Re: ping6(8) bug

[Michael McConville]

Claudio Jeker wrote:
> On Mon, Sep 07, 2015 at 03:49:14PM -0400, Michael McConville wrote:
> > It seems pretty clear to me that what was here was wrong. A field of
> > a global struct was pointed at local array. The program logic was a
> > little wacky, but this is my best estimate of what was intended.
> > Input?
> > 
> > 
> > Index: ping6.c
> > ===
> > RCS file: /cvs/src/sbin/ping6/ping6.c,v
> > retrieving revision 1.112
> > diff -u -p -r1.112 ping6.c
> > --- ping6.c 1 Sep 2015 19:53:23 -   1.112
> > +++ ping6.c 7 Sep 2015 19:44:15 -
> > @@ -1056,7 +1056,10 @@ pinger(void)
> > memset(, 0, sizeof(iov));
> > iov[0].iov_base = (caddr_t)outpack;
> > iov[0].iov_len = cc;
> > -   smsghdr.msg_iov = iov;
> > +   smsghdr.msg_iov = calloc(1, sizeof(struct iovec));
> > +   if (smsghdr.msg_iov == NULL)
> > +   return(1);
> > +   *smsghdr.msg_iov = iov[0];
> > smsghdr.msg_iovlen = 1;
> >  
> > i = sendmsg(s, , 0);
> > 
> 
> The current code is perfectly fine. msg_iov is a pointer and it points
> to the iov array. When calling sendmsg the kernel will know how to
> handle this pointer. There is no need to calloc() memory for this.

Yes, but the data that it points to is an array on pinger()'s stack.
When the current pinger() call returns, that data is gone and
smsghdr.msg_iov points to garbage. Remember, smsghdr is global.

That said, if we're sure that smsghdr.msg_iov is only accessed from
within the current pinger() call, this isn't a functional bug. It could
become one in the future, though, if someone adds something.

On a separate note, I just noticed that my use of calloc() here is a
little awkward. I was initially allocating space for two structs. It
could be malloc() instead.

Anyway, the more I look at this, the more I think it should just be
left as is, despite being a little precarious.

Re: virtualization support

[Bob Beck]

femto-hypervisor?


On Mon, Sep 7, 2015 at 9:36 PM, Ted Unangst  wrote:
> Mike Larkin wrote:
>> > Is this hypervisor more similar to "micro"-hypervisor or to monolithic 
>> > hypervisor?
>> >
>>
>> I don't know what those terms mean.
>
> It's a milli-hypervisor!
>

Re: nc -c, because openssl s_[client|server] sucks donkey balls

[Alexander Bluhm]

On Sat, Sep 05, 2015 at 01:00:54PM -0600, Bob Beck wrote:
> OK to put it in and have others turdshine along?

I think some things should be fixed before.

$ mandoc -Tlint nc.1 
mandoc: nc.1:105:64: WARNING: whitespace at end of input line
mandoc: nc.1:188:69: WARNING: whitespace at end of input line
mandoc: nc.1:190:17: WARNING: whitespace at end of input line
mandoc: nc.1:210:16: WARNING: whitespace at end of input line
mandoc: nc.1:212:14: WARNING: whitespace at end of input line

$ WARNINGS=yes make
cc -O2 -pipe  -Wall -Wpointer-arith -Wuninitialized -Wstrict-prototypes 
-Wmissing-prototypes -Wunused -Wsign-compare -Wshadow 
-Wdeclaration-after-statement   -c netcat.c
netcat.c: In function 'main':
netcat.c:593: warning: declaration of 'i' shadows a previous local
netcat.c:534: warning: shadowed declaration is here

re-wrap the long lines

> @@ -98,6 +98,11 @@ to use IPv4 addresses only.
>  Forces
>  .Nm
>  to use IPv6 addresses only.
> +.It Fl c
> +If using a tcp socket to connect or listen, use TLS. Illegal if not using 
> TCP sockets.
> +.It Fl C Ar certificate_filename
> +Specifies the filename from which the public part of the TLS
> +certificate is loaded, in pem format. Illegal if not using TLS. 
>  .It Fl D
>  Enable debugging on the socket.
>  .It Fl d

C should be before c

> @@ -132,6 +137,9 @@ Forces
>  to stay listening for another connection after its current connection
>  is completed.
>  It is an error to use this option without the
> +.It Fl K Ar key_filename
> +Specifies the filename from which the private key for the TLS certificate
> +is loaded in pem format. Illegal if not using TLS.
>  .Fl l
>  option.
>  When used together with the

This flag is in the middle of another.

> @@ -176,6 +184,11 @@ option.
>  Specifies that source and/or destination ports should be chosen randomly
>  instead of sequentially within a range or in the order that the system
>  assigns them.
> +.It Fl R Ar CA_filename
> +Specifies the filename from which the root CA bundle for Certificate 
> +verification is loaded in pem format. Illegal if not using TLS.
> +Default value is 
> +.Pa /etc/ssl/cert.pem .
>  .It Fl S
>  Enables the RFC 2385 TCP MD5 signature option.
>  .It Fl s Ar source

R should be before r

> @@ -95,6 +102,13 @@ int   Sflag;  /* TCP 
> MD5 signature opti
>  int  Tflag = -1; /* IP Type of Service */
>  int  rtableid = -1;
>  
> +int  usetls; /* use TLS */
> +char*Cflag;  /* Public cert file */
> +char*Kflag;  /* Private key file */
> +char*Rflag = DEFAULT_CA_FILE;/* Root CA file */
> +int  cachanged;  /* Using non-default CA file */
> +int TLSopt;  /* TLS options */

Don't mix tab and spaces after the type.

> @@ -145,7 +162,7 @@ main(int argc, char *argv[])
>   signal(SIGPIPE, SIG_IGN);
>  
>   while ((ch = getopt(argc, argv,
> - "46DdFhI:i:klNnO:P:p:rSs:tT:UuV:vw:X:x:z")) != -1) {
> + "46DcC:dFhI:i:kK:lNnO:P:p:rSs:tT:UuV:vw:X:x:z")) != -1) {

Upper case before lower case.
The R is missing.

> @@ -183,6 +203,9 @@ main(int argc, char *argv[])
>   case 'k':
>   kflag = 1;
>   break;
> + case 'K':
> + Kflag = optarg;
> + break;

Upper case before lower case.

> @@ -195,12 +218,19 @@ main(int argc, char *argv[])
>   case 'P':
>   Pflag = optarg;
>   break;
> + case 'C':
> + Cflag = optarg;
> + break;

Move the C up.

>   case 'p':
>   pflag = optarg;
>   break;
>   case 'r':
>   rflag = 1;
>   break;
> + case 'R':
> + cachanged = 1;
> + Rflag = optarg;
> + break;

Upper case before lower case.

Keeping the same order everywhere is important to check that all
list are equal.

> @@ -347,6 +391,25 @@ main(int argc, char *argv[])
>   proxyhints.ai_flags |= AI_NUMERICHOST;
>   }
>  
> + if (usetls) {
> + if (tls_init() == -1)
> + errx(1, "unable to initialize tls");
> + if ((tlsc = tls_config_new()) == NULL)
> + errx(1, "unable allocate tls config");
> + if (Cflag && (tls_config_set_cert_file(tlsc, Cflag) == -1))
> + errx(1, "unable to set TLS certificate file %s", Cflag);
> + if (Kflag && (tls_config_set_key_file(tlsc, Kflag) == -1))
> + errx(1, "unable to set TLS key file %s", Kflag);

When you set Rflag here to DEFAULT_CA_FILE if it is NULL, you can
get rid of the additional variable 

ping6: out of boundary access with invalid packets

[Tobias Stoeckmann]

The function pr_pack does not properly check boundaries before
accessing packet data. This could happen on short network reads or
when we receive packets that are addressed for another running ping6
instance (see pr_pack comment for more information).

Index: ping6.c
===
RCS file: /cvs/src/sbin/ping6/ping6.c,v
retrieving revision 1.112
diff -u -p -r1.112 ping6.c
--- ping6.c 1 Sep 2015 19:53:23 -   1.112
+++ ping6.c 8 Sep 2015 19:29:29 -
@@ -1222,6 +1222,11 @@ pr_pack(u_char *buf, int cc, struct msgh
SIPHASH_CTX ctx;
u_int8_t mac[SIPHASH_DIGEST_LENGTH];
 
+   if (cc - sizeof(*cp) < sizeof(payload)) {
+   (void)printf("signature missing!\n");
+   return;
+   }
+
memcpy(, icp + 1, sizeof(payload));
tv64 = 
 
@@ -1306,7 +1311,8 @@ pr_pack(u_char *buf, int cc, struct msgh
}
}
}
-   } else if (icp->icmp6_type == ICMP6_NI_REPLY && mynireply(ni)) {
+   } else if (icp->icmp6_type == ICMP6_NI_REPLY &&
+   cc >= sizeof(*ni) && mynireply(ni)) {
seq = ntohs(*(u_int16_t *)ni->icmp6_ni_nonce);
++nreceived;
if (TST(seq % mx_dup_ck)) {
@@ -1351,7 +1357,7 @@ pr_pack(u_char *buf, int cc, struct msgh
case NI_QTYPE_FQDN:
default:/* XXX: for backward compatibility */
cp = (u_char *)ni + ICMP6_NIRLEN;
-   if (buf[off + ICMP6_NIRLEN] ==
+   if (off + ICMP6_NIRLEN < cc && buf[off + ICMP6_NIRLEN] 
==
cc - off - ICMP6_NIRLEN - 1)
oldfqdn = 1;
else
@@ -1438,7 +1444,8 @@ pr_pack(u_char *buf, int cc, struct msgh
}
}
 
-   if (buf[off + ICMP6_NIRLEN] !=
+   if (off + ICMP6_NIRLEN < cc &&
+   buf[off + ICMP6_NIRLEN] !=
cc - off - ICMP6_NIRLEN - 1 && oldfqdn) {
if (comma)
printf(",");

openssl(1) remove unused defines

[Lawrence Teo]

This removes several unused defines in openssl(1).  No binary change.

ok?


Index: ca.c
===
RCS file: /cvs/src/usr.bin/openssl/ca.c,v
retrieving revision 1.9
diff -u -p -u -p -r1.9 ca.c
--- ca.c22 Aug 2015 16:36:05 -  1.9
+++ ca.c8 Sep 2015 02:13:29 -
@@ -88,15 +88,10 @@
 #define STRING_MASK"string_mask"
 #define UTF8_IN"utf8"
 
-#define ENV_DIR"dir"
-#define ENV_CERTS  "certs"
-#define ENV_CRL_DIR"crl_dir"
-#define ENV_CA_DB  "CA_DB"
 #define ENV_NEW_CERTS_DIR  "new_certs_dir"
 #define ENV_CERTIFICATE"certificate"
 #define ENV_SERIAL "serial"
 #define ENV_CRLNUMBER  "crlnumber"
-#define ENV_CRL"crl"
 #define ENV_PRIVATE_KEY"private_key"
 #define ENV_DEFAULT_DAYS   "default_days"
 #define ENV_DEFAULT_STARTDATE  "default_startdate"
Index: gendsa.c
===
RCS file: /cvs/src/usr.bin/openssl/gendsa.c,v
retrieving revision 1.2
diff -u -p -u -p -r1.2 gendsa.c
--- gendsa.c22 Aug 2015 16:36:05 -  1.2
+++ gendsa.c8 Sep 2015 02:33:09 -
@@ -74,8 +74,6 @@
 #include 
 #include 
 
-#define DEFBITS512
-
 int
 gendsa_main(int argc, char **argv)
 {

Re: ping6(8) bug

[Claudio Jeker]

On Tue, Sep 08, 2015 at 02:31:32AM -0400, Michael McConville wrote:
> Claudio Jeker wrote:
> > On Mon, Sep 07, 2015 at 03:49:14PM -0400, Michael McConville wrote:
> > > It seems pretty clear to me that what was here was wrong. A field of
> > > a global struct was pointed at local array. The program logic was a
> > > little wacky, but this is my best estimate of what was intended.
> > > Input?
> > > 
> > > 
> > > Index: ping6.c
> > > ===
> > > RCS file: /cvs/src/sbin/ping6/ping6.c,v
> > > retrieving revision 1.112
> > > diff -u -p -r1.112 ping6.c
> > > --- ping6.c   1 Sep 2015 19:53:23 -   1.112
> > > +++ ping6.c   7 Sep 2015 19:44:15 -
> > > @@ -1056,7 +1056,10 @@ pinger(void)
> > >   memset(, 0, sizeof(iov));
> > >   iov[0].iov_base = (caddr_t)outpack;
> > >   iov[0].iov_len = cc;
> > > - smsghdr.msg_iov = iov;
> > > + smsghdr.msg_iov = calloc(1, sizeof(struct iovec));
> > > + if (smsghdr.msg_iov == NULL)
> > > + return(1);
> > > + *smsghdr.msg_iov = iov[0];
> > >   smsghdr.msg_iovlen = 1;
> > >  
> > >   i = sendmsg(s, , 0);
> > > 
> > 
> > The current code is perfectly fine. msg_iov is a pointer and it points
> > to the iov array. When calling sendmsg the kernel will know how to
> > handle this pointer. There is no need to calloc() memory for this.
> 
> Yes, but the data that it points to is an array on pinger()'s stack.
> When the current pinger() call returns, that data is gone and
> smsghdr.msg_iov points to garbage. Remember, smsghdr is global.
> 
> That said, if we're sure that smsghdr.msg_iov is only accessed from
> within the current pinger() call, this isn't a functional bug. It could
> become one in the future, though, if someone adds something.
> 
> On a separate note, I just noticed that my use of calloc() here is a
> little awkward. I was initially allocating space for two structs. It
> could be malloc() instead.
> 
> Anyway, the more I look at this, the more I think it should just be
> left as is, despite being a little precarious.

Yeah, it is not optimal even though the smsghdr is only used in one place.
Anyway how about this diff instead?
Cleanup some of the mess and use the global iov struct which is currently
unused.
-- 
:wq Claudio

Index: ping6.c
===
RCS file: /cvs/src/sbin/ping6/ping6.c,v
retrieving revision 1.112
diff -u -p -r1.112 ping6.c
--- ping6.c 1 Sep 2015 19:53:23 -   1.112
+++ ping6.c 8 Sep 2015 16:27:43 -
@@ -208,7 +208,7 @@ u_short naflags;
 /* for ancillary data(advanced API) */
 struct msghdr smsghdr;
 struct iovec smsgiov;
-char *scmsg = 0;
+char *scmsg;
 
 volatile sig_atomic_t seenalrm;
 volatile sig_atomic_t seenint;
@@ -273,10 +273,6 @@ main(int argc, char *argv[])
if (setresuid(uid, uid, uid) == -1)
err(1, "setresuid");
 
-   /* just to be sure */
-   memset(, 0, sizeof(smsghdr));
-   memset(, 0, sizeof(smsgiov));
-
preload = 0;
datap = [ICMP6ECHOLEN + ICMP6ECHOTMLEN];
while ((ch = getopt(argc, argv,
@@ -787,7 +783,7 @@ main(int argc, char *argv[])
struct cmsghdr hdr;
u_char buf[CMSG_SPACE(1024)];
}   cmsgbuf;
-   struct ioveciov[2];
+   struct ioveciov[1];
struct pollfd   pfd;
ssize_t cc;
int timeout;
@@ -952,7 +948,6 @@ int
 pinger(void)
 {
struct icmp6_hdr *icp;
-   struct iovec iov[2];
int i, cc;
struct icmp6_nodeinfo *nip;
int seq;
@@ -1053,10 +1048,9 @@ pinger(void)
 
smsghdr.msg_name = 
smsghdr.msg_namelen = sizeof(dst);
-   memset(, 0, sizeof(iov));
-   iov[0].iov_base = (caddr_t)outpack;
-   iov[0].iov_len = cc;
-   smsghdr.msg_iov = iov;
+   smsgiov.iov_base = (caddr_t)outpack;
+   smsgiov.iov_len = cc;
+   smsghdr.msg_iov = 
smsghdr.msg_iovlen = 1;
 
i = sendmsg(s, , 0);

Proposed changes for anoncvs.html

[Rob Pierce]

Some proposed changes for consistency and readability.

Regards,

Index: anoncvs.html
===
RCS file: /cvs/www/anoncvs.html,v
retrieving revision 1.428
diff -u -p -r1.428 anoncvs.html
--- anoncvs.html2 Sep 2015 13:12:30 -   1.428
+++ anoncvs.html8 Sep 2015 15:16:29 -
@@ -39,7 +39,7 @@ source repositories:
 
   src - Houses all source code for the OpenBSD Operating System.
   ports - Houses the OpenBSD 
Ports.
-  www - Houses all OpenBSD web pages. (Including this one).
+  www - Houses all OpenBSD web pages (including this one).
   xenocara - Houses OpenBSD's active X.org v7 source tree.
   X11 and XF4 - Houses OpenBSD's adaptation of the
   http://www.XFree86.org/;>XFree86-3 and XFree86-4
@@ -122,7 +122,7 @@ with only one part of the tree.  The two
 which contains the files used to create the kernel, and src.tar.gz
 which contains all the other "userland" utilities.
 In general, however, you will usually want both of them installed.
-Assuming the downloaded files, src.tar.gz,
+Assuming the downloaded files src.tar.gz,
 sys.tar.gz and xenocara.tar.gz are in /usr:
 
 
@@ -135,11 +135,12 @@ Assuming the downloaded files, src.t
 
 
 
-Not all people will wish to unpack all the file sets, but as the system
+Not all people will wish to unpack all the source files, but as the system
 must be kept in sync, you will generally need to set up all trees.
 
 
-You can also just use cvs(1) to "checkout" the source repository
+You can also just use http://www.openbsd.org/cgi-bin/man.cgi?query=cvssektion=1format=html;>cvs(1)
+to "checkout" the source repository
 for you. This is discussed in the next section.
 
 
@@ -160,16 +161,11 @@ from the erratahere.
 
-Once you have decided which tree to follow, you must choose which Anonymous
-CVS server you are going to use.  A list of these servers is
-below.
-
-
-Once you have chosen which Anonymous CVS Server you will
+Once you have decided which tree to follow, and which Anonymous CVS Server you will
 use, you can start using cvs. For those of you
 who have CDs you can start with the CVS checkout that is on the CD by using
 the method above to get the sources onto your system.
-If you don't have a CD handy, use the method below to checkout the sources.
+If you don't have a CD handy, use the method below to checkout the sources:
 
 
 First, start out by `get'-ing an initial tree:
@@ -210,9 +206,11 @@ Confirm this, and the fingerprint will t
...
 
 
+
 Note that the above format with SHA256 fingerprints was added after the
 release of OpenBSD 5.6; older versions only use MD5 fingerprints.
 
+
  Anytime afterwards, to `update' this tree:
  (If you are following current):
 
@@ -234,7 +232,7 @@ to merge changes in.
  NOTE:
 If you are updating a source tree that you initially fetched
 from a different server, or from a CD, you must
-add the -d [cvsroot] option to cvs.
+add the -d [cvsroot] option to cvs:
 
# cd /usr/src
# cvs -d anon...@anoncvs.ca.openbsd.org:/cvs -q up -Pd
@@ -295,11 +293,11 @@ directory, and a subsequent update will 
 
 
 The anoncvs service gives fledgling developers a chance to learn CVS
-operation and get thoroughly involved in the development process
+operations and get thoroughly involved in the development process
 before getting "commit" access -- as a result of showing useful
 skills and high quality results they will naturally later be given
 developer access.
-As well, people providing patches can create their "diff"s relative
+As well, people providing patches can create their diffs relative
 to the CVS tree, which will ease integration.
 
 Example usages for cvs(1)

Typo in INSTALL.armv7

[Eric Lalonde]

--- INSTALL.armv7.orig  2015-09-08 09:48:21.0 -0700
+++ INSTALL.armv7   2015-09-08 09:48:35.0 -0700
@@ -91,7 +91,7 @@ out as follows:
A miniroot filesystem to be used for
installation; Cubieboard1 version.

-   miniroot-cubox--58.fs
+   miniroot-cubox-58.fs
A miniroot filesystem to be used for
installation; CuBox-i version.