openbsd
9 years agoCast arguments of ctype functions to Char, a lexism defined as unsigned
mmcc [Thu, 15 Oct 2015 05:57:09 +0000 (05:57 +0000)]
Cast arguments of ctype functions to Char, a lexism defined as unsigned
char.

Part of a larger attempt to audit ctype function argument types with
Coccinelle.

ok deraadt@

9 years agoFIOCLEX & FIONCLEX should be in base ioctl set
deraadt [Thu, 15 Oct 2015 04:58:54 +0000 (04:58 +0000)]
FIOCLEX & FIONCLEX should be in base ioctl set

9 years agogive up; include stdlib.h from the .h file, sigh
deraadt [Thu, 15 Oct 2015 04:41:09 +0000 (04:41 +0000)]
give up; include stdlib.h from the .h file, sigh

9 years agofsck_ffs has a ^T signal handler which opens /dev/tty late. Hoist that
deraadt [Thu, 15 Oct 2015 03:10:05 +0000 (03:10 +0000)]
fsck_ffs has a ^T signal handler which opens /dev/tty late.  Hoist that
opening to before the pledge, and cache the fd.
looked over by millert

9 years agolock needs pledge(proc exec) to use bsd auth system. from trondd
tedu [Thu, 15 Oct 2015 02:35:04 +0000 (02:35 +0000)]
lock needs pledge(proc exec) to use bsd auth system. from trondd

9 years agoFix a crash that occurs when printing the filename in a malformed NFS
lteo [Thu, 15 Oct 2015 02:33:25 +0000 (02:33 +0000)]
Fix a crash that occurs when printing the filename in a malformed NFS
request packet.

From Kevin Reay who obtained the fix from the tcpdump.org repo (part of
commit 6191f36146f5d286304e9b6e893477fe509d83ab).

ok canacar@ sthen@

9 years agoAdd missing includes to make the pf(4) man page example program compile
lteo [Thu, 15 Oct 2015 02:26:27 +0000 (02:26 +0000)]
Add missing includes to make the pf(4) man page example program compile
again.

Spotted by and based on a diff from Jack J. Woehr.

9 years agoavoid using a var uninitialised
jsg [Thu, 15 Oct 2015 01:14:33 +0000 (01:14 +0000)]
avoid using a var uninitialised
ok jung@

9 years agoFALTHROUGH->FALLTHROUGH in comment, ok deraadt a few days ago
sthen [Wed, 14 Oct 2015 23:15:37 +0000 (23:15 +0000)]
FALTHROUGH->FALLTHROUGH in comment, ok deraadt a few days ago

9 years agoDocument flock request
millert [Wed, 14 Oct 2015 22:39:04 +0000 (22:39 +0000)]
Document flock request

9 years agoAdd a dummy "flock" request that will allow file locking. It is
millert [Wed, 14 Oct 2015 22:34:47 +0000 (22:34 +0000)]
Add a dummy "flock" request that will allow file locking.  It is
not currently enforced but we want the kernel to be able to parse
it for an upcoming diff in the next few days.

9 years agosmtpd in tree is no longer neither 5.4.4, nor 5.4.5, bump SMTPD_VERSION
gilles [Wed, 14 Oct 2015 22:16:38 +0000 (22:16 +0000)]
smtpd in tree is no longer neither 5.4.4, nor 5.4.5, bump SMTPD_VERSION

9 years agowhitespaces
gilles [Wed, 14 Oct 2015 22:01:43 +0000 (22:01 +0000)]
whitespaces

9 years agobetter fix for overrun reported by Qualys Security.
tedu [Wed, 14 Oct 2015 21:54:10 +0000 (21:54 +0000)]
better fix for overrun reported by Qualys Security.
buf is at all times kept nul terminated, so there is no need to enforce
this again upon exit. (no need to move buf around after we exahust space.)
ok beck miod

9 years agoSMTPD_MAXPATHLEN -> PATH_MAX, this was unnoticed as file is not linked
gilles [Wed, 14 Oct 2015 21:30:40 +0000 (21:30 +0000)]
SMTPD_MAXPATHLEN -> PATH_MAX, this was unnoticed as file is not linked

9 years agoimsg_read() may return EAGAIN, handle it in mproc_dispatch()
gilles [Wed, 14 Oct 2015 21:27:29 +0000 (21:27 +0000)]
imsg_read() may return EAGAIN, handle it in mproc_dispatch()

9 years agoBail out early if we have no buf_len
beck [Wed, 14 Oct 2015 21:25:16 +0000 (21:25 +0000)]
Bail out early if we have no buf_len
ok miod@

9 years agowhitespace + only log TRACE_MPROC if not IMSG_STAT_{IN,DE}CREMENT
gilles [Wed, 14 Oct 2015 21:18:19 +0000 (21:18 +0000)]
whitespace + only log TRACE_MPROC if not IMSG_STAT_{IN,DE}CREMENT

9 years agofix a memory leak reported by Qualys Security.
tedu [Wed, 14 Oct 2015 21:12:10 +0000 (21:12 +0000)]
fix a memory leak reported by Qualys Security.
move the bndec variable in tighter since it's not used elsewhere in the
loop, then always free it after use.
ok bcook miod

9 years agoremove a handful of log_warn that we should handle at a different place to
gilles [Wed, 14 Oct 2015 21:05:31 +0000 (21:05 +0000)]
remove a handful of log_warn that we should handle at a different place to
make them really useful

9 years agowhitespace
gilles [Wed, 14 Oct 2015 21:04:37 +0000 (21:04 +0000)]
whitespace

9 years agofix define and enhanced status code reason for 5.5.0
gilles [Wed, 14 Oct 2015 21:02:11 +0000 (21:02 +0000)]
fix define and enhanced status code reason for 5.5.0

9 years agoEnsure we don't write a 0 byte past end of the buffer in the error case.
beck [Wed, 14 Oct 2015 21:02:08 +0000 (21:02 +0000)]
Ensure we don't write a 0 byte past end of the buffer in the error case.
ok bcook@ deraadt@

9 years agoUse a strict $PATH of "/usr/bin:/usr/local/bin" to run the (de)compressors
deraadt [Wed, 14 Oct 2015 20:57:28 +0000 (20:57 +0000)]
Use a strict $PATH of "/usr/bin:/usr/local/bin" to run the (de)compressors
(gzip, compress, bzip2) rather than following the user's path.  This
seems easier than hardcoding the paths elsewhere and using basename().

pax/tar is pledged itself, but it can spawn one of these programs if
asked.  The three found at the strict path use pledge "stdio" very early
during startup, providing a warm fuzzy pledge->exec->no-pledge->pledge
interlock.  For bzip2, this assumes use of the ports/packages version
installed to /usr/local/bin, which has been pledged by sthen@.

Doing a 'tar tvfz hostile.tgz' becomes a bit safer, since an attacker
finding a buffer overflow or use after free has significantly fewer
system calls available (only pledge "stdio" in the decompressor).

ok millert sthen

9 years agowe dump esc_code if we have an esc_class, code may be (and actually was)
gilles [Wed, 14 Oct 2015 20:57:17 +0000 (20:57 +0000)]
we dump esc_code if we have an esc_class, code may be (and actually was)
confused as a pasto, so add a comment to make it clear that this is not
an error

9 years agoAllow group wheel to read the mail log. OK gilles@ sthen@
millert [Wed, 14 Oct 2015 20:54:07 +0000 (20:54 +0000)]
Allow group wheel to read the mail log.  OK gilles@ sthen@

9 years agowhitespace
gilles [Wed, 14 Oct 2015 20:51:53 +0000 (20:51 +0000)]
whitespace

9 years agowhitespace
gilles [Wed, 14 Oct 2015 20:45:30 +0000 (20:45 +0000)]
whitespace

9 years agopledge() privileged process
gilles [Wed, 14 Oct 2015 19:56:58 +0000 (19:56 +0000)]
pledge() privileged process

ok deraadt@

9 years agopledge() pony and lookup
gilles [Wed, 14 Oct 2015 19:39:16 +0000 (19:39 +0000)]
pledge() pony and lookup

ok deraadt@

9 years agosync
deraadt [Wed, 14 Oct 2015 19:14:32 +0000 (19:14 +0000)]
sync

9 years agoworse, need even more includes...
deraadt [Wed, 14 Oct 2015 17:54:46 +0000 (17:54 +0000)]
worse, need even more includes...

9 years agoCheck mmap and read return values. While at it, remove unused duplicated file.
tobias [Wed, 14 Oct 2015 17:29:44 +0000 (17:29 +0000)]
Check mmap and read return values. While at it, remove unused duplicated file.

ok millert@

9 years agoTo specify a source address ping uses -I while ping6 uses -S. Switch
florian [Wed, 14 Oct 2015 17:26:01 +0000 (17:26 +0000)]
To specify a source address ping uses -I while ping6 uses -S. Switch
ping6 -I to the ping-alike semantics.
sthen@ thinks this is OK

9 years agopledge "stdio rpath" is good enough for these mainline BSD auth login
deraadt [Wed, 14 Oct 2015 17:06:58 +0000 (17:06 +0000)]
pledge "stdio rpath" is good enough for these mainline BSD auth login
programs.
(I am very surprised pledge ended up working for programs like this)
ok semarie millert

9 years agoSince the fsck_* programs now only handle one filesystem, this creates
deraadt [Wed, 14 Oct 2015 16:58:55 +0000 (16:58 +0000)]
Since the fsck_* programs now only handle one filesystem, this creates
a point where open() and disklabel reading have completed.  After that
point, pledge "stdio".

As a result, an fsck of a hostile partition (noone ever does that, or
do they? :) is done by a program with SUBSTANTIALLY less system call
exposure.
ok semarie

9 years agoCopy permissions AND ownership when -o will override an input file.
tobias [Wed, 14 Oct 2015 16:42:51 +0000 (16:42 +0000)]
Copy permissions AND ownership when -o will override an input file.

with input by and ok deraadt@, millert@, tim@

9 years agosync
deraadt [Wed, 14 Oct 2015 16:29:37 +0000 (16:29 +0000)]
sync

9 years agounfortunately rewritelabel() just before termination does a non-permitted
deraadt [Wed, 14 Oct 2015 15:54:49 +0000 (15:54 +0000)]
unfortunately rewritelabel() just before termination does a non-permitted
ioctl to rewrite the label, in support of the old-school "frag info in
the disklabel" concept.  disklabel folk, please come talk to me...

9 years agosync with httpd - no functional change, just C99 types
reyk [Wed, 14 Oct 2015 14:51:57 +0000 (14:51 +0000)]
sync with httpd - no functional change, just C99 types

9 years agoOnly accept one filesystem/device as argument for checking. Few people
deraadt [Wed, 14 Oct 2015 14:33:45 +0000 (14:33 +0000)]
Only accept one filesystem/device as argument for checking.  Few people
will be calling these directly, and not for the multiple filesystem case.
fsck(8) is generally the parent and will handle things.
ok semarie; this change will also help a goal jsing has

9 years agoWhen pledged with "fattr", allow chown to supplimentary groups. This
deraadt [Wed, 14 Oct 2015 14:24:03 +0000 (14:24 +0000)]
When pledged with "fattr", allow chown to supplimentary groups.  This
came out of a discussion regarding "sort foo -o foo".
ok semarie

9 years agoadd includes for crc32() and uuid_dec_be() missed in rev 1.11
jsg [Wed, 14 Oct 2015 14:13:12 +0000 (14:13 +0000)]
add includes for crc32() and uuid_dec_be() missed in rev 1.11
ok krw@

9 years agoInit a variable in the recently added carp_vhe_match() function clang
jsg [Wed, 14 Oct 2015 13:59:31 +0000 (13:59 +0000)]
Init a variable in the recently added carp_vhe_match() function clang
and mpi believe could be used uninitialised.

ok mpi@

9 years agogc lst_ForEachNodeWhile, which isn't actually in use anywhere
espie [Wed, 14 Oct 2015 13:52:11 +0000 (13:52 +0000)]
gc lst_ForEachNodeWhile, which isn't actually in use anywhere

9 years agomake sure we use stdbool.h
espie [Wed, 14 Oct 2015 13:50:22 +0000 (13:50 +0000)]
make sure we use stdbool.h
Mostly diff by Daniel Dickman, who told me to commit in his stead,
as he's tied up at work.

9 years agoinclude err.h for the err() calls added in rev 1.46
jsg [Wed, 14 Oct 2015 13:32:44 +0000 (13:32 +0000)]
include err.h for the err() calls added in rev 1.46

9 years agoDon't use the NONE enum value where NULL was intended. Found with clang.
jsg [Wed, 14 Oct 2015 13:27:50 +0000 (13:27 +0000)]
Don't use the NONE enum value where NULL was intended.  Found with clang.
ok renato@

9 years agobugfix: add ${.CURDIR} to deal with obj symlinks
vgross [Wed, 14 Oct 2015 13:23:25 +0000 (13:23 +0000)]
bugfix: add ${.CURDIR} to deal with obj symlinks

9 years agounbreak regress/sbin/newfs
semarie [Wed, 14 Oct 2015 13:22:56 +0000 (13:22 +0000)]
unbreak regress/sbin/newfs

/dev/prandom is no more since Nov 30, 2008

OK otto@

9 years agobugfix : use ${.CURDIR} to cope with obj symlinks
vgross [Wed, 14 Oct 2015 13:17:33 +0000 (13:17 +0000)]
bugfix : use ${.CURDIR} to cope with obj symlinks

9 years agoadd regress tests for automatic port allocation.
vgross [Wed, 14 Oct 2015 12:47:07 +0000 (12:47 +0000)]
add regress tests for automatic port allocation.
- enable ipv4
- leave ipv6 disabled

9 years agoadd regress tests for automatic port allocation
vgross [Wed, 14 Oct 2015 12:38:52 +0000 (12:38 +0000)]
add regress tests for automatic port allocation

9 years agoReset the RTF_CONNECTED flag when cloning an entry.
mpi [Wed, 14 Oct 2015 10:18:03 +0000 (10:18 +0000)]
Reset the RTF_CONNECTED flag when cloning an entry.

While here check for RTF_CLONED insted of RTM_RESOLVE when adding an
entry.

Found while debugging naddy@'s NFS vs em(4) vs rtisvalid(9) issue.

9 years agoRewrite the logic around the dymanic array of routing tables to help
mpi [Wed, 14 Oct 2015 10:09:30 +0000 (10:09 +0000)]
Rewrite the logic around the dymanic array of routing tables to help
turning rtable_get(9) MP-safe.

Use only one per-AF array, as suggested by claudio@, pointing to an
array of pointers to the routing table heads.

Routing tables are now allocated/initialized per-AF.  This will let
us allocate routing table on-demand instead of always having an
AF_INET, AF_MPLS and AF_INET table as soon as a new rtableID is used.

This also get rid of the "void ***" madness.

ok dlg@, jmatthew@

9 years agoConvert fgetln to getline.
sunil [Wed, 14 Oct 2015 09:14:11 +0000 (09:14 +0000)]
Convert fgetln to getline.

Ok millert@ eric@ gilles@

9 years agotweak previous (two details i apparently missed)
schwarze [Wed, 14 Oct 2015 09:11:25 +0000 (09:11 +0000)]
tweak previous (two details i apparently missed)

9 years agoPledge "stdio" for simple games.
doug [Wed, 14 Oct 2015 08:12:12 +0000 (08:12 +0000)]
Pledge "stdio" for simple games.

ok semarie@

9 years agoTwo more char -> unsigned char in ctype functions.
reyk [Wed, 14 Oct 2015 08:02:38 +0000 (08:02 +0000)]
Two more char -> unsigned char in ctype functions.

9 years agoMore (unsigned char) casts for ctype functions.
reyk [Wed, 14 Oct 2015 07:58:14 +0000 (07:58 +0000)]
More (unsigned char) casts for ctype functions.

Pointed out by Michael McConville

9 years agoAdd EVP_AEAD_CTX_init(3) manpage to document the new(ish) AEAD API.
reyk [Wed, 14 Oct 2015 07:41:28 +0000 (07:41 +0000)]
Add EVP_AEAD_CTX_init(3) manpage to document the new(ish) AEAD API.
The "authenticated encryption with additional data" API is used for
ciphers like AES-GCM or ChaCha20-Poly1305.  The manpage is a beginning
and certainly needs more work, especially improvements in the EXAMPLES
section.

Based on agl's source code comments.
Converted from pod to mandoc by schwarze@

OK schwarze@ jsing@

9 years agoenable pledge(2) in rain(6)
semarie [Wed, 14 Oct 2015 07:19:23 +0000 (07:19 +0000)]
enable pledge(2) in rain(6)

it is libcurses program: at init it needs "stdio rpath getpw tty", and after
drop to just "stdio tty". "tty" is needed at end for restoring the tty.

initial patch from doug@
ok doug@ deraadt@

9 years agoRemove conditional compilation and #defines around signal handling
guenther [Wed, 14 Oct 2015 04:55:17 +0000 (04:55 +0000)]
Remove conditional compilation and #defines around signal handling
Don't catch signals that were ignored on entry
Suppress SIGCHLD if our kid is stopped: we don't care and it's not an error

ok millert@

9 years agopledge "tty" can allow ioctl TIOCEXCL on a tty
deraadt [Wed, 14 Oct 2015 04:05:43 +0000 (04:05 +0000)]
pledge "tty" can allow ioctl TIOCEXCL on a tty

9 years agoI messed up reading the call graph. -d delete does use search, so a
deraadt [Wed, 14 Oct 2015 04:03:01 +0000 (04:03 +0000)]
I messed up reading the call graph.  -d delete does use search, so a
late pledge is not possible in this way.

9 years agosendmsg() is allowed to pass cmsg's which are not CMSG_RIGHTS - last
deraadt [Wed, 14 Oct 2015 03:27:02 +0000 (03:27 +0000)]
sendmsg() is allowed to pass cmsg's which are not CMSG_RIGHTS - last
refactoring inverted the checks; spotted by sthen in ping6.

9 years agoBackout last. Breaks sparc64, amoung other dubiousness.
krw [Wed, 14 Oct 2015 00:19:04 +0000 (00:19 +0000)]
Backout last. Breaks sparc64, amoung other dubiousness.

requested by deraadt@

9 years agoReject the escape sequences \[uD800] to \[uDFFF] in the parser.
schwarze [Tue, 13 Oct 2015 23:30:42 +0000 (23:30 +0000)]
Reject the escape sequences \[uD800] to \[uDFFF] in the parser.
These surrogates are not valid Unicode codepoints,
so treat them just like any other undefined character escapes:
Warn about them and do not produce output.
Issue noticed while talking to stsp@, semarie@, and bentley@.

9 years agoMajor character table cleanup:
schwarze [Tue, 13 Oct 2015 22:57:49 +0000 (22:57 +0000)]
Major character table cleanup:
* Use ohash(3) rather than a hand-rolled hash table.
* Make the character table static in the chars.c module:
There is no need to pass a pointer around, we most certainly
never want to use two different character tables concurrently.
* No need to keep the characters in a separate file chars.in;
that merely encourages downstream porters to mess with them.
* Sort the characters to agree with the mandoc_chars(7) manual page.
* Specify Unicode codepoints in hex, not decimal (that's the detail
that originally triggered this patch).
No functional change, minus 100 LOC, and i don't see a performance change.

9 years agoCall the sort program through $SORTPROG, as intended; OK millert@
tim [Tue, 13 Oct 2015 22:14:51 +0000 (22:14 +0000)]
Call the sort program through $SORTPROG, as intended; OK millert@

9 years agoPrevent a NULL-pointer dereference when closing a ugen(4) node
mpi [Tue, 13 Oct 2015 20:57:46 +0000 (20:57 +0000)]
Prevent a NULL-pointer dereference when closing a ugen(4) node
in case the kernel failed to change the interface of a device.

Found the hardway by okan

9 years agoIn rev 1.15 the sizeof argument was fixed in a strlcat() call but
millert [Tue, 13 Oct 2015 20:55:37 +0000 (20:55 +0000)]
In rev 1.15 the sizeof argument was fixed in a strlcat() call but
the truncation check immediately following it was not updated to
match.  Not an issue in practice since the buffers are the same
size.  OK deraadt@

9 years agoCheck if a file name can be extracted from a line before marking for
lum [Tue, 13 Oct 2015 20:10:09 +0000 (20:10 +0000)]
Check if a file name can be extracted from a line before marking for
deletion.

9 years ago3 more headers required for one stinking inet6 ioctl..
deraadt [Tue, 13 Oct 2015 20:00:49 +0000 (20:00 +0000)]
3 more headers required for one stinking inet6 ioctl..

9 years ago- pf_insert_src_node(): global argument (arg6) is useless, function
sashan [Tue, 13 Oct 2015 19:32:31 +0000 (19:32 +0000)]
- pf_insert_src_node(): global argument (arg6) is useless, function
  always gets pointer to rule.

- pf_remove_src_node(): function should always remove matching src node,
  regardless the sn->rule.ptr being NULL or valid rule

- sn->rule.ptr is never NULL, spotted by mpi and Richard Procter _von_ gmail.com

OK mpi@, OK mikeb@

9 years agosm_error() already does the exit for us.
ajacoutot [Tue, 13 Oct 2015 18:52:56 +0000 (18:52 +0000)]
sm_error() already does the exit for us.

9 years agoAllow ioctl SIOCGNBRINFO_IN6 in case of "route", for use by ndp.
deraadt [Tue, 13 Oct 2015 18:42:06 +0000 (18:42 +0000)]
Allow ioctl SIOCGNBRINFO_IN6 in case of "route", for use by ndp.

9 years agoNET_RT_FLAGS must also accept a proto selection.
deraadt [Tue, 13 Oct 2015 18:38:34 +0000 (18:38 +0000)]
NET_RT_FLAGS must also accept a proto selection.

9 years agoTest t16 for ed-formatted diffs does not contain a substitution.
tobias [Tue, 13 Oct 2015 17:07:05 +0000 (17:07 +0000)]
Test t16 for ed-formatted diffs does not contain a substitution.
Add a minimalistic check in t17.

9 years agoIgnore the setuid/setgid/sticky bits when copying the permissions of an input
tim [Tue, 13 Oct 2015 16:55:03 +0000 (16:55 +0000)]
Ignore the setuid/setgid/sticky bits when copying the permissions of an input
file to the new output file. In preparation for pledge(2).

Suggested by and OK millert@

9 years agoReplace our /^\.\././ expression with /.//. The term is simpler and has
tobias [Tue, 13 Oct 2015 16:37:17 +0000 (16:37 +0000)]
Replace our /^\.\././ expression with /.//. The term is simpler and has
the same meaning in our diff ed-context.

As a bonus, our ed-diff output can be processed by GNU patch now, too.

okay millert@

9 years agoPut ASN1_dup() under #ifndef LIBRESSL_INTERNAL.
jsing [Tue, 13 Oct 2015 16:31:08 +0000 (16:31 +0000)]
Put ASN1_dup() under #ifndef LIBRESSL_INTERNAL.

9 years agoAfter the socket is open, the remainder is just io operations.
deraadt [Tue, 13 Oct 2015 16:30:55 +0000 (16:30 +0000)]
After the socket is open, the remainder is just io operations.
Use pledge "stdio".

9 years agoRemove -b flag and let ping6 set the socket buffer size automatically
florian [Tue, 13 Oct 2015 16:26:54 +0000 (16:26 +0000)]
Remove -b flag and let ping6 set the socket buffer size automatically
like ping.
Suggested by deraadt@, OK dlg

9 years ago-C and -c allow at most one input file. Ensure this is the case when the
tim [Tue, 13 Oct 2015 16:21:42 +0000 (16:21 +0000)]
-C and -c allow at most one input file. Ensure this is the case when the
input files are specified through --files0-from.

OK millert@

9 years agoapply PubkeyAcceptedKeyTypes filtering earlier, so all skipped
djm [Tue, 13 Oct 2015 16:15:21 +0000 (16:15 +0000)]
apply PubkeyAcceptedKeyTypes filtering earlier, so all skipped
keys are noted before pubkey authentication starts. ok dtucker@

9 years agoallow getsockopt IP_RECVDSTPORT & IPV6_RECVDSTPORT for an "inet" pledge
deraadt [Tue, 13 Oct 2015 16:09:24 +0000 (16:09 +0000)]
allow getsockopt IP_RECVDSTPORT & IPV6_RECVDSTPORT for an "inet" pledge

9 years agosemarie points out i am already forgetting the rules are very tight around
deraadt [Tue, 13 Oct 2015 15:55:44 +0000 (15:55 +0000)]
semarie points out i am already forgetting the rules are very tight around
*chown, even "proc fattr" won't let you do such a job.  remove early pledge(),
only leave call after fchown, before when symbol table work gets done.

9 years agoReduce the amount of code by moving the three copies of the ohash
schwarze [Tue, 13 Oct 2015 15:50:15 +0000 (15:50 +0000)]
Reduce the amount of code by moving the three copies of the ohash
callback functions into one common place, preparing for the use of
ohash for some additional purposes.  No functional change.

9 years agooops, a chown appears late on the code. to satisfy this pledge
deraadt [Tue, 13 Oct 2015 15:43:19 +0000 (15:43 +0000)]
oops, a chown appears late on the code.  to satisfy this pledge
"stdio rpath wpath cpath getpw fattr proc" early on; "proc fattr"
allows doing work with other uids on the file.  after opening the
db, do the chown (replace with fchown since we know fd) and then
pledge "stdio rpath"; "rpath" due to tmpfile rename() at the end.
mistake spotted by mpi

9 years agoConvert ECParameters_dup() from a macro that uses ASN1_dup_of() into an
jsing [Tue, 13 Oct 2015 15:25:18 +0000 (15:25 +0000)]
Convert ECParameters_dup() from a macro that uses ASN1_dup_of() into an
actual function. This removes the last ASN1_dup_of usage from the tree.

Feedback from doug@ and miod@

9 years agocan pledge "stdio" after opening device.
deraadt [Tue, 13 Oct 2015 15:15:30 +0000 (15:15 +0000)]
can pledge "stdio" after opening device.

9 years agopledge "stdio rpath wpath cpath fattr"; fattr due to locking code borrowed
deraadt [Tue, 13 Oct 2015 15:14:26 +0000 (15:14 +0000)]
pledge "stdio rpath wpath cpath fattr"; fattr due to locking code borrowed
from mail.local

9 years agopledge "stdio rpath wpath cpath", full path handling to satisfy dbopen()
deraadt [Tue, 13 Oct 2015 15:12:53 +0000 (15:12 +0000)]
pledge "stdio rpath wpath cpath", full path handling to satisfy dbopen()

9 years agopledge "stdio rpath wpath cpath proc exec". creates files throughout
deraadt [Tue, 13 Oct 2015 15:11:48 +0000 (15:11 +0000)]
pledge "stdio rpath wpath cpath proc exec".  creates files throughout
it's lifetime, and often runs a pipe through "cpp"

9 years agopledge "stdio rpath wpath cpath"
deraadt [Tue, 13 Oct 2015 15:10:30 +0000 (15:10 +0000)]
pledge "stdio rpath wpath cpath"

9 years agoDon't use exp2f(), it breaks build on vax. Use a shift instead.
stsp [Tue, 13 Oct 2015 14:36:15 +0000 (14:36 +0000)]
Don't use exp2f(), it breaks build on vax. Use a shift instead.
reported by deraadt@

9 years agoConvert a number of the old ASN1_{d2i,i2d}_{bio,fp}_of() macros to
jsing [Tue, 13 Oct 2015 14:03:26 +0000 (14:03 +0000)]
Convert a number of the old ASN1_{d2i,i2d}_{bio,fp}_of() macros to
ASN1_item_{d2i,i2d}_{bio,fp}() function calls.

ok beck@ doug@

9 years agoSingle byte read/write tests.
jsing [Tue, 13 Oct 2015 13:59:45 +0000 (13:59 +0000)]
Single byte read/write tests.

9 years agoAdd test coverage for peer certificate info and connection info.
jsing [Tue, 13 Oct 2015 13:58:33 +0000 (13:58 +0000)]
Add test coverage for peer certificate info and connection info.