Re: problem with gethostbyaddr() on OBSD 5.4?
On Sun, Feb 02, 2014 at 03:12:36PM +0100, IMAP List Administration wrote: [I forgot to send this to the list] Hi Eric, On 02/01/2014 11:43 AM, Eric Faurot wrote: The following diff fixes the problems with the example IPs you gave us. - subsequent PTR records are now set as aliases in the hostent - need to accept '/' in dname labels (maybe others?) Since the code differs, I'm guessing your patch is for -current. We're running -stable. Could you possibly supply a patch for that? cheers, Rob Urban Hi, This is the diff against -stable. Eric. Index: asr_utils.c === RCS file: /cvs/src/lib/libc/asr/asr_utils.c,v retrieving revision 1.8 diff -u -p -r1.8 asr_utils.c --- asr_utils.c 12 Jul 2013 14:36:21 - 1.8 +++ asr_utils.c 3 Feb 2014 09:44:29 - @@ -55,7 +55,7 @@ dname_check_label(const char *s, size_t return (-1); for (l--; l; l--, s++) - if (!(isalnum(*s) || *s == '_' || *s == '-')) + if (!(isalnum(*s) || *s == '_' || *s == '-' || *s == '/')) return (-1); return (0); Index: gethostnamadr_async.c === RCS file: /cvs/src/lib/libc/asr/gethostnamadr_async.c,v retrieving revision 1.22 diff -u -p -r1.22 gethostnamadr_async.c --- gethostnamadr_async.c 17 Jul 2013 07:43:23 - 1.22 +++ gethostnamadr_async.c 3 Feb 2014 09:44:30 - @@ -504,8 +504,7 @@ hostent_from_packet(int reqtype, int fam if (strcasecmp(rr.rr_dname, dname) != 0) continue; if (hostent_set_cname(h, rr.rr.ptr.ptrname, 1) == -1) - goto fail; - /* XXX See if we need MULTI_PTRS_ARE_ALIASES */ + hostent_add_alias(h, rr.rr.ptr.ptrname, 1); break; case T_A:
replace libc on running system?
Hello Folks, I've patched, recompiled and relinked libc. Are there any risks in installing it on a running production system? Do I need to reboot immediately after installation? cheers, Rob Urban
Re: replace libc on running system?
Date: Mon, 03 Feb 2014 12:02:16 +0100 From: IMAP List Administration li...@y42.org Hello Folks, I've patched, recompiled and relinked libc. Are there any risks in installing it on a running production system? Do I need to reboot immediately after installation? Depends on the patch... But assuming it doesn't affect the ABI, there should be no problems doing this. You might want to schedule a reboot anyway. Until you do, both the old and the new libc will be in memory as aready running programs will keep using the old copy. Of course our libc is tiny compared to other OSes. But if memory is really tight... Minimally you'll want to restart the pieces of software that depend on the patch libc. And if it is a security fix...
Re: problem with gethostbyaddr() on OBSD 5.4?
Hi Eric, On 02/03/2014 10:48 AM, Eric Faurot wrote: On Sun, Feb 02, 2014 at 03:12:36PM +0100, IMAP List Administration wrote: [I forgot to send this to the list] Hi Eric, On 02/01/2014 11:43 AM, Eric Faurot wrote: The following diff fixes the problems with the example IPs you gave us. - subsequent PTR records are now set as aliases in the hostent - need to accept '/' in dname labels (maybe others?) Since the code differs, I'm guessing your patch is for -current. We're running -stable. Could you possibly supply a patch for that? cheers, Rob Urban Hi, This is the diff against -stable. I've tested the patch, and I cannot reproduce the error. Thanks for your help. cheers, Rob Urban
Fix for CVE-2012-3509 libiberty: integer overflow, leading to heap-buffer overflow
Hello,
the following diff addresses CVE-2012-3509
(libiberty: integer overflow, leading to heap-buffer overflow).
Index: include/objalloc.h
===
RCS file: /cvs/src/gnu/lib/libiberty/include/objalloc.h,v
retrieving revision 1.1.1.3
diff -u -p -u -p -r1.1.1.3 objalloc.h
--- include/objalloc.h 27 May 2008 18:46:00 - 1.1.1.3
+++ include/objalloc.h 3 Feb 2014 13:24:24 -
@@ -91,7 +91,7 @@ extern void *_objalloc_alloc (struct obj
if (__len == 0) \
__len = 1; \
__len = (__len + OBJALLOC_ALIGN - 1) ~ (OBJALLOC_ALIGN - 1); \
- (__len = __o-current_space \
+ (__len != 0 __len = __o-current_space\
? (__o-current_ptr += __len,\
__o-current_space -= __len, \
(void *) (__o-current_ptr - __len)) \
Index: src/objalloc.c
===
RCS file: /cvs/src/gnu/lib/libiberty/src/objalloc.c,v
retrieving revision 1.4
diff -u -p -u -p -r1.4 objalloc.c
--- src/objalloc.c 27 May 2008 18:52:44 - 1.4
+++ src/objalloc.c 3 Feb 2014 13:24:24 -
@@ -112,14 +112,21 @@ objalloc_create (void)
/* Allocate space from an objalloc structure. */
PTR
-_objalloc_alloc (struct objalloc *o, unsigned long len)
+_objalloc_alloc (struct objalloc *o, unsigned long original_len)
{
+ unsigned long len = original_len;
+
/* We avoid confusion from zero sized objects by always allocating
at least 1 byte. */
if (len == 0)
len = 1;
len = (len + OBJALLOC_ALIGN - 1) ~ (OBJALLOC_ALIGN - 1);
+
+ /* CVE-2012-3509: Check for overflow in the alignment operation above
+ * and then malloc argument below. */
+ if (len + CHUNK_HEADER_SIZE original_len)
+return NULL;
if (len = o-current_space)
{
No functional changes, therefore no bump of shlib_version.
Cheers,
Sebastian
[1] http://www.openwall.com/lists/oss-security/2012/08/29/3
[2] http://gcc.gnu.org/viewcvs/gcc?view=revisionrevision=191413
Re: Fix for CVE-2012-3509 libiberty: integer overflow, leading to heap-buffer overflow
Which license is this patch under?
On 3 February 2014 13:26:41 GMT+00:00, Sebastian Trahm ba...@schleifi.com
wrote:
Hello,
the following diff addresses CVE-2012-3509
(libiberty: integer overflow, leading to heap-buffer overflow).
Index: include/objalloc.h
===
RCS file: /cvs/src/gnu/lib/libiberty/include/objalloc.h,v
retrieving revision 1.1.1.3
diff -u -p -u -p -r1.1.1.3 objalloc.h
--- include/objalloc.h 27 May 2008 18:46:00 - 1.1.1.3
+++ include/objalloc.h 3 Feb 2014 13:24:24 -
@@ -91,7 +91,7 @@ extern void *_objalloc_alloc (struct obj
if (__len == 0) \
__len = 1; \
__len = (__len + OBJALLOC_ALIGN - 1) ~ (OBJALLOC_ALIGN - 1);\
- (__len = __o-current_space \
+ (__len != 0 __len = __o-current_space \
? (__o-current_ptr += __len, \
__o-current_space -= __len, \
(void *) (__o-current_ptr - __len)) \
Index: src/objalloc.c
===
RCS file: /cvs/src/gnu/lib/libiberty/src/objalloc.c,v
retrieving revision 1.4
diff -u -p -u -p -r1.4 objalloc.c
--- src/objalloc.c 27 May 2008 18:52:44 - 1.4
+++ src/objalloc.c 3 Feb 2014 13:24:24 -
@@ -112,14 +112,21 @@ objalloc_create (void)
/* Allocate space from an objalloc structure. */
PTR
-_objalloc_alloc (struct objalloc *o, unsigned long len)
+_objalloc_alloc (struct objalloc *o, unsigned long original_len)
{
+ unsigned long len = original_len;
+
/* We avoid confusion from zero sized objects by always allocating
at least 1 byte. */
if (len == 0)
len = 1;
len = (len + OBJALLOC_ALIGN - 1) ~ (OBJALLOC_ALIGN - 1);
+
+ /* CVE-2012-3509: Check for overflow in the alignment operation
above
+ * and then malloc argument below. */
+ if (len + CHUNK_HEADER_SIZE original_len)
+return NULL;
if (len = o-current_space)
{
No functional changes, therefore no bump of shlib_version.
Cheers,
Sebastian
[1] http://www.openwall.com/lists/oss-security/2012/08/29/3
[2] http://gcc.gnu.org/viewcvs/gcc?view=revisionrevision=191413
Re: responding to buttonpress ACPI event sent by KVM/Qemu (same behavior in v5.2)
On 02/03/2014 10:12 PM, Mike Larkin wrote: I'd run with acpi debug enabled, try to see if we are dropping an event. On a 5.4 test system I compiled a new generic MP kernel with option ACPI_DEBUG and booted it. I set up a serial console. During boot there is a lot a ACPI debug output. I can make it available if anyone would like to see it. I then ran virsh shutdown guest. The guest froze without writing a single character to the console. Rob Urban
move p_comm into process
No need for every thread to have its own name, right?
(And can I say, wow, is every arch except i386 generous with the
debug output?)
Index: arch/alpha/alpha/interrupt.c
===
RCS file: /cvs/src/sys/arch/alpha/alpha/interrupt.c,v
retrieving revision 1.31
diff -u -p -r1.31 interrupt.c
--- arch/alpha/alpha/interrupt.c15 Apr 2011 20:40:03 - 1.31
+++ arch/alpha/alpha/interrupt.c4 Feb 2014 00:57:42 -
@@ -375,7 +375,7 @@ fatal:
printf(curproc = %p\n, curproc);
if (curproc != NULL)
printf(pid = %d, comm = %s\n, curproc-p_pid,
- curproc-p_comm);
+ curproc-p_p-ps_comm);
printf(\n);
panic(machine check);
}
Index: arch/alpha/alpha/trap.c
===
RCS file: /cvs/src/sys/arch/alpha/alpha/trap.c,v
retrieving revision 1.65
diff -u -p -r1.65 trap.c
--- arch/alpha/alpha/trap.c 6 Jan 2014 20:27:44 - 1.65
+++ arch/alpha/alpha/trap.c 4 Feb 2014 00:57:42 -
@@ -209,7 +209,7 @@ printtrap(a0, a1, a2, entry, framep, isf
printf(curproc= %p\n, curproc);
if (curproc != NULL)
printf(pid = %d, comm = %s\n, curproc-p_pid,
- curproc-p_comm);
+ curproc-p_p-ps_comm);
printf(\n);
}
#endif /* DEBUG */
@@ -452,7 +452,7 @@ do_fault:
typ = SEGV_MAPERR;
if (rv == ENOMEM) {
printf(UVM: pid %u (%s), uid %u killed:
- out of swap\n, p-p_pid, p-p_comm,
+ out of swap\n, p-p_pid,
p-p_p-ps_comm,
p-p_cred p-p_ucred ?
p-p_ucred-cr_uid : -1);
i = SIGKILL;
@@ -968,7 +968,7 @@ unaligned_fixup(va, opcode, reg, p)
if (doprint) {
uprintf(
pid %u (%s): unaligned access: va=0x%lx pc=0x%lx ra=0x%lx op=,
- p-p_pid, p-p_comm, va,
+ p-p_pid, p-p_p-ps_comm, va,
p-p_md.md_tf-tf_regs[FRAME_PC] - 4,
p-p_md.md_tf-tf_regs[FRAME_RA]);
uprintf(selected_tab-type,opcode);
Index: arch/amd64/amd64/machdep.c
===
RCS file: /cvs/src/sys/arch/amd64/amd64/machdep.c,v
retrieving revision 1.173
diff -u -p -r1.173 machdep.c
--- arch/amd64/amd64/machdep.c 5 Jan 2014 20:23:56 - 1.173
+++ arch/amd64/amd64/machdep.c 4 Feb 2014 00:57:42 -
@@ -552,7 +552,7 @@ sendsig(sig_t catcher, int sig, int mask
#ifdef DEBUG
if ((sigdebug SDB_FOLLOW) (!sigpid || p-p_pid == sigpid))
printf(sendsig: %s[%d] sig %d catcher %p\n,
- p-p_comm, p-p_pid, sig, catcher);
+ p-p_p-ps_comm, p-p_pid, sig, catcher);
#endif
bcopy(tf, ksc, sizeof(*tf));
Index: arch/amd64/amd64/trap.c
===
RCS file: /cvs/src/sys/arch/amd64/amd64/trap.c,v
retrieving revision 1.32
diff -u -p -r1.32 trap.c
--- arch/amd64/amd64/trap.c 31 Dec 2012 06:46:13 - 1.32
+++ arch/amd64/amd64/trap.c 4 Feb 2014 00:57:42 -
@@ -246,7 +246,7 @@ copyfault:
case T_NMI|T_USER:
#ifdef TRAP_SIGDEBUG
printf(pid %d (%s): BUS at rip %lx addr %lx\n,
- p-p_pid, p-p_comm, frame-tf_rip, rcr2());
+ p-p_pid, p-p_p-ps_comm, frame-tf_rip, rcr2());
frame_dump(frame);
#endif
sv.sival_ptr = (void *)frame-tf_rip;
@@ -270,7 +270,7 @@ copyfault:
case T_FPOPFLT|T_USER: /* coprocessor operand fault */
#ifdef TRAP_SIGDEBUG
printf(pid %d (%s): ILL at rip %lx addr %lx\n,
- p-p_pid, p-p_comm, frame-tf_rip, rcr2());
+ p-p_pid, p-p_p-ps_comm, frame-tf_rip, rcr2());
frame_dump(frame);
#endif
sv.sival_ptr = (void *)frame-tf_rip;
@@ -404,7 +404,7 @@ faultcommon:
}
if (error == ENOMEM) {
printf(UVM: pid %d (%s), uid %d killed: out of swap\n,
- p-p_pid, p-p_comm,
+ p-p_pid, p-p_p-ps_comm,
p-p_cred p-p_ucred ?
(int)p-p_ucred-cr_uid : -1);
sv.sival_ptr = (void *)fa;
@@ -412,7 +412,7 @@ faultcommon:
} else {
#ifdef TRAP_SIGDEBUG
printf(pid %d (%s): SEGV at rip %lx addr %lx\n,
- p-p_pid, p-p_comm, frame-tf_rip, fa);
+ p-p_pid, p-p_p-ps_comm, frame-tf_rip, fa);
frame_dump(frame);
#endif
Re: move p_comm into process
On Mon, Feb 3, 2014 at 5:09 PM, Ted Unangst t...@tedunangst.com wrote: No need for every thread to have its own name, right? pthread_set_name_np()? Would be nice to have that reflect into ps H output if it's used in real programs. Linux calls that function pthread_setname_np(), so maybe it's actually in use. Also, I was thinking of making all the kernel threads (reaper, usbatsk, idleN, acpi, etc) into threads of proc0 instead of full processes, saving the process structures, but that only works if you can still see their names in the output of ps xak. Philip Guenther
