Fwd: Re: CVS commit: src/sys/netinet
Le 10/02/2018 à 23:49, David H. Gutteridge a écrit : On Mon, 05 Feb 2018, at 13:23:11 +, Maxime Villard wrote: Module Name:src Committed By: maxv Date: Mon Feb 5 13:23:11 UTC 2018 Modified Files: src/sys/netinet: ip_input.c Log Message: Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a completely dumb idea, because they have security implications. By sending an IPv4 packet containing an LSRR option, an attacker will cause the system to forward the packet to another IPv4 address - and this way he white-washes the source of the packet. It is also possible for an attacker to reach hidden networks: if a server has a public address, and a private one on an internal network (network which has several internal machines connected), the attacker can send a packet with: source = 0.0.0.0 destination = public address of the server LSRR first address = address of a machine on the internal network And the packet will be forwarded, by the server, to the internal machine, in some cases even with the internal IP address of the server as a source. Hello, This particular fix has been pulled up to the various 6.x and 7.x branches, but not to 8.0_BETA. Is that still pending because it's part of a larger planned change set? Yes. Maxime
CVS commit: src/share/mk
Module Name:src Committed By: christos Date: Sun Feb 11 03:44:53 UTC 2018 Modified Files: src/share/mk: bsd.own.mk Log Message: switch amd64 to gcc-6. Thanks mrg for all the work! To generate a diff of this commit: cvs rdiff -u -r1.1032 -r1.1033 src/share/mk/bsd.own.mk Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/share/mk
Module Name:src Committed By: christos Date: Sun Feb 11 03:44:53 UTC 2018 Modified Files: src/share/mk: bsd.own.mk Log Message: switch amd64 to gcc-6. Thanks mrg for all the work! To generate a diff of this commit: cvs rdiff -u -r1.1032 -r1.1033 src/share/mk/bsd.own.mk Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/share/mk/bsd.own.mk diff -u src/share/mk/bsd.own.mk:1.1032 src/share/mk/bsd.own.mk:1.1033 --- src/share/mk/bsd.own.mk:1.1032 Thu Feb 8 23:38:24 2018 +++ src/share/mk/bsd.own.mk Sat Feb 10 22:44:53 2018 @@ -1,4 +1,4 @@ -# $NetBSD: bsd.own.mk,v 1.1032 2018/02/09 04:38:24 christos Exp $ +# $NetBSD: bsd.own.mk,v 1.1033 2018/02/11 03:44:53 christos Exp $ # This needs to be before bsd.init.mk .if defined(BSD_MK_COMPAT_FILE) @@ -66,6 +66,8 @@ MKGCC?= no # .if ${MACHINE_CPU} == "aarch64" HAVE_GCC?= 0 +.elif ${MACHINE} == "amd64" +HAVE_GCC?= 6 .else HAVE_GCC?= 5 .endif
CVS commit: src/usr.bin/ftp
Module Name:src Committed By: christos Date: Sun Feb 11 02:51:58 UTC 2018 Modified Files: src/usr.bin/ftp: fetch.c Log Message: more volatile to appease gcc. To generate a diff of this commit: cvs rdiff -u -r1.229 -r1.230 src/usr.bin/ftp/fetch.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/ftp/fetch.c diff -u src/usr.bin/ftp/fetch.c:1.229 src/usr.bin/ftp/fetch.c:1.230 --- src/usr.bin/ftp/fetch.c:1.229 Sat Nov 25 10:39:17 2017 +++ src/usr.bin/ftp/fetch.c Sat Feb 10 21:51:58 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: fetch.c,v 1.229 2017/11/25 15:39:17 christos Exp $ */ +/* $NetBSD: fetch.c,v 1.230 2018/02/11 02:51:58 christos Exp $ */ /*- * Copyright (c) 1997-2015 The NetBSD Foundation, Inc. @@ -37,7 +37,7 @@ #include #ifndef lint -__RCSID("$NetBSD: fetch.c,v 1.229 2017/11/25 15:39:17 christos Exp $"); +__RCSID("$NetBSD: fetch.c,v 1.230 2018/02/11 02:51:58 christos Exp $"); #endif /* not lint */ /* @@ -1277,7 +1277,7 @@ fetch_url(const char *url, const char *p static char *xferbuf; const char *cp; char *ep; - char *auth; + char *volatile auth; char *volatile savefile; char *volatile location; char *volatile message; @@ -1460,7 +1460,8 @@ fetch_url(const char *url, const char *p #ifdef WITH_SSL if (isproxy && oui.utype == HTTPS_URL_T) { switch (connectmethod(fin, url, penv, , , - , , , , )) { + , , __UNVOLATILE(), , + )) { case C_CLEANUP: goto cleanup_fetch_url; case C_IMPROPER: @@ -1496,7 +1497,8 @@ fetch_url(const char *url, const char *p alarmtimer(0); switch (negotiate_connection(fin, url, penv, , - , , , , , )) { + , , , , , + __UNVOLATILE())) { case C_OK: break; case C_CLEANUP:
CVS commit: src/usr.bin/ftp
Module Name:src Committed By: christos Date: Sun Feb 11 02:51:58 UTC 2018 Modified Files: src/usr.bin/ftp: fetch.c Log Message: more volatile to appease gcc. To generate a diff of this commit: cvs rdiff -u -r1.229 -r1.230 src/usr.bin/ftp/fetch.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/gpl3/gcc/usr.bin
Module Name:src Committed By: christos Date: Sun Feb 11 02:12:29 UTC 2018 Modified Files: src/external/gpl3/gcc/usr.bin: Makefile Makefile.backend Makefile.frontend Makefile.inc src/external/gpl3/gcc/usr.bin/backend: Makefile src/external/gpl3/gcc/usr.bin/g++: Makefile src/external/gpl3/gcc/usr.bin/gcov: Makefile src/external/gpl3/gcc/usr.bin/gcov-dump: Makefile src/external/gpl3/gcc/usr.bin/include: Makefile src/external/gpl3/gcc/usr.bin/libcpp: Makefile src/external/gpl3/gcc/usr.bin/libdecnumber: Makefile Log Message: Use bsd.init.mk (instead of bsd.own.mk) consistently so that Makefile.inc gets called before bsd.own.mk so that we get a chance to use NOFOO easily in Makefile.inc. Use that to turn CTF off for everything. To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.10 src/external/gpl3/gcc/usr.bin/Makefile cvs rdiff -u -r1.6 -r1.7 src/external/gpl3/gcc/usr.bin/Makefile.backend cvs rdiff -u -r1.4 -r1.5 src/external/gpl3/gcc/usr.bin/Makefile.frontend cvs rdiff -u -r1.30 -r1.31 src/external/gpl3/gcc/usr.bin/Makefile.inc cvs rdiff -u -r1.42 -r1.43 src/external/gpl3/gcc/usr.bin/backend/Makefile cvs rdiff -u -r1.6 -r1.7 src/external/gpl3/gcc/usr.bin/g++/Makefile cvs rdiff -u -r1.6 -r1.7 src/external/gpl3/gcc/usr.bin/gcov/Makefile cvs rdiff -u -r1.1 -r1.2 src/external/gpl3/gcc/usr.bin/gcov-dump/Makefile cvs rdiff -u -r1.11 -r1.12 src/external/gpl3/gcc/usr.bin/include/Makefile cvs rdiff -u -r1.7 -r1.8 src/external/gpl3/gcc/usr.bin/libcpp/Makefile cvs rdiff -u -r1.6 -r1.7 src/external/gpl3/gcc/usr.bin/libdecnumber/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/gpl3/gcc/usr.bin
Module Name:src Committed By: christos Date: Sun Feb 11 02:12:29 UTC 2018 Modified Files: src/external/gpl3/gcc/usr.bin: Makefile Makefile.backend Makefile.frontend Makefile.inc src/external/gpl3/gcc/usr.bin/backend: Makefile src/external/gpl3/gcc/usr.bin/g++: Makefile src/external/gpl3/gcc/usr.bin/gcov: Makefile src/external/gpl3/gcc/usr.bin/gcov-dump: Makefile src/external/gpl3/gcc/usr.bin/include: Makefile src/external/gpl3/gcc/usr.bin/libcpp: Makefile src/external/gpl3/gcc/usr.bin/libdecnumber: Makefile Log Message: Use bsd.init.mk (instead of bsd.own.mk) consistently so that Makefile.inc gets called before bsd.own.mk so that we get a chance to use NOFOO easily in Makefile.inc. Use that to turn CTF off for everything. To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.10 src/external/gpl3/gcc/usr.bin/Makefile cvs rdiff -u -r1.6 -r1.7 src/external/gpl3/gcc/usr.bin/Makefile.backend cvs rdiff -u -r1.4 -r1.5 src/external/gpl3/gcc/usr.bin/Makefile.frontend cvs rdiff -u -r1.30 -r1.31 src/external/gpl3/gcc/usr.bin/Makefile.inc cvs rdiff -u -r1.42 -r1.43 src/external/gpl3/gcc/usr.bin/backend/Makefile cvs rdiff -u -r1.6 -r1.7 src/external/gpl3/gcc/usr.bin/g++/Makefile cvs rdiff -u -r1.6 -r1.7 src/external/gpl3/gcc/usr.bin/gcov/Makefile cvs rdiff -u -r1.1 -r1.2 src/external/gpl3/gcc/usr.bin/gcov-dump/Makefile cvs rdiff -u -r1.11 -r1.12 src/external/gpl3/gcc/usr.bin/include/Makefile cvs rdiff -u -r1.7 -r1.8 src/external/gpl3/gcc/usr.bin/libcpp/Makefile cvs rdiff -u -r1.6 -r1.7 src/external/gpl3/gcc/usr.bin/libdecnumber/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/gpl3/gcc/usr.bin/Makefile diff -u src/external/gpl3/gcc/usr.bin/Makefile:1.9 src/external/gpl3/gcc/usr.bin/Makefile:1.10 --- src/external/gpl3/gcc/usr.bin/Makefile:1.9 Tue Feb 6 18:12:01 2018 +++ src/external/gpl3/gcc/usr.bin/Makefile Sat Feb 10 21:12:28 2018 @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.9 2018/02/06 23:12:01 mrg Exp $ +# $NetBSD: Makefile,v 1.10 2018/02/11 02:12:28 christos Exp $ NOOBJ=# defined -.include +.include GCC_MACHINE_ARCH=${MACHINE_ARCH:S/earmv5/earm/} Index: src/external/gpl3/gcc/usr.bin/Makefile.backend diff -u src/external/gpl3/gcc/usr.bin/Makefile.backend:1.6 src/external/gpl3/gcc/usr.bin/Makefile.backend:1.7 --- src/external/gpl3/gcc/usr.bin/Makefile.backend:1.6 Thu Aug 3 21:18:39 2017 +++ src/external/gpl3/gcc/usr.bin/Makefile.backend Sat Feb 10 21:12:28 2018 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.backend,v 1.6 2017/08/04 01:18:39 mrg Exp $ +# $NetBSD: Makefile.backend,v 1.7 2018/02/11 02:12:28 christos Exp $ .ifndef _EXTERNAL_GPL3_GCC_USR_BIN_MAKEFILE_BACKEND_ _EXTERNAL_GPL3_GCC_USR_BIN_MAKEFILE_BACKEND_=1 @@ -10,7 +10,7 @@ BINDIR= /usr/libexec CPPFLAGS+= -I${GCCARCH} -I${BACKENDOBJ} \ ${G_ALL_CFLAGS:M-D*} ${G_INCLUDES:M-I*:N-I.*} -.include +.include DPADD+= ${BACKENDOBJ}/libbackend.a LDADD+= ${BACKENDOBJ}/libbackend.a Index: src/external/gpl3/gcc/usr.bin/Makefile.frontend diff -u src/external/gpl3/gcc/usr.bin/Makefile.frontend:1.4 src/external/gpl3/gcc/usr.bin/Makefile.frontend:1.5 --- src/external/gpl3/gcc/usr.bin/Makefile.frontend:1.4 Thu Apr 3 21:19:14 2014 +++ src/external/gpl3/gcc/usr.bin/Makefile.frontend Sat Feb 10 21:12:28 2018 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.frontend,v 1.4 2014/04/04 01:19:14 christos Exp $ +# $NetBSD: Makefile.frontend,v 1.5 2018/02/11 02:12:28 christos Exp $ BINDIR= /usr/bin @@ -6,8 +6,8 @@ CPPFLAGS+= -I${GCCARCH} -I${FRONTENDOBJ} ${G_ALL_CFLAGS:M-D*} ${G_INCLUDES:M-I*:N-I.*} \ -DIN_GCC_FRONTEND -NOCTF= # defined -.include +NOCTF= # defined +.include DPADD+= ${FRONTENDOBJ}/libfrontend.a LDADD+= -L${FRONTENDOBJ} -lfrontend Index: src/external/gpl3/gcc/usr.bin/Makefile.inc diff -u src/external/gpl3/gcc/usr.bin/Makefile.inc:1.30 src/external/gpl3/gcc/usr.bin/Makefile.inc:1.31 --- src/external/gpl3/gcc/usr.bin/Makefile.inc:1.30 Sun Feb 4 04:22:03 2018 +++ src/external/gpl3/gcc/usr.bin/Makefile.inc Sat Feb 10 21:12:28 2018 @@ -1,9 +1,10 @@ -# $NetBSD: Makefile.inc,v 1.30 2018/02/04 09:22:03 mrg Exp $ +# $NetBSD: Makefile.inc,v 1.31 2018/02/11 02:12:28 christos Exp $ .ifndef _EXTERNAL_GPL3_GCC_USR_BIN_MAKEFILE_INC_ _EXTERNAL_GPL3_GCC_USR_BIN_MAKEFILE_INC_=1 -.include +NOCTF= # defined +.include .sinclude "../../Makefile.gcc_path" Index: src/external/gpl3/gcc/usr.bin/backend/Makefile diff -u src/external/gpl3/gcc/usr.bin/backend/Makefile:1.42 src/external/gpl3/gcc/usr.bin/backend/Makefile:1.43 --- src/external/gpl3/gcc/usr.bin/backend/Makefile:1.42 Tue Feb 6 21:33:05 2018 +++ src/external/gpl3/gcc/usr.bin/backend/Makefile Sat Feb 10 21:12:28 2018 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.42 2018/02/07 02:33:05 mrg Exp $ +# $NetBSD: Makefile,v 1.43 2018/02/11 02:12:28 christos Exp $ LIBISPRIVATE= yes @@
CVS commit: src/external/bsd/openpam/dist/lib/libpam
Module Name:src Committed By: christos Date: Sun Feb 11 00:25:12 UTC 2018 Modified Files: src/external/bsd/openpam/dist/lib/libpam: pam_getenvlist.c Log Message: non-null arg. To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 \ src/external/bsd/openpam/dist/lib/libpam/pam_getenvlist.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/openpam/dist/lib/libpam/pam_getenvlist.c diff -u src/external/bsd/openpam/dist/lib/libpam/pam_getenvlist.c:1.3 src/external/bsd/openpam/dist/lib/libpam/pam_getenvlist.c:1.4 --- src/external/bsd/openpam/dist/lib/libpam/pam_getenvlist.c:1.3 Sat May 6 15:50:10 2017 +++ src/external/bsd/openpam/dist/lib/libpam/pam_getenvlist.c Sat Feb 10 19:25:12 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: pam_getenvlist.c,v 1.3 2017/05/06 19:50:10 christos Exp $ */ +/* $NetBSD: pam_getenvlist.c,v 1.4 2018/02/11 00:25:12 christos Exp $ */ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. @@ -42,7 +42,7 @@ #endif #include -__RCSID("$NetBSD: pam_getenvlist.c,v 1.3 2017/05/06 19:50:10 christos Exp $"); +__RCSID("$NetBSD: pam_getenvlist.c,v 1.4 2018/02/11 00:25:12 christos Exp $"); #include #include @@ -65,8 +65,10 @@ pam_getenvlist(pam_handle_t *pamh) size_t i; ENTER(); +#ifdef notdef if (pamh == NULL) RETURNP(NULL); +#endif envlist = malloc(sizeof(*envlist) * ((size_t)pamh->env_count + 1)); if (envlist == NULL) { openpam_log(PAM_LOG_ERROR, "%s",
CVS commit: src/external/bsd/openpam/dist/lib/libpam
Module Name:src Committed By: christos Date: Sun Feb 11 00:25:12 UTC 2018 Modified Files: src/external/bsd/openpam/dist/lib/libpam: pam_getenvlist.c Log Message: non-null arg. To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 \ src/external/bsd/openpam/dist/lib/libpam/pam_getenvlist.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/powerpc/oea
Module Name:src Committed By: mrg Date: Sun Feb 11 00:01:12 UTC 2018 Modified Files: src/sys/arch/powerpc/oea: oea_machdep.c Log Message: introduce a inline function to set a value to zero while hiding this fact from GCC. this allows the PPC code that writes to address zero to actually work rather than cause GCC to emit an explicit "trap" instruction, which in early boot means hang on my pegasosII. use this in oae_init() for both rfid->rfi and also setting the jump-to-zero trap. found with a lot of debugging, but GCC 6's new warning -Wnull-dereference found it when i was informed of its existence. unfortunately, there are dozens of other violations in our kernel today so simply enabling that option for everything is not a good idea, but is a goal. To generate a diff of this commit: cvs rdiff -u -r1.73 -r1.74 src/sys/arch/powerpc/oea/oea_machdep.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/powerpc/oea
Module Name:src Committed By: mrg Date: Sun Feb 11 00:01:12 UTC 2018 Modified Files: src/sys/arch/powerpc/oea: oea_machdep.c Log Message: introduce a inline function to set a value to zero while hiding this fact from GCC. this allows the PPC code that writes to address zero to actually work rather than cause GCC to emit an explicit "trap" instruction, which in early boot means hang on my pegasosII. use this in oae_init() for both rfid->rfi and also setting the jump-to-zero trap. found with a lot of debugging, but GCC 6's new warning -Wnull-dereference found it when i was informed of its existence. unfortunately, there are dozens of other violations in our kernel today so simply enabling that option for everything is not a good idea, but is a goal. To generate a diff of this commit: cvs rdiff -u -r1.73 -r1.74 src/sys/arch/powerpc/oea/oea_machdep.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/powerpc/oea/oea_machdep.c diff -u src/sys/arch/powerpc/oea/oea_machdep.c:1.73 src/sys/arch/powerpc/oea/oea_machdep.c:1.74 --- src/sys/arch/powerpc/oea/oea_machdep.c:1.73 Mon May 30 13:04:24 2016 +++ src/sys/arch/powerpc/oea/oea_machdep.c Sun Feb 11 00:01:12 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: oea_machdep.c,v 1.73 2016/05/30 13:04:24 chs Exp $ */ +/* $NetBSD: oea_machdep.c,v 1.74 2018/02/11 00:01:12 mrg Exp $ */ /* * Copyright (C) 2002 Matt Thomas @@ -33,7 +33,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: oea_machdep.c,v 1.73 2016/05/30 13:04:24 chs Exp $"); +__KERNEL_RCSID(0, "$NetBSD: oea_machdep.c,v 1.74 2018/02/11 00:01:12 mrg Exp $"); #include "opt_ppcarch.h" #include "opt_compat_netbsd.h" @@ -109,6 +109,19 @@ extern int dsitrap_fix_dbat5[]; extern int dsitrap_fix_dbat6[]; extern int dsitrap_fix_dbat7[]; +/* + * Load pointer with 0 behind GCC's back, otherwise it will + * emit a "trap" instead. + */ +static __inline__ uintptr_t +zero_value(void) +{ + uintptr_t dont_tell_gcc; + + __asm volatile ("li %0, 0" : "=r"(dont_tell_gcc) :); + return dont_tell_gcc; +} + void oea_init(void (*handler)(void)) { @@ -144,7 +157,7 @@ oea_init(void (*handler)(void)) #ifdef PPC_HIGH_VEC exc_base = EXC_HIGHVEC; #else - exc_base = 0; + exc_base = zero_value(); #endif KASSERT(mfspr(SPR_SPRG0) == (uintptr_t)ci); @@ -289,8 +302,10 @@ oea_init(void (*handler)(void)) * Install a branch absolute to trap0 to force a panic. */ if ((uintptr_t)trap0 < 0x200) { - *(volatile uint32_t *) 0 = 0x7c6802a6; - *(volatile uint32_t *) 4 = 0x4802 | (uintptr_t) trap0; + uint32_t *p = (uint32_t *)zero_value(); + + p[0] = 0x7c6802a6; + p[1] = 0x4802 | (uintptr_t) trap0; } /*
CVS commit: src/external/bsd/elftoolchain/dist/libdwarf
Module Name:src Committed By: christos Date: Sat Feb 10 23:46:44 UTC 2018 Modified Files: src/external/bsd/elftoolchain/dist/libdwarf: dwarf_attrval.c Log Message: remove more unreachable code. To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.10 \ src/external/bsd/elftoolchain/dist/libdwarf/dwarf_attrval.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/elftoolchain/dist/libdwarf/dwarf_attrval.c diff -u src/external/bsd/elftoolchain/dist/libdwarf/dwarf_attrval.c:1.9 src/external/bsd/elftoolchain/dist/libdwarf/dwarf_attrval.c:1.10 --- src/external/bsd/elftoolchain/dist/libdwarf/dwarf_attrval.c:1.9 Sat Feb 10 18:39:29 2018 +++ src/external/bsd/elftoolchain/dist/libdwarf/dwarf_attrval.c Sat Feb 10 18:46:44 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: dwarf_attrval.c,v 1.9 2018/02/10 23:39:29 christos Exp $ */ +/* $NetBSD: dwarf_attrval.c,v 1.10 2018/02/10 23:46:44 christos Exp $ */ /*- * Copyright (c) 2007 John Birrell (j...@freebsd.org) @@ -28,7 +28,7 @@ #include "_libdwarf.h" -__RCSID("$NetBSD: dwarf_attrval.c,v 1.9 2018/02/10 23:39:29 christos Exp $"); +__RCSID("$NetBSD: dwarf_attrval.c,v 1.10 2018/02/10 23:46:44 christos Exp $"); ELFTC_VCSID("Id: dwarf_attrval.c 3159 2015-02-15 21:43:27Z emaste "); int @@ -201,13 +201,9 @@ dwarf_attrval_unsigned(Dwarf_Die die, Dw *valp = at->u[0].u64; break; default: - if (at->at_die != die) - dwarf_dealloc(dbg, at->at_die, DW_DLA_DIE); DWARF_SET_ERROR(dbg, err, DW_DLE_ATTR_FORM_BAD); return (DW_DLV_ERROR); } - if (at->at_die != die) - dwarf_dealloc(dbg, at->at_die, DW_DLA_DIE); return (DW_DLV_OK); }
CVS commit: src/external/bsd/elftoolchain/dist/libdwarf
Module Name:src Committed By: christos Date: Sat Feb 10 23:46:44 UTC 2018 Modified Files: src/external/bsd/elftoolchain/dist/libdwarf: dwarf_attrval.c Log Message: remove more unreachable code. To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.10 \ src/external/bsd/elftoolchain/dist/libdwarf/dwarf_attrval.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/elftoolchain/dist/libdwarf
Module Name:src Committed By: christos Date: Sat Feb 10 23:39:29 UTC 2018 Modified Files: src/external/bsd/elftoolchain/dist/libdwarf: dwarf_attrval.c Log Message: Convert to full recursive attr/die lookup instead of one level since gcc 6 creates indirect attributes that point to indirect attributes. The code is smaller this way too :-) To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 \ src/external/bsd/elftoolchain/dist/libdwarf/dwarf_attrval.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/elftoolchain/dist/libdwarf
Module Name:src Committed By: christos Date: Sat Feb 10 23:39:29 UTC 2018 Modified Files: src/external/bsd/elftoolchain/dist/libdwarf: dwarf_attrval.c Log Message: Convert to full recursive attr/die lookup instead of one level since gcc 6 creates indirect attributes that point to indirect attributes. The code is smaller this way too :-) To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 \ src/external/bsd/elftoolchain/dist/libdwarf/dwarf_attrval.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/elftoolchain/dist/libdwarf/dwarf_attrval.c diff -u src/external/bsd/elftoolchain/dist/libdwarf/dwarf_attrval.c:1.8 src/external/bsd/elftoolchain/dist/libdwarf/dwarf_attrval.c:1.9 --- src/external/bsd/elftoolchain/dist/libdwarf/dwarf_attrval.c:1.8 Thu Mar 31 11:53:33 2016 +++ src/external/bsd/elftoolchain/dist/libdwarf/dwarf_attrval.c Sat Feb 10 18:39:29 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: dwarf_attrval.c,v 1.8 2016/03/31 15:53:33 christos Exp $ */ +/* $NetBSD: dwarf_attrval.c,v 1.9 2018/02/10 23:39:29 christos Exp $ */ /*- * Copyright (c) 2007 John Birrell (j...@freebsd.org) @@ -28,7 +28,7 @@ #include "_libdwarf.h" -__RCSID("$NetBSD: dwarf_attrval.c,v 1.8 2016/03/31 15:53:33 christos Exp $"); +__RCSID("$NetBSD: dwarf_attrval.c,v 1.9 2018/02/10 23:39:29 christos Exp $"); ELFTC_VCSID("Id: dwarf_attrval.c 3159 2015-02-15 21:43:27Z emaste "); int @@ -141,23 +141,13 @@ dwarf_attrval_signed(Dwarf_Die die, Dwar return (DW_DLV_OK); } -static Dwarf_Attribute -dwarf_indirect_find(Dwarf_Debug dbg, Dwarf_Die die, Dwarf_Half attr, -Dwarf_Unsigned val) -{ - Dwarf_Die die1; - - if ((die1 = _dwarf_die_find(die, val)) == NULL) - return NULL; - - return _dwarf_attr_find(die1, attr); -} - int dwarf_attrval_unsigned(Dwarf_Die die, Dwarf_Half attr, Dwarf_Unsigned *valp, Dwarf_Error *err) { Dwarf_Attribute at; Dwarf_Debug dbg; + Dwarf_Die die1; + int rv; dbg = die != NULL ? die->die_dbg : NULL; @@ -167,13 +157,7 @@ dwarf_attrval_unsigned(Dwarf_Die die, Dw } *valp = 0; - - if ((at = _dwarf_attr_find(die, attr)) == NULL && attr != DW_AT_type) { - DWARF_SET_ERROR(dbg, err, DW_DLE_NO_ENTRY); - return (DW_DLV_NO_ENTRY); - } - - if (at == NULL && + if ((at = _dwarf_attr_find(die, attr)) == NULL && ((at = _dwarf_attr_find(die, DW_AT_specification)) != NULL || (at = _dwarf_attr_find(die, DW_AT_abstract_origin)) != NULL)) { switch (at->at_form) { @@ -182,8 +166,15 @@ dwarf_attrval_unsigned(Dwarf_Die die, Dw case DW_FORM_ref4: case DW_FORM_ref8: case DW_FORM_ref_udata: - at = dwarf_indirect_find(dbg, die, attr, at->u[0].u64); - break; + if ((die1 = _dwarf_die_find(die, at->u[0].u64)) == NULL) + { +at = NULL; +break; + } + rv = dwarf_attrval_unsigned(die1, attr, valp, err); + if (die != die1) +dwarf_dealloc(dbg, die1, DW_DLA_DIE); + return rv; default: DWARF_SET_ERROR(dbg, err, DW_DLE_ATTR_FORM_BAD); return (DW_DLV_ERROR);
Re: CVS commit: src/sys/netinet
On Mon, 05 Feb 2018, at 13:23:11 +, Maxime Villard wrote: >Module Name:src >Committed By: maxv >Date: Mon Feb 5 13:23:11 UTC 2018 > >Modified Files: >src/sys/netinet: ip_input.c > >Log Message: >Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a >completely dumb idea, because they have security implications. > >By sending an IPv4 packet containing an LSRR option, an attacker will >cause the system to forward the packet to another IPv4 address - and >this way he white-washes the source of the packet. > >It is also possible for an attacker to reach hidden networks: if a server >has a public address, and a private one on an internal network (network >which has several internal machines connected), the attacker can send a >packet with: > >source = 0.0.0.0 >destination = public address of the server >LSRR first address = address of a machine on the internal network > >And the packet will be forwarded, by the server, to the internal machine, >in some cases even with the internal IP address of the server as a source. Hello, This particular fix has been pulled up to the various 6.x and 7.x branches, but not to 8.0_BETA. Is that still pending because it's part of a larger planned change set? Thanks for all the improvements you've been making! Regards, Dave
CVS commit: src/libexec/telnetd
Module Name:src Committed By: christos Date: Sat Feb 10 19:34:34 UTC 2018 Modified Files: src/libexec/telnetd: Makefile Log Message: We need authentication || encryption even when we are not building kerberos. They are needed for telnet_net_write() which is used in libtelnet. To generate a diff of this commit: cvs rdiff -u -r1.51 -r1.52 src/libexec/telnetd/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/telnetd
Module Name:src Committed By: christos Date: Sat Feb 10 19:34:34 UTC 2018 Modified Files: src/libexec/telnetd: Makefile Log Message: We need authentication || encryption even when we are not building kerberos. They are needed for telnet_net_write() which is used in libtelnet. To generate a diff of this commit: cvs rdiff -u -r1.51 -r1.52 src/libexec/telnetd/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/telnetd/Makefile diff -u src/libexec/telnetd/Makefile:1.51 src/libexec/telnetd/Makefile:1.52 --- src/libexec/telnetd/Makefile:1.51 Sun May 21 11:28:41 2017 +++ src/libexec/telnetd/Makefile Sat Feb 10 14:34:34 2018 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.51 2017/05/21 15:28:41 riastradh Exp $ +# $NetBSD: Makefile,v 1.52 2018/02/10 19:34:34 christos Exp $ # from: @(#)Makefile 8.2 (Berkeley) 12/15/93 WARNS?= 4 # XXX: const issues in sys_term.c @@ -21,11 +21,12 @@ CPPFLAGS+=-I${.CURDIR} LIBTELNETDIR!= cd ${.CURDIR}/../../lib/libtelnet; ${PRINTOBJDIR} .if (${USE_KERBEROS} != "no") -CPPFLAGS+=-DKRB5 -DAUTHENTICATION -DENCRYPTION +CPPFLAGS+=-DKRB5 LDADD+= -lkrb5 -lasn1 -lcom_err -lroken -lsqlite3 DPADD+= ${LIBKRB5} ${LIBASN1} ${LIBCOM_ERR} ${LIBROKEN} ${LIBSQLITE3} .endif +CPPFLAGS+=-DAUTHENTICATION -DENCRYPTION LDADD+=-ldes -lcrypto -lcrypt DPADD+=${LIBDES} ${LIBCRYPTO} ${LIBCRYPT}
CVS commit: src/crypto/external/bsd/openssl/lib/libcrypto
Module Name:src Committed By: christos Date: Sat Feb 10 16:16:28 UTC 2018 Modified Files: src/crypto/external/bsd/openssl/lib/libcrypto: chacha.inc Log Message: fix pasto To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 \ src/crypto/external/bsd/openssl/lib/libcrypto/chacha.inc Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/lib/libcrypto/chacha.inc diff -u src/crypto/external/bsd/openssl/lib/libcrypto/chacha.inc:1.1 src/crypto/external/bsd/openssl/lib/libcrypto/chacha.inc:1.2 --- src/crypto/external/bsd/openssl/lib/libcrypto/chacha.inc:1.1 Thu Feb 8 16:57:24 2018 +++ src/crypto/external/bsd/openssl/lib/libcrypto/chacha.inc Sat Feb 10 11:16:28 2018 @@ -1,4 +1,4 @@ -# $NetBSD: chacha.inc,v 1.1 2018/02/08 21:57:24 christos Exp $ +# $NetBSD: chacha.inc,v 1.2 2018/02/10 16:16:28 christos Exp $ # # @(#) Copyright (c) 1995 Simon J. Gerraty # @@ -9,7 +9,7 @@ CHACHA_SRCS ?= \ -poly_enc.c +chacha_enc.c SRCS += ${CHACHA_SRCS}
CVS commit: src/crypto/external/bsd/openssl/lib/libcrypto
Module Name:src Committed By: christos Date: Sat Feb 10 16:16:28 UTC 2018 Modified Files: src/crypto/external/bsd/openssl/lib/libcrypto: chacha.inc Log Message: fix pasto To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 \ src/crypto/external/bsd/openssl/lib/libcrypto/chacha.inc Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386
Module Name:src Committed By: nakayama Date: Sat Feb 10 13:29:55 UTC 2018 Modified Files: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386: Makefile aes-586.S aesni-x86.S bn-586.S chacha-x86.S crypt586.S ecp_nistz256-x86.S ghash-x86.S poly1305-x86.S rc4-586.S sha1-586.S sha256-586.S sha512-586.S x86cpuid.S Log Message: Restore pic and sse2 enabled code to make libcrypto works as before. To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/Makefile cvs rdiff -u -r1.10 -r1.11 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aes-586.S cvs rdiff -u -r1.9 -r1.10 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aesni-x86.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/bn-586.S cvs rdiff -u -r1.2 -r1.3 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/chacha-x86.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/ecp_nistz256-x86.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/poly1305-x86.S cvs rdiff -u -r1.7 -r1.8 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/crypt586.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/rc4-586.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/sha1-586.S cvs rdiff -u -r1.6 -r1.7 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/ghash-x86.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/sha256-586.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/sha512-586.S cvs rdiff -u -r1.15 -r1.16 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/x86cpuid.S Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/i386/i386
Module Name:src Committed By: kre Date: Sat Feb 10 11:50:39 UTC 2018 Modified Files: src/sys/arch/i386/i386: db_interface.c Log Message: Do for i386 what was done for amd64 (but in a more KNF conformant way...) To generate a diff of this commit: cvs rdiff -u -r1.77 -r1.78 src/sys/arch/i386/i386/db_interface.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/i386/i386/db_interface.c diff -u src/sys/arch/i386/i386/db_interface.c:1.77 src/sys/arch/i386/i386/db_interface.c:1.78 --- src/sys/arch/i386/i386/db_interface.c:1.77 Fri Feb 9 09:36:42 2018 +++ src/sys/arch/i386/i386/db_interface.c Sat Feb 10 11:50:39 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: db_interface.c,v 1.77 2018/02/09 09:36:42 maxv Exp $ */ +/* $NetBSD: db_interface.c,v 1.78 2018/02/10 11:50:39 kre Exp $ */ /* * Mach Operating System @@ -33,7 +33,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: db_interface.c,v 1.77 2018/02/09 09:36:42 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: db_interface.c,v 1.78 2018/02/10 11:50:39 kre Exp $"); #include "opt_ddb.h" #include "opt_multiprocessor.h" @@ -195,7 +195,9 @@ int kdb_trap(int type, int code, db_regs_t *regs) { int s, flags; +#ifdef MULTIPROCESSOR db_regs_t dbreg; +#endif flags = regs->tf_err & TC_FLAGMASK; regs->tf_err &= ~TC_FLAGMASK;
CVS commit: src/sys/arch/i386/i386
Module Name:src Committed By: kre Date: Sat Feb 10 11:50:39 UTC 2018 Modified Files: src/sys/arch/i386/i386: db_interface.c Log Message: Do for i386 what was done for amd64 (but in a more KNF conformant way...) To generate a diff of this commit: cvs rdiff -u -r1.77 -r1.78 src/sys/arch/i386/i386/db_interface.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/share/man/man8
Module Name:src Committed By: maxv Date: Sat Feb 10 08:54:22 UTC 2018 Modified Files: src/share/man/man8: compat_freebsd.8 Log Message: Add a note, to say that basically the recent FreeBSD binaries can't be expected to work, and that we keep compat_freebsd only for tw_cli. To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.19 src/share/man/man8/compat_freebsd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/share/man/man8/compat_freebsd.8 diff -u src/share/man/man8/compat_freebsd.8:1.18 src/share/man/man8/compat_freebsd.8:1.19 --- src/share/man/man8/compat_freebsd.8:1.18 Mon Jul 3 21:31:00 2017 +++ src/share/man/man8/compat_freebsd.8 Sat Feb 10 08:54:22 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: compat_freebsd.8,v 1.18 2017/07/03 21:31:00 wiz Exp $ +.\" $NetBSD: compat_freebsd.8,v 1.19 2018/02/10 08:54:22 maxv Exp $ .\" from: compat_linux.8,v 1.1 1995/03/05 23:30:36 fvdl Exp .\" .\" Copyright (c) 1995 Frank van der Linden @@ -30,13 +30,20 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd April 30, 2017 +.Dd February 10, 2018 .Dt COMPAT_FREEBSD 8 .Os .Sh NAME .Nm compat_freebsd .Nd setup procedure for running FreeBSD binaries .Sh DESCRIPTION +.Bf -symbolic +compat_freebsd is not maintained anymore, and new FreeBSD binaries cannot +be expected to work. +The compat_freebsd feature is available in NetBSD only to support the +FreeBSD tw_cli driver. +.Ef +.Pp .Nx supports running .Fx
CVS commit: src/share/man/man8
Module Name:src Committed By: maxv Date: Sat Feb 10 08:54:22 UTC 2018 Modified Files: src/share/man/man8: compat_freebsd.8 Log Message: Add a note, to say that basically the recent FreeBSD binaries can't be expected to work, and that we keep compat_freebsd only for tw_cli. To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.19 src/share/man/man8/compat_freebsd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
re: CVS commit: src/include
Christos Zoulas writes: > In article <20180207130259.ga21...@britannica.bec.de>, > Joerg Sonnenbergerwrote: > >On Tue, Feb 06, 2018 at 03:21:21PM -0500, Christos Zoulas wrote: > >> Module Name: src > >> Committed By: christos > >> Date: Tue Feb 6 20:21:21 UTC 2018 > >> > >> Modified Files: > >>src/include: unistd.h > >> > >> Log Message: > >> detect duplicate declaration of pthread_atfork() in pthread.h > > > >Is this for some new broken GCC warning? > > > > This is what the compiler said, and we have prior art for this (macro > protect to avoid dup declarations -- grep for _DECLARED). why is it a problem to declare the functino twice? what was the context of the compiler? .mrg.
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Sat Feb 10 08:17:00 UTC 2018 Modified Files: src/sys/netinet: udp_usrreq.c Log Message: If the socket wants a ESP-over-UDP packet, and the packet is incorrect, stop processing it instead of giving it to udp4_sendup. It just doesn't make any sense not to drop it. I was already telling myself this the other day when I visited this place, but I just saw PR/36782 (11 years old) that suggests the exact same thing, so fix it. Now, udp4_espinudp always frees the mbuf, and is made void. The packet is not processed any further afterwards. To generate a diff of this commit: cvs rdiff -u -r1.239 -r1.240 src/sys/netinet/udp_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/udp_usrreq.c diff -u src/sys/netinet/udp_usrreq.c:1.239 src/sys/netinet/udp_usrreq.c:1.240 --- src/sys/netinet/udp_usrreq.c:1.239 Thu Feb 8 10:24:46 2018 +++ src/sys/netinet/udp_usrreq.c Sat Feb 10 08:17:00 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: udp_usrreq.c,v 1.239 2018/02/08 10:24:46 maxv Exp $ */ +/* $NetBSD: udp_usrreq.c,v 1.240 2018/02/10 08:17:00 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -66,7 +66,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.239 2018/02/08 10:24:46 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.240 2018/02/10 08:17:00 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -139,7 +139,7 @@ percpu_t *udpstat_percpu; #ifdef INET #ifdef IPSEC -static int udp4_espinudp(struct mbuf **, int, struct sockaddr *, +static void udp4_espinudp(struct mbuf *, int, struct sockaddr *, struct socket *); #endif static void udp4_sendup(struct mbuf *, int, struct sockaddr *, @@ -606,25 +606,9 @@ udp4_realinput(struct sockaddr_in *src, /* Handle ESP over UDP */ if (inp->inp_flags & INP_ESPINUDP_ALL) { struct sockaddr *sa = (struct sockaddr *)src; - - switch (udp4_espinudp(mp, off, sa, inp->inp_socket)) { - case -1: /* Error, m was freed */ -rcvcnt = -1; -goto bad; - - case 1: /* ESP over UDP */ -rcvcnt++; -goto bad; - - case 0: /* plain UDP */ - default: /* Unexpected */ -/* - * Normal UDP processing will take place, - * m may have changed. - */ -m = *mp; -break; - } + udp4_espinudp(m, off, sa, inp->inp_socket); + *mp = NULL; + goto bad; } #endif @@ -1246,13 +1230,10 @@ udp_statinc(u_int stat) #if defined(INET) && defined(IPSEC) /* - * Returns: - * 1 if the packet was processed - * 0 if normal UDP processing should take place - *-1 if an error occurred and m was freed + * This function always frees the mbuf. */ -static int -udp4_espinudp(struct mbuf **mp, int off, struct sockaddr *src, +static void +udp4_espinudp(struct mbuf *m, int off, struct sockaddr *src, struct socket *so) { size_t len; @@ -1265,7 +1246,6 @@ udp4_espinudp(struct mbuf **mp, int off, struct m_tag *tag; struct udphdr *udphdr; u_int16_t sport, dport; - struct mbuf *m = *mp; /* * Collapse the mbuf chain if the first mbuf is too short @@ -1276,10 +1256,9 @@ udp4_espinudp(struct mbuf **mp, int off, minlen = m->m_pkthdr.len; if (m->m_len < minlen) { - if ((*mp = m_pullup(m, minlen)) == NULL) { - return -1; + if ((m = m_pullup(m, minlen)) == NULL) { + return; } - m = *mp; } len = m->m_len - off; @@ -1288,9 +1267,7 @@ udp4_espinudp(struct mbuf **mp, int off, /* Ignore keepalive packets */ if ((len == 1) && (*(unsigned char *)data == 0xff)) { - m_freem(m); - *mp = NULL; /* avoid any further processing by caller ... */ - return 1; + goto out; } /* @@ -1301,8 +1278,9 @@ udp4_espinudp(struct mbuf **mp, int off, if (inp->inp_flags & INP_ESPINUDP) { u_int32_t *st = (u_int32_t *)data; - if ((len <= sizeof(struct esp)) || (*st == 0)) - return 0; /* Normal UDP processing */ + if ((len <= sizeof(struct esp)) || (*st == 0)) { + goto out; + } skip = sizeof(struct udphdr); } @@ -1311,8 +1289,9 @@ udp4_espinudp(struct mbuf **mp, int off, u_int32_t *st = (u_int32_t *)data; if ((len <= sizeof(u_int64_t) + sizeof(struct esp)) || - ((st[0] | st[1]) != 0)) - return 0; /* Normal UDP processing */ + ((st[0] | st[1]) != 0)) { + goto out; + } skip = sizeof(struct udphdr) + sizeof(u_int64_t); } @@ -1359,8 +1338,7 @@ udp4_espinudp(struct mbuf **mp, int off, */ if ((tag = m_tag_get(PACKET_TAG_IPSEC_NAT_T_PORTS, sizeof(sport) + sizeof(dport), M_DONTWAIT)) == NULL) { - m_freem(m); - return -1; + goto out; } ((u_int16_t *)(tag + 1))[0] = sport; ((u_int16_t *)(tag + 1))[1] = dport; @@ -1371,9 +1349,11 @@ udp4_espinudp(struct mbuf **mp, int off, else m_freem(m); - /* We handled it, it shouldn't be handled by UDP */ - *mp = NULL; /* avoid free by caller ... */ - return 1; + return; + +out: + m_freem(m); + return; }
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Sat Feb 10 08:17:00 UTC 2018 Modified Files: src/sys/netinet: udp_usrreq.c Log Message: If the socket wants a ESP-over-UDP packet, and the packet is incorrect, stop processing it instead of giving it to udp4_sendup. It just doesn't make any sense not to drop it. I was already telling myself this the other day when I visited this place, but I just saw PR/36782 (11 years old) that suggests the exact same thing, so fix it. Now, udp4_espinudp always frees the mbuf, and is made void. The packet is not processed any further afterwards. To generate a diff of this commit: cvs rdiff -u -r1.239 -r1.240 src/sys/netinet/udp_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/sun2/conf
Module Name:src Committed By: maxv Date: Sat Feb 10 07:59:54 UTC 2018 Modified Files: src/sys/arch/sun2/conf: GENERIC Log Message: Remove the last reference to IPSEC_ESP. This option was deleted in 2013. To generate a diff of this commit: cvs rdiff -u -r1.99 -r1.100 src/sys/arch/sun2/conf/GENERIC Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/sun2/conf/GENERIC diff -u src/sys/arch/sun2/conf/GENERIC:1.99 src/sys/arch/sun2/conf/GENERIC:1.100 --- src/sys/arch/sun2/conf/GENERIC:1.99 Tue Jan 23 14:47:56 2018 +++ src/sys/arch/sun2/conf/GENERIC Sat Feb 10 07:59:54 2018 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.99 2018/01/23 14:47:56 sevan Exp $ +# $NetBSD: GENERIC,v 1.100 2018/02/10 07:59:54 maxv Exp $ # # GENERIC machine description file # @@ -25,7 +25,7 @@ include "arch/sun2/conf/std.sun2" #options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.99 $" +#ident "GENERIC-$Revision: 1.100 $" makeoptions COPTS="-Os" # optimize for size @@ -100,7 +100,6 @@ options FFS_NO_SNAPSHOT # No FFS snapsh options INET # IP protocol stack support #options INET6 # IPV6 #options IPSEC # IP security -#options IPSEC_ESP # IP security (encryption part; define w/IPSEC) #options IPSEC_DEBUG # debug for IP security #options GATEWAY # IP packet forwarding #options TCP_DEBUG # Record last TCP_NDEBUG packets with SO_DEBUG
CVS commit: src/sys/arch/sun2/conf
Module Name:src Committed By: maxv Date: Sat Feb 10 07:59:54 UTC 2018 Modified Files: src/sys/arch/sun2/conf: GENERIC Log Message: Remove the last reference to IPSEC_ESP. This option was deleted in 2013. To generate a diff of this commit: cvs rdiff -u -r1.99 -r1.100 src/sys/arch/sun2/conf/GENERIC Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.