Ran a grep to find unneccessary NULL checks before free(3) and found
some in dhclient(8) and makefs(8).
Geoff Hill
Index: sbin/dhclient/dhclient.c
===
RCS file: /cvs/src/sbin/dhclient/dhclient.c,v
retrieving revision 1.659
diff -u
On Tue, 07 Apr 2020 12:42:06 +0200, Martin Pieuchot wrote:
> fifo_poll() honors FREAD and FWRITE. It doesn't return events
> incompatible with the open flags. Diff below makes the kqfilters
> behave like that as well.
Looks good to me. Is there any reason you put "int a_fflag" in the
middle
On Tue, 07 Apr 2020 12:08:35 +0200, Martin Pieuchot wrote:
> The write socket should be passed to the write filter otherwise checks
> are performed against the wrong socket.
OK millert@
- todd
> On 7 Apr 2020, at 17:43, Martin Pieuchot wrote:
>
> On 07/04/20(Tue) 17:14, Vitaliy Makkoveev wrote:
>> As Claudio Jeker noticed, NET_LOCK() can release KERNEL_LOCK(). pppx(4)
>> code has some NET_LOCK() dances which make it unsafe. [...]
>
> The easiest way to fix that is to move
* Adam Steen [2020-04-07 08:18:19 +]:
On Fri, Feb 07, 2020 at 01:25:38PM -0800, Mike Larkin wrote:
> On Fri, Feb 07, 2020 at 04:20:16AM +, Adam Steen wrote:
> > Hi
> >
> > Please see the attached patch to add an 'IOCTL handler to sets the access
> > protections of the ept'
> >
> >
On Tue, Apr 07, 2020 at 06:13:12PM +0200, Stefan Sperling wrote:
> For temp stuff we really need a separate space that can just be wiped
> without consequences when it has run full.
The way Got internally provides access to files in /tmp for every helper
process is to pass one or more open file
For me, the "/var is full" problem can be adequately mitigated by mounting
a separate partition as /var/tmp.
More of an issue, although obviously not major - if there are a large
number of tmp directories, is making sure that they are all
routinely purged. Yes, I know this is down to careless
On Tue, Apr 07, 2020 at 05:05:08PM +0100, Stuart Henderson wrote:
> On 2020/04/07 18:01, Stefan Sperling wrote:
> > Yes, absolutely correct. Logs or tempfiles filling up /var are a problem,
> > and in the gotweb application Tracey and I created it is indeed possible
> > for requests to trigger
Stuart Henderson wrote:
> On 2020/04/07 18:01, Stefan Sperling wrote:
> > On Tue, Apr 07, 2020 at 09:51:15AM -0600, Theo de Raadt wrote:
> > > Stefan Sperling wrote:
> > >
> > > > On Tue, Apr 07, 2020 at 09:37:02AM -0600, Theo de Raadt wrote:
> > > > > > The idea was to have /var/www/tmp
Stefan Sperling wrote:
> > A smaller secondary concern is if you can convince software using this
> > space,
> > from remote, to hog the space too much, and/or lose track of files in there.
> > Which would also create the fallout problems of "/var is full".
> >
> > It's a matter of how other
On Tue, Apr 07, 2020 at 06:38:11PM +0300, Vitaliy Makkoveev wrote:
> On Tue, Apr 07, 2020 at 04:43:55PM +0200, Martin Pieuchot wrote:
> > On 07/04/20(Tue) 17:14, Vitaliy Makkoveev wrote:
> > > As Claudio Jeker noticed, NET_LOCK() can release KERNEL_LOCK(). pppx(4)
> > > code has some NET_LOCK()
On 2020/04/07 18:01, Stefan Sperling wrote:
> On Tue, Apr 07, 2020 at 09:51:15AM -0600, Theo de Raadt wrote:
> > Stefan Sperling wrote:
> >
> > > On Tue, Apr 07, 2020 at 09:37:02AM -0600, Theo de Raadt wrote:
> > > > > The idea was to have /var/www/tmp created by default, but with
> > > > >
On Tue, Apr 07, 2020 at 09:51:15AM -0600, Theo de Raadt wrote:
> Stefan Sperling wrote:
>
> > On Tue, Apr 07, 2020 at 09:37:02AM -0600, Theo de Raadt wrote:
> > > > The idea was to have /var/www/tmp created by default, but with
> > > > www:www ownership.
> >
> > > Create the directory. Now as
On Tue, Apr 07, 2020 at 04:43:55PM +0200, Martin Pieuchot wrote:
> On 07/04/20(Tue) 17:14, Vitaliy Makkoveev wrote:
> > As Claudio Jeker noticed, NET_LOCK() can release KERNEL_LOCK(). pppx(4)
> > code has some NET_LOCK() dances which make it unsafe. [...]
>
> The easiest way to fix that is to
On Tue, Apr 07, 2020 at 01:42:48PM +0200, Stefan Sperling wrote:
> I've noticed that wireless interfaces in 11n mode show a "media:" line
> in ifconfig such as this while a background scan is in progress:
>
> media: IEEE802.11 autoselect (OFDM6)
>
> What is expected is a line showing active 11n
Stefan Sperling wrote:
> On Tue, Apr 07, 2020 at 09:37:02AM -0600, Theo de Raadt wrote:
> > > The idea was to have /var/www/tmp created by default, but with
> > > www:www ownership.
>
> > Create the directory. Now as a user, completely fill it.
>
> The proposal is to create tmp with www:www
On Tue, Apr 07, 2020 at 09:37:02AM -0600, Theo de Raadt wrote:
> > The idea was to have /var/www/tmp created by default, but with
> > www:www ownership.
> Create the directory. Now as a user, completely fill it.
The proposal is to create tmp with www:www ownership, writable only for
that user,
Stuart Henderson wrote:
> On 2020/04/07 09:01, Theo de Raadt wrote:
> > This is horrible, as a user can fill the /var filesystem.
>
> they already can with /var/www/logs.
On my machines not running this software, they cannot cause any effect
on that directory.
The software utilization of 1%
Tracey Emery wrote:
> On Tue, Apr 07, 2020 at 11:17:23AM -0400, Bryan Steele wrote:
> > On Tue, Apr 07, 2020 at 04:56:31PM +0200, Martijn van Duren wrote:
> > > This came up during u2k20 while discussing tempfiles for gotweb inside a
> > > chroot. At the moment we don't include it by default and
On 2020/04/07 09:01, Theo de Raadt wrote:
> This is horrible, as a user can fill the /var filesystem.
they already can with /var/www/logs.
On 2020/04/07 11:17, Bryan Steele wrote:
> WIth FastCGI, perhaps I'm confused, but why do web applications need to
> be inside the /var/www chroot? Can't
On Tue, Apr 07, 2020 at 11:17:23AM -0400, Bryan Steele wrote:
> On Tue, Apr 07, 2020 at 04:56:31PM +0200, Martijn van Duren wrote:
> > This came up during u2k20 while discussing tempfiles for gotweb inside a
> > chroot. At the moment we don't include it by default and ports have to
> > create it
On Tue, Apr 07, 2020 at 04:56:31PM +0200, Martijn van Duren wrote:
> This came up during u2k20 while discussing tempfiles for gotweb inside a
> chroot. At the moment we don't include it by default and ports have to
> create it themselves. Since I assume we want web applications to run
> inside a
This is horrible, as a user can fill the /var filesystem.
That is why we got rid of /var/tmp before, and tried to reduce the risk on
/tmp. Now you want to bring the problem back.
Martijn van Duren wrote:
> This came up during u2k20 while discussing tempfiles for gotweb inside a
> chroot. At
Forgot to release lock in pppx_del_session() error case...
Index: sys/net/if_pppx.c
===
RCS file: /cvs/src/sys/net/if_pppx.c,v
retrieving revision 1.81
diff -u -p -r1.81 if_pppx.c
--- sys/net/if_pppx.c 7 Apr 2020 07:11:22 -
This came up during u2k20 while discussing tempfiles for gotweb inside a
chroot. At the moment we don't include it by default and ports have to
create it themselves. Since I assume we want web applications to run
inside a /var/www chroot as much as possible and even some libc
functions depend on
On 07/04/20(Tue) 17:14, Vitaliy Makkoveev wrote:
> As Claudio Jeker noticed, NET_LOCK() can release KERNEL_LOCK(). pppx(4)
> code has some NET_LOCK() dances which make it unsafe. [...]
The easiest way to fix that is to move if_detach() out of pppx_if_destroy().
It generally makes sense to call
As Claudio Jeker noticed, NET_LOCK() can release KERNEL_LOCK(). pppx(4)
code has some NET_LOCK() dances which make it unsafe. Concurent thread
can receive CPU and enter to pppx_if_destroy() while we dance with
NET_LOCK(). The idea is to deny access to pxi at destruction stage.
If pxi_if is removed
Russian standards body has issues a standard GOST R 34.12-2015 defining
two block ciphers: magma and kuznyechik. English descriptions of these
ciphers are defined in draft-dolmatov-magma (in RFC editor queue) and
RFC 7801 respectively. These patches add support for basic constructions
using these
64-bit ciphers are old, but it would be good to use common code for
their implementations.
Signed-off-by: Dmitry Baryshkov
---
src/lib/libcrypto/modes/cbc64.c | 202
src/lib/libcrypto/modes/cfb64.c | 169 ++
In preparation to adding ACPKM support, switch key_meshing to be a
section size rather than just a flag.
Signed-off-by: Dmitry Baryshkov
---
src/lib/libcrypto/gost/gost.h | 2 +-
src/lib/libcrypto/gost/gost2814789.c | 8
src/lib/libcrypto/gost/gost89_params.c | 2 +-
3 files
There is no point in specifying key length to Gost28147_set_key,
everybody just passes 256 (or 32 * 8) no matter what.
Signed-off-by: Dmitry Baryshkov
---
src/lib/libcrypto/evp/e_gost2814789.c | 4 +++-
src/lib/libcrypto/evp/m_gost2814789.c | 3 ++-
src/lib/libcrypto/gost/gost.h
GOST R 34.12-2015 defines Magma cipher (a variant of GOST 28147-89 with
fixed S-BOX and endianness change), see draft-dolmatov-magma.
Sponsored by ROSA Linux
Signed-off-by: Dmitry Baryshkov
---
src/lib/libcrypto/Symbols.list | 5 +
src/lib/libcrypto/evp/c_all.c | 5
Russian standard body has changed the way MAC key is calculated for
PKCS12 files. Generate proper keys depending on the digest type used for
MAC generation.
Sponsored by ROSA Linux
Signed-off-by: Dmitry Baryshkov
---
src/lib/libcrypto/pkcs12/p12_key.c | 18 ++
Add OIDs for HMAC using Streebog (GOST R 34.11-2012) hash function.
Sponsored by ROSA Linux
Signed-off-by: Dmitry Baryshkov
---
src/lib/libcrypto/objects/obj_mac.num | 2 ++
src/lib/libcrypto/objects/objects.txt | 2 ++
2 files changed, 4 insertions(+)
diff --git
Allow using GOST R 34.11-2012 in PBE/PBKDF2/PKCS#5.
Sponsored by ROSA Linux
Signed-off-by: Dmitry Baryshkov
---
src/lib/libcrypto/evp/evp_pbe.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c
index
On Tue, Apr 07, 2020 at 01:51:45PM +0300, Vitaliy Makkoveev wrote:
> On Tue, Apr 07, 2020 at 11:54:01AM +0200, Claudio Jeker wrote:
> > Unsure about this one here. I would prefer if the panic remained for now
> > (mainly because of the XXXSMP NET_UNLOCK() dance just above). I wonder if
> > the
>
I've noticed that wireless interfaces in 11n mode show a "media:" line
in ifconfig such as this while a background scan is in progress:
media: IEEE802.11 autoselect (OFDM6)
What is expected is a line showing active 11n mode, such as:
media: IEEE802.11 autoselect (HT-MCS0 mode 11n)
This
On Tue, Apr 07, 2020 at 11:54:01AM +0200, Claudio Jeker wrote:
> Unsure about this one here. I would prefer if the panic remained for now
> (mainly because of the XXXSMP NET_UNLOCK() dance just above). I wonder if the
> order of this could not be modified so that the NET_LOCK is released after
>
fifo_poll() honors FREAD and FWRITE. It doesn't return events
incompatible with the open flags. Diff below makes the kqfilters
behave like that as well.
ok?
Index: kern/tty_tty.c
===
RCS file: /cvs/src/sys/kern/tty_tty.c,v
The write socket should be passed to the write filter otherwise checks
are performed against the wrong socket.
ok?
Index: miscfs/fifofs/fifo_vnops.c
===
RCS file: /cvs/src/sys/miscfs/fifofs/fifo_vnops.c,v
retrieving revision 1.73
On Tue, Apr 07, 2020 at 12:36:29PM +0300, Vitaliy Makkoveev wrote:
> pppx_if containing tree and per pppx_dev list are protected by rwlock so
> these splx(9) related dances and commentaries are not actual.
> Also pxd_svcq protected by NET_LOCK().
>
> Index: sys/net/if_pppx.c
>
pppx_if containing tree and per pppx_dev list are protected by rwlock so
these splx(9) related dances and commentaries are not actual.
Also pxd_svcq protected by NET_LOCK().
Index: sys/net/if_pppx.c
===
RCS file:
Hi,
thank you, most of this diff looks good to me. I left some comments inline.
On Sun, Apr 05, 2020 at 01:58:04AM +0900, Wataru Ashihara wrote:
> The data wich sc_sock4 has is a little bit complicated:
>
>
>
> On Fri, Feb 07, 2020 at 01:25:38PM -0800, Mike Larkin wrote:
> > On Fri, Feb 07, 2020 at 04:20:16AM +, Adam Steen wrote:
> > > Hi
> > >
> > > Please see the attached patch to add an 'IOCTL handler to sets the access
> > > protections of the ept'
> > >
> > > vmd(8) does not make use of this
ok yasuoka
On Mon, 6 Apr 2020 19:54:20 +0300
Vitaliy Makkoveev wrote:
> Deny to create pipex_session which is already exist. Newly created
> session will be placed to list head so the caller of
> pipex_*_lookup_session() will receive wrong session.
>
> Index: sys/net/if_pppx.c
>
45 matches
Mail list logo