Re: smtpd: use mx name for sni

2021-03-07 Thread Todd C . Miller
On Sun, 07 Mar 2021 21:47:45 +0100, Eric Faurot wrote:

> As spotted by krw@, the mta should use the mx hostname for sni, not
> the reverse dns for the peer address.

Yes, this matches the previous behavior with ssl_check_name().
OK millert@

 - todd



Re: if calloc() needs nmemb and size, why doesn't freezero()?

2021-02-19 Thread Todd C . Miller
On Fri, 19 Feb 2021 10:38:13 -0600, Luke Small wrote:

> In malloc(3):
> “If you use smaller integer types than size_t for ‘nmemb’ and ‘size’, then
> multiplication in freezero() may need to be cast to size_t to avoid integer
> overflow:
> freezero(ptr, (size_t)nmemb * (size_t)size);”
> Or maybe even: freezero(ptr, (size_t)nmemb * size);

This is bad advice.  The product of two size_t values can exceed
SIZE_MAX, at which point you would get integer overflow.  This is
why the malloc(3) man page warns against it.  Note that on 64-bit
platforms like amd64, size_t is already 64-bit so casting to unsigned
long long or uint64_t is not effective.

On OpenBSD, calloc(3) and reallocarray(3) check for integer overflow
for you, which is why they are preferred over malloc(nmemb * size).
You can examing the code yourself:
http://cvsweb.openbsd.org/src/lib/libc/stdlib/reallocarray.c?rev=1.3

 - todd



Re: disklabel: make use of getline(3)

2021-02-01 Thread Todd C . Miller
On Sun, 31 Jan 2021 15:43:32 +0100, Christian Weisgerber wrote:

> Replace fgetln(3) with getline(3).
>
> Since getline() returns a C string, we don't need to carry around
> the length separately.

OK millert@

 - todd



Re: fdisk: make use of getline(3)

2021-01-30 Thread Todd C . Miller
On Sat, 30 Jan 2021 18:02:10 +0100, Christian Weisgerber wrote:

> Replace fgetln(3) with getline(3).

OK millert@

 - todd



Re: disklabel: pointer deref fix

2021-01-30 Thread Todd C . Miller
On Sat, 30 Jan 2021 01:01:37 +0100, Christian Weisgerber wrote:

> Fix a pointer dereference in disklabel(8).
>
> This looks like somebody wrote *s[0] in place of (*s)[0].
> Which in this case happens to be equivalent, but it still looks
> wrong.

Probably my bug.  OK millert@

 - todd



Re: sed: make use of getline(3)

2021-01-30 Thread Todd C . Miller
On Sat, 30 Jan 2021 00:43:02 +0100, Christian Weisgerber wrote:

> Replace fgetln(3) with getline(3) in sed.
>
> The mf_fgets() part is from Johann Oskarsson for Illumos/FreeBSD.
>
> Passes our sed regression tests.

OK millert@

 - todd



ldapd(8): Xr ldap(1)

2021-01-28 Thread Todd C . Miller
Add ldap(1) to SEE ALSO in ldapd(8).  I don't think there is a need
to add it to ldapctl(8) or ldapd.conf(5).

 - todd

Index: usr.sbin/ldapd/ldapd.8
===
RCS file: /cvs/src/usr.sbin/ldapd/ldapd.8,v
retrieving revision 1.14
diff -u -p -u -r1.14 ldapd.8
--- usr.sbin/ldapd/ldapd.8  1 Feb 2016 22:04:39 -   1.14
+++ usr.sbin/ldapd/ldapd.8  28 Jan 2021 18:01:20 -
@@ -138,6 +138,7 @@ control socket
 database files
 .El
 .Sh SEE ALSO
+.Xr ldap 1 ,
 .Xr ldapd.conf 5 ,
 .Xr login.conf 5 ,
 .Xr ldapctl 8



Re: libcurses: don't return ERR if resize didn't change size

2021-01-21 Thread Todd C . Miller
On Thu, 21 Jan 2021 19:53:48 +0100, Hiltjo Posthuma wrote:

> Yes please!, I've also run into this issue on OpenBSD with the "catpoint"
> presentation program. I've been meaning to send the exact same backport patch
> .
>
> The upstream snapshot version of ncurses compiles fine on OpenBSD and I've
> managed to link against it statically for testing purposes:
>
>   https://github.com/ThomasDickey/ncurses-snapshots/commits/master
>
> Maybe it is worthwhile to adopt the files to the structure in
> /usr/src/lib/libcurses ? The current version lags almost 10 years behind and
> probably misses more subtle fixes like this.

The problem is that we have some local changes and no one has spent
the time to merge the upstream changes.

 - todd



libcurses: don't return ERR if resize didn't change size

2021-01-21 Thread Todd C . Miller
This is a backport of the ncurses 5.9 20120707 patch.
https://github.com/mirror/ncurses/commit/471bc007361fd4bc8d2fae060c7d5b09828ed541

Previously, getch() would return ERR if SIGWINCH was received but
the window didn't actually change size.  This can happen, for
example, when the xterm font is changed.

Fixes another canfield issue found by pjanzen@ where changing the
font causes canfield to exit due to getch() returning an error.

 - todd

Index: lib/libcurses/curs_getch.3
===
RCS file: /cvs/src/lib/libcurses/curs_getch.3,v
retrieving revision 1.4
diff -u -p -u -r1.4 curs_getch.3
--- lib/libcurses/curs_getch.3  13 Feb 2019 07:18:57 -  1.4
+++ lib/libcurses/curs_getch.3  21 Jan 2021 15:12:58 -
@@ -236,14 +236,14 @@ See \fBresizeterm\fR(3) for more details
 All routines return the integer \fBERR\fR upon failure and an integer value
 other than \fBERR\fR (\fBOK\fR in the case of ungetch()) upon successful
 completion.
-.RS
+.RS 3
 .TP 5
 \fBungetch\fP
-returns an error
+returns ERR
 if there is no more room in the FIFO.
-.TP 5
+.TP
 \fBwgetch\fP
-returns an error
+returns ERR
 if the window pointer is null, or
 if its timeout expires without having any data.
 .RE
Index: lib/libcurses/curses.priv.h
===
RCS file: /cvs/src/lib/libcurses/curses.priv.h,v
retrieving revision 1.34
diff -u -p -u -r1.34 curses.priv.h
--- lib/libcurses/curses.priv.h 6 Sep 2010 17:26:17 -   1.34
+++ lib/libcurses/curses.priv.h 21 Jan 2021 15:34:57 -
@@ -895,6 +895,7 @@ struct screen {
 */
 #if USE_SIZECHANGE
int (*_resize)(int,int);
+   int (*_ungetch)(SCREEN *, int);
 #endif
 
/*
Index: lib/libcurses/resizeterm.3
===
RCS file: /cvs/src/lib/libcurses/resizeterm.3,v
retrieving revision 1.5
diff -u -p -u -r1.5 resizeterm.3
--- lib/libcurses/resizeterm.3  12 Jan 2010 23:21:59 -  1.5
+++ lib/libcurses/resizeterm.3  21 Jan 2021 15:13:09 -
@@ -88,8 +88,6 @@ this overrides the library's use of the 
 the operating system.
 Thus, even if a SIGWINCH is received,
 no screen size change may be recorded.
-In that case, no \fBKEY_RESIZE\fP is queued for the next call to \fBgetch\fP;
-an \fBERR\fP will be returned instead.
 .SH SEE ALSO
 \fBwresize\fR(3).
 .SH AUTHOR
Index: lib/libcurses/base/lib_set_term.c
===
RCS file: /cvs/src/lib/libcurses/base/lib_set_term.c,v
retrieving revision 1.13
diff -u -p -u -r1.13 lib_set_term.c
--- lib/libcurses/base/lib_set_term.c   12 Jan 2010 23:22:06 -  1.13
+++ lib/libcurses/base/lib_set_term.c   21 Jan 2021 15:39:59 -
@@ -549,6 +549,7 @@ _nc_setupscreen(int slines GCC_UNUSED,
 #endif
 #if USE_SIZECHANGE
 SP->_resize = resizeterm;
+SP->_ungetch = _nc_ungetch;
 #endif
 
 newscr->_clear = TRUE;
Index: lib/libcurses/base/resizeterm.c
===
RCS file: /cvs/src/lib/libcurses/base/resizeterm.c,v
retrieving revision 1.3
diff -u -p -u -r1.3 resizeterm.c
--- lib/libcurses/base/resizeterm.c 12 Jan 2010 23:22:06 -  1.3
+++ lib/libcurses/base/resizeterm.c 21 Jan 2021 15:40:07 -
@@ -420,7 +420,6 @@ resizeterm(int ToLines, int ToCols)
result = resize_term(ToLines, ToCols);
 
 #if USE_SIGWINCH
-   _nc_ungetch(SP, KEY_RESIZE);/* so application can know this 
*/
clearok(curscr, TRUE);  /* screen contents are unknown */
 
/* ripped-off lines are a special case: if we did not lengthen
@@ -451,6 +450,9 @@ resizeterm(int ToLines, int ToCols)
}
 #endif
}
+#if USE_SIGWINCH
+   _nc_ungetch(SP, KEY_RESIZE);/* so application can know this */
+#endif
 }
 
 returnCode(result);
Index: lib/libcurses/tinfo/lib_setup.c
===
RCS file: /cvs/src/lib/libcurses/tinfo/lib_setup.c,v
retrieving revision 1.12
diff -u -p -u -r1.12 lib_setup.c
--- lib/libcurses/tinfo/lib_setup.c 12 Jan 2010 23:22:06 -  1.12
+++ lib/libcurses/tinfo/lib_setup.c 21 Jan 2021 15:39:10 -
@@ -321,8 +321,11 @@ _nc_update_screensize(SCREEN *sp)
  */
 if (sp != 0
&& sp->_resize != 0) {
-   if ((new_lines != old_lines) || (new_cols != old_cols))
+   if ((new_lines != old_lines) || (new_cols != old_cols)) {
sp->_resize(new_lines, new_cols);
+   } else if (sp->_sig_winch && (sp->_ungetch != 0)) {
+   sp->_ungetch(SP, KEY_RESIZE);   /* so application can know this 
*/
+   }
sp->_sig_winch = FALSE;
 }
 }



games/canfield bug

2021-01-21 Thread Todd C . Miller
Paul Janzen reported that if you try to resize an xterm while
canfield is running, canfield suspends itself. This is due to the
curses getch() function returning KEY_RESIZE.  However, canfield
only expects to read 7-bit ascii characters and so uses a mask of
0x7f.  Since KEY_RESIZE & 0x7f == 0x1a (^Z), resizing the window
causes canfield to suspend itself.

We should just ignore any of the special curses keys returned by
getch() since canfield is not prepared to deal with them.

 - todd

Index: games/canfield/canfield/canfield.c
===
RCS file: /cvs/src/games/canfield/canfield/canfield.c,v
retrieving revision 1.28
diff -u -p -u -r1.28 canfield.c
--- games/canfield/canfield/canfield.c  24 Aug 2018 11:14:49 -  1.28
+++ games/canfield/canfield/canfield.c  21 Jan 2021 02:50:36 -
@@ -1332,7 +1332,8 @@ getcmd(int row, int col, const char *cp)
do {
if ((ch = getch()) == ERR)
cleanup(0);
-   ch &= 0177;
+   if (ch >= KEY_MIN)
+   continue;
if (ch >= 'A' && ch <= 'Z')
ch += ('a' - 'A');
if (ch == '\f') {



Re: [PATCH] Reduce case duplication in kern_sysctl

2021-01-09 Thread Todd C . Miller
On Sat, 09 Jan 2021 14:39:53 -0800, Greg Steuck wrote:

> How's this instead? OK?
>
> Tested with the usual diff of before/after sysctl outputs and a random
> sysctl -w poke.
>
> Subject: [PATCH] Split hierarchical calls into kern_sysctl_dirs
>
> Removed a rash of +/-1 and made both functions shorter and more focused.

OK millert@

 - todd



Re: [PATCH] Reduce case duplication in kern_sysctl

2021-01-09 Thread Todd C . Miller
On Mon, 28 Dec 2020 22:00:55 -0800, Greg Steuck wrote:

> Here's an updated version to account from an intervening change since I
> posted this first.

Updated diff looks good to me.  OK millert@ but it would be good
to get feedback from Marcus too.

 - todd



Re: [PATCH] Reduce case duplication in kern_sysctl

2021-01-09 Thread Todd C . Miller
On Sun, 20 Dec 2020 15:52:07 -0800, Greg Steuck wrote:

> I tested this by diff'ing sysctl output before/after on amd64. Since
> there's a bunch of ifdef'ness I verified RAMDISK still builds.
>
> I deliberately didn't fix the indentation to keep this diff a pure line
> motion (would run over 80 chars otherwise). I can either fix that it in
> a separate commit or in this one before submitting.

Can you re-send a version of this that applies on top of -current?

 - todd



Re: [PATCH]es sysctl_int_bounded goodness

2021-01-09 Thread Todd C . Miller
On Fri, 18 Dec 2020 12:31:54 -0800, Greg Steuck wrote:

> I'm scraping the bottom of the barrel with these, so dumped them all
> together for ease of review. Will submit piecemeal as reviews happen.
>
> All verified manually with sysctl -w. Even bothered to find an i386
> machine with watchdog and build a WITNESS kernel to run all code paths.

OK millert@

 - todd



Re: Fix -Wincompatible-pointer-types-discards-qualifiers

2021-01-07 Thread Todd C . Miller
On Fri, 08 Jan 2021 00:29:32 +0100, Theo Buehler wrote:

> Thanks. Unfortunately the patch was mangled by your MUA (line wrapping
> and expanded tabs).
>
> Below is a version that applies.

OK millert@ as well.

 - todd



Re: sleep(3): don't bypass nanosleep(2)

2021-01-06 Thread Todd C . Miller
On Wed, 06 Jan 2021 10:31:28 -0600, Scott Cheloha wrote:

> Other benefits:
>
> - sleep(3) now *always* shows up in ktrace.
>
> - sleep(3) with a zero input now blocks for up to 1 tick, just like
>   nanosleep(2) does with a zero input (more intuitive behavior).
>
> - Neither NetBSD nor FreeBSD bypass nanosleep(2) like this, so now our
>   sleep(3) is more like theirs.

OK millert@

 - todd



Re: libc/regex: turn unsafe macros to inline functions

2021-01-03 Thread Todd C . Miller
On Sun, 03 Jan 2021 17:51:56 +0100, Theo Buehler wrote:

> Thanks. Here's the diff rebased on top of -current. This is
>
> ok tb

OK millert@ as well if you'd like to do the honors.

 - todd



Re: libc/regex: turn unsafe macros to inline functions

2021-01-02 Thread Todd C . Miller
On Sat, 02 Jan 2021 20:33:51 +, Miod Vallat wrote:

> That code was written before inline functions were supported by
> compilers; now that they are even part of the language standard, turn
> macros into inline functions so that there is no need to document in
> comments that they will evaluate their arguments multiple times.

OK millert@

> (one may consider switching their names to lowercase now that these are
> no longer macros.)

I don't think the churn is worth it and it would result in an
unnecesary difference from FreeBSD.

 - todd



Re: libc/regex: const'r'us

2020-12-31 Thread Todd C . Miller
All three committed, thanks.

 - todd



Re: libc/regex: more regular error handling

2020-12-31 Thread Todd C . Miller
On Thu, 31 Dec 2020 07:29:51 +, Miod Vallat wrote:

> The REQUIRE macro is used to check for a condition, and set an error in
> the parse struct if it is not satisfied.
>
> This changes it from ((condition) || function call) to a, IMHO more
> readable, if() test.

OK millert@

 - todd



Re: libc/regex: drop more unused data

2020-12-31 Thread Todd C . Miller
On Thu, 31 Dec 2020 07:25:19 +, Miod Vallat wrote:

> re_guts catspace[] is only written to (via categories[]), and never used
> for anything, so don't bother keeping that.

OK millert@

 - todd



Re: libc/regex: const'r'us

2020-12-31 Thread Todd C . Miller
On Thu, 31 Dec 2020 07:27:49 +, Miod Vallat wrote:

> Spencer's code was written before const was a thing, but we can do
> better. Neither regcomp(3) nor regex(3) modify the strings they are
> being passed, so we can keep internal pointers as const as well and
> avoid {dub,spur}ious casts.
>
> While there, the temporary array in nonnewline() can be made static
> const as well rather than recreated every time.

OK millert@

 - todd



Re: login_passwd.c (etc.) and auth_mkvalue(3) returning NULL

2020-12-31 Thread Todd C . Miller
On Thu, 31 Dec 2020 15:27:02 +1100, Ross L Richardson wrote:

> It could, of course, just use a fixed string rather than the "%s" format,
> although the latter is certainly clear(er) and consistent.

I originally had a fixed string but decided that using the "%s"
format was clearer.

> With auth_mkvalue() not being used, I don't think it needs to include
>  any more.

Good catch.

 - todd



Re: login_passwd.c (etc.) and auth_mkvalue(3) returning NULL

2020-12-30 Thread Todd C . Miller
On Wed, 30 Dec 2020 15:34:34 +1100, Ross L Richardson wrote:

> auth_mkvalue(3) may return NULL (if no memory is available), but
> login_passwd.c and friends use the return value without checking.

Yes, that should be checked.  In the case of login_passwd.c there
is really no reason to use auth_mkvalue(3) at all as there is nothing
that needs to be escaped.  I think the simplest approach is to send
a reject message if there is a memory allocation error.

 - todd

Index: login_passwd/login_passwd.c
===
RCS file: /cvs/src/libexec/login_passwd/login_passwd.c,v
retrieving revision 1.18
diff -u -p -u -r1.18 login_passwd.c
--- login_passwd/login_passwd.c 15 May 2020 17:25:39 -  1.18
+++ login_passwd/login_passwd.c 30 Dec 2020 16:05:30 -
@@ -121,7 +121,7 @@ main(int argc, char *argv[])
}
if (wheel != NULL && strcmp(wheel, "yes") != 0) {
fprintf(back, BI_VALUE " errormsg %s\n",
-   auth_mkvalue("you are not in group wheel"));
+   "you are not in group wheel");
fprintf(back, BI_REJECT "\n");
exit(1);
}
Index: login_radius/login_radius.c
===
RCS file: /cvs/src/libexec/login_radius/login_radius.c,v
retrieving revision 1.9
diff -u -p -u -r1.9 login_radius.c
--- login_radius/login_radius.c 27 Apr 2017 20:55:52 -  1.9
+++ login_radius/login_radius.c 30 Dec 2020 16:01:26 -
@@ -183,19 +183,29 @@ main(int argc, char **argv)
strcmp(service, "login") ? challenge : NULL, password, );
 
if (c == 0) {
-   if (*challenge == '\0')
+   if (*challenge == '\0') {
(void)fprintf(back, BI_AUTH "\n");
-   else {
-   (void)fprintf(back, BI_VALUE " challenge %s\n",
-   auth_mkvalue(challenge));
-   (void)fprintf(back, BI_CHALLENGE "\n");
+   exit(0);
+   } else {
+   char *val = auth_mkvalue(challenge);
+   if (val != NULL) {
+   (void)fprintf(back, BI_VALUE " challenge %s\n",
+   val);
+   (void)fprintf(back, BI_CHALLENGE "\n");
+   exit(0);
+   }
+   emsg = "unable to allocate memory";
+   }
+   }
+   if (emsg != NULL) {
+   if (strcmp(service, "login") == 0) {
+   (void)fprintf(stderr, "%s\n", emsg);
+   } else {
+   emsg = auth_mkvalue(emsg);
+   (void)fprintf(back, BI_VALUE " errormsg %s\n",
+   emsg ? emsg : "unable to allocate memory");
}
-   exit(0);
}
-   if (emsg && strcmp(service, "login") == 0)
-   (void)fprintf(stderr, "%s\n", emsg);
-   else if (emsg)
-   (void)fprintf(back, "value errormsg %s\n", auth_mkvalue(emsg));
if (strcmp(service, "challenge") == 0) {
(void)fprintf(back, BI_SILENT "\n");
exit(0);
Index: login_skey/login_skey.c
===
RCS file: /cvs/src/libexec/login_skey/login_skey.c,v
retrieving revision 1.28
diff -u -p -u -r1.28 login_skey.c
--- login_skey/login_skey.c 28 Jun 2019 13:32:53 -  1.28
+++ login_skey/login_skey.c 30 Dec 2020 16:04:16 -
@@ -157,8 +157,14 @@ main(int argc, char *argv[])
case MODE_CHALLENGE:
haskey = (skeychallenge2(fd, , user, challenge) == 0);
strlcat(challenge, "\nS/Key Password:", sizeof(challenge));
-   fprintf(back, BI_VALUE " challenge %s\n",
-   auth_mkvalue(challenge));
+   cp = auth_mkvalue(challenge);
+   if (cp == NULL) {
+   (void)fprintf(back, BI_VALUE " errormsg %s\n",
+   "unable to allocate memory");
+   (void)fprintf(back, BI_REJECT "\n");
+   exit(1);
+   }
+   fprintf(back, BI_VALUE " challenge %s\n", cp);
fprintf(back, BI_CHALLENGE "\n");
if (haskey) {
fprintf(back, BI_FDPASS "\n");
Index: login_token/login_token.c
===
RCS file: /cvs/src/libexec/login_token/login_token.c,v
retrieving revision 1.16
diff -u -p -u -r1.16 login_token.c
--- login_token/login_token.c   28 Jun 2019 13:32:53 -  1.16
+++ login_token/login_token.c   30 Dec 2020 16:04:31 -
@@ -152,8 +152,14 @@ main(int argc, char *argv[])
tt->proper);
(void)sigprocmask(SIG_UNBLOCK, , NULL);
if (mode == 1) {
-  

Re: [diff] src/usr.sbin/smtpd: change process names

2020-12-30 Thread Todd C . Miller
On Wed, 30 Dec 2020 09:27:34 +0100, Martijn van Duren wrote:

> On Tue, 2020-12-29 at 08:57 +0100, Giovanni Bechis wrote:
> > On 12/20/20 12:21 AM, gil...@poolp.org wrote:
> > > December 19, 2020 11:26 PM, "Martijn van Duren"  alat.at> wrote:
> > > 
> > > > Personally I'd rather wait to keep the names in sync, especially since
> > > > it's an easy 2 line diff that can easily be incorperated in the bigger
> > > > thing. But it's not something I'm going to loose sleep over if others
> > > > thing it can go in right now.
> > > > 
> > > 
> > > Fair enough :-)
> > > 
> > > Below is the diff that changes all references to pony into dispatcher.
> > > 
> > > I didn't rename pony.c to dispatcher.c as this would break the diff, but 
> if this gets
> > > committed I'll submit a diff for the rename + Makefile bit
> > > 
> > I like it and it reads OK for me.
> >  Giovanni
> > 
> Here's the final diff that moves pony.c to dispatcher.c and (including
> in smtpd.h).

OK millert@

 - todd



Re: Rename SIMPLEQ_ to STAILQ_, diff 1/7

2020-12-29 Thread Todd C . Miller
On Tue, 29 Dec 2020 12:36:22 -0700, Todd C. Miller wrote:

> That looks something like this.  I used the FreeBSD macros which
> incorporate STAILQ_NEXT and STAILQ_FIRST but I can inline things
> if someone has a strong opinion on this.

Here is the updated man page.  The table doesn't reflect STAILQ_LAST
but I didn't want to add an extra line in the table just for LAST.

 - todd

Index: share/man/man3/queue.3
===
RCS file: /cvs/src/share/man/man3/queue.3,v
retrieving revision 1.67
diff -u -p -u -r1.67 queue.3
--- share/man/man3/queue.3  13 Jul 2020 01:28:10 -  1.67
+++ share/man/man3/queue.3  29 Dec 2020 22:22:10 -
@@ -77,6 +77,23 @@
 .Nm SIMPLEQ_REMOVE_AFTER ,
 .Nm SIMPLEQ_REMOVE_HEAD ,
 .Nm SIMPLEQ_CONCAT ,
+.Nm STAILQ_ENTRY ,
+.Nm STAILQ_HEAD ,
+.Nm STAILQ_HEAD_INITIALIZER ,
+.Nm STAILQ_FIRST ,
+.Nm STAILQ_NEXT ,
+.Nm STAILQ_LAST ,
+.Nm STAILQ_EMPTY ,
+.Nm STAILQ_FOREACH ,
+.Nm STAILQ_FOREACH_SAFE ,
+.Nm STAILQ_INIT ,
+.Nm STAILQ_INSERT_AFTER ,
+.Nm STAILQ_INSERT_HEAD ,
+.Nm STAILQ_INSERT_TAIL ,
+.Nm STAILQ_REMOVE ,
+.Nm STAILQ_REMOVE_AFTER ,
+.Nm STAILQ_REMOVE_HEAD ,
+.Nm STAILQ_CONCAT ,
 .Nm TAILQ_ENTRY ,
 .Nm TAILQ_HEAD ,
 .Nm TAILQ_HEAD_INITIALIZER ,
@@ -97,7 +114,7 @@
 .Nm TAILQ_REMOVE ,
 .Nm TAILQ_REPLACE ,
 .Nm TAILQ_CONCAT
-.Nd intrusive singly-linked and doubly-linked lists, simple queues, and tail 
queues
+.Nd intrusive singly-linked and doubly-linked lists, simple queues, 
singly-linked and doubly-linked tail queues
 .Sh SYNOPSIS
 .In sys/queue.h
 .Pp
@@ -174,6 +191,24 @@
 .Fn SIMPLEQ_REMOVE_HEAD "SIMPLEQ_HEAD *head" "FIELDNAME"
 .Fn SIMPLEQ_CONCAT "SIMPLEQ_HEAD *head1" "SIMPLEQ_HEAD *head2"
 .Pp
+.Fn STAILQ_ENTRY "TYPE"
+.Fn STAILQ_HEAD "HEADNAME" "TYPE"
+.Fn STAILQ_HEAD_INITIALIZER "STAILQ_HEAD head"
+.Fn STAILQ_FIRST "STAILQ_HEAD *head"
+.Fn STAILQ_NEXT "TYPE *elm" "STAILQ_ENTRY NAME"
+.Fn STAILQ_LAST "STAILQ_HEAD *head" "TYPE *elm" "STAILQ_ENTRY NAME"
+.Fn STAILQ_EMPTY "STAILQ_HEAD *head"
+.Fn STAILQ_FOREACH "TYPE *var" "STAILQ_HEAD *head" "STAILQ_ENTRY NAME"
+.Fn STAILQ_FOREACH_SAFE "TYPE *var" "STAILQ_HEAD *head" "STAILQ_ENTRY NAME" 
"TYPE *temp_var"
+.Fn STAILQ_INIT "STAILQ_HEAD *head"
+.Fn STAILQ_INSERT_AFTER "STAILQ_HEAD *head" "TYPE *listelm" "TYPE *elm" 
"STAILQ_ENTRY NAME"
+.Fn STAILQ_INSERT_HEAD "STAILQ_HEAD *head" "TYPE *elm" "STAILQ_ENTRY NAME"
+.Fn STAILQ_INSERT_TAIL "STAILQ_HEAD *head" "TYPE *elm" "STAILQ_ENTRY NAME"
+.Fn STAILQ_REMOVE "STAILQ_HEAD *head" "TYPE *elm" "TYPE" "STAILQ_ENTRY NAME"
+.Fn STAILQ_REMOVE_AFTER "STAILQ_HEAD *head" "TYPE *elm" "STAILQ_ENTRY NAME"
+.Fn STAILQ_REMOVE_HEAD "STAILQ_HEAD *head" "STAILQ_ENTRY NAME"
+.Fn STAILQ_CONCAT "STAILQ_HEAD *head1" "STAILQ_HEAD *head2"
+.Pp
 .Fn TAILQ_ENTRY "TYPE"
 .Fn TAILQ_HEAD "HEADNAME" "TYPE"
 .Fn TAILQ_HEAD_INITIALIZER "TAILQ_HEAD head"
@@ -207,9 +242,10 @@
 .Fn TAILQ_REPLACE "TAILQ_HEAD *head" "struct TYPE *elm" "struct TYPE *elm2" 
"FIELDNAME"
 .Fn TAILQ_CONCAT "TAILQ_HEAD *head1" "TAILQ_HEAD *head2" "FIELDNAME"
 .Sh DESCRIPTION
-These macros define and operate on four types of data structures:
-singly-linked lists, simple queues, lists, and tail queues.
-All four structures support the following functionality:
+These macros define and operate on five types of data structures:
+singly-linked lists, simple queues, lists, singly-linked tail queues,
+and tail queues.
+All five structures support the following functionality:
 .Pp
 .Bl -enum -compact -offset indent
 .It
@@ -220,24 +256,26 @@ Insertion of a new entry after any eleme
 Removal of an entry from the head of the list.
 .It
 Forward traversal through the list.
+.It
+Forward traversal through the list.
 .El
 .Pp
 The following table provides a quick overview
 of which types support which additional macros:
-.Bl -column -offset 6n "LAST, PREV, FOREACH_REVERSE" SLIST LIST SIMPLEQ TAILQ
-.It LAST, PREV, FOREACH_REVERSE Ta - Ta -Ta -   Ta TAILQ
-.It INSERT_BEFORE, REPLACE  Ta - Ta LIST Ta -   Ta TAILQ
-.It INSERT_TAIL, CONCAT Ta - Ta -Ta SIMPLEQ Ta TAILQ
-.It REMOVE_AFTER, REMOVE_HEAD   Ta SLIST Ta -Ta SIMPLEQ Ta -
-.It REMOVE  Ta SLIST Ta LIST Ta -   Ta TAILQ
+.Bl -column -offset 6n "LAST, PREV, FOREACH_REVERSE" SLIST LIST SIMPLEQ STAILQ 
TAILQ
+.It LAST, PREV, FOREACH_REVERSE Ta - Ta -Ta -   Ta -  Ta TAILQ
+.It INSERT_B

Re: Rename SIMPLEQ_ to STAILQ_, diff 1/7

2020-12-29 Thread Todd C . Miller
On Sat, 26 Dec 2020 15:07:36 -0700, "Theo de Raadt" wrote:

> Well in that case this should still be a multistep process.
>
> Add STAILQ
>
> Convert things, including everything in ports
>
> No diff should change a line of code before it's time

That looks something like this.  I used the FreeBSD macros which
incorporate STAILQ_NEXT and STAILQ_FIRST but I can inline things
if someone has a strong opinion on this.

If this is OK I will send an update to the man page.

 - todd

Index: sys/sys/queue.h
===
RCS file: /cvs/src/sys/sys/queue.h,v
retrieving revision 1.45
diff -u -p -u -r1.45 queue.h
--- sys/sys/queue.h 12 Jul 2018 14:22:54 -  1.45
+++ sys/sys/queue.h 29 Dec 2020 17:32:31 -
@@ -533,4 +533,101 @@ struct {  
\
}   \
 } while (0)
 
+/*
+ * Singly-linked Tail queue declarations.
+ */
+#defineSTAILQ_HEAD(name, type) 
\
+struct name {  \
+   struct type *stqh_first;/* first element */ \
+   struct type **stqh_last;/* addr of last next element */ \
+}
+
+#defineSTAILQ_HEAD_INITIALIZER(head)   
\
+   { NULL, &(head).stqh_first }
+
+#defineSTAILQ_ENTRY(type)  
\
+struct {   \
+   struct type *stqe_next; /* next element */  \
+}
+
+/*
+ * Singly-linked Tail queue access methods.
+ */
+#defineSTAILQ_FIRST(head)  ((head)->stqh_first)
+#defineSTAILQ_END(head)NULL
+#defineSTAILQ_EMPTY(head)  (STAILQ_FIRST(head) == STAILQ_END(head))
+#defineSTAILQ_NEXT(elm, field) ((elm)->field.stqe_next)
+
+#define STAILQ_FOREACH(var, head, field)   \
+   for ((var) = STAILQ_FIRST(head);\
+   (var) != STAILQ_END(head);  \
+   (var) = STAILQ_NEXT(var, field))
+
+#defineSTAILQ_FOREACH_SAFE(var, head, field, tvar) 
\
+   for ((var) = STAILQ_FIRST(head);\
+   (var) && ((tvar) = STAILQ_NEXT(var, field), 1); \
+   (var) = (tvar))
+
+/*
+ * Singly-linked Tail queue functions.
+ */
+#defineSTAILQ_INIT(head) do {  
\
+   (head)->stqh_first = NULL;  \
+   (head)->stqh_last = &(head)->stqh_first;\
+} while (0)
+
+#defineSTAILQ_INSERT_HEAD(head, elm, field) do {   
\
+   if ((STAILQ_NEXT((elm), field) = STAILQ_FIRST((head))) == NULL) \
+   (head)->stqh_last = _NEXT((elm), field); \
+   STAILQ_FIRST((head)) = (elm);   \
+} while (0)
+
+#defineSTAILQ_INSERT_TAIL(head, elm, field) do {   
\
+   STAILQ_NEXT((elm), field) = NULL;   \
+   *(head)->stqh_last = (elm); \
+   (head)->stqh_last = _NEXT((elm), field); \
+} while (0)
+
+#defineSTAILQ_INSERT_AFTER(head, listelm, elm, field) do { 
\
+   if ((STAILQ_NEXT((elm), field) = STAILQ_NEXT((elm), field)) == NULL)\
+   (head)->stqh_last = _NEXT((elm), field); \
+   STAILQ_NEXT((elm), field) = (elm);  \
+} while (0)
+
+#define STAILQ_REMOVE_HEAD(head, field) do {\
+   if ((STAILQ_FIRST((head)) = \
+   STAILQ_NEXT(STAILQ_FIRST((head)), field)) == NULL)  \
+   (head)->stqh_last = _FIRST((head));  \
+} while (0)
+
+#define STAILQ_REMOVE_AFTER(head, elm, field) do {  \
+   if ((STAILQ_NEXT(elm, field) =  \
+   STAILQ_NEXT(STAILQ_NEXT(elm, field), field)) == NULL)   \
+   (head)->stqh_last = _NEXT((elm), field); \
+} while (0)
+
+#defineSTAILQ_REMOVE(head, elm, type, field) do {  
\
+   if ((head)->stqh_first == (elm)) {  \
+   STAILQ_REMOVE_HEAD((head), field);  \
+   } else {\
+   struct type *curelm = (head)->stqh_first;   \
+   while (STAILQ_NEXT(curelm, field) != (elm)) \
+   curelm = STAILQ_NEXT(curelm, field);\
+   STAILQ_REMOVE_AFTER(head, curelm, field);   \
+   }

Re: libc/regex: safer pointer arithmetic

2020-12-29 Thread Todd C . Miller
On Tue, 29 Dec 2020 10:33:26 +, Miod Vallat wrote:

> regcomp.c uses the "start + count < end" idiom to check that there are
> "count" bytes available in an array of char "start" and "end" both point
> to.
>
> This is fine, unless "start + count" goes beyond the last element of the
> array. In this case, pedantic interpretation of the C standard makes
> the comparison of such a pointer against "end" undefined, and optimizers
> from hell will happily remove as much code as possible because of this.

OK millert@

 - todd



Re: libc/regex: regerror minor tweaks

2020-12-29 Thread Todd C . Miller
On Tue, 29 Dec 2020 10:35:08 +, Miod Vallat wrote:

> The following diff constifies the strings in regerror.c and also makes
> use of the strlcpy() return value to avoid a redundant strlen() call.

OK millert@

 - todd



Re: libc/regex: remove dead code

2020-12-29 Thread Todd C . Miller
On Tue, 29 Dec 2020 09:50:16 +, Miod Vallat wrote:

> cclasses[] multis field is always an empty string. Remove it and code
> dealing with it. This code was incomplete anyway.

OK millert@

 - todd



Re: libc/regex: constify more data

2020-12-29 Thread Todd C . Miller
On Tue, 29 Dec 2020 09:49:11 +, Miod Vallat wrote:

> The following diff constifies the strings in cnames[]. No functional
> change.

OK millert@

 - todd



Re: smtpd: trim down on filter processes

2020-12-27 Thread Todd C . Miller
On Sun, 27 Dec 2020 18:41:22 +0100, Martijn van Duren wrote:

> Because filters use system(3) after forking we get 2 processes for every
> filter: one for waiting for system(3) to return and one running the actual
> filter.
>
> Since the extra smtpd process does absolutely nothing we can just as easily
> copy over what system(3) does internally for execve and call the shell
> command directly.

Since you are just passing environ unchanged, why not use execv(3)
instead of execve(2) and avoid the ugly 'extern char **environ;'?

 - todd



Re: Rename SIMPLEQ_ to STAILQ_, diff 1/7

2020-12-26 Thread Todd C . Miller
On Sat, 26 Dec 2020 10:45:21 -0700, "Theo de Raadt" wrote:

> > This diff renames SIMPLEQ_* to STAILQ_* in /usr/src/sys/sys to unify
> > with FreeBSD and Linux.
>
> More than half the stuff being touched doesn't exist in FreeBSD or Linux.
>
> SIMPLEQ_ goes back to 97.

STAILQ goes back to 96.  NetBSD invented SIMPLEQ after STAILQ already
existed.  Personally, I find STAILQ much more natural--the naming
of SIMPLEQ lacks any real meaning to me.

I'd settle for just including STAILQ in queue.h, but when we discussed
this last time you were not opposed to replacing SIMPLEQ with STAILQ.
Having code in base that uses both types seems like a mistake.

 - todd



Re: Rename SIMPLEQ_ to STAILQ_, diff 1/7

2020-12-26 Thread Todd C . Miller
I read through all the diffs and they look fine to me.  My only
comment is that it would be nice if the whitespace changes to queue.h
were done separately as they makes it more difficult to see the
important changes.

I was pleasntly surprised to find the nothing in the tree reaches
into the data structure directly.  Everything is using the various
accessor macros.

 - todd



Re: [diff] usr.sbin/smtpd: fix event handling upon exit

2020-12-22 Thread Todd C . Miller
OK millert@

 - todd



Re: [diff] src/usr.sbin/smtpd: add a forward-file option

2020-12-19 Thread Todd C . Miller
I like this direction but I worry about breaking existing configs.
How are we going to alert existing users that they need to update
their configs if the behavior silently changes?

 - todd



Re: [diff] src/usr.sbin/smtpd: change process names

2020-12-19 Thread Todd C . Miller
I like it.  I always forget which role the pony process performs.

 - todd



Re: WITNESS panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) kmmaplk

2020-12-19 Thread Todd C . Miller
On Sat, 19 Dec 2020 18:07:41 -0300, Martin Pieuchot wrote:

> A solution based on a comment and a non-enabled by option seems very
> fragile to me.  I came up with the idea of poisoning the ipl of the
> mutex.  What do you think?

Even better.  OK millert@

 - todd



Re: WITNESS panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) kmmaplk

2020-12-18 Thread Todd C . Miller
On Fri, 18 Dec 2020 13:34:39 +0100, Mark Kettenis wrote:

> Anyway, your analysis is right.  When a kernel thread wants to use
> pmap_extract(9) on a userland pmap, it needs to lock pm_apte_mtx to
> prevent another thread from simultaniously activating a userland pmap
> too.  So indeed, pm_apte_mtx needs to be properly initialized for the
> kernel pmap.
>
> However, pm_mtx should never be used for the kernel pmap.  If we don't
> initialize the lock, witness will help us catching this condition, so
> maybe we shouldn't...

I think a comment is warranted if we don't want to initialize the
lock to prevent someone from fixing this in the future ;-)

 - todd



Re: [diff] src/usr.sbin/smtpd: plug two memory leaks

2020-12-17 Thread Todd C . Miller
On Thu, 17 Dec 2020 15:02:41 +, gil...@poolp.org wrote:

> a- in lka_filter.c, the name of the filter chain for a session is strdup()-ed
> upon session allocation but not released upon session release. free() it
> in lka_filter_end().
>
> b- in smtp_session.c, filter io channel should be released when a tx is over,
> but it isn't. call io_free() on the channel in smtp_tx_free() if we do
> have a channel ready.
>
> diff --git a/usr.sbin/smtpd/lka_filter.c b/usr.sbin/smtpd/lka_filter.c
> index 9891e6140a3..6eb0829efca 100644
> --- a/usr.sbin/smtpd/lka_filter.c
> +++ b/usr.sbin/smtpd/lka_filter.c
> @@ -535,6 +535,7 @@ lka_filter_end(uint64_t reqid)
>   free(fs->mail_from);
>   free(fs->username);
>   free(fs->lastparam);
> + free(fs->filter_name);
>   free(fs);
>   log_trace(TRACE_FILTERS, "%016"PRIx64" filters session-end", reqid);
>  }

OK

> diff --git a/usr.sbin/smtpd/smtp_session.c b/usr.sbin/smtpd/smtp_session.c
> index 60123ad9a80..4530f44fb69 100644
> --- a/usr.sbin/smtpd/smtp_session.c
> +++ b/usr.sbin/smtpd/smtp_session.c
> @@ -2438,6 +2438,11 @@ smtp_tx_free(struct smtp_tx *tx)
>   if (tx->ofile)
>   fclose(tx->ofile);
>  
> + if (tx->filter) {
> + io_free(tx->filter);
> + tx->filter = NULL;
> + }
> +
>   tx->session->tx = NULL;
>  
>   free(tx);

Is there any reason to clear tx->filter when we are about to free tx?
If so, maybe tx->ofile should be cleared after close too.

 - todd



Re: libcurses: --enable-const

2020-12-12 Thread Todd C . Miller
On Sat, 12 Dec 2020 16:28:18 +0100, Christian Weisgerber wrote:

> ncurses has a configure option that adds a few more consts to its
> headers by way of the NCURSES_CONST define.  Starting with version
> 6.0, this has become the default.  OpenBSD is still on ncurses 5.7,
> but FreeBSD and I guess most Linux distributions have moved on.
> I suggest we also enable the additional consts.  This eliminates
> compiler warnings when sharing code with other platforms.
>
> The diff below has successfully gone through a release build on
> amd64, as well as a full amd64 package build.

OK millert@

 - todd



Re: cat(1): -n flag: support files with more than INT_MAX lines

2020-12-10 Thread Todd C . Miller
On Thu, 10 Dec 2020 22:12:49 -0600, Scott Cheloha wrote:

> If we bump 'line' from an int to an unsigned long long we will
> correctly number files with more than INT_MAX lines instead of
> wrapping to a negative number.

OK millert@

 - todd



Re: rpki-client: reject bad URLs in cert files

2020-12-02 Thread Todd C . Miller
On Wed, 02 Dec 2020 17:18:49 +0100, Theo Buehler wrote:

> Should this also check isascii() to ensure that this works as intended
> in the -portable version?  The ENVIRONMENT section of the isalnum() and
> ispunct() manuals suggests that the characters satisfying this could be
> locale-dependent on other systems.

rpki-client does not call setlocale(3) so it should be operating
in the C locale on all systems.

 - todd



Re: rpki-client: reject bad URLs in cert files

2020-12-02 Thread Todd C . Miller
On Wed, 02 Dec 2020 15:17:43 +0100, Claudio Jeker wrote:

> Be stricter in what we accept as URL. Nobody should use silly encodings
> like UTF-8 or other crap in the embedded URLs. I also consider any kind of
> space as a failure (use %20 instead if that is really needed).
>
> This makes later handling of URLs a lot safer (e.g. rpki-client prints
> part of URLs in log messages).

That makes sense to me.  Any non-ascii characters should be URL-encoded
anyway.

 - todd



Re: Better overflow check in bgpd

2020-12-02 Thread Todd C . Miller
On Wed, 02 Dec 2020 12:19:11 +0100, Claudio Jeker wrote:

> The overflow check for the relative metric adjustments of filtersets
> assumes a certain overflow behaviour of signed integers. I think it is
> better to write this in a way that does not involve an overflow.

OK millert@ though I think > would work just as well as >= here.

 - todd



Re: [PATCH] __rec_open() should set the type

2020-12-01 Thread Todd C . Miller
On Tue, 01 Dec 2020 14:07:18 +0100, "Boudewijn Dijkstra" wrote:

> According to dbopen(3), the 'type' field of struct DB holds the "type of  
> the underlying access method (and file format)."  In __bt_open() it is set  
> to DB_BTREE and in __hash_open() it is set to DB_HASH, so one might expect  
> that in __rec_open() it is set to DB_RECNO.  However, it is left untouched.

Thanks, committed.

 - todd



Re: find -exec util {} arg + confusion

2020-11-21 Thread Todd C . Miller
On Sat, 21 Nov 2020 17:02:05 +0100, Alexander Hall wrote:

> So this is it. Any other objections? OK?

OK millert@

 - todd



Re: Import seq(1) from FreeBSD

2020-11-16 Thread Todd C . Miller
On Mon, 16 Nov 2020 16:14:31 +0100, Ingo Schwarze wrote:

> are you really sure this is a good idea?  The version you sent is
> wildly incompatible with GNU sed.  So we add a non-standard utility
> that exhibits different behaviour on different systems even though
> a standard utility already exists for the purpose?

I don't think we need to be bug-compatible with GNU seq and
characterizing jot as a "standard utility" is simply not accurate.

>$ seq 3 -1 10 ; echo $?
>   seq: needs positive increment
>   1
>$ gseq 3 -1 10 ; echo $?
>   0

This is not valid usage, you cannot get to 10 from 3 with a negative
increment.  We could silently exit like GNU seq if that is desirable
but is silently ignoring a usage error really what we want?

>$ seq 3 0 10 ; echo $?   
>   seq: zero increment
>   1
>$ gseq 3 0 10 ; echo $?
>   gseq: Abort trap (core dumped) 
>   134

I get the following:
gseq: invalid Zero increment value: ‘0’
Try 'gseq --help' for more information.

>$ seq 3 1 ; echo $?
>   3
>   2
>   1
>   0
>$ gseq 3 1 ; echo $?
>   0

GNU seq uses a default increment of 1 even if first > last.
Personally, I think using a default increment of -1 makes more sense
in the above case, but we can easily make this match the GNU behavior
if we desire.

>$ seq -f '%a' 3  
>   0x1p+0
>   0x1p+1
>   0x1.8p+1
>$ gseq -f '%a' 3
>   0x8p-3
>   0x8p-2
>   0xcp-2

The BSD seq output is consistent with printf(1), GNU seq is not.
I'd classify this as a GNU bug.

>$ seq -f '%i' 3  
>   seq: invalid format string: `%i'
>$ gseq -f '%i' 3 
>   gseq: Abort trap (core dumped) 

I get:
gseq: format ‘%i’ has unknown %i directive

>$ seq -s / 3 ; echo $?
>   1/2/3/0
>$ gseq -s / 3 ; echo $?
>   1/2/3
>   0

The missing newline appears to be a bug in the FreeBSD seq, NetBSD
seq works correctly.

>$ seq -s '.\n' 3 ; echo $?
>   1.
>   2.
>   3.
>   0
>$ gseq -s '.\n' 3 ; echo $?
>   1.\n2.\n3
>   0

GNU seq does not support C-style escapes such as \n and \t.
Plan 9 seq has no -s option.

>$ seq -s / -t '\n' 3 ; echo $? 
>   1/2/3/
>   0
>$ gseq -s / -t '\n' 3 ; echo $?
>   gseq: unknown option -- t
>   Try 'gseq --help' for more information.
>   1
>$ seq --help  
>   seq: unknown option -- help
>   usage: seq [-w] [-f format] [-s string] [-t string] [first [incr]] last
>$ gseq --help
>   [... prints a novel ...]

Looks like a bug in BSD seq.

>$ seq 0 .5 1
>   0
>   0.5
>   1
>$ gseq 0 .5 1
>   0.0
>   0.5
>   1.0

BSD seq output is consistent with Plan 9 but different from GNU.

I'm happy to fix the actual bugs.  I think we should be trying to
match GNU seq behavior where possible so we can use seq in ports.

 - todd



Import seq(1) from FreeBSD

2020-11-16 Thread Todd C . Miller
This is originally from NetBSD but FreeBSD appears to have some
additional fixes.

I know we have jot(1) but seq(1) is considerably easier to use for
simple things and at this point, most other systems have it.

 - todd

Index: usr.bin/seq/Makefile
===
RCS file: usr.bin/seq/Makefile
diff -N usr.bin/seq/Makefile
--- /dev/null   1 Jan 1970 00:00:00 -
+++ usr.bin/seq/Makefile16 Nov 2020 03:52:57 -
@@ -0,0 +1,8 @@
+#  $OpenBSD$
+
+PROG=  seq
+CFLAGS+= -Wall
+LDADD+=-lm
+DPADD+=${LIBM}
+
+.include 
Index: usr.bin/seq/seq.1
===
RCS file: usr.bin/seq/seq.1
diff -N usr.bin/seq/seq.1
--- /dev/null   1 Jan 1970 00:00:00 -
+++ usr.bin/seq/seq.1   16 Nov 2020 12:46:44 -
@@ -0,0 +1,206 @@
+.\"$OpenBSD$
+.\"
+.\" Copyright (c) 2005 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This code is derived from software contributed to The NetBSD Foundation
+.\" by Brian Ginsbach.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"notice, this list of conditions and the following disclaimer in the
+.\"documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate$
+.Dt SEQ 1
+.Os
+.Sh NAME
+.Nm seq
+.Nd print sequences of numbers
+.Sh SYNOPSIS
+.Nm
+.Op Fl w
+.Op Fl f Ar format
+.Op Fl s Ar string
+.Op Fl t Ar string
+.Op Ar first Op Ar incr
+.Ar last
+.Sh DESCRIPTION
+The
+.Nm
+utility prints a sequence of numbers, one per line
+.Pq default ,
+from
+.Ar first
+.Pq default 1 ,
+to near
+.Ar last
+as possible, in increments of
+.Ar incr
+.Pq default 1 .
+When
+.Ar first
+is larger than
+.Ar last ,
+the default
+.Ar incr
+is -1.
+.Pp
+All numbers are interpreted as floating point.
+.Pp
+Normally integer values are printed as decimal integers.
+.Pp
+The
+.Nm
+utility accepts the following options:
+.Bl -tag -width Ar
+.It Fl f Ar format , Fl -format Ar format
+Use a
+.Xr printf 3
+style
+.Ar format
+to print each number.
+Only the
+.Cm A ,
+.Cm a ,
+.Cm E ,
+.Cm e ,
+.Cm F ,
+.Cm f ,
+.Cm G ,
+.Cm g ,
+and
+.Cm %
+conversion characters are valid, along with any optional
+flags and an optional numeric minimum field width or precision.
+The
+.Ar format
+can contain character escape sequences in backslash notation as
+defined in
+.St -ansiC .
+The default is
+.Cm %g .
+.It Fl s Ar string , Fl -separator Ar string
+Use
+.Ar string
+to separate numbers.
+The
+.Ar string
+can contain character escape sequences in backslash notation as
+defined in
+.St -ansiC .
+The default is
+.Cm \en .
+.It Fl t Ar string , Fl -terminator Ar string
+Use
+.Ar string
+to terminate sequence of numbers.
+The
+.Ar string
+can contain character escape sequences in backslash notation as
+defined in
+.St -ansiC .
+This option is useful when the default separator
+does not contain a
+.Cm \en .
+.It Fl w , Fl -fixed-width
+Equalize the widths of all numbers by padding with zeros as necessary.
+This option has no effect with the
+.Fl f
+option.
+If any sequence numbers will be printed in exponential notation,
+the default conversion is changed to
+.Cm %e .
+.El
+.Sh EXIT STATUS
+.Ex -std
+.Sh EXAMPLES
+Generate a sequence from 1 to 3 (included) with a default increment of 1:
+.Bd -literal -offset indent
+# seq 1 3
+1
+2
+3
+.Ed
+.Pp
+Generate a sequence from 3 to 1 (included) with a default increment of -1:
+.Bd -literal -offset indent
+# seq 3 1
+3
+2
+1
+.Ed
+.Pp
+Generate a sequence from 0 to 0.1 (included) with an increment of 0.05 and 
padding
+with leading zeroes.
+.Bd -literal -offset indent
+# seq -w 0 .05 .1
+0.00
+0.05
+0.10
+.Ed
+.Pp
+Generate a sequence from 1 to 3 (included) with a default increment of 1,
+a custom separator string and a custom terminator:
+.Bd -literal -offset indent
+# seq -s "-->" 

Re: Convert sysctl_sysvsem to sysctl_bounded_args

2020-11-16 Thread Todd C . Miller
On Sat, 14 Nov 2020 21:09:59 -0800, Greg Steuck wrote:

> I went a tiny bit beyond pure textual conversion and moved a bit of code.

OK millert@

 - todd



Re: Convert fusefs_sysctl to sysctl_bounded_args

2020-11-16 Thread Todd C . Miller
On Sat, 14 Nov 2020 21:05:39 -0800, Greg Steuck wrote:

> This is trivial more-of-the-same. If somebody spots a bug, do speak
> up. I feel pretty good about committing this promptly.

OK millert@

 - todd



Re: Remove the cases folded into sysctl_bounded_args but left behind

2020-11-16 Thread Todd C . Miller
On Sat, 14 Nov 2020 21:08:09 -0800, Greg Steuck wrote:

> This an "oops" moment... The code remained correct, but I forgot to
> remove junk after converting it.

OK millert@

 - todd



Re: Convert ffs_sysctl to sysctl_bounded_args

2020-11-06 Thread Todd C . Miller
On Sun, 01 Nov 2020 20:16:35 -0800, Greg Steuck wrote:

> How does the encoding of sysctl_rdint as [1,0] sound?

I think this is OK.  We already have the special case where min ==
max.  OK millert@

 - todd



Re: bpf_sysctl for sysctl_int_bounded

2020-11-02 Thread Todd C . Miller
On Sun, 01 Nov 2020 19:31:16 -0800, Greg Steuck wrote:

> Mildly different in flavor due to the special check. OK?

OK millert@

 - todd



Re: Move TCPCTL_ALWAYS_KEEPALIVE into tcpctl_vars

2020-11-02 Thread Todd C . Miller
On Sun, 01 Nov 2020 19:29:23 -0800, Greg Steuck wrote:

> This one was an omission from the earlier conversion, should be an easy
> OK?

OK millert@

 - todd



Re: basename(3) should have non-const arg, says POSIX

2020-10-19 Thread Todd C . Miller
On Mon, 19 Oct 2020 22:06:52 +0200, Christian Weisgerber wrote:

> The patch below aligns the function prototypes with POSIX.  All
> resulting warnings "passing 'const char *' to parameter of type
> 'char *' discards qualifiers" in the base system have been cleaned
> up.  It successfully passes "make release".  For good measure I'm
> also running a package bulk build with it as we speak.

OK millert@

 - todd



Re: Non-const basename: usr.bin/cvs

2020-10-19 Thread Todd C . Miller
On Sat, 17 Oct 2020 00:15:54 +0200, Christian Weisgerber wrote:

> Accommodate POSIX basename(3) that takes a non-const parameter and
> may modify the string buffer.
>
> There were only two compiler warnings about discarded const, but
> there are numerous instances where the code assumes non-POSIX
> semantics for basename() and dirname().  Given that there is at
> least a FreeBSD port of OpenCVS, cleaning this up is more than
> cosmetic.

OK millert@

 - todd



Re: _exit(2), execve(2): cancel interval timers MP-safely

2020-10-15 Thread Todd C . Miller
On Wed, 14 Oct 2020 20:06:50 -0500, Scott Cheloha wrote:

> ... should I shove the for-loop into the helper function too?  Maybe
> call it "cancel_all_itimers()"?  I have a vague feeling that showing
> the reader that there are multiple timers is a good thing here, but
> then again maybe I'm wrong and nobody cares.

Since the consumers of this function all iterate over the array of
timers my inclination would be to push the for-loop into the helper
too.

 - todd



Re: Non-const basename: usr.bin/rcs

2020-10-15 Thread Todd C . Miller
On Wed, 14 Oct 2020 22:19:52 +0200, Christian Weisgerber wrote:

> Accommodate POSIX basename(3) that takes a non-const parameter and
> may in fact modify the string buffer.

OK millert@

 - todd



Re: Non-const basename: bin/chio

2020-10-13 Thread Todd C . Miller
On Tue, 13 Oct 2020 21:37:11 +0200, Christian Weisgerber wrote:

> As far as I understand, the basename() here is specifically intended
> to skip a leading "/dev/".  So how about doing this expressly?

That works for me.

> Do we want to use _PATH_DEV or "/dev/"?  There's a "/dev/rst%d" a
> few lines outside of the diff context...

I'd use _PATH_DEV but it doesn't really matter.  It is not like we
can really change the value of _PATH_DEV.

OK millert@ either way.

 - todd



Re: Non-const basename: libkvm

2020-10-13 Thread Todd C . Miller
On Tue, 13 Oct 2020 11:05:42 +0200, Christian Weisgerber wrote:

> Accommodate a basename(3) that takes a non-const parameter and may
> in fact modify the string buffer.
>
> Note that strlen(uf) >= PATH_MAX is already checked by the caller
> in _kvm_open().

OK.

 - todd



Re: Non-const basename: usr.bin/patch

2020-10-10 Thread Todd C . Miller
On Sat, 10 Oct 2020 16:50:56 +0200, Christian Weisgerber wrote:

> Here's a fix to accommodate a basename(3) that takes a non-const
> parameter and may in fact modify the string buffer.  This is
> originally from Joerg Sonnenberger for DragonFly BSD and has since
> spread to the other BSDs.
> https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/41871674d0079dec70d5
> 5eb824f39d07dc7b3310
> (The corresponding change to inp.c is no longer applicable as that
> code has been removed.)

OK millert@

 - todd



Re: Non-const basename: usr.bin/compress

2020-10-10 Thread Todd C . Miller
On Sat, 10 Oct 2020 22:24:58 +0200, Christian Weisgerber wrote:

> Accommodate POSIX basename(3) that takes a non-const parameter and
> may in fact modify the string buffer.
>
> Following martijn@'s comment for the sed diff, we don't need to
> check for truncation because the "in" path has already been validated
> by a preceding open(2).

OK millert@

 - todd



/etc/daily: use find -delete

2020-10-08 Thread Todd C . Miller
We can use find's built-in -delete primary to remove old /tmp files
and directories.  This is somewhat less error-prone than execing
rm or rmdir.

 - todd

Index: etc/daily
===
RCS file: /cvs/src/etc/daily,v
retrieving revision 1.93
diff -u -p -u -r1.93 daily
--- etc/daily   9 Sep 2019 20:02:26 -   1.93
+++ etc/daily   22 Aug 2020 01:21:16 -
@@ -50,17 +50,17 @@ if [ -d /tmp -a ! -L /tmp ]; then
find -x . \
\( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \
-o -path './tmux-*' \) \
-   -prune -o -type f -atime +7 -execdir rm -f -- {} \; 2>/dev/null
+   -prune -o -type f -atime +7 -delete 2>/dev/null
find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \
! -path ./.ICE-unix ! -name . \
-   -execdir rmdir -- {} \; >/dev/null 2>&1; }
+   -delete >/dev/null 2>&1; }
 fi
 
 # Additional junk directory cleanup would go like this:
 #if [ -d /scratch -a ! -L /scratch ]; then
 #  cd /scratch && {
-#  find . ! -name . -atime +1 -execdir rm -f -- {} \;
-#  find . ! -name . -type d -mtime +1 -execdir rmdir -- {} \; \
+#  find . ! -name . -atime +1 -delete
+#  find . ! -name . -type d -mtime +1 -delete \
 #  >/dev/null 2>&1; }
 #fi
 



Re: ls: match historic behavior listing empty directories

2020-10-07 Thread Todd C . Miller
Anyone?

 - todd

> This is adapted from FreeBSD revs 130236 and 130237 which have the
> following log message:
>
> If we are asked to print the total number of blocks, do so even if we
> have no entries to print (either due to an empty directory or an
> error).  This makes the -l and -s options more consistent, like
> Solaris and (Debian) Linux.  To make this happen, tweak two
> optimizations on the second call to display():
>
> - Don't skip display() altogether, even if list == NULL.
> - Don't skip the call to the printfn in display() if we
>   need to print the total.
>
> I've verified that both historic AT ls and GNU ls behave this
> way.
>
>  - todd
>
> Index: bin/ls/ls.c
> ===
> RCS file: /cvs/src/bin/ls/ls.c,v
> retrieving revision 1.53
> diff -u -p -u -r1.53 ls.c
> --- bin/ls/ls.c   6 Jul 2020 00:55:05 -   1.53
> +++ bin/ls/ls.c   3 Oct 2020 15:18:01 -
> @@ -355,7 +355,13 @@ traverse(int argc, char *argv[], int opt
>   fts_open(argv, options, f_nosort ? NULL : mastercmp)) == NULL)
>   err(1, NULL);
>  
> - display(NULL, fts_children(ftsp, 0));
> + /*
> +  * We ignore errors from fts_children here since they will be
> +  * replicated and signalled on the next call to fts_read() below.
> +  */
> + chp = fts_children(ftsp, 0);
> + if (chp != NULL)
> + display(NULL, chp);
>   if (f_listdir)
>   return;
>  
> @@ -438,16 +444,6 @@ display(FTSENT *p, FTSENT *list)
>   char buf[21];   /* 64 bits == 20 digits */
>   char *flags = NULL;
>  
> - /*
> -  * If list is NULL there are two possibilities: that the parent
> -  * directory p has no children, or that fts_children() returned an
> -  * error.  We ignore the error case since it will be replicated
> -  * on the next call to fts_read() on the post-order visit to the
> -  * directory p, and will be signalled in traverse().
> -  */
> - if (list == NULL)
> - return;
> -
>   needstats = f_inode || f_longform || f_size;
>   flen = 0;
>   btotal = maxblock = maxinode = maxlen = maxnlink = 0;
> @@ -542,7 +538,13 @@ display(FTSENT *p, FTSENT *list)
>   ++entries;
>   }
>  
> - if (!entries)
> + /*
> +  * If there are no entries to display, we normally stop right
> +  * here.  However, we must continue if we have to display the
> +  * total block count.  In this case, we display the total only
> +  * on the second (p != NULL) pass.
> +  */
> + if (!entries && (!(f_longform || f_size) || p == NULL))
>   return;
>  
>   d.list = list;
> Index: bin/ls/print.c
> ===
> RCS file: /cvs/src/bin/ls/print.c,v
> retrieving revision 1.38
> diff -u -p -u -r1.38 print.c
> --- bin/ls/print.c5 Feb 2019 02:17:32 -   1.38
> +++ bin/ls/print.c3 Oct 2020 15:13:14 -
> @@ -87,7 +87,8 @@ printlong(DISPLAY *dp)
>   NAMES *np;
>   char buf[20];
>  
> - if (dp->list->fts_level != FTS_ROOTLEVEL && (f_longform || f_size))
> + if ((dp->list == NULL || dp->list->fts_level != FTS_ROOTLEVEL) &&
> + (f_longform || f_size))
>   (void)printf("total %llu\n", howmany(dp->btotal, blocksize));
>  
>   for (p = dp->list; p; p = p->fts_link) {
> @@ -198,7 +199,8 @@ printcol(DISPLAY *dp)
>   if (num % numcols)
>   ++numrows;
>  
> - if (dp->list->fts_level != FTS_ROOTLEVEL && (f_longform || f_size))
> + if ((dp->list == NULL || dp->list->fts_level != FTS_ROOTLEVEL) &&
> + (f_longform || f_size))
>   (void)printf("total %llu\n", howmany(dp->btotal, blocksize));
>   for (row = 0; row < numrows; ++row) {
>   for (base = row, col = 0;;) {
> @@ -271,7 +273,8 @@ printacol(DISPLAY *dp)
>   if ( (colwidth = compute_columns(dp, )) == 0)
>   return;
>  
> - if (dp->list->fts_level != FTS_ROOTLEVEL && (f_longform || f_size))
> + if ((dp->list == NULL || dp->list->fts_level != FTS_ROOTLEVEL) &&
> + (f_longform || f_size))
>   (void)printf("total %llu\n", howmany(dp->btotal, blocksize));
>   col = 0;
>   for (p = dp->list; p; p = p->fts_link) {
>



libexec/security: don't prune mount points

2020-10-07 Thread Todd C . Miller
The recent changes to the daily security script will result in it
not traversing file systems where the parent mount point is mounted
with options nodev,nosuid but the child is mounted with setuid
enabled.

For example, if /var/www is a separate file system that allows
setuid but /var is mounted with nodev and nosuid, security will not
traverse /var/www.

198976b83d9da70f.e /var ffs rw,nodev,nosuid 1 2
198976b83d9da70f.f /var/www ffs rw 1 2

The simplest solution is to pass the list of file systems to traverse
to File::Find and use the equivalent of find's -xdev option.

Anyone want to double-check my logic? :-)

 - todd

Index: libexec/security/security
===
RCS file: /cvs/src/libexec/security/security,v
retrieving revision 1.40
diff -u -p -u -r1.40 security
--- libexec/security/security   17 Sep 2020 06:51:06 -  1.40
+++ libexec/security/security   7 Oct 2020 15:34:14 -
@@ -530,6 +530,7 @@ sub strmode {
 
 sub find_special_files {
my %skip;
+   my @fs;
 
%skip = map { $_ => 1 } split ' ', $ENV{SUIDSKIP}
if $ENV{SUIDSKIP};
@@ -541,11 +542,11 @@ sub find_special_files {
and return;
while (<$fh>) {
my ($path, $opt) = /\son\s+(.*?)\s+type\s+\w+(.*)/;
-   $skip{$path} = 1 if $path &&
-   ($opt !~ /local/ ||
-($opt =~ /nodev/ && $opt =~ /nosuid/));
+   push(@fs, $path) if $path && $opt =~ /local/ &&
+   !($opt =~ /nodev/ && $opt =~ /nosuid/);
}
close_or_nag $fh, "mount" or return;
+   return unless @fs;
 
my $setuid_files = {};
my $device_files = {};
@@ -554,14 +555,19 @@ sub find_special_files {
File::Find::find({no_chdir => 1, wanted => sub {
 
if ($skip{$_}) {
-   no warnings 'once';
$File::Find::prune = 1;
return;
}
 
my ($dev, $ino, $mode, $nlink, $uid, $gid, $rdev, $size,
$atime, $mtime, $ctime, $blksize, $blocks) = lstat;
-   unless (defined $dev) {
+   if (defined $dev) {
+   no warnings 'once';
+   if ($dev != $File::Find::topdev) {
+   $File::Find::prune = 1;
+   return;
+   }
+   } else {
nag !$!{ENOENT}, "stat: $_: $!";
return;
}
@@ -592,7 +598,7 @@ sub find_special_files {
$file->{size}= $size;
@$file{qw(wday mon day time year)} =
split ' ', localtime $mtime;
-   }}, '/');
+   }}, @fs);
 
nag $uudecode_is_setuid, 'Uudecode is setuid.';
return $setuid_files, $device_files;



ls: match historic behavior listing empty directories

2020-10-03 Thread Todd C . Miller
This is adapted from FreeBSD revs 130236 and 130237 which have the
following log message:

If we are asked to print the total number of blocks, do so even if we
have no entries to print (either due to an empty directory or an
error).  This makes the -l and -s options more consistent, like
Solaris and (Debian) Linux.  To make this happen, tweak two
optimizations on the second call to display():

- Don't skip display() altogether, even if list == NULL.
- Don't skip the call to the printfn in display() if we
  need to print the total.

I've verified that both historic AT ls and GNU ls behave this
way.

 - todd

Index: bin/ls/ls.c
===
RCS file: /cvs/src/bin/ls/ls.c,v
retrieving revision 1.53
diff -u -p -u -r1.53 ls.c
--- bin/ls/ls.c 6 Jul 2020 00:55:05 -   1.53
+++ bin/ls/ls.c 3 Oct 2020 15:18:01 -
@@ -355,7 +355,13 @@ traverse(int argc, char *argv[], int opt
fts_open(argv, options, f_nosort ? NULL : mastercmp)) == NULL)
err(1, NULL);
 
-   display(NULL, fts_children(ftsp, 0));
+   /*
+* We ignore errors from fts_children here since they will be
+* replicated and signalled on the next call to fts_read() below.
+*/
+   chp = fts_children(ftsp, 0);
+   if (chp != NULL)
+   display(NULL, chp);
if (f_listdir)
return;
 
@@ -438,16 +444,6 @@ display(FTSENT *p, FTSENT *list)
char buf[21];   /* 64 bits == 20 digits */
char *flags = NULL;
 
-   /*
-* If list is NULL there are two possibilities: that the parent
-* directory p has no children, or that fts_children() returned an
-* error.  We ignore the error case since it will be replicated
-* on the next call to fts_read() on the post-order visit to the
-* directory p, and will be signalled in traverse().
-*/
-   if (list == NULL)
-   return;
-
needstats = f_inode || f_longform || f_size;
flen = 0;
btotal = maxblock = maxinode = maxlen = maxnlink = 0;
@@ -542,7 +538,13 @@ display(FTSENT *p, FTSENT *list)
++entries;
}
 
-   if (!entries)
+   /*
+* If there are no entries to display, we normally stop right
+* here.  However, we must continue if we have to display the
+* total block count.  In this case, we display the total only
+* on the second (p != NULL) pass.
+*/
+   if (!entries && (!(f_longform || f_size) || p == NULL))
return;
 
d.list = list;
Index: bin/ls/print.c
===
RCS file: /cvs/src/bin/ls/print.c,v
retrieving revision 1.38
diff -u -p -u -r1.38 print.c
--- bin/ls/print.c  5 Feb 2019 02:17:32 -   1.38
+++ bin/ls/print.c  3 Oct 2020 15:13:14 -
@@ -87,7 +87,8 @@ printlong(DISPLAY *dp)
NAMES *np;
char buf[20];
 
-   if (dp->list->fts_level != FTS_ROOTLEVEL && (f_longform || f_size))
+   if ((dp->list == NULL || dp->list->fts_level != FTS_ROOTLEVEL) &&
+   (f_longform || f_size))
(void)printf("total %llu\n", howmany(dp->btotal, blocksize));
 
for (p = dp->list; p; p = p->fts_link) {
@@ -198,7 +199,8 @@ printcol(DISPLAY *dp)
if (num % numcols)
++numrows;
 
-   if (dp->list->fts_level != FTS_ROOTLEVEL && (f_longform || f_size))
+   if ((dp->list == NULL || dp->list->fts_level != FTS_ROOTLEVEL) &&
+   (f_longform || f_size))
(void)printf("total %llu\n", howmany(dp->btotal, blocksize));
for (row = 0; row < numrows; ++row) {
for (base = row, col = 0;;) {
@@ -271,7 +273,8 @@ printacol(DISPLAY *dp)
if ( (colwidth = compute_columns(dp, )) == 0)
return;
 
-   if (dp->list->fts_level != FTS_ROOTLEVEL && (f_longform || f_size))
+   if ((dp->list == NULL || dp->list->fts_level != FTS_ROOTLEVEL) &&
+   (f_longform || f_size))
(void)printf("total %llu\n", howmany(dp->btotal, blocksize));
col = 0;
for (p = dp->list; p; p = p->fts_link) {



Re: setpriority(2): booleans are not scalars

2020-09-25 Thread Todd C . Miller
On Fri, 25 Sep 2020 13:58:01 -0500, Scott Cheloha wrote:

> `found' serves as a boolean here.  I'd prefer to simple and set it to
> 1 instead of incrementing it when we find what we're looking for.

Makes sense to me, the use of var++ instead of var=1 is old-school
style ;-)

 - todd



Re: ksh "clear-screen" for vi mode

2020-09-20 Thread Todd C . Miller
Does this look better?  I don't think we need to refer to the emacs
clear-screen command in both cases; once should be sufficient.

 - todd

Index: bin/ksh/ksh.1
===
RCS file: /cvs/src/bin/ksh/ksh.1,v
retrieving revision 1.209
diff -u -p -u -r1.209 ksh.1
--- bin/ksh/ksh.1   7 Jul 2020 10:33:58 -   1.209
+++ bin/ksh/ksh.1   20 Sep 2020 14:16:50 -
@@ -5053,6 +5053,13 @@ Erases previous character.
 .It ^J | ^M
 End of line.
 The current line is read, parsed, and executed by the shell.
+.It ^L
+Clear the screen (if possible) and redraw the current line.
+See the
+.Em clear-screen
+command in
+.Sx Emacs editing mode
+for more information.
 .It ^V
 Literal next.
 The next character typed is not treated specially (can be used
@@ -5510,7 +5517,9 @@ Miscellaneous vi commands
 .Bl -tag -width Ds
 .It ^J and ^M
 The current line is read, parsed, and executed by the shell.
-.It ^L and ^R
+.It ^L
+Clear the screen (if possible) and redraw the current line.
+.It ^R
 Redraw the current line.
 .It Xo
 .Oo Ar n Oc Ns \&.
Index: bin/ksh/vi.c
===
RCS file: /cvs/src/bin/ksh/vi.c,v
retrieving revision 1.56
diff -u -p -u -r1.56 vi.c
--- bin/ksh/vi.c15 Mar 2018 16:51:29 -  1.56
+++ bin/ksh/vi.c20 Sep 2020 12:02:38 -
@@ -14,12 +14,14 @@
 #include 
 #include 
 #include 
+#ifndef SMALL
+# include 
+# include 
+#endif
 
 #include "sh.h"
 #include "edit.h"
 
-#define CTRL(c)(c & 0x1f)
-
 struct edstate {
char*cbuf;  /* main buffer to build the command line */
int cbufsize;   /* number of bytes allocated for cbuf */
@@ -52,8 +54,9 @@ static intBackword(int);
 static int Endword(int);
 static int grabhist(int, int);
 static int grabsearch(int, int, int, char *);
+static voiddo_clear_screen(void);
 static voidredraw_line(int);
-static voidrefresh(int);
+static voidrefresh_line(int);
 static int outofwin(void);
 static voidrewindow(void);
 static int newcol(int, int);
@@ -271,9 +274,9 @@ vi_hook(int ch)
case 0:
if (state == VLIT) {
es->cursor--;
-   refresh(0);
+   refresh_line(0);
} else
-   refresh(insert != 0);
+   refresh_line(insert != 0);
break;
case 1:
return 1;
@@ -298,7 +301,7 @@ vi_hook(int ch)
return -1;
} else if (putbuf("?", 1, 0) != 0)
return -1;
-   refresh(0);
+   refresh_line(0);
}
}
}
@@ -310,7 +313,7 @@ vi_hook(int ch)
vi_error();
} else
es->cbuf[es->cursor++] = ch;
-   refresh(1);
+   refresh_line(1);
state = VNORMAL;
break;
 
@@ -375,7 +378,7 @@ vi_hook(int ch)
if (!srchpat[0]) {
vi_error();
state = VNORMAL;
-   refresh(0);
+   refresh_line(0);
return 0;
}
} else {
@@ -392,17 +395,17 @@ vi_hook(int ch)
} while (srchlen > 0 &&
isu8cont(locpat[srchlen]));
es->cursor = es->linelen;
-   refresh(0);
+   refresh_line(0);
return 0;
}
restore_cbuf();
state = VNORMAL;
-   refresh(0);
+   refresh_line(0);
} else if (ch == edchars.kill) {
srchlen = 0;
es->linelen = 1;
es->cursor = 1;
-   refresh(0);
+   refresh_line(0);
return 0;
} else if (ch == edchars.werase) {
struct edstate new_es, *save_es;
@@ -421,7 +424,7 @@ vi_hook(int ch)
es->linelen -= char_len((unsigned 
char)locpat[i]);
srchlen = n;
es->cursor = es->linelen;
-   refresh(0);
+   

Re: ksh "clear-screen" for vi mode

2020-09-20 Thread Todd C . Miller
On Sun, 20 Sep 2020 05:39:02 +0200, Theo Buehler wrote:

> This works and appears to match bash's behavior in that it only works
> in normal mode. I would slightly prefer to also add the command to the
> nonstandard vi commands in the switch around line 650 to have it
> available from insert mode as well. This would match zsh's behavior.

Sure, I was comparing it to bash so didn't support insert mode.
I agree that it's more useful to have it available there too.

 - todd

Index: bin/ksh/ksh.1
===
RCS file: /cvs/src/bin/ksh/ksh.1,v
retrieving revision 1.209
diff -u -p -u -r1.209 ksh.1
--- bin/ksh/ksh.1   7 Jul 2020 10:33:58 -   1.209
+++ bin/ksh/ksh.1   20 Sep 2020 12:12:01 -
@@ -5053,6 +5053,12 @@ Erases previous character.
 .It ^J | ^M
 End of line.
 The current line is read, parsed, and executed by the shell.
+.It ^L
+Clear screen.
+The screen is cleared if the
+.Ev TERM
+parameter is set and the terminal supports clearing the screen.
+The prompt string and the current line are redrawn.
 .It ^V
 Literal next.
 The next character typed is not treated specially (can be used
Index: bin/ksh/vi.c
===
RCS file: /cvs/src/bin/ksh/vi.c,v
retrieving revision 1.56
diff -u -p -u -r1.56 vi.c
--- bin/ksh/vi.c15 Mar 2018 16:51:29 -  1.56
+++ bin/ksh/vi.c20 Sep 2020 12:02:38 -
@@ -14,12 +14,14 @@
 #include 
 #include 
 #include 
+#ifndef SMALL
+# include 
+# include 
+#endif
 
 #include "sh.h"
 #include "edit.h"
 
-#define CTRL(c)(c & 0x1f)
-
 struct edstate {
char*cbuf;  /* main buffer to build the command line */
int cbufsize;   /* number of bytes allocated for cbuf */
@@ -52,8 +54,9 @@ static intBackword(int);
 static int Endword(int);
 static int grabhist(int, int);
 static int grabsearch(int, int, int, char *);
+static voiddo_clear_screen(void);
 static voidredraw_line(int);
-static voidrefresh(int);
+static voidrefresh_line(int);
 static int outofwin(void);
 static voidrewindow(void);
 static int newcol(int, int);
@@ -271,9 +274,9 @@ vi_hook(int ch)
case 0:
if (state == VLIT) {
es->cursor--;
-   refresh(0);
+   refresh_line(0);
} else
-   refresh(insert != 0);
+   refresh_line(insert != 0);
break;
case 1:
return 1;
@@ -298,7 +301,7 @@ vi_hook(int ch)
return -1;
} else if (putbuf("?", 1, 0) != 0)
return -1;
-   refresh(0);
+   refresh_line(0);
}
}
}
@@ -310,7 +313,7 @@ vi_hook(int ch)
vi_error();
} else
es->cbuf[es->cursor++] = ch;
-   refresh(1);
+   refresh_line(1);
state = VNORMAL;
break;
 
@@ -375,7 +378,7 @@ vi_hook(int ch)
if (!srchpat[0]) {
vi_error();
state = VNORMAL;
-   refresh(0);
+   refresh_line(0);
return 0;
}
} else {
@@ -392,17 +395,17 @@ vi_hook(int ch)
} while (srchlen > 0 &&
isu8cont(locpat[srchlen]));
es->cursor = es->linelen;
-   refresh(0);
+   refresh_line(0);
return 0;
}
restore_cbuf();
state = VNORMAL;
-   refresh(0);
+   refresh_line(0);
} else if (ch == edchars.kill) {
srchlen = 0;
es->linelen = 1;
es->cursor = 1;
-   refresh(0);
+   refresh_line(0);
return 0;
} else if (ch == edchars.werase) {
struct edstate new_es, *save_es;
@@ -421,7 +424,7 @@ vi_hook(int ch)
es->linelen -= char_len((unsigned 
char)locpat[i]);
srchlen = n;

Re: ksh "clear-screen" for vi mode

2020-09-19 Thread Todd C . Miller
The vi and emacs edit code are completely separate.  Try the following
diff.  I had to rename a few things to avoid clashing with ncurses.h.

 - todd

Index: bin/ksh/vi.c
===
RCS file: /cvs/src/bin/ksh/vi.c,v
retrieving revision 1.56
diff -u -p -u -r1.56 vi.c
--- bin/ksh/vi.c15 Mar 2018 16:51:29 -  1.56
+++ bin/ksh/vi.c19 Sep 2020 21:48:31 -
@@ -14,12 +14,14 @@
 #include 
 #include 
 #include 
+#ifndef SMALL
+# include 
+# include 
+#endif
 
 #include "sh.h"
 #include "edit.h"
 
-#define CTRL(c)(c & 0x1f)
-
 struct edstate {
char*cbuf;  /* main buffer to build the command line */
int cbufsize;   /* number of bytes allocated for cbuf */
@@ -52,8 +54,9 @@ static intBackword(int);
 static int Endword(int);
 static int grabhist(int, int);
 static int grabsearch(int, int, int, char *);
+static voiddo_clear_screen(void);
 static voidredraw_line(int);
-static voidrefresh(int);
+static voidrefresh_line(int);
 static int outofwin(void);
 static voidrewindow(void);
 static int newcol(int, int);
@@ -271,9 +274,9 @@ vi_hook(int ch)
case 0:
if (state == VLIT) {
es->cursor--;
-   refresh(0);
+   refresh_line(0);
} else
-   refresh(insert != 0);
+   refresh_line(insert != 0);
break;
case 1:
return 1;
@@ -298,7 +301,7 @@ vi_hook(int ch)
return -1;
} else if (putbuf("?", 1, 0) != 0)
return -1;
-   refresh(0);
+   refresh_line(0);
}
}
}
@@ -310,7 +313,7 @@ vi_hook(int ch)
vi_error();
} else
es->cbuf[es->cursor++] = ch;
-   refresh(1);
+   refresh_line(1);
state = VNORMAL;
break;
 
@@ -375,7 +378,7 @@ vi_hook(int ch)
if (!srchpat[0]) {
vi_error();
state = VNORMAL;
-   refresh(0);
+   refresh_line(0);
return 0;
}
} else {
@@ -392,17 +395,17 @@ vi_hook(int ch)
} while (srchlen > 0 &&
isu8cont(locpat[srchlen]));
es->cursor = es->linelen;
-   refresh(0);
+   refresh_line(0);
return 0;
}
restore_cbuf();
state = VNORMAL;
-   refresh(0);
+   refresh_line(0);
} else if (ch == edchars.kill) {
srchlen = 0;
es->linelen = 1;
es->cursor = 1;
-   refresh(0);
+   refresh_line(0);
return 0;
} else if (ch == edchars.werase) {
struct edstate new_es, *save_es;
@@ -421,7 +424,7 @@ vi_hook(int ch)
es->linelen -= char_len((unsigned 
char)locpat[i]);
srchlen = n;
es->cursor = es->linelen;
-   refresh(0);
+   refresh_line(0);
return 0;
} else {
if (srchlen == SRCHLEN - 1)
@@ -446,7 +449,7 @@ vi_hook(int ch)
es->cbuf[es->linelen++] = ch;
}
es->cursor = es->linelen;
-   refresh(0);
+   refresh_line(0);
}
return 0;
}
@@ -459,15 +462,15 @@ vi_hook(int ch)
switch (vi_cmd(argc1, curcmd)) {
case -1:
vi_error();
-   refresh(0);
+   refresh_line(0);
break;
case 0:
if (insert != 0)
inslen = 0;
-   refresh(insert != 0);
+   

Re: drop support for afs, nnpfs, and procfs from security(8)

2020-09-16 Thread Todd C . Miller
On Wed, 16 Sep 2020 18:17:36 +0200, Ingo Schwarze wrote:

> Does anyone think that explicitely excluding these file system
> types might still be useful, or is the following simplification
> OK?  No functional change intended.

I think those bits can go.  OK millert@

 - todd



Re: cap_mkdb: remove igetnext prototype for the function does not exist

2020-09-15 Thread Todd C . Miller
On Tue, 15 Sep 2020 11:35:13 +0800, Kevin Lo wrote:

> ok?

OK millert@

 - todd



Re: syslogd listen keep alive

2020-09-14 Thread Todd C . Miller
On Mon, 14 Sep 2020 21:49:07 +0200, Alexander Bluhm wrote:

> A while ago dhill@ pointed out that syslogd TCP sockets will stay
> open forever if a client aborts the connection silently.  As syslogd
> does not write anything into incoming connections, it will not
> recognize failure and the socket will stay forever.
>
> Setting TCP keep alive on the listen socket will prevent that.  Note
> that outgoing connections don't need it as syslogd will write data
> into them.

OK millert@

 - todd



Re: smtp(1) fix for usernames containing '@' symbols

2020-09-14 Thread Todd C . Miller
On Mon, 14 Sep 2020 16:55:43 -, Josh Rickmar wrote:

> Some email accounts use account names that include the @host portion,
> and this broke the server and credentials parsing in smtp(1).  Sometimes
> I see these @ characters encoded as %40, but smtp(1) was not decoding
> these url escape sequences before base64 encoding and talking with the
> server.
>
> Searching for the last @ character instead of the first is a simple
> fix.  This mail was sent using this diff.

Yes, that seems like the simplest approach and matches how smtpd
handles user@host strings.  I've committed the patch, thanks.

 - todd



Re: smtpd: document "pki" option for relay delivery in smtpd.conf(5)

2020-09-14 Thread Todd C . Miller
On Sun, 13 Sep 2020 20:45:35 +0800, Nick Gasson wrote:

> I struggled a bit to configure smtpd to relay to a remote server that
> requires SSL client certificates. The solution is to just add a "pki
> host.example.org" option, but "pki" is not listed as a valid option for
> the relay delivery method, even though the parser accepts it.

Committed.

 - todd



Re: smtpd: document "pki" option for relay delivery in smtpd.conf(5)

2020-09-13 Thread Todd C . Miller
On Sun, 13 Sep 2020 20:45:35 +0800, Nick Gasson wrote:

> I struggled a bit to configure smtpd to relay to a remote server that
> requires SSL client certificates. The solution is to just add a "pki
> host.example.org" option, but "pki" is not listed as a valid option for
> the relay delivery method, even though the parser accepts it.

Looks good to me.  Anyone else want to OK this?

 - todd



Re: basename(3) should have non-const arg, says POSIX

2020-09-12 Thread Todd C . Miller
On Sat, 12 Sep 2020 17:05:02 +0200, Christian Weisgerber wrote:

> A make build with the patch below succeeds, but gains some new
> warnings "passing 'const char *' to parameter of type 'char *'
> discards qualifiers".
>
> This is a portability trap.  Code written on OpenBSD may not be
> prepared for basename() or dirname() to splat a '\0' into the input
> string, despite the warning in the man page.
>
> I'm in favor of moving to the POSIX prototypes, but I don't know
> if there are any hidden pitfalls I may be missing.  Opinions,
> comments?

This is probably the right thing to do but we should fix the warnings
it generates.  In this new world order, passing a const char * to
basename() or dirname() is unsafe.

 - todd



Re: httpd: use the original uri for REQUEST_URI

2020-09-11 Thread Todd C . Miller
On Fri, 11 Sep 2020 16:55:35 +0900, YASUOKA Masahiko wrote:

> Anyone?
>
> This is a tiny change but makes httpd(8) more correct.
> The diff is not so complicated.

OK millert@

 - todd



Re: Format string check for dprintf(3)

2020-09-10 Thread Todd C . Miller
On Thu, 10 Sep 2020 20:19:14 +0200, Christian Weisgerber wrote:

> Absent -Werror, I do not expect any fallout from this, but I ran a
> successful amd64 make build with it anyway.

OK millert@

 - todd



Re: clang warning in vmctl

2020-09-02 Thread Todd C . Miller
Looks correct, OK millert@

 - todd

On Wed, 02 Sep 2020 21:43:47 +0200, Theo Buehler wrote:

> clang 10 complains:
>
> /usr/src/usr.sbin/vmctl/vmctl.c:792:35: warning: comparing a pointer to a nul
> l character
>   constant; did you mean to compare to NULL? [-Wpointer-compare]
> '/')) == NULL || ++tty == '\0')
>   ^~~~
>   (void *)0
> The intent is probably rather this:
>
> Index: vmctl.c
> ===
> RCS file: /var/cvs/src/usr.sbin/vmctl/vmctl.c,v
> retrieving revision 1.74
> diff -u -p -r1.74 vmctl.c
> --- vmctl.c   11 Mar 2020 12:47:49 -  1.74
> +++ vmctl.c   2 Sep 2020 18:06:47 -
> @@ -789,7 +789,7 @@ print_vm_info(struct vmop_info_result *l
>   tty = "-";
>   /* get tty - skip /dev/ path */
>   else if ((tty = strrchr(vmi->vir_ttyname,
> - '/')) == NULL || ++tty == '\0')
> + '/')) == NULL || *++tty == '\0')
>   tty = list[i].vir_ttyname;
>  
>   (void)fmt_scaled(vir->vir_used_size, curmem);
>



Re: shrinking and growing reallocs: a theoretical? bad case for performance

2020-08-31 Thread Todd C . Miller
On Mon, 31 Aug 2020 08:39:56 +0200, Otto Moerbeek wrote:

> 1. I do not put high pages of shrinking reallocs into to cache, but
> directly unmap.
>
> 2. For small shrinking reallocs realloc become a no-op. Pro: no
> syscalls at all, cons: the actual allocation is larger, so less
> overflow detection. So I do not do this if guard pages are active or
> the reduction is larger than the cache size.

I think this strikes a good balance.  It is a common pattern to
preallocate an estimated amount and then use realloc() to shrink
it once the actual data has been stored.  If that buffer is later
enlarged, you can get the kind of behavior your test program exhibits.

Taking advantage of the sparse address space is smart and as 64-bit
is now the norm, that space is even sparser.

 - todd



Re: make(1): anchors in :S/old_string/new_string/

2020-08-25 Thread Todd C . Miller
On Thu, 20 Aug 2020 20:31:03 +0200, Theo Buehler wrote:

> I think the fix should be as simple as the diff below.  I added a small
> extension of a regress test for this.  Unpatched make fails, patched
> make passes.

That looks good to me, I can't think of any problems that moving
the logic into common_get_patternarg() would cause.
OK millert@

 - todd



Re: unbound(8): disable explicit port randomisation

2020-08-24 Thread Todd C . Miller
On Mon, 24 Aug 2020 15:39:09 +0200, Florian Obser wrote:

> With the update sthen@ just put in we can enable this:
>
>   --disable-explicit-port-randomisation
>   disable explicit source port randomisation and rely
>   on the kernel to provide random source ports

OK millert@

 - todd



awk: implement mktime() function

2020-08-23 Thread Todd C . Miller
Both gawk and mawk include mktime() in their time functions.
We have strftime() and systime() but no mktime().  The following
diff makes our awk more compatible with other implementations.

 - todd

Index: usr.bin/awk/awk.1
===
RCS file: /cvs/src/usr.bin/awk/awk.1,v
retrieving revision 1.56
diff -u -p -u -r1.56 awk.1
--- usr.bin/awk/awk.1   24 Jul 2020 01:57:06 -  1.56
+++ usr.bin/awk/awk.1   23 Aug 2020 16:22:46 -
@@ -684,6 +684,41 @@ This version of
 provides the following functions for obtaining and formatting time
 stamps.
 .Bl -tag -width indent
+.It Fn mktime datespec
+Converts
+.Fa datespec
+into a timestamp in the same form as a value returned by
+.Fn systime .
+The
+.Fa datespec
+is a string composed of six or seven numbers separated by whitespace:
+.Bd -literal -offset indent
+ MM DD HH MM SS [DST]
+.Ed
+.Pp
+The fields in
+.Fa datespec
+are as follows:
+.Bl -tag -width ""
+.It YYY
+Year: a four-digit year, including the century.
+.It MM
+Month: a number from 1 to 12.
+.It DD
+Day: a number from 1 to 31.
+.It HH
+Hour: a number from 0 to 23.
+.It MM
+Minute: a number from 0 to 59.
+.It SS
+Second: a number from 0 to 60 (permitting a leap second).
+.It DST
+Daylight Saving Time: a positive or zero value indicates that
+DST is or is not in effect.
+If DST is not specified, or is negative,
+.Fn mktime
+will attempt to determine the correct value.
+.El
 .It Fn strftime "[format [, timestamp]]"
 Formats
 .Ar timestamp
@@ -696,6 +731,8 @@ manual page, as well as any arbitrary te
 The
 .Ar timestamp
 must be in the same form as a value returned by
+.Fn mktime
+and
 .Fn systime .
 If
 .Ar timestamp
Index: usr.bin/awk/awk.h
===
RCS file: /cvs/src/usr.bin/awk/awk.h,v
retrieving revision 1.26
diff -u -p -u -r1.26 awk.h
--- usr.bin/awk/awk.h   26 Jun 2020 15:57:39 -  1.26
+++ usr.bin/awk/awk.h   22 Aug 2020 21:17:49 -
@@ -160,6 +160,7 @@ extern Cell *symtabloc; /* SYMTAB */
 #define FRSHIFT20
 #define FSYSTIME   21
 #define FSTRFTIME  22
+#define FMKTIME23
 
 /* Node:  parse tree is made of nodes, with Cell's at bottom */
 
Index: usr.bin/awk/lex.c
===
RCS file: /cvs/src/usr.bin/awk/lex.c,v
retrieving revision 1.25
diff -u -p -u -r1.25 lex.c
--- usr.bin/awk/lex.c   30 Jul 2020 17:45:44 -  1.25
+++ usr.bin/awk/lex.c   22 Aug 2020 21:18:16 -
@@ -75,6 +75,7 @@ const Keyword keywords[] = {  /* keep sor
{ "log",FLOG,   BLTIN },
{ "lshift", FLSHIFT,BLTIN },
{ "match",  MATCHFCN,   MATCHFCN },
+   { "mktime", FMKTIME,BLTIN },
{ "next",   NEXT,   NEXT },
{ "nextfile",   NEXTFILE,   NEXTFILE },
{ "or", FFOR,   BLTIN },
Index: usr.bin/awk/run.c
===
RCS file: /cvs/src/usr.bin/awk/run.c,v
retrieving revision 1.67
diff -u -p -u -r1.67 run.c
--- usr.bin/awk/run.c   11 Aug 2020 16:57:05 -  1.67
+++ usr.bin/awk/run.c   22 Aug 2020 21:35:49 -
@@ -1594,7 +1594,7 @@ Cell *bltin(Node **a, int n)  /* builtin 
FILE *fp;
int status = 0;
time_t tv;
-   struct tm *tm;
+   struct tm *tm, tmbuf;
 
t = ptoi(a[0]);
x = execute(a[1]);
@@ -1748,6 +1748,26 @@ Cell *bltin(Node **a, int n) /* builtin 
u = EOF;
else
u = fflush(fp);
+   break;
+   case FMKTIME:
+   memset(, 0, sizeof(tmbuf));
+   tm = 
+   t = sscanf(getsval(x), "%d %d %d %d %d %d %d",
+   >tm_year, >tm_mon, >tm_mday, >tm_hour,
+   >tm_min, >tm_sec, >tm_isdst);
+   switch (t) {
+   case 6:
+   tmbuf.tm_isdst = -1;/* let mktime figure it out */
+   /* FALLTHROUGH */
+   case 7:
+   tm->tm_year -= 1900;
+   tm->tm_mon--;
+   u = mktime(tm);
+   break;
+   default:
+   u = -1;
+   break;
+   }
break;
case FSYSTIME:
u = time((time_t *) 0);



Re: top: filter by routing table

2020-08-22 Thread Todd C . Miller
This looks good to me but I've refrained from commenting simply
because I don't use rtables at all myself.  Can we get some feedback
from people who actually use rtables?

 - todd



Re: bug on fmemopen(3)

2020-08-14 Thread Todd C . Miller
Fix append mode and expand regress.  I've added an append flag to
the state but we could just as easily store the open flag instead.

 - todd

Index: lib/libc/stdio/fmemopen.c
===
RCS file: /cvs/src/lib/libc/stdio/fmemopen.c,v
retrieving revision 1.4
diff -u -p -u -r1.4 fmemopen.c
--- lib/libc/stdio/fmemopen.c   14 Aug 2020 12:00:33 -  1.4
+++ lib/libc/stdio/fmemopen.c   14 Aug 2020 15:28:09 -
@@ -30,6 +30,7 @@ struct state {
size_t   size;  /* allocated size */
size_t   len;   /* length of the data */
int  update;/* open for update */
+   int  append;/* open for append */
 };
 
 static int
@@ -51,6 +52,9 @@ fmemopen_write(void *v, const char *b, i
struct state*st = v;
int i;
 
+   if (st->append)
+   st->pos = st->len;
+
for (i = 0; i < l && i + st->pos < st->size; i++)
st->string[st->pos + i] = b[i];
st->pos += i;
@@ -147,6 +151,7 @@ fmemopen(void *buf, size_t size, const c
st->len = (oflags & O_TRUNC) ? 0 : size;
st->size = size;
st->update = oflags & O_RDWR;
+   st->append = oflags & O_APPEND;
 
if (buf == NULL) {
if ((st->string = malloc(size)) == NULL) {
@@ -173,7 +178,7 @@ fmemopen(void *buf, size_t size, const c
 
fp->_flags = (short)flags;
fp->_file = -1;
-   fp->_cookie = (void *)st;
+   fp->_cookie = st;
fp->_read = (flags & __SWR) ? NULL : fmemopen_read;
fp->_write = (flags & __SRD) ? NULL : fmemopen_write;
fp->_seek = fmemopen_seek;

Index: regress/lib/libc/fmemopen/fmemopentest.c
===
RCS file: /cvs/src/regress/lib/libc/fmemopen/fmemopentest.c,v
retrieving revision 1.3
diff -u -p -u -r1.3 fmemopentest.c
--- regress/lib/libc/fmemopen/fmemopentest.c28 Mar 2013 09:35:58 -  
1.3
+++ regress/lib/libc/fmemopen/fmemopentest.c15 Aug 2020 01:02:47 -
@@ -70,7 +70,7 @@ simpletest(void)
 }
 
 int
-updatetest(void)
+appendtest(const char *mode)
 {
FILE*s1;
char string[] = "hello\0 test number 2";
@@ -78,35 +78,44 @@ updatetest(void)
size_t   len;
int  failures = 0;
 
-   s1 = fmemopen(string, 19, "a+");
+   s1 = fmemopen(string, 19, mode);
if (s1 == NULL)
return (1);
 
+   fseek(s1, 0, SEEK_SET);
+   if (ftell(s1) != 0) {
+   warnx("failed seek test [%s] (4)", mode);
+   failures++;
+   }
+
+   /* write should append even though seek position is 0 */
len = fwrite(" world", 1, 6, s1);
if (len != 6) {
-   warnx("failed write test (4)");
+   warnx("failed write test [%s] (5)", mode);
failures++;
}
 
-   fseek(s1, 0, SEEK_SET);
-   if (ftell(s1) != 0) {
-   warnx("failed seek test (5)");
+   if (ftell(s1) != strlen("hello world")) {
+   warnx("failed seek test [%s] (6)", mode);
failures++;
}
 
-   len = fread(buffer, 1, sizeof(buffer) - 1, s1);
-   if (strncmp(string, buffer, len)) {
-   warnx("failed compare test (6)");
-   failures++;
+   if (mode[1] == '+') {
+   fseek(s1, 0, SEEK_SET);
+   len = fread(buffer, 1, sizeof(buffer) - 1, s1);
+   if (len == 0 || strncmp(string, buffer, len)) {
+   warnx("failed compare test [%s] (7)", mode);
+   failures++;
+   }
}
 
if (strcmp(string, "hello world")) {
-   warnx("failed compare test (7)");
+   warnx("failed compare test [%s] (8)", mode);
failures++;
}
 
if (strcmp(string + strlen(string) + 1, "number 2")) {
-   warnx("failed compare test (8)");
+   warnx("failed compare test [%s] (9)", mode);
failures++;
}
 
@@ -114,7 +123,46 @@ updatetest(void)
 }
 
 int
-writetest(void)
+updatetest(void)
+{
+   FILE*s1;
+   char string[] = "bah, what a day";
+   char buffer[256];
+   size_t   len;
+   int  failures = 0;
+
+   s1 = fmemopen(string, 19, "r+");
+   if (s1 == NULL)
+   return (1);
+
+   if (ftell(s1) != 0) {
+   warnx("failed seek test (10)");
+   failures++;
+   }
+
+   len = fwrite("oh frabjous", 1, 11, s1);
+   if (len != 11) {
+   warnx("failed write test (11)");
+   failures++;
+   }
+
+   fseek(s1, 0, SEEK_SET);
+   len = fread(buffer, 1, sizeof(buffer) - 1, s1);
+   if (len == 0 || strncmp(string, buffer, len)) {
+   warnx("failed compare test (12)");
+   failures++;
+   }
+
+   if 

Re: setitimer(2): write new timer value once

2020-08-11 Thread Todd C . Miller
Makes sense, OK millert@.

 - todd



Re: brconfig: strto*l -> strtonum()

2020-08-08 Thread Todd C . Miller
On Sat, 08 Aug 2020 05:09:22 +0200, Klemens Nanni wrote:

> Alternatively, we can avoid duplicating the ioctl specific min/max
> values in strtonum(3) calls, just use the struct member type's *_MAX
> defines and rely on the kernel for appropiate boundary checks - this is
> what the code does now.

I like this approach.  OK millert@

 - todd



Re: mountd: Avoid reading one byte before buffer

2020-08-06 Thread Todd C . Miller
Length checks should generally be done before the dereference :-)
OK millert@

 - todd



lex: reset yy_at_bol in yyless() if yyleng is non-zero.

2020-08-04 Thread Todd C . Miller
Fixes a bug where calling yyless() to unput all the chars before a
newline would not reset the beginning of line marker.  Otherwise,
flex won't match rules that start with a caret (^) after calling
yyless() in thise case.  AT lex behaves correctly.

Upstream PR: https://github.com/westes/flex/pull/452

 - todd

Index: usr.bin/lex/flex.skl
===
RCS file: /cvs/src/usr.bin/lex/flex.skl,v
retrieving revision 1.16
diff -u -p -u -r1.16 flex.skl
--- usr.bin/lex/flex.skl2 May 2017 19:16:19 -   1.16
+++ usr.bin/lex/flex.skl4 Aug 2020 16:01:22 -
@@ -532,6 +532,9 @@ m4_ifdef( [[M4_YY_NOT_IN_HEADER]],
YY_RESTORE_YY_MORE_OFFSET \
YY_G(yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - 
YY_MORE_ADJ; \
YY_DO_BEFORE_ACTION; /* set up yytext again */ \
+   if ( yyleng > 0 ) \
+   YY_CURRENT_BUFFER_LVALUE->yy_at_bol = \
+   (yytext[yyleng - 1] == '\n'); \
} \
while ( 0 )
 ]])



Re: LOCALE_HOME for strtime(3)

2020-08-01 Thread Todd C . Miller
On Sat, 01 Aug 2020 17:29:11 +0200, Jan Stary wrote:

> ping

This was already committed.

revision 1.33
date: 2020/07/16 20:08:12;  author: millert;  state: Exp;  lines: +1 -146;  
commitid: LVVrFB1zB8C0gLBS;
Remove obsolete LOCALE_HOME code we have never used (and never will).
Upstream removed it in 2004.  From Jan Stary.



Re: A concerning commit which breaks compatibility

2020-07-23 Thread Todd C . Miller
Go away troll.

 - todd



Re: top: add / as alias for g (grep)

2020-07-23 Thread Todd C . Miller
On Thu, 23 Jul 2020 22:04:24 +0200, Klemens Nanni wrote:

> I've somehow hit the slash way to often for searching a particular
> command, would anyone object if I added it as a command character?

No objection from me.

 - todd



Re: mailwrapper: hostsat and purgestat symlinks

2020-07-23 Thread Todd C . Miller
On Thu, 23 Jul 2020 21:41:53 +0200, Klemens Nanni wrote:

> Ping.
>
> Feedback? Objections? OK?

Not OK as-is.

This will break hoststat/purgestat for anyone who uses the sendmail
port.  See mail/sendmail/files/mailer.conf.sendmail in ports for
how this is used.

However, since these are really sendmail-specific we could consider
adding moving the links to the sendmail package and install them
in /usr/local/bin.

 - todd



Re: Potential grep bug?

2020-07-22 Thread Todd C . Miller
On Wed, 22 Jul 2020 20:57:56 +0200, Martijn van Duren wrote:

> Any takers?

OK millert@

 - todd



Re: join(1) remove redundant memory copy

2020-07-22 Thread Todd C . Miller
On Wed, 22 Jul 2020 20:29:06 +0200, Martijn van Duren wrote:

> When r1.28 converted join(1) to getline(3) it left the old intermediate
> line variable. This means using an additional memcpy and reallocing.
> I reckon this is wasted cycles and screen filling.
>
> Major difference is that our getline allocates to the next power of 2,
> while the current code overcommits a maximum of ~100 bytes. I reckon
> this is a fair trade-off.

Looks good, one minor comment inline.  Either way, OK millert@

 - todd

> Index: join.c
> ===
> RCS file: /cvs/src/usr.bin/join/join.c,v
> retrieving revision 1.32
> diff -u -p -r1.32 join.c
> --- join.c14 Nov 2018 15:16:09 -  1.32
> +++ join.c22 Jul 2020 18:19:34 -
> @@ -271,9 +271,8 @@ slurp(INPUT *F)
>  {
>   LINE *lp, *lastlp, tmp;
>   ssize_t len;
> - size_t linesize;
>   u_long cnt;
> - char *bp, *fieldp, *line;
> + char *bp, *fieldp;
>  
>   /*
>* Read all of the lines from an input file that have the same
> @@ -281,8 +280,6 @@ slurp(INPUT *F)
>*/
>  
>   F->setcnt = 0;
> - line = NULL;
> - linesize = 0;
>   for (lastlp = NULL; ; ++F->setcnt) {
>   /*
>* If we're out of space to hold line structures, allocate
> @@ -320,22 +317,12 @@ slurp(INPUT *F)
>   F->pushbool = 0;
>   continue;
>   }
> - if ((len = getline(, , F->fp)) == -1)
> + if ((len = getline(&(lp->line), &(lp->linealloc), F->fp)) == -1
> )
>   break;
>  
>   /* Remove trailing newline, if it exists, and copy line. */
> - if (line[len - 1] == '\n')
> + if (lp->line[len - 1] == '\n')
>   len--;

You could replace "len--" with "lp->line[len - 1] = '\0'" here (or
"lp->line[--len] = '\0'" if you prefer but len is otherwise unused).

> - if (lp->linealloc <= len + 1) {
> - char *p;
> - u_long newsize = lp->linealloc +
> - MAXIMUM(100, len + 1 - lp->linealloc);
> - if ((p = realloc(lp->line, newsize)) == NULL)
> - err(1, NULL);
> - lp->line = p;
> - lp->linealloc = newsize;
> - }
> - memcpy(lp->line, line, len);
>   lp->line[len] = '\0';

Then there would be no need to NUL terminate here since getline(3)
always NUL terminates.

>  
>   /* Split the line into fields, allocate space as necessary. */
> @@ -363,7 +350,6 @@ slurp(INPUT *F)
>   break;
>   }
>   }
> - free(line);
>  }
>  
>  char *



Re: LOCALE_HOME for strtime(3)

2020-07-15 Thread Todd C . Miller
Upstream tzcode removed the LOCALE_HOME bits in 2014.  There's no
reason for us to keep it.

 - todd



Re: readlink "/etc/localtime" vs unveil

2020-07-11 Thread Todd C . Miller
On Sat, 11 Jul 2020 13:35:57 -0700, Greg Steuck wrote:

> The problem seems to be due to Chromium doing a readlink (likely at
> [1]) on /etc/localtime, which fails. There's a workaround that
> happens to work for chromium (and firefox).  Just set TZ in your
> environment.

You could just add a call to tzset() before unveil() is called.
That will cause /etc/localtime to be read and its value cached.

 - todd



Re: disable libc sys wrappers?

2020-07-08 Thread Todd C . Miller
On Wed, 08 Jul 2020 23:14:17 +0300, Paul Irofti wrote:

> I don't see the original mail here either. Is it me or Ted, or a forward from
>  a private conversation? Anyway, I am OK with this and Robert had a similar d
> iff two months ago when this started. Just make sure this is off by default f
> or both type of binaries.

Ted's original mail had an invalid Message-Id field which may have
caused delivery problems.

 - todd



  1   2   3   4   5   6   7   8   9   10   >