pod2man --stderr
Use --stderr to output pod2man problems at build time, rather than embed them into a POD ERRORS section in the produced manpages (see ExtUtils::Installed(3p) for an example of how it looks without this). OK? Index: Makefile.bsd-wrapper1 === RCS file: /cvs/src/gnu/usr.bin/perl/Makefile.bsd-wrapper1,v retrieving revision 1.15 diff -u -p -r1.15 Makefile.bsd-wrapper1 --- Makefile.bsd-wrapper1 30 Mar 2013 11:48:20 - 1.15 +++ Makefile.bsd-wrapper1 30 Mar 2013 11:52:24 - @@ -803,13 +803,13 @@ MANSRC_COOKIE= . endif ${page}.${sect}: ${file} - ${POD2MAN} --section=${sect} --official ${.ALLSRC} $@ + ${POD2MAN} --stderr --section=${sect} --official ${.ALLSRC} $@ .endfor mansrc.build: .for sect in 1 3p . if !empty(_quick${sect}) - cd ${.OBJDIR} ${POD2MAN} --section=${sect} --official ${_quick${sect}} + cd ${.OBJDIR} ${POD2MAN} --stderr --section=${sect} --official ${_quick${sect}} . endif .endfor
sdiff: buffer overflow in diffargv
Hi, sdiff makes a false assumption about diffargv: /* * Allocate memory for diff arguments and NULL. * Each flag has at most one argument, so doubling argc gives an * upper limit of how many diff args can be passed. argv[0], * file1, and file2 won't have arguments so doubling them will * waste some memory; however we need an extra space for the * NULL at the end, so it sort of works out. */ This is unfortunately not true, because we can easily specify multiple single-letter arguments in one argument, like: $ sdiff -aainsert a lot of args here file1 file2 Segmentation fault The allocation of diffargv should therefore happen dynamically while parsing arguments. While doing so, I created another char array, holding all single-letter arguments that cannot have optargs on their own. This makes sure that we do not create more diffargv elements than the system could possibly handle. Tobias Index: sdiff.c === RCS file: /cvs/src/usr.bin/sdiff/sdiff.c,v retrieving revision 1.28 diff -u -p -r1.28 sdiff.c --- sdiff.c 7 Jun 2009 13:29:50 - 1.28 +++ sdiff.c 30 Mar 2013 15:49:53 - @@ -153,67 +153,63 @@ FAIL: exit(2); } +static char ** +addarg(char *arg) +{ + static char **diffargv = NULL; + static int diffargc = 0; + + diffargv = realloc(diffargv, (diffargc + 1) * sizeof(char **)); + if (diffargv == NULL) + err(2, diff arguments); + diffargv[diffargc++] = arg; + + return diffargv; +} + int main(int argc, char **argv) { FILE *diffpipe, *file1, *file2; - size_t diffargc = 0, wflag = WIDTH; + size_t shortoptslen = 0, wflag = WIDTH; int ch, fd[2], status; pid_t pid; const char *outfile = NULL; char **diffargv, *diffprog = diff, *filename1, *filename2, - *tmp1, *tmp2, *s1, *s2; + *shortopts = NULL, *tmp1, *tmp2, *s1, *s2; /* * Process diff flags. */ - /* -* Allocate memory for diff arguments and NULL. -* Each flag has at most one argument, so doubling argc gives an -* upper limit of how many diff args can be passed. argv[0], -* file1, and file2 won't have arguments so doubling them will -* waste some memory; however we need an extra space for the -* NULL at the end, so it sort of works out. -*/ - if (!(diffargv = calloc(argc, sizeof(char **) * 2))) - err(2, main); /* Add first argument, the program name. */ - diffargv[diffargc++] = diffprog; + diffargv = addarg(diffprog); while ((ch = getopt_long(argc, argv, aBbdEHI:ilo:stWw:, longopts, NULL)) != -1) { const char *errstr; + char c = '\0'; switch (ch) { case 'a': - diffargv[diffargc++] = -a; - break; case 'B': - diffargv[diffargc++] = -B; - break; case 'b': - diffargv[diffargc++] = -b; - break; case 'd': - diffargv[diffargc++] = -d; - break; case 'E': - diffargv[diffargc++] = -E; + case 'H': + case 'i': + case 't': + c = ch; break; case 'F': diffargv[0] = diffprog = optarg; break; - case 'H': - diffargv[diffargc++] = -H; - break; case 'I': Iflag = 1; - diffargv[diffargc++] = -I; - diffargv[diffargc++] = optarg; + diffargv = addarg(-I); + diffargv = addarg(optarg); break; - case 'i': - diffargv[diffargc++] = -i; + c = 'i'; break; case 'l': lflag = 1; @@ -222,16 +218,13 @@ main(int argc, char **argv) outfile = optarg; break; case 'S': - diffargv[diffargc++] = --strip-trailing-cr; + diffargv = addarg(--strip-trailing-cr); break; case 's': sflag = 1; break; - case 't': - diffargv[diffargc++] = -t; - break; case 'W': - diffargv[diffargc++] = -w; + c = 'w'; break; case 'w': wflag = strtonum(optarg, WIDTH_MIN, @@ -243,6
sdiff: memory leak in parsecmd
Hi, there is a memory leak in sdiff occurring while parsing ed commands in parsecmd (which is feeded basically by diff's output through a pipe). The function xfgets uses fparseln, which means that the return value should be freed. This is not the case for the variable line. Also, there is a while-loop not freeing xfgets' return value. Tobias PS: I doubt that the errx() calls in parsecmd really help a lot in case of error, because line will be tampered with (placing '\0' where needed). Didn't address that issue with this patch, neither do I see a need for that. Index: sdiff.c === RCS file: /cvs/src/usr.bin/sdiff/sdiff.c,v retrieving revision 1.28 diff -u -p -r1.28 sdiff.c --- sdiff.c 7 Jun 2009 13:29:50 - 1.28 +++ sdiff.c 30 Mar 2013 18:14:51 - @@ -740,11 +740,14 @@ parsecmd(FILE *diffpipe, FILE *file1, FI default: errx(2, invalid diff command: %c: %s, cmd, line); } + free(line); /* Skip to next ed line. */ - while (n--) - if (!xfgets(diffpipe)) + while (n--) { + if (!(line = xfgets(diffpipe))) errx(2, diff ended early); + free(line); + } return (0); }
pf divert and ipsec
Hi, Do not transfer diverted packets into IPsec processing. They should reach the socket that the user has specified in pf.conf. ok? bluhm Index: netinet/ipsec_input.c === RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ipsec_input.c,v retrieving revision 1.110 diff -u -p -r1.110 ipsec_input.c --- netinet/ipsec_input.c 28 Mar 2013 23:10:06 - 1.110 +++ netinet/ipsec_input.c 29 Mar 2013 16:19:02 - @@ -137,6 +137,9 @@ ipsec_common_input(struct mbuf *m, int s if ((sproto == IPPROTO_ESP !esp_enable) || (sproto == IPPROTO_AH !ah_enable) || +#if NPF 0 + (m-m_pkthdr.pf.flags PF_TAG_DIVERTED) || +#endif (sproto == IPPROTO_IPCOMP !ipcomp_enable)) { switch (af) { #ifdef INET Index: netinet/udp_usrreq.c === RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/udp_usrreq.c,v retrieving revision 1.155 diff -u -p -r1.155 udp_usrreq.c --- netinet/udp_usrreq.c29 Mar 2013 13:16:14 - 1.155 +++ netinet/udp_usrreq.c29 Mar 2013 16:19:02 - @@ -323,6 +323,9 @@ udp_input(struct mbuf *m, ...) #ifdef IPSEC if (udpencap_enable udpencap_port +#if NPF 0 + !(m-m_pkthdr.pf.flags PF_TAG_DIVERTED) +#endif uh-uh_dport == htons(udpencap_port)) { u_int32_t spi; int skip = iphlen + sizeof(struct udphdr);
pflogd: move_log cleanup
Hi, the privileged part of pflogd is responsible to move bad log files out of the way, i.e. ones that cannot be parsed. The current code could end up in an endless loop if all possible files exist. Also, it doesn't clean up after a failed rename() attempt, leaving a dead file behind. I have adjusted the find a new file with random name into an mkstemp call, because it's exactly what it's supposed to do. Just look out for the difference in permissions: old code uses 000, new one 600. I see no issue in this because it's privileged code anyway, i.e. running as root. Tobias Index: privsep.c === RCS file: /cvs/src/sbin/pflogd/privsep.c,v retrieving revision 1.17 diff -u -p -r1.17 privsep.c --- privsep.c 24 Dec 2009 10:06:35 - 1.17 +++ privsep.c 30 Mar 2013 22:44:04 - @@ -193,21 +193,19 @@ move_log(const char *name) for (;;) { int fd; - len = snprintf(ren, sizeof(ren), %s.bad.%08x, - name, arc4random()); + len = snprintf(ren, sizeof(ren), %s.bad., name); if (len = sizeof(ren)) { logmsg(LOG_ERR, [priv] new name too long); return (1); } /* lock destination */ - fd = open(ren, O_CREAT|O_EXCL, 0); + fd = mkstemp(ren); if (fd = 0) { close(fd); break; } - /* if file exists, try another name */ - if (errno != EEXIST errno != EINTR) { + if (errno != EINTR) { logmsg(LOG_ERR, [priv] failed to create new name: %s, strerror(errno)); return (1); @@ -217,6 +215,7 @@ move_log(const char *name) if (rename(name, ren)) { logmsg(LOG_ERR, [priv] failed to rename %s to %s: %s, name, ren, strerror(errno)); + unlink(ren); return (1); }
SO_BINDANY for raw IPv6 sockets
Hi, Make the SO_BINDANY socket option also work for raw IPv6 sockets. ok? bluhm Index: netinet6/raw_ip6.c === RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/raw_ip6.c,v retrieving revision 1.50 diff -u -p -r1.50 raw_ip6.c --- netinet6/raw_ip6.c 30 Mar 2013 12:15:29 - 1.50 +++ netinet6/raw_ip6.c 30 Mar 2013 23:19:46 - @@ -703,6 +703,7 @@ rip6_usrreq(struct socket *so, int req, * this in a more natural way. */ if (!IN6_IS_ADDR_UNSPECIFIED(addr-sin6_addr) + !(so-so_options SO_BINDANY) (ia = ifa_ifwithaddr((struct sockaddr *)addr, in6p-inp_rtableid)) == 0) { error = EADDRNOTAVAIL;
tedu IPv6 default scope
Hi, There is no IPv6 default scope in OpenBSD. Remove leftovers. No binary change. ok? bluhm Index: netinet6/raw_ip6.c === RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/raw_ip6.c,v retrieving revision 1.50 diff -u -p -r1.50 raw_ip6.c --- netinet6/raw_ip6.c 30 Mar 2013 12:15:29 - 1.50 +++ netinet6/raw_ip6.c 31 Mar 2013 00:03:36 - @@ -88,9 +88,6 @@ #include netinet/in_pcb.h #include netinet6/nd6.h #include netinet6/ip6protosw.h -#ifdef ENABLE_DEFAULT_SCOPE -#include netinet6/scope6_var.h -#endif #include netinet6/raw_ip6.h #include sys/stdarg.h @@ -682,11 +679,6 @@ rip6_usrreq(struct socket *so, int req, error = EADDRNOTAVAIL; break; } -#ifdef ENABLE_DEFAULT_SCOPE - if (addr-sin6_scope_id == 0) /* not change if specified */ - addr-sin6_scope_id = - scope6_addr2default(addr-sin6_addr); -#endif /* * we don't support mapped address here, it would confuse * users so reject it @@ -722,9 +714,6 @@ rip6_usrreq(struct socket *so, int req, { struct sockaddr_in6 *addr = mtod(nam, struct sockaddr_in6 *); struct in6_addr *in6a = NULL; -#ifdef ENABLE_DEFAULT_SCOPE - struct sockaddr_in6 sin6; -#endif if (nam-m_len != sizeof(*addr)) { error = EINVAL; @@ -739,16 +728,6 @@ rip6_usrreq(struct socket *so, int req, break; } -#ifdef ENABLE_DEFAULT_SCOPE - if (addr-sin6_scope_id == 0) { - /* protect *addr */ - sin6 = *addr; - addr = sin6; - addr-sin6_scope_id = - scope6_addr2default(addr-sin6_addr); - } -#endif - /* Source address selection. XXX: need pcblookup? */ in6a = in6_selectsrc(addr, in6p-in6p_outputopts, in6p-in6p_moptions, in6p-in6p_route, @@ -814,12 +793,6 @@ rip6_usrreq(struct socket *so, int req, break; } } -#ifdef ENABLE_DEFAULT_SCOPE - if (dst-sin6_scope_id == 0) { - dst-sin6_scope_id = - scope6_addr2default(dst-sin6_addr); - } -#endif error = rip6_output(m, so, dst, control); m = NULL; break;
raw IPv6 sockets for IPsec
Hi, Allow raw IPv6 sockets for IPsec protocols. ok? bluhm Index: netinet6/in6_proto.c === RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/in6_proto.c,v retrieving revision 1.65 diff -u -p -r1.65 in6_proto.c --- netinet6/in6_proto.c14 Mar 2013 11:18:37 - 1.65 +++ netinet6/in6_proto.c31 Mar 2013 00:20:38 - @@ -176,20 +176,20 @@ struct ip6protosw inet6sw[] = { }, #ifdef IPSEC { SOCK_RAW,inet6domain, IPPROTO_AH, PR_ATOMIC|PR_ADDR, - ah6_input, 0, 0, 0, - 0, + ah6_input, rip6_output,0, rip6_ctloutput, + rip6_usrreq, 0, 0, 0, 0, ah_sysctl, }, { SOCK_RAW,inet6domain, IPPROTO_ESP,PR_ATOMIC|PR_ADDR, - esp6_input, 0, 0, 0, - 0, + esp6_input, rip6_output,0, rip6_ctloutput, + rip6_usrreq, 0, 0, 0, 0, esp_sysctl, }, { SOCK_RAW,inet6domain, IPPROTO_IPCOMP, PR_ATOMIC|PR_ADDR, - ipcomp6_input, 0,0, 0, - 0, + ipcomp6_input, rip6_output, 0, rip6_ctloutput, + rip6_usrreq, 0, 0, 0, 0, ipcomp_sysctl, },
poison shuffling
here's diff x/y. most of the big pieces in place, so now I want to rearrange the deckchairs just the way I like. A bunch of unreleated changes collected here instead of mailing out a pile of overlapping diffs you could never apply independently. This settles things down in prep for some more interesting changes. - move poison prototypes from systm.h to malloc.h - add poison_value() which returns the poison value appropriate for this pointer - use poison_value throughout malloc and pool - increase poison size to 64. the old malloc code was effectively 128 (32 * sizeof(int)) and pool was whatever the item size is. i think 32 is a little on the small side, 64 should be enough to catch most errors. - move kmem_freelist definition back into malloc, a forward decl suffices. - the magic field can remain in pool item headers unconditionally, so remove the ifdef guard. i don't like size changing structs, even local ones. - make some POOL_DEBUG less conditional. this allows the pool_debug sysctl to actually do something on release kernels. still won't have much performance impact because all the poisoning is runtime guarded as well. - maybe some other stuff i forgot to mention. read the diff. Index: sys/malloc.h === RCS file: /cvs/src/sys/sys/malloc.h,v retrieving revision 1.103 diff -u -p -r1.103 malloc.h --- sys/malloc.h26 Mar 2013 16:36:01 - 1.103 +++ sys/malloc.h31 Mar 2013 02:02:54 - @@ -341,20 +341,7 @@ struct kmemusage { #defineku_freecnt ku_un.freecnt #defineku_pagecnt ku_un.pagecnt -/* - * Normally the freelist structure is used only to hold the list pointer - * for free objects. However, when running with diagnostics, the first - * 8 bytes of the structure is unused except for diagnostic information, - * and the free list pointer is at offset 8 in the structure. Since the - * first 8 bytes is the portion of the structure most often modified, this - * helps to detect memory reuse problems and avoid free list corruption. - */ -struct kmem_freelist { - int32_t kf_spare0; - int16_t kf_type; - int16_t kf_spare1; - SIMPLEQ_ENTRY(kmem_freelist) kf_flist; -}; +struct kmem_freelist; /* * Set of buckets for each size of memory block that is retained @@ -410,6 +397,10 @@ extern int sysctl_malloc(int *, u_int, v size_t malloc_roundup(size_t); void malloc_printit(int (*)(const char *, ...)); + +void poison_mem(void *, size_t); +intpoison_check(void *, size_t, size_t *, int *); +int32_t poison_value(void *); #ifdef MALLOC_DEBUG intdebug_malloc(unsigned long, int, int, void **); Index: sys/systm.h === RCS file: /cvs/src/sys/sys/systm.h,v retrieving revision 1.96 diff -u -p -r1.96 systm.h --- sys/systm.h 28 Mar 2013 16:41:39 - 1.96 +++ sys/systm.h 31 Mar 2013 02:01:21 - @@ -187,9 +187,6 @@ extern int splassert_ctl; void assertwaitok(void); -void poison_mem(void *, size_t); -intpoison_check(void *, size_t, size_t *, int *); - void tablefull(const char *); intkcopy(const void *, void *, size_t) Index: kern/kern_malloc.c === RCS file: /cvs/src/sys/kern/kern_malloc.c,v retrieving revision 1.98 diff -u -p -r1.98 kern_malloc.c --- kern/kern_malloc.c 28 Mar 2013 16:41:39 - 1.98 +++ kern/kern_malloc.c 31 Mar 2013 02:03:48 - @@ -120,6 +120,21 @@ char *memall = NULL; struct rwlock sysctl_kmemlock = RWLOCK_INITIALIZER(sysctlklk); #endif +/* + * Normally the freelist structure is used only to hold the list pointer + * for free objects. However, when running with diagnostics, the first + * 8 bytes of the structure is unused except for diagnostic information, + * and the free list pointer is at offset 8 in the structure. Since the + * first 8 bytes is the portion of the structure most often modified, this + * helps to detect memory reuse problems and avoid free list corruption. + */ +struct kmem_freelist { + int32_t kf_spare0; + int16_t kf_type; + int16_t kf_spare1; + SIMPLEQ_ENTRY(kmem_freelist) kf_flist; +}; + #ifdef DIAGNOSTIC /* * This structure provides a set of masks to catch unaligned frees. @@ -131,16 +146,6 @@ const long addrmask[] = { 0, 0x1fff, 0x3fff, 0x7fff, 0x, }; -/* - * The FREELIST_MARKER is used as known text to copy into free objects so - * that modifications after frees can be detected. - */ -#ifdef DEADBEEF0 -#define FREELIST_MARKER((unsigned) DEADBEEF0) -#else -#define FREELIST_MARKER((unsigned) 0xdeadbeef) -#endif - #endif /* DIAGNOSTIC */ #ifndef SMALL_KERNEL @@ -413,7 +418,7 @@ free(void *addr, int type) * Check for multiple frees. Use a quick check to see if * it looks free before laboriously searching the freelist. */ - if (freep-kf_spare0 ==