Here's a slightly updated patch which makes sure that 0x0x
isn't possible
On 09/03/15 21:59, Martijn van Duren wrote:
Hello tech@,
I gave a look to getint in var.c, which turned out to roll out it's own
version of string to long conversion, without overflow checking.
Attached is a diff to mak
Hi,
For a long time OpenBSD has been careful about filtering potentially-
hostile strings that were destined for logs or TTYs using strvis(3) and
friends. Unfortunately, these don't do a great job for UTF-8 strings
since they mangle anything that isn't basic ASCII (not even ISO-8859-1).
This show
Sorry, an unreferenced cpuid(6) that I couldn't resolve.
- Original Message -
From: "Rob Pierce"
To: "tech"
Sent: Friday, September 4, 2015 12:29:50 AM
Subject: plus58.html hrefs
There is also a reference to smu(4) that appears to be broken, as well as an
unreferenced pkg(5) and cupid(
There is also a reference to smu(4) that appears to be broken, as well as an
unreferenced pkg(5) and cupid(6) that I couldn't resolve.
Index: plus58.html
===
RCS file: /cvs/www/plus58.html,v
retrieving revision 1.7
diff -u -p -r1.7 p
Index: 58.html
===
RCS file: /cvs/www/58.html,v
retrieving revision 1.53
diff -u -p -r1.53 58.html
--- 58.html 4 Sep 2015 02:08:46 - 1.53
+++ 58.html 4 Sep 2015 03:12:11 -
@@ -460,7 +460,7 @@ to 5.8.
Index: 58.html
===
RCS file: /cvs/www/58.html,v
retrieving revision 1.51
diff -u -p -r1.51 58.html
--- 58.html 3 Sep 2015 23:19:55 - 1.51
+++ 58.html 4 Sep 2015 01:57:32 -
@@ -496,7 +496,7 @@ ktion=5">syslog.conf(
I have applied this along with the other amdcf(4) diff you sent, thanks!
On Thu, Sep 03, 2015 at 08:41:25PM -0400, Rob Pierce wrote:
> href tar and cpio?
>
> Index: 58.html
> ===
> RCS file: /cvs/www/58.html,v
> retrieving revision 1
Index: 58.html
===
RCS file: /cvs/www/58.html,v
retrieving revision 1.51
diff -u -p -r1.51 58.html
--- 58.html 3 Sep 2015 23:19:55 - 1.51
+++ 58.html 4 Sep 2015 01:37:53 -
@@ -78,7 +78,7 @@ to 5.8.
http://www
Similiar to [1], this patch uses the USBD_NO_COPY flag to utilize the DMA
buffer directly within ugen_do_write() of ugen(4).
Grant
References
1. MARC.info - 'do bulk reads with one transfer in ugen(4)' thread
http://marc.info/?t=14411465081&r=1&w=2
Index: ugen.c
=
href tar and cpio?
Index: 58.html
===
RCS file: /cvs/www/58.html,v
retrieving revision 1.51
diff -u -p -r1.51 58.html
--- 58.html 3 Sep 2015 23:19:55 - 1.51
+++ 58.html 4 Sep 2015 00:39:18 -
@@ -143,7 +143,7 @@ t
The get_host_seed() function in pppd is unused and can be removed.
Index: pppd.h
===
RCS file: /cvs/src/usr.sbin/pppd/pppd.h,v
retrieving revision 1.19
diff -u -p -u -r1.19 pppd.h
--- pppd.h 12 Jun 2015 14:18:25 - 1.19
+
>The only pool_get() call uses PR_WAITOK, and the pool_put() calls are
>only done from the nfsd main loop, so process context.
OK. Thanks that explains how one makes sure..
>No I'm not an NFS hacker!
3 kettenis
Actually lots of people are NFS hackers.
1 aaron
1 damien
1 dlg
1 d
The only pool_get() call uses PR_WAITOK, and the pool_put() calls are
only done from the nfsd main loop, so process context.
No I'm not an NFS hacker!
ok?
Index: nfs_syscalls.c
===
RCS file: /cvs/src/sys/nfs/nfs_syscalls.c,v
retrie
Hi,
our catopen implementation does not check the parsed message catalog,
making it vulnerable to all sorts of out of boundary accesses.
Take this minimalistic proof of concept file:
$ printf '\xff\x88\xff\x89\x01\x00\x00\x00' > poc.cat
If you are too lazy to write code to open it yourself, tak
On Thu, Sep 03, 2015 at 10:54:17PM +0200, Mark Kettenis wrote:
> These are only ever used from system call implementation and therefore
> never from interrupt context.
>
> ok?
>
>
> Index: sys/compat/linux/linux_futex.c
> ===
> RCS
These are only ever used from system call implementation and therefore
never from interrupt context.
ok?
Index: sys/compat/linux/linux_futex.c
===
RCS file: /cvs/src/sys/compat/linux/linux_futex.c,v
retrieving revision 1.16
diff -u
On Thu, Sep 03, 2015 at 09:52:57AM +0200, Martin Pieuchot wrote:
> On 01/09/15(Tue) 22:26, Grant Czajkowski wrote:
> > In ugen(4), bulk reads of length > UGEN_BBSIZE are split into
> > multiple transfers. This patch instead sends a single
> > transfer utilizing USBD_NO_COPY.
>
> Committed with on
Hello tech@,
I gave a look to getint in var.c, which turned out to roll out it's own
version of string to long conversion, without overflow checking.
Attached is a diff to make the function more readable and overflow safe
by using strtol, with error checking based on strtonum.
I choose for
Hi,
In sendsyslog(2) I got the plural s of messages right. The messages
of syslogd(8) should be alike.
ok?
bluhm
Index: usr.sbin/syslogd/syslogd.c
===
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.c,v
retrieving
Martin Pieuchot wrote:
> On 02/09/15(Wed) 08:45, trondd wrote:
> > I just noticed on my -current systems, memory reporting from netstat -m
> > seems to show that memory is overcommited.
> >
> > $ netstat -m
> > 535 mbufs in use:
> > 289 mbufs allocated to data
> > 8 mbufs allocated
mkhybrid(8) does not seem to be maintained upstream. Here are a few
minor fixes to it:
- buffer overflows, spotted by -Wbounded. They are caused by the way
char name[] is defined in struct iso_directory_record in
src/iso9660.h; unfortunately too much of the code will require
adjustments, shou
On Thu, September 3, 2015 6:35 am, Martin Pieuchot wrote:
>
> This is a side effect of the *8 pool change. Diff below fixes it, ok?
>
I can confirm the patch applies and fixes the numbers. Can't speak to the
accuracy of the math, though.
Tim.
On 02/09/15(Wed) 08:45, trondd wrote:
> I just noticed on my -current systems, memory reporting from netstat -m
> seems to show that memory is overcommited.
>
> $ netstat -m
> 535 mbufs in use:
> 289 mbufs allocated to data
> 8 mbufs allocated to packet headers
> 238 mbufs
In the IPv4 forwarding case your kernel checks if its is doing ARP proxy
for the destination to decide if it needs to send an ICMP redirect msg.
Currently arpproxy() does an iteration on the global list of interfaces.
This will be not allowed as soon as we go SMP. This list MUST not be
used in in
Hello Grant,
On 01/09/15(Tue) 22:26, Grant Czajkowski wrote:
> In ugen(4), bulk reads of length > UGEN_BBSIZE are split into
> multiple transfers. This patch instead sends a single
> transfer utilizing USBD_NO_COPY.
Committed with one tweak below. Do not hesitate to elaborate *why*
you'd like t
25 matches
Mail list logo