Re: ping6(8) bug
Claudio Jeker wrote: > On Mon, Sep 07, 2015 at 03:49:14PM -0400, Michael McConville wrote: > > It seems pretty clear to me that what was here was wrong. A field of > > a global struct was pointed at local array. The program logic was a > > little wacky, but this is my best estimate of what was intended. > > Input? > > > > > > Index: ping6.c > > === > > RCS file: /cvs/src/sbin/ping6/ping6.c,v > > retrieving revision 1.112 > > diff -u -p -r1.112 ping6.c > > --- ping6.c 1 Sep 2015 19:53:23 - 1.112 > > +++ ping6.c 7 Sep 2015 19:44:15 - > > @@ -1056,7 +1056,10 @@ pinger(void) > > memset(, 0, sizeof(iov)); > > iov[0].iov_base = (caddr_t)outpack; > > iov[0].iov_len = cc; > > - smsghdr.msg_iov = iov; > > + smsghdr.msg_iov = calloc(1, sizeof(struct iovec)); > > + if (smsghdr.msg_iov == NULL) > > + return(1); > > + *smsghdr.msg_iov = iov[0]; > > smsghdr.msg_iovlen = 1; > > > > i = sendmsg(s, , 0); > > > > The current code is perfectly fine. msg_iov is a pointer and it points > to the iov array. When calling sendmsg the kernel will know how to > handle this pointer. There is no need to calloc() memory for this. Yes, but the data that it points to is an array on pinger()'s stack. When the current pinger() call returns, that data is gone and smsghdr.msg_iov points to garbage. Remember, smsghdr is global. That said, if we're sure that smsghdr.msg_iov is only accessed from within the current pinger() call, this isn't a functional bug. It could become one in the future, though, if someone adds something. On a separate note, I just noticed that my use of calloc() here is a little awkward. I was initially allocating space for two structs. It could be malloc() instead. Anyway, the more I look at this, the more I think it should just be left as is, despite being a little precarious.
Re: virtualization support
femto-hypervisor? On Mon, Sep 7, 2015 at 9:36 PM, Ted Unangstwrote: > Mike Larkin wrote: >> > Is this hypervisor more similar to "micro"-hypervisor or to monolithic >> > hypervisor? >> > >> >> I don't know what those terms mean. > > It's a milli-hypervisor! >
Re: nc -c, because openssl s_[client|server] sucks donkey balls
On Sat, Sep 05, 2015 at 01:00:54PM -0600, Bob Beck wrote: > OK to put it in and have others turdshine along? I think some things should be fixed before. $ mandoc -Tlint nc.1 mandoc: nc.1:105:64: WARNING: whitespace at end of input line mandoc: nc.1:188:69: WARNING: whitespace at end of input line mandoc: nc.1:190:17: WARNING: whitespace at end of input line mandoc: nc.1:210:16: WARNING: whitespace at end of input line mandoc: nc.1:212:14: WARNING: whitespace at end of input line $ WARNINGS=yes make cc -O2 -pipe -Wall -Wpointer-arith -Wuninitialized -Wstrict-prototypes -Wmissing-prototypes -Wunused -Wsign-compare -Wshadow -Wdeclaration-after-statement -c netcat.c netcat.c: In function 'main': netcat.c:593: warning: declaration of 'i' shadows a previous local netcat.c:534: warning: shadowed declaration is here re-wrap the long lines > @@ -98,6 +98,11 @@ to use IPv4 addresses only. > Forces > .Nm > to use IPv6 addresses only. > +.It Fl c > +If using a tcp socket to connect or listen, use TLS. Illegal if not using > TCP sockets. > +.It Fl C Ar certificate_filename > +Specifies the filename from which the public part of the TLS > +certificate is loaded, in pem format. Illegal if not using TLS. > .It Fl D > Enable debugging on the socket. > .It Fl d C should be before c > @@ -132,6 +137,9 @@ Forces > to stay listening for another connection after its current connection > is completed. > It is an error to use this option without the > +.It Fl K Ar key_filename > +Specifies the filename from which the private key for the TLS certificate > +is loaded in pem format. Illegal if not using TLS. > .Fl l > option. > When used together with the This flag is in the middle of another. > @@ -176,6 +184,11 @@ option. > Specifies that source and/or destination ports should be chosen randomly > instead of sequentially within a range or in the order that the system > assigns them. > +.It Fl R Ar CA_filename > +Specifies the filename from which the root CA bundle for Certificate > +verification is loaded in pem format. Illegal if not using TLS. > +Default value is > +.Pa /etc/ssl/cert.pem . > .It Fl S > Enables the RFC 2385 TCP MD5 signature option. > .It Fl s Ar source R should be before r > @@ -95,6 +102,13 @@ int Sflag; /* TCP > MD5 signature opti > int Tflag = -1; /* IP Type of Service */ > int rtableid = -1; > > +int usetls; /* use TLS */ > +char*Cflag; /* Public cert file */ > +char*Kflag; /* Private key file */ > +char*Rflag = DEFAULT_CA_FILE;/* Root CA file */ > +int cachanged; /* Using non-default CA file */ > +int TLSopt; /* TLS options */ Don't mix tab and spaces after the type. > @@ -145,7 +162,7 @@ main(int argc, char *argv[]) > signal(SIGPIPE, SIG_IGN); > > while ((ch = getopt(argc, argv, > - "46DdFhI:i:klNnO:P:p:rSs:tT:UuV:vw:X:x:z")) != -1) { > + "46DcC:dFhI:i:kK:lNnO:P:p:rSs:tT:UuV:vw:X:x:z")) != -1) { Upper case before lower case. The R is missing. > @@ -183,6 +203,9 @@ main(int argc, char *argv[]) > case 'k': > kflag = 1; > break; > + case 'K': > + Kflag = optarg; > + break; Upper case before lower case. > @@ -195,12 +218,19 @@ main(int argc, char *argv[]) > case 'P': > Pflag = optarg; > break; > + case 'C': > + Cflag = optarg; > + break; Move the C up. > case 'p': > pflag = optarg; > break; > case 'r': > rflag = 1; > break; > + case 'R': > + cachanged = 1; > + Rflag = optarg; > + break; Upper case before lower case. Keeping the same order everywhere is important to check that all list are equal. > @@ -347,6 +391,25 @@ main(int argc, char *argv[]) > proxyhints.ai_flags |= AI_NUMERICHOST; > } > > + if (usetls) { > + if (tls_init() == -1) > + errx(1, "unable to initialize tls"); > + if ((tlsc = tls_config_new()) == NULL) > + errx(1, "unable allocate tls config"); > + if (Cflag && (tls_config_set_cert_file(tlsc, Cflag) == -1)) > + errx(1, "unable to set TLS certificate file %s", Cflag); > + if (Kflag && (tls_config_set_key_file(tlsc, Kflag) == -1)) > + errx(1, "unable to set TLS key file %s", Kflag); When you set Rflag here to DEFAULT_CA_FILE if it is NULL, you can get rid of the additional variable
ping6: out of boundary access with invalid packets
The function pr_pack does not properly check boundaries before accessing packet data. This could happen on short network reads or when we receive packets that are addressed for another running ping6 instance (see pr_pack comment for more information). Index: ping6.c === RCS file: /cvs/src/sbin/ping6/ping6.c,v retrieving revision 1.112 diff -u -p -r1.112 ping6.c --- ping6.c 1 Sep 2015 19:53:23 - 1.112 +++ ping6.c 8 Sep 2015 19:29:29 - @@ -1222,6 +1222,11 @@ pr_pack(u_char *buf, int cc, struct msgh SIPHASH_CTX ctx; u_int8_t mac[SIPHASH_DIGEST_LENGTH]; + if (cc - sizeof(*cp) < sizeof(payload)) { + (void)printf("signature missing!\n"); + return; + } + memcpy(, icp + 1, sizeof(payload)); tv64 = @@ -1306,7 +1311,8 @@ pr_pack(u_char *buf, int cc, struct msgh } } } - } else if (icp->icmp6_type == ICMP6_NI_REPLY && mynireply(ni)) { + } else if (icp->icmp6_type == ICMP6_NI_REPLY && + cc >= sizeof(*ni) && mynireply(ni)) { seq = ntohs(*(u_int16_t *)ni->icmp6_ni_nonce); ++nreceived; if (TST(seq % mx_dup_ck)) { @@ -1351,7 +1357,7 @@ pr_pack(u_char *buf, int cc, struct msgh case NI_QTYPE_FQDN: default:/* XXX: for backward compatibility */ cp = (u_char *)ni + ICMP6_NIRLEN; - if (buf[off + ICMP6_NIRLEN] == + if (off + ICMP6_NIRLEN < cc && buf[off + ICMP6_NIRLEN] == cc - off - ICMP6_NIRLEN - 1) oldfqdn = 1; else @@ -1438,7 +1444,8 @@ pr_pack(u_char *buf, int cc, struct msgh } } - if (buf[off + ICMP6_NIRLEN] != + if (off + ICMP6_NIRLEN < cc && + buf[off + ICMP6_NIRLEN] != cc - off - ICMP6_NIRLEN - 1 && oldfqdn) { if (comma) printf(",");
openssl(1) remove unused defines
This removes several unused defines in openssl(1). No binary change. ok? Index: ca.c === RCS file: /cvs/src/usr.bin/openssl/ca.c,v retrieving revision 1.9 diff -u -p -u -p -r1.9 ca.c --- ca.c22 Aug 2015 16:36:05 - 1.9 +++ ca.c8 Sep 2015 02:13:29 - @@ -88,15 +88,10 @@ #define STRING_MASK"string_mask" #define UTF8_IN"utf8" -#define ENV_DIR"dir" -#define ENV_CERTS "certs" -#define ENV_CRL_DIR"crl_dir" -#define ENV_CA_DB "CA_DB" #define ENV_NEW_CERTS_DIR "new_certs_dir" #define ENV_CERTIFICATE"certificate" #define ENV_SERIAL "serial" #define ENV_CRLNUMBER "crlnumber" -#define ENV_CRL"crl" #define ENV_PRIVATE_KEY"private_key" #define ENV_DEFAULT_DAYS "default_days" #define ENV_DEFAULT_STARTDATE "default_startdate" Index: gendsa.c === RCS file: /cvs/src/usr.bin/openssl/gendsa.c,v retrieving revision 1.2 diff -u -p -u -p -r1.2 gendsa.c --- gendsa.c22 Aug 2015 16:36:05 - 1.2 +++ gendsa.c8 Sep 2015 02:33:09 - @@ -74,8 +74,6 @@ #include #include -#define DEFBITS512 - int gendsa_main(int argc, char **argv) {
Re: ping6(8) bug
On Tue, Sep 08, 2015 at 02:31:32AM -0400, Michael McConville wrote: > Claudio Jeker wrote: > > On Mon, Sep 07, 2015 at 03:49:14PM -0400, Michael McConville wrote: > > > It seems pretty clear to me that what was here was wrong. A field of > > > a global struct was pointed at local array. The program logic was a > > > little wacky, but this is my best estimate of what was intended. > > > Input? > > > > > > > > > Index: ping6.c > > > === > > > RCS file: /cvs/src/sbin/ping6/ping6.c,v > > > retrieving revision 1.112 > > > diff -u -p -r1.112 ping6.c > > > --- ping6.c 1 Sep 2015 19:53:23 - 1.112 > > > +++ ping6.c 7 Sep 2015 19:44:15 - > > > @@ -1056,7 +1056,10 @@ pinger(void) > > > memset(, 0, sizeof(iov)); > > > iov[0].iov_base = (caddr_t)outpack; > > > iov[0].iov_len = cc; > > > - smsghdr.msg_iov = iov; > > > + smsghdr.msg_iov = calloc(1, sizeof(struct iovec)); > > > + if (smsghdr.msg_iov == NULL) > > > + return(1); > > > + *smsghdr.msg_iov = iov[0]; > > > smsghdr.msg_iovlen = 1; > > > > > > i = sendmsg(s, , 0); > > > > > > > The current code is perfectly fine. msg_iov is a pointer and it points > > to the iov array. When calling sendmsg the kernel will know how to > > handle this pointer. There is no need to calloc() memory for this. > > Yes, but the data that it points to is an array on pinger()'s stack. > When the current pinger() call returns, that data is gone and > smsghdr.msg_iov points to garbage. Remember, smsghdr is global. > > That said, if we're sure that smsghdr.msg_iov is only accessed from > within the current pinger() call, this isn't a functional bug. It could > become one in the future, though, if someone adds something. > > On a separate note, I just noticed that my use of calloc() here is a > little awkward. I was initially allocating space for two structs. It > could be malloc() instead. > > Anyway, the more I look at this, the more I think it should just be > left as is, despite being a little precarious. Yeah, it is not optimal even though the smsghdr is only used in one place. Anyway how about this diff instead? Cleanup some of the mess and use the global iov struct which is currently unused. -- :wq Claudio Index: ping6.c === RCS file: /cvs/src/sbin/ping6/ping6.c,v retrieving revision 1.112 diff -u -p -r1.112 ping6.c --- ping6.c 1 Sep 2015 19:53:23 - 1.112 +++ ping6.c 8 Sep 2015 16:27:43 - @@ -208,7 +208,7 @@ u_short naflags; /* for ancillary data(advanced API) */ struct msghdr smsghdr; struct iovec smsgiov; -char *scmsg = 0; +char *scmsg; volatile sig_atomic_t seenalrm; volatile sig_atomic_t seenint; @@ -273,10 +273,6 @@ main(int argc, char *argv[]) if (setresuid(uid, uid, uid) == -1) err(1, "setresuid"); - /* just to be sure */ - memset(, 0, sizeof(smsghdr)); - memset(, 0, sizeof(smsgiov)); - preload = 0; datap = [ICMP6ECHOLEN + ICMP6ECHOTMLEN]; while ((ch = getopt(argc, argv, @@ -787,7 +783,7 @@ main(int argc, char *argv[]) struct cmsghdr hdr; u_char buf[CMSG_SPACE(1024)]; } cmsgbuf; - struct ioveciov[2]; + struct ioveciov[1]; struct pollfd pfd; ssize_t cc; int timeout; @@ -952,7 +948,6 @@ int pinger(void) { struct icmp6_hdr *icp; - struct iovec iov[2]; int i, cc; struct icmp6_nodeinfo *nip; int seq; @@ -1053,10 +1048,9 @@ pinger(void) smsghdr.msg_name = smsghdr.msg_namelen = sizeof(dst); - memset(, 0, sizeof(iov)); - iov[0].iov_base = (caddr_t)outpack; - iov[0].iov_len = cc; - smsghdr.msg_iov = iov; + smsgiov.iov_base = (caddr_t)outpack; + smsgiov.iov_len = cc; + smsghdr.msg_iov = smsghdr.msg_iovlen = 1; i = sendmsg(s, , 0);
Proposed changes for anoncvs.html
Some proposed changes for consistency and readability. Regards, Index: anoncvs.html === RCS file: /cvs/www/anoncvs.html,v retrieving revision 1.428 diff -u -p -r1.428 anoncvs.html --- anoncvs.html2 Sep 2015 13:12:30 - 1.428 +++ anoncvs.html8 Sep 2015 15:16:29 - @@ -39,7 +39,7 @@ source repositories: src - Houses all source code for the OpenBSD Operating System. ports - Houses the OpenBSD Ports. - www - Houses all OpenBSD web pages. (Including this one). + www - Houses all OpenBSD web pages (including this one). xenocara - Houses OpenBSD's active X.org v7 source tree. X11 and XF4 - Houses OpenBSD's adaptation of the http://www.XFree86.org/;>XFree86-3 and XFree86-4 @@ -122,7 +122,7 @@ with only one part of the tree. The two which contains the files used to create the kernel, and src.tar.gz which contains all the other "userland" utilities. In general, however, you will usually want both of them installed. -Assuming the downloaded files, src.tar.gz, +Assuming the downloaded files src.tar.gz, sys.tar.gz and xenocara.tar.gz are in /usr: @@ -135,11 +135,12 @@ Assuming the downloaded files, src.t -Not all people will wish to unpack all the file sets, but as the system +Not all people will wish to unpack all the source files, but as the system must be kept in sync, you will generally need to set up all trees. -You can also just use cvs(1) to "checkout" the source repository +You can also just use http://www.openbsd.org/cgi-bin/man.cgi?query=cvssektion=1format=html;>cvs(1) +to "checkout" the source repository for you. This is discussed in the next section. @@ -160,16 +161,11 @@ from the erratahere. -Once you have decided which tree to follow, you must choose which Anonymous -CVS server you are going to use. A list of these servers is -below. - - -Once you have chosen which Anonymous CVS Server you will +Once you have decided which tree to follow, and which Anonymous CVS Server you will use, you can start using cvs. For those of you who have CDs you can start with the CVS checkout that is on the CD by using the method above to get the sources onto your system. -If you don't have a CD handy, use the method below to checkout the sources. +If you don't have a CD handy, use the method below to checkout the sources: First, start out by `get'-ing an initial tree: @@ -210,9 +206,11 @@ Confirm this, and the fingerprint will t ... + Note that the above format with SHA256 fingerprints was added after the release of OpenBSD 5.6; older versions only use MD5 fingerprints. + Anytime afterwards, to `update' this tree: (If you are following current): @@ -234,7 +232,7 @@ to merge changes in. NOTE: If you are updating a source tree that you initially fetched from a different server, or from a CD, you must -add the -d [cvsroot] option to cvs. +add the -d [cvsroot] option to cvs: # cd /usr/src # cvs -d anon...@anoncvs.ca.openbsd.org:/cvs -q up -Pd @@ -295,11 +293,11 @@ directory, and a subsequent update will The anoncvs service gives fledgling developers a chance to learn CVS -operation and get thoroughly involved in the development process +operations and get thoroughly involved in the development process before getting "commit" access -- as a result of showing useful skills and high quality results they will naturally later be given developer access. -As well, people providing patches can create their "diff"s relative +As well, people providing patches can create their diffs relative to the CVS tree, which will ease integration. Example usages for cvs(1)
Typo in INSTALL.armv7
--- INSTALL.armv7.orig 2015-09-08 09:48:21.0 -0700 +++ INSTALL.armv7 2015-09-08 09:48:35.0 -0700 @@ -91,7 +91,7 @@ out as follows: A miniroot filesystem to be used for installation; Cubieboard1 version. - miniroot-cubox--58.fs + miniroot-cubox-58.fs A miniroot filesystem to be used for installation; CuBox-i version.