0.
The /dev/bpf node is unused for now, but I plan to convert all programs
in base to use it in a future diff. /dev/bpf0 is for compatibility with
existing binaries and is to be removed after a transition period.
install.sub cont
30 matches
Mail list logo