Re: malloc.c: better double free check

[Daniel Micay]

> In the end all double frees still will be caught by the actual free
> code, just with a delay. The delayed free buffer double free check is
> just a way of catching it as soon as possible to make debugging
> easier.  That's the reason the originla code could just do the check
> on the slot being replaced only.
> 
> The only case that could be missed is when the chunk is given out by
> malloc in between the original free and the double free. But that 
> case never be caught in all circumstances since the delay buffer is of
> finite size.
> 
>   -Otto

True, the delay buffer currently only guarantees allocations are kept
out of circulation for one cycle since the random choice is between
previously freed allocations, never the current one.

It matters more with the other change making half of the quarantine into
a ring buffer to provide a longer guaranteed delay. I think that makes
sense as a trade-off vs. an extra bit of entropy from a 2x larger random
array for a given total quarantine size. It also improves the write-
after-free detection, especially with a configurable quarantine size,
which makes it somewhat like the ASan quarantine but with delayed
detection of write-after-free and only indirect read-after-free
detection via junk filling (i.e. if something ends up crashing /
breaking from reading junk instead of what it expected).

sendsyslog ioctl LIOCSFD documentation

[Alexander Bluhm]

Hi,

After my talk about syslog at eurobsdcon, I was asked to add more
documentation how the syslogd(8) side of sendsyslog(9) works.

ok?

bluhm

Index: usr.sbin/syslogd/syslogd.c
===
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.c,v
retrieving revision 1.248
diff -u -p -r1.248 syslogd.c
--- usr.sbin/syslogd/syslogd.c  17 Sep 2017 23:49:14 -  1.248
+++ usr.sbin/syslogd/syslogd.c  24 Sep 2017 17:14:00 -
@@ -566,6 +566,7 @@ main(int argc, char *argv[])
if ((fd_klog = open(_PATH_KLOG, O_RDONLY, 0)) == -1) {
log_warn("open %s", _PATH_KLOG);
} else if (fd_sendsys != -1) {
+   /* Use /dev/klog to register sendsyslogd(2) receiver. */
if (ioctl(fd_klog, LIOCSFD, [1]) == -1)
log_warn("ioctl klog LIOCSFD sendsyslog");
}
Index: lib/libc/sys/sendsyslog.2
===
RCS file: /data/mirror/openbsd/cvs/src/lib/libc/sys/sendsyslog.2,v
retrieving revision 1.9
diff -u -p -r1.9 sendsyslog.2
--- lib/libc/sys/sendsyslog.2   18 Jul 2017 22:22:19 -  1.9
+++ lib/libc/sys/sendsyslog.2   24 Sep 2017 17:20:27 -
@@ -1,5 +1,6 @@
 .\"$OpenBSD: sendsyslog.2,v 1.9 2017/07/18 22:22:19 bluhm Exp $
 .\"
+.\" Copyright (c) 2017 Alexander Bluhm 
 .\" Copyright (c) 2014 Theo de Raadt
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -54,6 +55,22 @@ fails, dropped messages are counted.
 When
 .Xr syslogd 8
 works again, a warning with the counter and error number is logged.
+.Pp
+To receive messages from the kernel,
+.Xr syslogd 8
+has to create a socket pair and register one end.
+This registration is done by opening the
+.Pa /dev/klog
+device and passing one file descriptor of the socket pair as argument
+to
+.Xr ioctl 2 Dv LIOCSFD
+invoked on the klog file descriptor.
+After that the messages can be be read from the other end of the
+socket pair.
+By utilizing
+.Pa /dev/klog
+the access to log messages is limited to processes that may open
+this device.
 .Sh RETURN VALUES
 .Rv -std
 .Sh ERRORS

Re: [patch] ftp(1): change mtime for http/https links

[Jesper Wallin]

On Sat, Sep 23, 2017 at 11:50:46PM +0200, Jesper Wallin wrote:
> Woups, seems like I managed to break ftp(1) in the installer due to
> pledge being a bit too tight.  Here is an updated version of the patch
> and with Philips changes as well.

...and hopefully a final version, sorry for the noise.

Changed the order of the pledge promises to their canonical order as
given by the manual and removed some empty lines. (thanks anton@)

I will of course still bump this once we're out of beta.


Index: fetch.c
===
RCS file: /cvs/src/usr.bin/ftp/fetch.c,v
retrieving revision 1.163
diff -u -p -r1.163 fetch.c
--- fetch.c 7 Mar 2017 08:00:23 -   1.163
+++ fetch.c 24 Sep 2017 08:06:26 -
@@ -210,6 +210,7 @@ url_get(const char *origline, const char
int status;
int save_errno;
const size_t buflen = 128 * 1024;
+   time_t mtime = -1;
 
direction = "received";
 
@@ -647,7 +648,7 @@ noslash:
if (pledge("stdio rpath inet dns tty",  NULL) == -1)
err(1, "pledge");
} else {
-   if (pledge("stdio rpath wpath cpath inet dns tty", 
NULL) == -1)
+   if (pledge("stdio rpath wpath cpath inet fattr dns 
tty", NULL) == -1)
err(1, "pledge");
}
}
@@ -860,6 +861,12 @@ noslash:
if (restart_point)
filesize += restart_point;
 #endif /* !SMALL */
+#define LASTMOD "Last-Modified: "
+   } else if (strncasecmp(cp, LASTMOD, sizeof(LASTMOD) - 1) == 0) {
+   struct tm tm;
+   cp += sizeof(LASTMOD) - 1;
+   if (strptime(cp, "%a, %d %b %Y %T %z", ) != NULL)
+   mtime = mktime();
 #define LOCATION "Location: "
} else if (isredirect &&
strncasecmp(cp, LOCATION, sizeof(LOCATION) - 1) == 0) {
@@ -1043,8 +1050,19 @@ cleanup_url_get:
fclose(fin);
else if (s != -1)
close(s);
-   if (out >= 0 && out != fileno(stdout))
+   if (out >= 0 && out != fileno(stdout)) {
+   if (mtime != -1) {
+   struct timespec tv[2];
+   tv[0].tv_nsec = UTIME_NOW;
+   tv[1].tv_sec = mtime;
+   tv[1].tv_nsec = 0;
+   if (futimens(out, tv) == -1)
+   fprintf(ttyout,
+   "Can't change modification time on %s to %s\n",
+   savefile, ctime());
+   }
close(out);
+   }
free(buf);
free(proxyhost);
free(proxyurl);
Index: ftp.c
===
RCS file: /cvs/src/usr.bin/ftp/ftp.c,v
retrieving revision 1.100
diff -u -p -r1.100 ftp.c
--- ftp.c   22 Aug 2016 16:27:00 -  1.100
+++ ftp.c   24 Sep 2017 08:06:26 -
@@ -1217,8 +1217,8 @@ break2:
ut.modtime = mtime;
if (utime(local, ) == -1)
fprintf(ttyout,
-   "Can't change modification time on %s to %s",
-   local, asctime(localtime()));
+   "Can't change modification time on %s to %s\n",
+   local, ctime());
}
}
}

[patch] vmd.c: Keep the ownership when rebooting a VM

[Jesper Wallin]

Hi all,

If a machine is configured in vm.conf to have the owner of a regular
user, the ownership of the machine is lost upon reboot and root becomes
the new owner.  When restarting the machine, the tty is kept open and
the permissions of the tty are untouched.  The user can therefore access
the console, but it's not possible to stop the machine since the vmd
owner is root.

The patch below simply leave vm->vm_uid untouched if the keeptty is set.


Jesper Wallin


Index: vmd.c
===
RCS file: /cvs/src/usr.sbin/vmd/vmd.c,v
retrieving revision 1.69
diff -u -p -r1.69 vmd.c
--- vmd.c   8 Sep 2017 06:24:31 -   1.69
+++ vmd.c   24 Sep 2017 15:04:31 -
@@ -413,7 +413,7 @@ vmd_dispatch_vmm(int fd, struct privsep_
log_debug("%s: about to stop vm id %d with tty open",
__func__, vm->vm_vmid);
vm_stop(vm, 1);
-   config_setvm(ps, vm, (uint32_t)-1, 0);
+   config_setvm(ps, vm, (uint32_t)-1, vm->vm_uid);
}
break;
case IMSG_VMDOP_GET_INFO_VM_DATA:
@@ -1061,9 +1061,10 @@ vm_stop(struct vmd_vm *vm, int keeptty)
close(vm->vm_kernel);
vm->vm_kernel = -1;
}
-   vm->vm_uid = 0;
-   if (!keeptty)
+   if (!keeptty) {
vm_closetty(vm);
+   vm->vm_uid = 0;
+   }
 }
 
 void

Re: hostname.if5 patch

[Tom Smyth]

Please Disgrgard this patch request I have sent an alternate non Mime
Formatted one
Thanks

On 23 September 2017 at 14:16, Tom Smyth  wrote:
> Hello Lads,
>
> I have submitted a proposed patch for hostname.if5 to show a user how
> to do Point to Point Addressing  on an interface  (thanks to @Tedu for
> publishing the correct syntax which helped me.
>
> So I (tried to ) show syntax  for that case on the hostname.if manual  file
> Thanks to Nikolai for helping me with the patch generation

[patch] hostname.if5 additional info on point to point addressing

[Tom Smyth]

Hello lads, and ladies,
I have included some extra info on point to point addressing on
interfaces in OpenBSD  thanks @tedu  for the blog post that helpd me
learn how to do point to point addressing (non Broadcast) on Openbsd
and @theo @ingo for pointing me in the right direction on man page
contributions earlier in the year,
patch is below I hope it helps

Index: src/share/man/man5/hostname.if.5
===
RCS file: /cvs/src/share/man/man5/hostname.if.5,v
retrieving revision 1.65
diff -u -p -u -r1.65 hostname.if.5
--- src/share/man/man5/hostname.if.510 Mar 2017 18:28:11 -1.65
+++ src/share/man/man5/hostname.if.523 Sep 2017 11:50:49 -
@@ -91,6 +91,16 @@ Regular IPv4 network setup:
 .Va dest_addr
 .Ed
 .Pp
+Point to Point IPv4 network setup:
+.Bd -ragged -offset indent
+.Li inet
+.Op Li alias
+.Va addr
+.Va netmask
+.Va network_addr
+.Va options
+.Ed
+.Pp
 Regular IPv6 network setup:
 .Bd -ragged -offset indent
 .Li inet6
@@ -122,6 +132,13 @@ inet6 alias fec0::1 64
 inet6 alias fec0::2 64 anycast
 !route add 65.65.65.65 10.0.1.13
 up
+.Ed
+.Pp
+Point to point ip addressing can also be applied to an interface
+for example:
+.Bd -literal -offset 1n
+inet 10.64.100.2 0x 10.64.80.25
+#host_addr  /32_netmask network_addr
 .Ed
 .Pp
 The above formats have the following field values:

Re: UPDATE: freetype 2.8.1

[David Coppa]

On Wed, Sep 20, 2017 at 7:06 PM, David Coppa  wrote:
>
> Here's the update to FreeType-2.8.1.
>
> I don't know if there's enough time to have it in for 6.2.

Just catching up with icb logs...

 i'm uncomfortable with updating freetype at this point.  i'm
more afraid of runtime fallout than build problems.
 ok no freetype upgrade before release.

ok with me too, we'll come back to this after the unlock.

Ciao!
David

Re: malloc.c: better double free check

[Otto Moerbeek]

On Sat, Sep 23, 2017 at 05:19:58PM -0400, Daniel Micay wrote:

> On Sat, 2017-09-23 at 09:32 +0200, Otto Moerbeek wrote:
> > On Fri, Sep 22, 2017 at 04:35:39PM -0400, Daniel Micay wrote:
> > 
> > > A linear search works well for the current small quarantine (16) but
> > > won't work
> > > well if you ever want to have a larger / configurable quarantine
> > > size. It would
> > > also be nice to make this fast enough to enable by default.
> > > 
> > > We (CopperheadOS) use an open addressed hash table for this based on
> > > the
> > > existing hash table since we use a larger quarantine with a FIFO
> > > queue
> > > alongside the random array and a configuration size. Ideally the
> > > code would be
> > > shared with the existing hash table but I didn't want to make it
> > > into an
> > > invasive change downstream.
> > > 
> > > These are the three downstream patches for OpenBSD malloc in our
> > > copy of Bionic
> > > (Android libc), so I'd need to port them to the current upstream
> > > code to apply
> > > cleanly. They're currently applied after other changes and it's a
> > > slightly
> > > older copy of the base code (after multi-pool support, but before
> > > the canary
> > > rework since we'll need to adapt that to our needs). Can get the
> > > general idea
> > > from the patches even though they're not going to apply cleanly
> > > though.
> > > 
> > > [1] quarantine double-free detection via hash table
> > 
> > Thanks for sharing this, I'll take a look soon. 
> > 
> > Thinking a bit about this: wouldn't a closed hash table be sufficient?
> > A collision would then either be a double free, otherwise just replace
> > old with new. You'll get a O(1) lookup and insert and simpler code.
> 
> I wouldn't really want to have a random chance of missing a double-free
> even if the chance is small though.

In the end all double frees still will be caught by the actual free
code, just with a delay. The delayed free buffer double free check is
just a way of catching it as soon as possible to make debugging
easier.  That's the reason the originla code could just do the check
on the slot being replaced only.

The only case that could be missed is when the chunk is given out by
malloc in between the original free and the double free. But that 
case never be caught in all circumstances since the delay buffer is of
finite size.

-Otto