jsing [Sat, 19 Apr 2014 14:36:35 +0000 (14:36 +0000)]
More KNF.
gilles [Sat, 19 Apr 2014 14:32:03 +0000 (14:32 +0000)]
(void) cast a strlcpy that cannot truncate
gilles [Sat, 19 Apr 2014 14:27:29 +0000 (14:27 +0000)]
(void) cast strlcpy/strlcat/snprintf calls that cannot truncate
henning [Sat, 19 Apr 2014 14:22:32 +0000 (14:22 +0000)]
remove altq bits here, too
(i was convinced i committed that yesterday already, hrm)
gilles [Sat, 19 Apr 2014 14:21:26 +0000 (14:21 +0000)]
(void) cast strlcpy() calls that cannot truncate
gilles [Sat, 19 Apr 2014 14:19:17 +0000 (14:19 +0000)]
(void) cast strlcat() and snprintf() that cannot truncate
be a bit more strict with an strlcat() truncation by causing it to fail in
table_create() instead of later in parse.y - in both cases, this would
cause smtpd to fatal() at startup if a table has a config file too large
gilles [Sat, 19 Apr 2014 14:11:55 +0000 (14:11 +0000)]
(void) cast strlcpy() calls that cannot truncate
gilles [Sat, 19 Apr 2014 14:09:19 +0000 (14:09 +0000)]
(void) cast a snprintf() call that can't possibly truncate unless we
suddenly supported a cipher with a name that's > 200 bytes long ...
... in which case harmless truncation would occur and we'd have to
readjust our buffer
florian [Sat, 19 Apr 2014 14:06:10 +0000 (14:06 +0000)]
Fix display of destination IP when host is an IP address.
Pointed out by and OK benno@
gilles [Sat, 19 Apr 2014 14:00:45 +0000 (14:00 +0000)]
(void) cast snprintf calls that cannot truncate
gilles [Sat, 19 Apr 2014 13:57:17 +0000 (13:57 +0000)]
(void) cast a strlcpy() that cannot truncate
(void) cast a few snprintf()/strlcat() that cannot truncate and that would
be harmless if they could
gilles [Sat, 19 Apr 2014 13:52:49 +0000 (13:52 +0000)]
(cast) void two strlcpy() and a snprintf() that cannot truncate
gilles [Sat, 19 Apr 2014 13:51:24 +0000 (13:51 +0000)]
(void) cast strlcpy/strlcat/snprintf calls that cannot truncate (and would
be harmless in this case if they could)
deraadt [Sat, 19 Apr 2014 13:51:05 +0000 (13:51 +0000)]
kill a stray \
gilles [Sat, 19 Apr 2014 13:48:57 +0000 (13:48 +0000)]
(void) cast strlcpy/strlcat/snprintf that cannot truncate
gilles [Sat, 19 Apr 2014 13:40:24 +0000 (13:40 +0000)]
(void) cast strlcpy() and snprintf() that cannot truncate
gilles [Sat, 19 Apr 2014 13:35:51 +0000 (13:35 +0000)]
(void) cast snprintf() and strlcat() calls that cannot truncate
gilles [Sat, 19 Apr 2014 13:32:07 +0000 (13:32 +0000)]
(void) cast strlcpy() / strlcat() / snprintf() that cannot truncate
(void) cast a few calls that are ok to truncate because they are not used
in anything critical / unsafe, but just to make some debug/info logs a bit
more informative
guenther [Sat, 19 Apr 2014 13:31:24 +0000 (13:31 +0000)]
Lacking a proof that--for this implementation--exposure of Montgomery
multiplication or RSA blinding parameters doesn't permit retroactive
timing analysis of the secrets, we'll do the stupidly cheap thing and
cleanse them before freeing them.
ok deraadt@
jsing [Sat, 19 Apr 2014 13:29:11 +0000 (13:29 +0000)]
More KNF.
gilles [Sat, 19 Apr 2014 13:18:14 +0000 (13:18 +0000)]
(void) cast some strlcat() calls that cannot truncate
add a few fatalx() calls at places where it shouldn't fail, we'll assess
which one may be relaxed later as this code is not finished nor plugged
yet.
deraadt [Sat, 19 Apr 2014 13:13:01 +0000 (13:13 +0000)]
Remove hacky workaround for Cray T3E.
ok guenther
jsing [Sat, 19 Apr 2014 13:11:41 +0000 (13:11 +0000)]
More KNF.
deraadt [Sat, 19 Apr 2014 13:09:11 +0000 (13:09 +0000)]
oops, typo got into change
gilles [Sat, 19 Apr 2014 13:07:56 +0000 (13:07 +0000)]
add missing checks to strlcpy() when copying envelope "destination" buffer
to the mda delivery buffer. we should never hit these unless we mistakenly
change the value of a define, better be safe than sorry.
(void) cast strlcpy/strlcat that cannot truncate or that we know and want
to truncate rather than lose (informative data not used by smtpd but
intended to help the human reading the log)
henning [Sat, 19 Apr 2014 12:59:53 +0000 (12:59 +0000)]
shrink pf by 445 lines.
while there, get rid of the altq ioctls and assciated now obsolete code
gilles [Sat, 19 Apr 2014 12:55:23 +0000 (12:55 +0000)]
when receiving mail for user+tag@ and maildir is setup, we create a .tag
subdirectory in the maildir, add missing check to strlcat() so that if path
with .tag exceeds SMTPD_MAXPATHLEN we fail instead of creating a .tag dir
that's truncated.
(void) cast strlcpy()/strlcat() that cannot truncate
jsing [Sat, 19 Apr 2014 12:51:01 +0000 (12:51 +0000)]
More KNF.
gilles [Sat, 19 Apr 2014 12:48:54 +0000 (12:48 +0000)]
(void) cast strlcat(), they can't truncate
gilles [Sat, 19 Apr 2014 12:43:19 +0000 (12:43 +0000)]
unchecked strlcat() call in expand_to_text() may cause aliases expansion to
fail later, make it fail early.
(void) cast other calls, they are detected and handled correctly later
logan [Sat, 19 Apr 2014 12:42:50 +0000 (12:42 +0000)]
Add missing man page descriptions for the following IPv6 sysctls:
-maxdynroutes
-maxifprefixes
-maxifdefrouters
-neighborgcthresh
OK from sthen@, claudio@ and henning@
deraadt [Sat, 19 Apr 2014 12:36:03 +0000 (12:36 +0000)]
malloc + strlcpy -> strdup
gilles [Sat, 19 Apr 2014 12:30:54 +0000 (12:30 +0000)]
(void) cast strlcpy(), it cannot truncate
(void) cast strlcat(), they are detected and handled later
henning [Sat, 19 Apr 2014 12:27:59 +0000 (12:27 +0000)]
remove the altq enable/attach and disable/detach bits
henning [Sat, 19 Apr 2014 12:27:06 +0000 (12:27 +0000)]
bye bye altq bits
gilles [Sat, 19 Apr 2014 12:26:15 +0000 (12:26 +0000)]
(void) cast this strlcpy(), it cannot truncate
henning [Sat, 19 Apr 2014 12:25:03 +0000 (12:25 +0000)]
another questionable "optimization": de used tulip_ifstart_one instead
of tulip_ifstart if the sendqueue was empty, but only if altq wasn't
compiled in (i. e., that's a _compile time_ decision and not based on
wether altq was actually used).
just use tulip_ifstart all the time, as before in our regular kernels.
kill tulip_ifstart_one completely.
makes sense to sthen
deraadt [Sat, 19 Apr 2014 12:22:37 +0000 (12:22 +0000)]
unifdef ENOTDIR, everyone has it
henning [Sat, 19 Apr 2014 12:18:35 +0000 (12:18 +0000)]
remove very questionable altq "optimization" - claudio and I can't
convince ourselves that that was right to begin with. anyway, begone.
henning [Sat, 19 Apr 2014 12:12:02 +0000 (12:12 +0000)]
all I wanted to do is removing the altq special casing, but then it turned
out the entire codepath is unreachable. glad I'm not our ppp maintainer, he
has work to do.
kill that unreachable code, with & ok claudio
henning [Sat, 19 Apr 2014 12:08:10 +0000 (12:08 +0000)]
remove altq special casing.
big WTF regarding the fastq use there while verifying w/ claudio, but
that's for the ppp maintainer and unrelated
kettenis [Sat, 19 Apr 2014 11:53:42 +0000 (11:53 +0000)]
Don't panic if we're trying to disestablish an MSI but the hardware is gone.
tested by & ok mlarkin@
guenther [Sat, 19 Apr 2014 11:43:07 +0000 (11:43 +0000)]
We'll interpret a (void) cast on snprintf() to mean it's been verified that
truncation is either desirable, not an issue, or is detected and handled later
ok deraadt@
gilles [Sat, 19 Apr 2014 11:41:49 +0000 (11:41 +0000)]
these strlcpy can't truncate, the copy is from a buffer to a buffer of same
size and the first buffer handles the truncation already
henning [Sat, 19 Apr 2014 11:38:13 +0000 (11:38 +0000)]
bye bye
gilles [Sat, 19 Apr 2014 11:31:06 +0000 (11:31 +0000)]
cast (void) this strlcpy(), it can't fail copying a small constant string
into a much larger buffer
deraadt [Sat, 19 Apr 2014 11:30:40 +0000 (11:30 +0000)]
Use somewhat harsher language and better examples; demonstrate that
non-dangerous use functions is difficult.
ok guenther
gilles [Sat, 19 Apr 2014 11:29:06 +0000 (11:29 +0000)]
when copying socket path, check that we didnt truncate it which would cause
the following connect() to fail.
henning [Sat, 19 Apr 2014 11:26:10 +0000 (11:26 +0000)]
the altq versions of the IFQ_* macros can finally go. chances of this
file becoming readable increase.
deraadt [Sat, 19 Apr 2014 11:21:15 +0000 (11:21 +0000)]
Demonstrate correct usage of snprintf (regarding overflow detection)
ok guenther
guenther [Sat, 19 Apr 2014 11:18:01 +0000 (11:18 +0000)]
Split inet(3) into three pages by decade: 1980s -> inet_lnaof(3),
1990s -> inet_addr(3), 2000s and beyond -> inet_ntop(3).
ok tedu@ (who also noted the timeline) deraadt@ jmc@
gilles [Sat, 19 Apr 2014 11:17:14 +0000 (11:17 +0000)]
it's ok for strlcpy to fail here though it can't, cast void
deraadt [Sat, 19 Apr 2014 11:15:37 +0000 (11:15 +0000)]
egd is gone
henning [Sat, 19 Apr 2014 11:01:37 +0000 (11:01 +0000)]
/*
* altq for loop is just for debugging.
* only used when called for loop interface (not for
* a simplex interface).
*/
bye bye!
guenther [Sat, 19 Apr 2014 10:59:54 +0000 (10:59 +0000)]
The internal ssl2_* functions and variables are gone
jsing [Sat, 19 Apr 2014 10:54:26 +0000 (10:54 +0000)]
More KNF.
guenther [Sat, 19 Apr 2014 10:51:37 +0000 (10:51 +0000)]
Add SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2
Document that SSL_OP_NO_SSLv2 is a no-op now
henning [Sat, 19 Apr 2014 10:07:44 +0000 (10:07 +0000)]
-option ALTQ
ALTQ has served us well for years and was extremely important not just for
us, but for the entire bandwidth management arena. Back when we got altq,
the subject was not yet well researched and understood, which is why altq
is the framework with pluggable schedulers it is. Kenjiro Cho (kjc@) did an
amazing job there.
Now, more than 10 years later, we do have a good understanding and can use
a simpler framework with just one priority queueing and one bandwidth
shaping mechanism each - the new queueing subsystem. Last not least because
it is incredibly painful to maintain both in parallel, it is time for altq
to depart. Farewell, thanks for many years of good service. Everybody
using any form of "not just fifo" queueing owes Kenjiro a lot. At least
buy him a beer when you meet him.
And, allow me this personal note, thanks Kenjiro, working with you on the
topic has always been a great pleasure and I learned a lot from you. Thanks!
sobrado [Sat, 19 Apr 2014 09:28:20 +0000 (09:28 +0000)]
use an appropriate name for this variable.
ok millert@
sobrado [Sat, 19 Apr 2014 09:24:28 +0000 (09:24 +0000)]
do not mark od(1) as deprecated.
ok jmc@, millert@
guenther [Sat, 19 Apr 2014 08:52:32 +0000 (08:52 +0000)]
More KNF and style consistency tweaks
shadchin [Sat, 19 Apr 2014 07:28:00 +0000 (07:28 +0000)]
tiny fix: Remove duplicate rows, they appeared after importing less 444
suggested Daniel Dickman
jsing [Sat, 19 Apr 2014 07:20:59 +0000 (07:20 +0000)]
More KNF.
jsing [Sat, 19 Apr 2014 06:43:34 +0000 (06:43 +0000)]
More KNF.
jsing [Sat, 19 Apr 2014 06:15:56 +0000 (06:15 +0000)]
More KNF.
djm [Sat, 19 Apr 2014 05:54:59 +0000 (05:54 +0000)]
missing wildcard; pointed out by naddy@
jmatthew [Sat, 19 Apr 2014 05:05:43 +0000 (05:05 +0000)]
move scsi_xs_put after checks that use fields in the xs
ok dlg@
dlg [Sat, 19 Apr 2014 05:00:06 +0000 (05:00 +0000)]
implement emc_mpath_checksense() according to what my cx500 throws.
tested by jmatthew@
schwarze [Sat, 19 Apr 2014 02:55:44 +0000 (02:55 +0000)]
Two minor tweaks regarding the fallback from -u/-d to default mode:
(1) Use all files found on the command line, but do *not* use all stray
files found during fallback tree recursion.
(2) If the fallback works, call that success, i.e. exit(0).
As pointed out by naddy@, the latter is required for ports' happiness.
schwarze [Sat, 19 Apr 2014 02:29:12 +0000 (02:29 +0000)]
Properly handle symlinks (hardlinks and .so only files were already ok):
Use the file name of the symlink but the inode number of the file pointed to,
such that we get multiple mlinks records but not multiple mpages records.
Also make sure they do not point outside the tree we are processing.
Issue found by kili@ in desktop-file-edit(1), thanks!
beck [Sat, 19 Apr 2014 00:41:37 +0000 (00:41 +0000)]
use intrinsic strlcpy and strlcat everywhere so we only have one set of
funcitons to check for incorrect use. keep BUF_strlcpy and BUF_strlcat
for API comptibility only.
ok tedu@
djm [Fri, 18 Apr 2014 23:52:25 +0000 (23:52 +0000)]
OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
using the curve25519-sha256@libssh.org KEX exchange method to fail
when connecting with something that implements the spec properly.
Disable this KEX method when speaking to one of the affected
versions.
reported by Aris Adamantiadis; ok markus@
deraadt [Fri, 18 Apr 2014 23:42:00 +0000 (23:42 +0000)]
OPENSSL_gmtime() is really just gmtime_r(); ok guenther
deraadt [Fri, 18 Apr 2014 23:19:01 +0000 (23:19 +0000)]
sync
tedu [Fri, 18 Apr 2014 22:39:08 +0000 (22:39 +0000)]
spacing
jmc [Fri, 18 Apr 2014 22:23:53 +0000 (22:23 +0000)]
tweak;
claudio [Fri, 18 Apr 2014 22:23:50 +0000 (22:23 +0000)]
There is no need to initialize globals to 0.
jmc [Fri, 18 Apr 2014 22:19:00 +0000 (22:19 +0000)]
flesh out STANDARDS;
jmc [Fri, 18 Apr 2014 22:11:57 +0000 (22:11 +0000)]
- merge two sections on error messages and interrupts
- move some non-standard sections into a more general CAVEATS
- some macro cleanup
jmc [Fri, 18 Apr 2014 22:04:54 +0000 (22:04 +0000)]
remove references to rshd;
tedu [Fri, 18 Apr 2014 21:57:17 +0000 (21:57 +0000)]
tone down some XXXXX to not appear in grep
jasper [Fri, 18 Apr 2014 21:55:23 +0000 (21:55 +0000)]
rename wd33c93 to wd33c93ctrl (but keep the filenames as is) so we can
add attributes to it later; as wd33c93 is not a valid device name.
ok miod@
schwarze [Fri, 18 Apr 2014 21:54:48 +0000 (21:54 +0000)]
In update mode, when opening the database fails, probably because it is
missing or corrupt, just rebuild it from scratch. This also helps when
installing the very first port on a freshly installed machine
and is similar to what espie@'s classical makewhatis(8) did.
Issue reported by naddy@ via kili@.
tedu [Fri, 18 Apr 2014 21:49:19 +0000 (21:49 +0000)]
XXXXXXXXXXXXXXXX -> XXX
XXXXXXXXXXXXXXXXXXXXXXX -> XXXX
jmc [Fri, 18 Apr 2014 21:42:04 +0000 (21:42 +0000)]
fix SEE ALSO;
tedu [Fri, 18 Apr 2014 21:41:15 +0000 (21:41 +0000)]
unifdef NO_SOCK
tedu [Fri, 18 Apr 2014 21:29:20 +0000 (21:29 +0000)]
round up some enemy sympathizers found calling RAND_seed().
ok beck reyk
tedu [Fri, 18 Apr 2014 21:19:20 +0000 (21:19 +0000)]
now that knf carpet bombing is finished, switch to hand to hand combat.
still not sure what to make of mysteries like this:
for (i = 7; i >= 0; i--) { /* increment */
guenther [Fri, 18 Apr 2014 21:18:50 +0000 (21:18 +0000)]
For the WSDISPLAY_COMPAT_USL protocol, send the synchronizing signals to
the process, not just the thread.
ok kettenis@
sthen [Fri, 18 Apr 2014 21:11:34 +0000 (21:11 +0000)]
Since we've been making heavy use of unifdef recently: update it to the
recent 2.10 release.
"This code was derived from software contributed to Berkeley by Dave Yost.
It was rewritten to support ANSI C by Tony Finch. The original version
of unifdef carried the 4-clause BSD copyright licence. None of its code
remains in this version (though some of the names remain) so it now
carries a more liberal licence."
ok deraadt@
beck [Fri, 18 Apr 2014 21:11:00 +0000 (21:11 +0000)]
Unsurprisingly, since <unistd.h> was so darn hard to find for OpenSSL developers
they had resorted to manually protyping read(2) instead of incredible amount of
preprocessor wizardry needed to find the ever illusive <unistd.h>. Let's just
include <unistd.h> and we don't need to do this.. While we're at it flense
out _OSD_POSIX and __DGJPP__ cruft.
ok krw@
miod [Fri, 18 Apr 2014 20:23:42 +0000 (20:23 +0000)]
ECDSA signature computation involves a random number. Remove the test trying to
force what RAND_bytes() will return and comparing it against known values -
I can't let you do this, Dave.
tedu [Fri, 18 Apr 2014 20:22:17 +0000 (20:22 +0000)]
raise file limit to something more web scale, but lower connections so
there are some files to spare for other things.
beck [Fri, 18 Apr 2014 20:01:31 +0000 (20:01 +0000)]
unbreak tree - this was not the rand.c I was looking for
tedu [Fri, 18 Apr 2014 19:58:42 +0000 (19:58 +0000)]
collateral damage
tedu [Fri, 18 Apr 2014 19:55:15 +0000 (19:55 +0000)]
no app_rand.c
tedu [Fri, 18 Apr 2014 19:54:57 +0000 (19:54 +0000)]
$HOME/.rnd will never be a good source of entropy. ok beck
miod [Fri, 18 Apr 2014 19:41:21 +0000 (19:41 +0000)]
Do not ask the user to pass either -DB_ENDIAN or -DL_ENDIAN to the compiler,
but rather figure out the endianness from <machine/endian.h> automagically;
help from guenther@
ok jca@ guenther@ beck@ and the rest of the `Buena SSL rampage club'
miod [Fri, 18 Apr 2014 19:38:26 +0000 (19:38 +0000)]
Shrink a local buffer to the size it really needs to be; this is the only
discrepancy found while checking proper {HEX,DECIMAL}_SIZE macro usage, which
is confusing enough.
tweaks and ok jca@, ok guenther@
okan [Fri, 18 Apr 2014 19:13:16 +0000 (19:13 +0000)]
remove bdes(1) so as to not encourage its use; if someone really
wants to use DES, there's another way.
ok deraadt sthen sobrado (and probably tedu)