Re: swapctl(2) manpage cleanup

2014-12-13 Thread Ingo Schwarze
Hi Kaspars,

Kaspars Bankovskis wrote on Fri, Dec 12, 2014 at 03:55:55PM +0200:

 .In and .An macro fixes

Committed that part, thanks.
  Ingo



Re: LibreSSL 2.1.2 released

2014-12-13 Thread Jan Engelhardt
On Saturday 2014-12-13 00:08, Brent Cook wrote:
 On Dec 12, 2014, at 5:04 PM, Jan Engelhardt jeng...@inai.de wrote:
 
 To solve that, simply add
 
  libcrypto_la_LDFLAGS = -no-undefined
  [same for libssl,libtls]
 
 Without this, the DLLs won't be produced.

Thanks for the hint, will do!

For reference, here is the full patch I needed.


---
 crypto/Makefile.am   |2 +-
 crypto/bio/bss_log.c |4 ++--
 ssl/Makefile.am  |3 ++-
 tls/Makefile.am  |3 ++-
 4 files changed, 7 insertions(+), 5 deletions(-)

Index: libressl-2.1.2/crypto/Makefile.am
===
--- libressl-2.1.2.orig/crypto/Makefile.am
+++ libressl-2.1.2/crypto/Makefile.am
@@ -8,7 +8,7 @@ lib_LTLIBRARIES = libcrypto.la
 
 EXTRA_DIST = VERSION
 
-libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@
+libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined
 libcrypto_la_LIBADD = libcompat.la libcompatnoopt.la
 libcrypto_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
 libcrypto_la_CFLAGS += -DOPENSSL_NO_HW_PADLOCK
Index: libressl-2.1.2/crypto/bio/bss_log.c
===
--- libressl-2.1.2.orig/crypto/bio/bss_log.c
+++ libressl-2.1.2/crypto/bio/bss_log.c
@@ -70,7 +70,7 @@
 #include openssl/buffer.h
 #include openssl/err.h
 
-#ifndef NO_SYSLOG
+#if !defined(_WIN32)  !defined(NO_SYSLOG)
 
 static int slg_write(BIO *h, const char *buf, int num);
 static int slg_puts(BIO *h, const char *str);
@@ -210,4 +210,4 @@ xcloselog(BIO* bp)
closelog();
 }
 
-#endif /* NO_SYSLOG */
+#endif /* !WIN32  !NO_SYSLOG */
Index: libressl-2.1.2/ssl/Makefile.am
===
--- libressl-2.1.2.orig/ssl/Makefile.am
+++ libressl-2.1.2/ssl/Makefile.am
@@ -4,8 +4,9 @@ lib_LTLIBRARIES = libssl.la
 
 EXTRA_DIST = VERSION
 
-libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@
+libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined
 libssl_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
+libssl_la_LIBADD = ../crypto/libcrypto.la
 
 libssl_la_SOURCES = bio_ssl.c
 libssl_la_SOURCES += d1_both.c
Index: libressl-2.1.2/tls/Makefile.am
===
--- libressl-2.1.2.orig/tls/Makefile.am
+++ libressl-2.1.2/tls/Makefile.am
@@ -5,8 +5,9 @@ lib_LTLIBRARIES = libtls.la
 
 EXTRA_DIST = VERSION
 
-libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@
+libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined
 libtls_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
+libtls_la_LIBADD = ../ssl/libssl.la
 
 libtls_la_SOURCES = tls.c
 libtls_la_SOURCES += tls_client.c



Re: relayd: convert to siphash

2014-12-13 Thread Max Fillinger
On Fri, Dec 12, 2014 at 12:57:08PM -0500, Ted Unangst wrote:
 On Wed, Dec 10, 2014 at 21:51, Max Fillinger wrote:
  Here's a version without malloc'ing the key.
 
 Looks like it still does?

Yes, I managed to just repost the previous diff...at least the thing is
in more competent hands now.



patch: fix arbitrary ed command allowance

2014-12-13 Thread Tobias Stoeckmann
Hi,

patch accepts arbitrary ed commands after encountering s.  The s
ed command does not expect any further input, which makes it a one line
command like d.  Yet, patch sends any lines until . unchecked to ed
through its pipe, allowing command execution.

Example:

$ ls
ed.diff
$ cat ed.diff
0a
some text.
.
1s/.//
!/usr/bin/touch file.txt
$ touch a
$ patch a  ed.diff
Hmm...  Looks like an ed script to me...
0
!
10
done
$ ls
a   a.orig  ed.diff file.txt
$ _


Tobias

Index: pch.c
===
RCS file: /cvs/src/usr.bin/patch/pch.c,v
retrieving revision 1.49
diff -u -p -u -p -r1.49 pch.c
--- pch.c   13 Dec 2014 10:31:07 -  1.49
+++ pch.c   13 Dec 2014 15:25:51 -
@@ -1398,10 +1398,10 @@ do_ed_script(void)
;
/* POSIX defines allowed commands as {a,c,d,i,s} */
if (isdigit((unsigned char)*buf) 
-   (*t == 'a' || *t == 'c' || *t == 'd' || *t == 'i' || *t == 
's')) {
+   strchr(acdis, *t) != NULL) {
if (pipefp != NULL)
fputs(buf, pipefp);
-   if (*t != 'd') {
+   if (*t != 'd'  *t != 's') {
while (pgets(buf, sizeof buf, pfp) != NULL) {
p_input_line++;
if (pipefp != NULL)



Re: patch: fix arbitrary ed command allowance

2014-12-13 Thread Tobias Stoeckmann
On Sat, Dec 13, 2014 at 10:57:42AM -0500, Daniel Dickman wrote:
  -   (*t == 'a' || *t == 'c' || *t == 'd' || *t == 'i' || *t 
  == 's')) {
  +   strchr(acdis, *t) != NULL) {
 
 
 doesn't this change the semantics slightly? i haven't looked at the
 context beyond what's in your patch but if *t is somehow equal to NUL,
 won't strchr return the position of the terminating NUL since The
 terminating NUL character is considered to be part of the string.?

Indeed, thanks for pointing it out.

Updated diff below:


Index: pch.c
===
RCS file: /cvs/src/usr.bin/patch/pch.c,v
retrieving revision 1.49
diff -u -p -u -p -r1.49 pch.c
--- pch.c   13 Dec 2014 10:31:07 -  1.49
+++ pch.c   13 Dec 2014 16:17:01 -
@@ -1398,10 +1398,10 @@ do_ed_script(void)
;
/* POSIX defines allowed commands as {a,c,d,i,s} */
if (isdigit((unsigned char)*buf) 
-   (*t == 'a' || *t == 'c' || *t == 'd' || *t == 'i' || *t == 
's')) {
+   *t != '\0'  strchr(acdis, *t) != NULL) {
if (pipefp != NULL)
fputs(buf, pipefp);
-   if (*t != 'd') {
+   if (*t != 'd'  *t != 's') {
while (pgets(buf, sizeof buf, pfp) != NULL) {
p_input_line++;
if (pipefp != NULL)



Re: Want to help upstream software improve their random?

2014-12-13 Thread martin
Theo de Raadt dera...@cvs.openbsd.org wrote:

 In all of these code blocks are a well-known piece of information
 (same time on your machine as everywhere else) is being used to seed a
 deterministic number generator.
 
 At some later point, deterministic numbers are taken out using rand(),
 random(), drand48(), lrand48(), mrand48(), or srand48(), or some
 derivative function inside the program itself, and used for WHO KNOWS
 WHAT PURPOSE.
 
 I did not audit what the numbers are being used for.
 
 Quite likely some numbers are just used to help hashing.  Some could
 be used to print pretty pictures.  But in xulrunner?  In the zip password
 creator? In postgresql, or say in openldap (a network related thing)?
 
 It is doubtful they are all fine.
 
 For the benefit of other projects who haven't taken the same steps as
 OpenBSD, it would be nice if some people helped out these pieces of
 software.

I took one as an example.
 
 apr-util-1.5.3srand((unsigned int)(((time_now  32) ^ time_now)  
 0x));
 apr-util-1.5.3srand((unsigned int)apr_time_now());

Here is the only usage of rand in its entirety.

/* true_random -- generate a crypto-quality random number. */
static int true_random(void)
{
apr_uint64_t time_now;

#if APR_HAS_RANDOM
unsigned char buf[2];

if (apr_generate_random_bytes(buf, 2) == APR_SUCCESS) {
return (buf[0]  8) | buf[1];
}
#endif

/* crap. this isn't crypto quality, but it will be Good Enough */

time_now = apr_time_now();
srand((unsigned int)(((time_now  32) ^ time_now)  0x));

return rand()  0x0;
}

Interestingly this is inside a UUID generator, which already uses time
as part of the unique value. Deterministic statistically random numbers
based on time don't help at all.

I looked into apr_generate_random_bytes and found that it is a giant
ifdef, which, if nothing is set, will reduce to a one line function
returning success. I hope their configure script doesn't continue if
nothing is set.

From APR 1.5.1, which Theo's script didn't seem to catch:

#define arc4random() rand()

But if mkstemp is present, they assume random is also (I wonder why?)
and use

#define arc4random() random()

as if that were more secure.

I find no evidence of real arc4random in their tree. It's as if they're
relying on the magic of the name to protect them.

APR also has it's own random number generator in tree, which neither
the UUID generator nor the mkstemp replacement uses. I don't know enough
math to pass judgement on it other than saying random generation belongs
in some library or the kernel.

Apache HTTPD contains a large snarl of code intended to do OpenSSL's
job for it and seed it, but I don't know enough about OpenSSL to pass
judgement.

There are several more rand calls in HTTPD, including what appears to
be another random number generator, complete with comments indicating
that APR should have its own random number generator.

What I'm ultimately saying is that upstream's views on random number
generation can be mighty strange. Many are of the opinion that an
insecure fallback is better than refusing to compile. Not that it is an
excuse for poor software engineering, but many are old enough to be
rather jumbled in their library use.

I tried to CC their list but it won't let me post without subscribing
and furthermore I couldn't seem to subscribe.

-- Martin



patch: safer temp file handling

2014-12-13 Thread Tobias Stoeckmann
Hi,

the code for temporary file handling in patch is currently rather poor,
leaving possibilities for race conditions while patching files.  Granted,
there is a bug in patch that makes it rather hard to be successfully
exploited as long as /tmp is on its own partition (which is basically
always true, I hope).  Also permissions of the plan b buffer file are
changed from 600 to 644 (i.e. 666 + umask)

Beside of that, patch's output isn't always true when it comes to
rejected files that couldn't be saved as *.rej, i.e. when they are
left in temporary directory.

I'll try to explain this by using this example:

$ cat my.diff
--- a   Sat Dec 13 19:28:53 2014
+++ a~  Sat Dec 13 19:28:58 2014
@@ -1,3 +1,3 @@
 1
-a
+b
 2
--- b   Sat Dec 13 19:29:03 2014
+++ b~  Sat Dec 13 19:29:07 2014
@@ -1,3 +1,3 @@
 2
-a
+c
 3
--- c   Sat Dec 13 20:43:30 2014
+++ c~  Sat Dec 13 20:43:35 2014
@@ -0,0 +1 @@
+c
$ touch a b c
$ sudo mkdir a.rej b.rej
$ patch -i my.diff
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--
|--- a  Sat Dec 13 19:28:53 2014
|+++ a~ Sat Dec 13 19:28:58 2014
--
Patching file a using Plan A...
Hunk #1 failed at 1.
1 out of 1 hunks failed--saving rejects to a.rej
Can't backup a.rej, output is in /tmp/patchr4mBV12Ow1u: Permission denied
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--
|--- b  Sat Dec 13 19:29:03 2014
|+++ b~ Sat Dec 13 19:29:07 2014
--
Patching file b using Plan A...
Hunk #1 failed at 1.
1 out of 1 hunks failed--saving rejects to b.rej
Can't backup b.rej, output is in /tmp/patchr4mBV12Ow1u: Permission denied
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--
|--- c  Sat Dec 13 20:43:30 2014
|+++ c~ Sat Dec 13 20:43:35 2014
--
Patching file c using Plan A...
Empty context always matches.
Hunk #1 succeeded at 1.
done
$ cat /tmp/patchr4mBV12Ow1u
$ _

As you can see, the temporary file is empty.  Even if it would be not
empty, it would contain the rejected hunks from files a and b.

The file is empty because the last patch operation on file c was
successful.  Before each file operation, these temporary files are
re-opened; without calling mkstemp() or the like.


The race condition happens if /tmp is on the same partition as the
target files.  Could also be triggered if TMPDIR environmental variable
is adjusted.  After successful operations, the temporary file that
contains the output is rename()'ed, effectively giving an attacker
a time window to put a new file into the old position -- he would
even know the file name to use...


My diff unifies temporary file handling into temp.c.  Also, it avoids
to re-open files by using proper permissions.  In pch.c, it means that
the temporary patch file is opened r+ to be filled with stdin. In
inp.c, the buffer file for plan b is kept open as r+, too...

To test various cases, these calls are of interest:

$ patch -i my.diff  # least file operations
$ patch -x 8 -i my.diff # uses TMP_IN for plan b buffer
$ patch  my.diff   # uses TMP_PAT for stdin buffer
$ patch -x 8  my.diff  # most file operations

Thoughts on this?


Tobias

Index: Makefile
===
RCS file: /cvs/src/usr.bin/patch/Makefile,v
retrieving revision 1.4
diff -u -p -u -p -r1.4 Makefile
--- Makefile16 May 2005 15:22:46 -  1.4
+++ Makefile13 Dec 2014 19:38:19 -
@@ -1,6 +1,6 @@
 #  $OpenBSD: Makefile,v 1.4 2005/05/16 15:22:46 espie Exp $
 
 PROG=  patch
-SRCS=  patch.c pch.c inp.c util.c backupfile.c mkpath.c
+SRCS=  patch.c pch.c inp.c util.c backupfile.c mkpath.c temp.c
 
 .include bsd.prog.mk
Index: common.h
===
RCS file: /cvs/src/usr.bin/patch/common.h,v
retrieving revision 1.28
diff -u -p -u -p -r1.28 common.h
--- common.h25 Nov 2014 10:26:07 -  1.28
+++ common.h13 Dec 2014 19:38:19 -
@@ -48,6 +48,11 @@
 #define ORIGEXT .orig
 #define REJEXT .rej
 
+#define TMP_OUT 0
+#define TMP_IN 1
+#define TMP_REJ 2
+#define TMP_PAT 3
+
 /* handy definitions */
 
 #define strNE(s1,s2) (strcmp(s1, s2))
@@ -76,9 +81,7 @@ extern char   *outname;
 extern char*origprae;
 
 extern char*TMPOUTNAME;
-extern char*TMPINNAME;
 extern char*TMPREJNAME;
-extern char*TMPPATNAME;
 extern booltoutkeep;
 extern booltrejkeep;
 
Index: inp.c
===
RCS file: /cvs/src/usr.bin/patch/inp.c,v
retrieving revision 1.42
diff -u -p -u -p -r1.42 inp.c
--- inp.c   9 Dec 2014 20:28:43 -   1.42
+++ inp.c   13 Dec 2014 19:38:19 -
@@ -44,6 +44,7 @@
 #include util.h
 #include pch.h
 #include inp.h
+#include temp.h
 
 
 /* Input-file-with-indexable-lines abstract type */
@@ -52,6 +53,7 @@ static off_t  

Re: Want to help upstream software improve their random?

2014-12-13 Thread Vadim Zhukov
12 дек. 2014 г. 8:04 пользователь Theo de Raadt dera...@cvs.openbsd.org
написал:

 In all of these code blocks are a well-known piece of information
 (same time on your machine as everywhere else) is being used to seed a
 deterministic number generator.

 At some later point, deterministic numbers are taken out using rand(),
 random(), drand48(), lrand48(), mrand48(), or srand48(), or some
 derivative function inside the program itself, and used for WHO KNOWS
 WHAT PURPOSE.

 I did not audit what the numbers are being used for.

 Quite likely some numbers are just used to help hashing.  Some could
 be used to print pretty pictures.  But in xulrunner?  In the zip password
 creator? In postgresql, or say in openldap (a network related thing)?

 It is doubtful they are all fine.

 For the benefit of other projects who haven't taken the same steps as
 OpenBSD, it would be nice if some people helped out these pieces of
 software.

 EMBOSS-6.0.1srand((unsigned) time(tm));
 ORBit2-2.14.19  srand (t.tv_sec ^ t.tv_usec ^ getpid () ^ getuid ());
 apr-util-1.5.3srand((unsigned int)(((time_now  32) ^ time_now) 
0x));
 apr-util-1.5.3srand((unsigned int)apr_time_now());
 aqualung-0.9beta11  srand(time(0));
 aqualung-0.9beta11  srand(time(NULL));
 audacious-3.5.2srand (time (NULL));
 audacious-plugins-3.5.2srand(time(NULL));
 audacity-1.3.9   srand(time(0));
 audacity-1.3.9   srand(time(NULL));
 audacity-1.3.9srand( (unsigned int) time(NULL) );
 birda-1.1srandom(t.tv_sec^t.tv_usec);
 boost-1.53.0std::srand( runtime_config::random_seed() );
 boost-1.53.0  srand(time(0));
 boost-1.53.0generator() { srand(time(0)); }
 boost-1.53.0generator() { srand(time(0)); }
 boost-1.53.0std::srand(time(0) + world.rank());
 boost-1.53.0std::srand(time(0) + world.rank());
 boost-1.53.0  srand(time(0) + world.rank());
 boost-1.53.0  srand(time(0) + world.rank());
 boost-1.53.0  std::srand(time(0) + world.rank());
 boost-1.53.0  std::srand(time(0) + world.rank());
 boost-1.53.0srand( time(NULL) );
 boost-1.53.0srand( time( NULL ) );
 boost-1.53.0srand ( time(NULL) );
 boost-1.53.0std::srand(static_castunsigned(std::time(0)));
 boost-1.53.0std::srand(static_castunsigned(std::time(0)));
 boost-1.53.0  srand(time(0));
 boost-1.53.0  srand(time(0));
 boost-1.53.0std::srand((unsigned int)std::time(NULL));
 boost-1.53.0srand(time(0));
 bullet-2.81//   srand(time(NULL) / 30);
 bullet-2.81 srand((unsigned)time(NULL)); // Seed it...
 bullet-2.81 srand ( time ( 0x0 ) );
 c3270-3.3.11.6  srand(time(NULL));
 c3270-3.3.11.6  srandom(time(NULL));
 c3270-3.3.11.6  srand(time(NULL));
 c3270-3.3.11.6  srandom(time(NULL));
 c3270-3.3.11.6  srand(time(NULL));
 c3270-3.3.11.6  srandom(time(NULL));
 c3270-3.3.11.6  srand(time(NULL));
 c3270-3.3.11.6  srandom(time(NULL));
 c3270-3.3.11.6  srand(time(NULL));
 c3270-3.3.11.6  srandom(time(NULL));
 c3270-3.3.11.6  srand(time(NULL));
 c3270-3.3.11.6  srandom(time(NULL));
 caps-plugins-0.4.4  srandom (tv.tv_sec ^ tv.tv_usec);
 celestia-1.6.1  std::srand(std::time(NULL));
 celestia-1.6.1  std::srand(time(NULL));
 celestia-1.6.1srandom(time(NULL));
 celt-0.11.1   srand(time(NULL));
 celt07-0.7.1   srand(time(NULL));
 cgdb-0.6.8srand(time(NULL));
 clementine-1.2.3  srandom((int)[[NSDate date] timeIntervalSince1970]);
 clementine-1.2.3srandom(time(NULL));
 clementine-1.2.3srand ( time ( NULL ) );
 clementine-1.2.3  qsrand((time.tv_sec * 1000) + (time.tv_usec / 1000));
 cmake-3.0.2srand((unsigned)time(0));
 cmake-3.0.2  srand((unsigned int)time(NULL)+randomizer++); /* seed */
 codeblocks-13.12srand( time(NULL) );
 codeblocks-13.12inline void ini_random() { srand(time(0)); };
 codeblocks-13.12srand((unsigned)time(0));
 codeblocks-13.12srand(time(nullptr));
 codeworker-4.5.4if (iSeed = 0) srand((unsigned) iSeed);
 codeworker-4.5.4else srand((unsigned) time(NULL));
 db-3.1.17   srand((u_int)time(NULL));
 db-3.1.17   srand(getpid() | time(NULL));
 db-3.1.17   srand((unsigned int)time(NULL));
 db-4.6.21   srand((u_int)time(NULL));
 db-4.6.21   srand(getpid() | time(NULL));
 db-4.6.21   srand((unsigned int)time(NULL));
 db-4.6.21   srand((u_int)time(NULL) % (u_int)getpid());
 db-4.6.21   srand((u_int)(time(NULL) | getpid()));
 db-4.6.21   srand((u_int)(time(NULL) | getpid()));
 deadbeef-0.6.2srand (time (NULL));
 deadbeef-0.6.2//srand ((uint) ::time(NULL));
 deadbeef-0.6.2  srand(time(NULL));
 deadbeef-0.6.2  fixed random playback bug caused by libsidplay2 calling
srand(time(NULL))
 festival-1.95beta#define seed_random() srand((unsigned)time(NULL))
 festival-1.95beta#define seed_random() srandom(time(NULL));
 festival-1.95betasrand(time(NULL));
 flac-1.3.0  srand((unsigned)time(0));
 flac-1.3.0  srand((unsigned)time(0));
 flac-1.3.0