The branch stable/13 has been updated by jlduran: URL: https://cgit.FreeBSD.org/src/commit/?id=26fcc4afa9ee8b07da306bd8bf56f5e409f13d2d
commit 26fcc4afa9ee8b07da306bd8bf56f5e409f13d2d Author: Jose Luis Duran <[email protected]> AuthorDate: 2026-02-10 02:22:46 +0000 Commit: Jose Luis Duran <[email protected]> CommitDate: 2026-02-10 02:22:46 +0000 Adapt changes from blocklist 2026-02-07 (10a907f) Also apply the fix from PR 258411. This is a direct commit to stable/13, as blacklist has been renamed to blocklist upstream. --- contrib/blacklist/bin/blacklistd.c | 29 +++++++------- contrib/blacklist/bin/blacklistd.conf.5 | 4 +- contrib/blacklist/bin/run.c | 13 +++--- contrib/blacklist/bin/support.c | 1 - contrib/blacklist/port/popenve.c | 71 +++++++++++++++++---------------- 5 files changed, 61 insertions(+), 57 deletions(-) diff --git a/contrib/blacklist/bin/blacklistd.c b/contrib/blacklist/bin/blacklistd.c index 4aa845e46525..ebfcc6e840b4 100644 --- a/contrib/blacklist/bin/blacklistd.c +++ b/contrib/blacklist/bin/blacklistd.c @@ -344,10 +344,10 @@ addfd(struct pollfd **pfdp, bl_t **blp, size_t *nfd, size_t *maxfd, exit(EXIT_FAILURE); if (*nfd >= *maxfd) { *maxfd += 10; - *blp = realloc(*blp, sizeof(**blp) * *maxfd); + *blp = reallocarray(*blp, *maxfd, sizeof(**blp)); if (*blp == NULL) err(EXIT_FAILURE, "malloc"); - *pfdp = realloc(*pfdp, sizeof(**pfdp) * *maxfd); + *pfdp = reallocarray(*pfdp, *maxfd, sizeof(**pfdp)); if (*pfdp == NULL) err(EXIT_FAILURE, "malloc"); } @@ -371,7 +371,7 @@ uniqueadd(struct conf ***listp, size_t *nlist, size_t *mlist, struct conf *c) } if (*nlist == *mlist) { *mlist += 10; - void *p = realloc(*listp, *mlist * sizeof(*list)); + void *p = reallocarray(*listp, *mlist, sizeof(*list)); if (p == NULL) err(EXIT_FAILURE, "Can't allocate for rule list"); list = *listp = p; @@ -456,8 +456,8 @@ main(int argc, char *argv[]) case 's': if (nblsock >= maxblsock) { maxblsock += 10; - void *p = realloc(blsock, - sizeof(*blsock) * maxblsock); + void *p = reallocarray(blsock, maxblsock, + sizeof(*blsock)); if (p == NULL) err(EXIT_FAILURE, "Can't allocate memory for %zu sockets", @@ -532,14 +532,15 @@ main(int argc, char *argv[]) state = state_open(dbfile, flags, 0600); if (state == NULL) state = state_open(dbfile, flags | O_CREAT, 0600); - if (state == NULL) - return EXIT_FAILURE; - - if (restore) { - if (!flush) - rules_flush(); - rules_restore(); + else { + if (restore) { + if (!flush) + rules_flush(); + rules_restore(); + } } + if (state == NULL) + exit(EXIT_FAILURE); if (!debug) { if (daemon(0, 0) == -1) @@ -561,7 +562,7 @@ main(int argc, char *argv[]) if (errno == EINTR) continue; (*lfun)(LOG_ERR, "poll (%m)"); - return EXIT_FAILURE; + exit(EXIT_FAILURE); case 0: state_sync(state); break; @@ -577,5 +578,5 @@ main(int argc, char *argv[]) update(); } state_close(state); - return 0; + exit(EXIT_SUCCESS); } diff --git a/contrib/blacklist/bin/blacklistd.conf.5 b/contrib/blacklist/bin/blacklistd.conf.5 index 84ed9b661298..3cd2ffc2d7ac 100644 --- a/contrib/blacklist/bin/blacklistd.conf.5 +++ b/contrib/blacklist/bin/blacklistd.conf.5 @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd June 5, 2017 +.Dd January 13, 2026 .Dt BLACKLISTD.CONF 5 .Os .Sh NAME @@ -102,7 +102,7 @@ The syntax for the .Va location is: .Bd -literal -offset indent - [<address>|<interface>][/<mask>][:<port>] + [<address>|<interface>[/<mask>]:]<port> .Ed .Pp The diff --git a/contrib/blacklist/bin/run.c b/contrib/blacklist/bin/run.c index 5588f0198c04..e11f8b28e2ef 100644 --- a/contrib/blacklist/bin/run.c +++ b/contrib/blacklist/bin/run.c @@ -62,10 +62,10 @@ static char * run(const char *cmd, const char *name, ...) { const char *argv[20]; - size_t i; + size_t i, len; va_list ap; FILE *fp; - char buf[10240], *res; + char *line, *res; argv[0] = "control"; argv[1] = cmd; @@ -77,6 +77,7 @@ run(const char *cmd, const char *name, ...) va_end(ap); if (debug) { + char buf[2048]; size_t z; int r; @@ -97,10 +98,10 @@ run(const char *cmd, const char *name, ...) (*lfun)(LOG_ERR, "popen %s failed (%m)", controlprog); return NULL; } - if (fgets(buf, sizeof(buf), fp) != NULL) - res = strdup(buf); - else - res = NULL; + line = res = NULL; + len = 0; + if (getline(&line, &len, fp) >= 0) + res = line; pclose(fp); if (debug) (*lfun)(LOG_DEBUG, "%s returns %s", cmd, res); diff --git a/contrib/blacklist/bin/support.c b/contrib/blacklist/bin/support.c index d560d2303223..3e14fcbdc688 100644 --- a/contrib/blacklist/bin/support.c +++ b/contrib/blacklist/bin/support.c @@ -117,7 +117,6 @@ fmtydhms(char *b, size_t l, time_t t) y = t; - z = 0; o = 0; #define APPEND(a) \ if (a) { \ diff --git a/contrib/blacklist/port/popenve.c b/contrib/blacklist/port/popenve.c index 20f6b5b86b68..df57cde9d51f 100644 --- a/contrib/blacklist/port/popenve.c +++ b/contrib/blacklist/port/popenve.c @@ -45,19 +45,19 @@ __RCSID("$NetBSD: popenve.c,v 1.2 2015/01/22 03:10:50 christos Exp $"); #endif #endif /* LIBC_SCCS and not lint */ -#include <sys/param.h> -#include <sys/wait.h> +#include <sys/types.h> #include <sys/socket.h> +#include <sys/wait.h> #include <assert.h> #include <errno.h> +#include <fcntl.h> #include <paths.h> #include <signal.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> -#include <fcntl.h> #ifdef __weak_alias __weak_alias(popen,_popen) @@ -71,8 +71,8 @@ static struct pid { int fd; #endif pid_t pid; -} *pidlist; - +} *pidlist; + #ifdef _REENTRANT static rwlock_t pidlist_lock = RWLOCK_INITIALIZER; #endif @@ -109,11 +109,25 @@ pdes_get(int *pdes, const char **type) #endif } - if ((cur = malloc(sizeof(*cur))) != NULL) - return cur; + if ((cur = malloc(sizeof(*cur))) != NULL) { + if (**type == 'r') { + cur->fp = fdopen(pdes[0], *type); +#ifdef _REENTRANT + cur->fd = pdes[0]; +#endif + } else { + cur->fp = fdopen(pdes[1], *type); +#ifdef _REENTRANT + cur->fd = pdes[1]; +#endif + } + if (cur->fp != NULL) + return cur; + } serrno = errno; (void)close(pdes[0]); (void)close(pdes[1]); + free(cur); errno = serrno; return NULL; } @@ -123,16 +137,6 @@ pdes_child(int *pdes, const char *type) { struct pid *old; - /* POSIX.2 B.3.2.2 "popen() shall ensure that any streams - from previous popen() calls that remain open in the - parent process are closed in the new child process. */ - for (old = pidlist; old; old = old->next) -#ifdef _REENTRANT - (void)close(old->fd); /* don't allow a flush */ -#else - (void)close(fileno(old->fp)); /* don't allow a flush */ -#endif - if (type[0] == 'r') { (void)close(pdes[0]); if (pdes[1] != STDOUT_FILENO) { @@ -148,31 +152,30 @@ pdes_child(int *pdes, const char *type) (void)close(pdes[0]); } } + + /* POSIX.2 B.3.2.2 "popen() shall ensure that any streams + from previous popen() calls that remain open in the + parent process are closed in the new child process. */ + for (old = pidlist; old; old = old->next) { +#ifdef _REENTRANT + (void)close(old->fd); /* don't allow a flush */ +#else + (void)close(fileno(old->fp)); /* don't allow a flush */ +#endif + } } static void pdes_parent(int *pdes, struct pid *cur, pid_t pid, const char *type) { - FILE *iop; - - /* Parent; assume fdopen can't fail. */ - if (*type == 'r') { - iop = fdopen(pdes[0], type); -#ifdef _REENTRANT - cur->fd = pdes[0]; -#endif + /* Parent */ + if (*type == 'r') (void)close(pdes[1]); - } else { - iop = fdopen(pdes[1], type); -#ifdef _REENTRANT - cur->fd = pdes[1]; -#endif + else (void)close(pdes[0]); - } /* Link into list of file descriptors. */ - cur->fp = iop; - cur->pid = pid; + cur->pid = pid; cur->next = pidlist; pidlist = cur; } @@ -198,7 +201,7 @@ popenve(const char *cmd, char *const *argv, char *const *envp, const char *type) #ifdef _REENTRANT (void)rwlock_rdlock(&pidlist_lock); #endif - switch (pid = vfork()) { + switch (pid = fork()) { case -1: /* Error. */ serrno = errno; #ifdef _REENTRANT
