openbsd
10 years agofix unchecked snprintf(3) in page header printing:
schwarze [Sun, 20 Apr 2014 20:17:36 +0000 (20:17 +0000)]
fix unchecked snprintf(3) in page header printing:
the length of the title is unknown, and speed doesn't matter here,
so use asprintf/free rather than a static buffer

10 years agoChop off more SSLv2 tentacles and start fixing and noting y2038 issues.
guenther [Sun, 20 Apr 2014 20:14:09 +0000 (20:14 +0000)]
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.
APIs that pass times as longs will have to change at some point...
Bump major on both libcrypto and libssl.

ok tedu@

10 years agoAfter doing all of the loging dance to get the target's params it makes
claudio [Sun, 20 Apr 2014 20:12:31 +0000 (20:12 +0000)]
After doing all of the loging dance to get the target's params it makes
sense to merge them into the active set. At least that way we run with
the right params and finally do reads and writes that are > 8k.

10 years agoRestore beck's (void)snprintf(): they were reviewed.
guenther [Sun, 20 Apr 2014 20:06:19 +0000 (20:06 +0000)]
Restore beck's (void)snprintf(): they were reviewed.

10 years agoRestore beck's rev 1.8: snprintf() was reviewed.
guenther [Sun, 20 Apr 2014 19:56:25 +0000 (19:56 +0000)]
Restore beck's rev 1.8: snprintf() was reviewed.

10 years agoRestore tedu's rev 1.4: snprintf() was reviewed.
guenther [Sun, 20 Apr 2014 19:55:09 +0000 (19:55 +0000)]
Restore tedu's rev 1.4: snprintf() was reviewed.

10 years agoRestore beck's rev 1.7: snprintf() was reviewed.
guenther [Sun, 20 Apr 2014 19:52:41 +0000 (19:52 +0000)]
Restore beck's rev 1.7: snprintf() was reviewed.
Also, use sizeof() for snprintf()'s size argument

10 years agomake sure static buffers for snprintf(3) are large enough
schwarze [Sun, 20 Apr 2014 19:39:35 +0000 (19:39 +0000)]
make sure static buffers for snprintf(3) are large enough
and cast snprintf return value to (void) where they are

10 years agoRemove unused/never installed libssl tools and docs and references to them
afresh1 [Sun, 20 Apr 2014 19:23:08 +0000 (19:23 +0000)]
Remove unused/never installed libssl tools and docs and references to them

Sure deraadt

10 years agoRestore beck's rev 1.21: snprintf() was reviewed
guenther [Sun, 20 Apr 2014 18:53:37 +0000 (18:53 +0000)]
Restore beck's rev 1.21: snprintf() was reviewed

10 years agoUse only one style for "return foo;"
claudio [Sun, 20 Apr 2014 18:17:12 +0000 (18:17 +0000)]
Use only one style for "return foo;"

10 years agoAdd a few more overflow checks for strlc* functions in parse.y
reyk [Sun, 20 Apr 2014 18:16:11 +0000 (18:16 +0000)]
Add a few more overflow checks for strlc* functions in parse.y

10 years agoclarify a bit about hosts.lpd
tedu [Sun, 20 Apr 2014 18:11:45 +0000 (18:11 +0000)]
clarify a bit about hosts.lpd

10 years agohosts.equiv is a ghost from bsd past
tedu [Sun, 20 Apr 2014 18:06:37 +0000 (18:06 +0000)]
hosts.equiv is a ghost from bsd past

10 years agotheo found a file we don't seem to need, but just in case, i will paste
tedu [Sun, 20 Apr 2014 17:50:12 +0000 (17:50 +0000)]
theo found a file we don't seem to need, but just in case, i will paste
the contents below:
#!/usr/local/bin/perl
# x86 assember

10 years agoStyle improvement based on espie@'s feedback: provide and use
zhuk [Sun, 20 Apr 2014 17:34:26 +0000 (17:34 +0000)]
Style improvement based on espie@'s feedback: provide and use
LT::UList->new() instead of calling tie() manually. As a bonus, few
extra lines in actual code go away.

okay espie@ who still thinks that I test things _before_ commit

10 years agoRestore beck's rev 1.9: snprintf() was reviewed
guenther [Sun, 20 Apr 2014 17:01:35 +0000 (17:01 +0000)]
Restore beck's rev 1.9: snprintf() was reviewed

10 years agoMove session params initialization to when we start a session and not
claudio [Sun, 20 Apr 2014 16:52:11 +0000 (16:52 +0000)]
Move session params initialization to when we start a session and not
when it is created. That way the config params from the config file have
a chance to stick.

10 years agoFix conn_gen_kvp and its caller to fill the kvp array properly (including
claudio [Sun, 20 Apr 2014 16:49:56 +0000 (16:49 +0000)]
Fix conn_gen_kvp and its caller to fill the kvp array properly (including
the NULL terminator at the end). Now iscsid does proper LoginOperational
negotiation (which will bump the MaxRecvDataSegmentLength to 64k)

10 years agomove in6_cksum_phdr from in6.h to ip6_output.c to mirror in_cksum_phdr
naddy [Sun, 20 Apr 2014 16:48:22 +0000 (16:48 +0000)]
move in6_cksum_phdr from in6.h to ip6_output.c to mirror in_cksum_phdr
ok henning@

10 years agoKNF: case (FOO): -> case FOO, remove /* LINTED */ and /* ARGSUSED */,
schwarze [Sun, 20 Apr 2014 16:44:44 +0000 (16:44 +0000)]
KNF: case (FOO):  ->  case FOO, remove /* LINTED */ and /* ARGSUSED */,
remove trailing whitespace and blanks before tabs, improve some indenting;
no functional change

10 years agoKNF.
jsing [Sun, 20 Apr 2014 16:24:15 +0000 (16:24 +0000)]
KNF.

10 years agoCheck another strlcpy overflow that is very unlikely to happen.
reyk [Sun, 20 Apr 2014 16:23:33 +0000 (16:23 +0000)]
Check another strlcpy overflow that is very unlikely to happen.

10 years agoCheck for strlcpy overflow when expanding the HTTP input value.
reyk [Sun, 20 Apr 2014 16:18:32 +0000 (16:18 +0000)]
Check for strlcpy overflow when expanding the HTTP input value.

10 years agoRestore beck's rev 1.3: snprintf() was reviewed
guenther [Sun, 20 Apr 2014 16:18:06 +0000 (16:18 +0000)]
Restore beck's rev 1.3: snprintf() was reviewed

10 years agoMore KNF.
jsing [Sun, 20 Apr 2014 16:15:01 +0000 (16:15 +0000)]
More KNF.

10 years agoCheck strlcpy of the script path names for overflow and use the size of the
reyk [Sun, 20 Apr 2014 16:13:36 +0000 (16:13 +0000)]
Check strlcpy of the script path names for overflow and use the size of the
destination buffer instead of the source buffer as the argument.

10 years agoKNF.
jsing [Sun, 20 Apr 2014 16:10:10 +0000 (16:10 +0000)]
KNF.

10 years agoJust to be pedantic, fail if strlcpy managed to overflow the socket path.
reyk [Sun, 20 Apr 2014 16:07:10 +0000 (16:07 +0000)]
Just to be pedantic, fail if strlcpy managed to overflow the socket path.

10 years agoOnly issue a single dhcp requests per interface with the host-name
rpe [Sun, 20 Apr 2014 15:53:57 +0000 (15:53 +0000)]
Only issue a single dhcp requests per interface with the host-name
option set. Remove the second request, which does not provide the
host-name option. The client supplied hostname is used in certain
setups by DHCP servers to update DNS records on behalf of clients
and ensures that the hostname information is in the lease db.

discussed with deraadt
ok krw@ halex@

10 years agoKNF.
jsing [Sun, 20 Apr 2014 15:36:20 +0000 (15:36 +0000)]
KNF.

10 years agofactor our ether_addheader for readability; there's more to come there
henning [Sun, 20 Apr 2014 15:29:52 +0000 (15:29 +0000)]
factor our ether_addheader for readability; there's more to come there
ok claudio reyk

10 years agoKNF.
jsing [Sun, 20 Apr 2014 15:06:11 +0000 (15:06 +0000)]
KNF.

10 years agoether_output: instead of assembling the ethernet header and then calling
henning [Sun, 20 Apr 2014 14:54:39 +0000 (14:54 +0000)]
ether_output: instead of assembling the ethernet header and then calling
carp_rewrite_lladdr to overwrite the src lladdr, get the intended src
lladdr before assembling the ethernet header.
carp_rewrite_lladdr -> carp_get_srclladdr
ok reyk claudio

10 years agoether_output: instead of using an esrc buffer in which we copy the intended
henning [Sun, 20 Apr 2014 14:51:50 +0000 (14:51 +0000)]
ether_output: instead of using an esrc buffer in which we copy the intended
src lladdr just to copy it from the esrc buffer into the ethernet header
a few lines later, use an esrc pointer to figure out where to copy the
src lladdr from. ok claudio reyk

10 years agoReimplement the multi-dimensional arrays that are used to set up the
reyk [Sun, 20 Apr 2014 14:48:29 +0000 (14:48 +0000)]
Reimplement the multi-dimensional arrays that are used to set up the
process to process imsg communication.  It became a maze after we
added support for multiple relay processes and even worse with the ca
processes.  This change makes it easier to understand.  Now it only
opens socketpairs that are needed - the code previously wasted lots of
fds.

ok blambert@

10 years agoMore KNF.
jsing [Sun, 20 Apr 2014 14:32:19 +0000 (14:32 +0000)]
More KNF.

10 years agoMore KNF.
jsing [Sun, 20 Apr 2014 14:24:11 +0000 (14:24 +0000)]
More KNF.

10 years agogettimeofday() is portable enough and does not need a wrapper
deraadt [Sun, 20 Apr 2014 14:14:52 +0000 (14:14 +0000)]
gettimeofday() is portable enough and does not need a wrapper

10 years agocalloc() rather than malloc+memset
deraadt [Sun, 20 Apr 2014 14:03:55 +0000 (14:03 +0000)]
calloc() rather than malloc+memset

10 years agoFix indentation, adding braces and combining a nested if to reduce depth
guenther [Sun, 20 Apr 2014 14:03:04 +0000 (14:03 +0000)]
Fix indentation, adding braces and combining a nested if to reduce depth

10 years agoMore dead stores removal in subr_hibernate.c
mlarkin [Sun, 20 Apr 2014 14:02:57 +0000 (14:02 +0000)]
More dead stores removal in subr_hibernate.c

10 years agoKNF.
jsing [Sun, 20 Apr 2014 13:54:10 +0000 (13:54 +0000)]
KNF.

10 years agoKNF.
jsing [Sun, 20 Apr 2014 13:42:57 +0000 (13:42 +0000)]
KNF.

10 years agosync
deraadt [Sun, 20 Apr 2014 12:51:18 +0000 (12:51 +0000)]
sync

10 years agoChop off more SSLv2 tentacles and start fixing and noting y2038 issues.
guenther [Sun, 20 Apr 2014 12:48:19 +0000 (12:48 +0000)]
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.
APIs that pass times as longs will have to change at some point...
Bump major on both libcrypto and libssl.

ok tedu@

10 years agoreturn after error instead of plowing ahead. noticed by mancha1 at zoho
tedu [Sun, 20 Apr 2014 12:30:41 +0000 (12:30 +0000)]
return after error instead of plowing ahead. noticed by mancha1 at zoho

10 years agoCleanup a bit, switch on bcopy to memcpy and move a function a bit up
claudio [Sun, 20 Apr 2014 12:22:16 +0000 (12:22 +0000)]
Cleanup a bit, switch on bcopy to memcpy and move a function a bit up

10 years agoWhen switching rdomains the sadl needs to be removed and re-added from the
claudio [Sun, 20 Apr 2014 11:25:18 +0000 (11:25 +0000)]
When switching rdomains the sadl needs to be removed and re-added from the
RB lookup tree because the rdomain id is part of the lookup key.
Without this the RB tree gets corrupted and in the worst case a use after
free can happen when the interface is destroyed.
Why the sadl addresses are added to the tree in the first place is something
to reconsider.
OK henning@, mpi@, sthen@

10 years agoSimplify shell pattern.
rpe [Sun, 20 Apr 2014 10:51:59 +0000 (10:51 +0000)]
Simplify shell pattern.

OK krw@

10 years agoPartially revert the previous: snmp_agentx_ping() didn't leak the pdu
reyk [Sun, 20 Apr 2014 10:46:20 +0000 (10:46 +0000)]
Partially revert the previous: snmp_agentx_ping() didn't leak the pdu
because it is added to a list on the handle and eventually released
later with the handle itself.  This confuses leak detection tools like
clang, so at least add a comment that it is not a leak.

ok blambert@

10 years agosync
deraadt [Sun, 20 Apr 2014 10:43:15 +0000 (10:43 +0000)]
sync

10 years agoUse calloc(a,b) instead of malloc(a*b) + memset(a*b). I don't know if
deraadt [Sun, 20 Apr 2014 10:31:43 +0000 (10:31 +0000)]
Use calloc(a,b) instead of malloc(a*b) + memset(a*b).  I don't know if
this instance is integer-overflowable, but we cannot keep hand-auditing
every instance (or apathetically ignoring these issues) when the simple
calloc idiom is better in the presence of a good calloc().  It is simply
unfeasible to always enter correct range checks before the aggregate
size calculation, just go find some 4000 lines of code, REPAIR THEM ALL,
then come back and tell me I am wrong.

This only works on systems where calloc() does the integer overflow
check, but if your system doesn't do this, you need to ask your vendor
WHY THEY ARE 10 YEARS BEHIND IN BEST PRACTICE?  This is the kind of
problem that needs to be solved at the right layer.

malloc integer-overflow was implicated in the 2002 OpenSSH hole.  OpenSSH
and much other code is now written to use calloc(), for instance OpenSSH
has 103 calls to it.  We feel safer with our use of calloc().  It is a
natural approach for us to use calloc().  How safe do you feel on systems
which lack that range check in their calloc()?

Good writeup from 2006: http://undeadly.org/cgi?action=article&sid=20060330071917

10 years agoUpdate hotplug. Add qle_get_port_name_list, use it to discover local
jmatthew [Sun, 20 Apr 2014 09:49:23 +0000 (09:49 +0000)]
Update hotplug.  Add qle_get_port_name_list, use it to discover local
loop ports and other fabric ports that have logged in to us, and check
that we're still logged in to other fabric ports.  Rearrange the update
processing loop so we attach and detach targets last, since we need to get
all the way through before we've identified what's gone missing.  Handle
fabric port login errors a bit more usefully too.

10 years agoUndo a calloc() replacement. It lacks the integer overflow check that
deraadt [Sun, 20 Apr 2014 09:40:37 +0000 (09:40 +0000)]
Undo a calloc() replacement.  It lacks the integer overflow check that
the system one has.

10 years agomove in_cksum_phdr from in.h (under #ifdef _KERNEL, at least) to ip_output.c
henning [Sun, 20 Apr 2014 09:38:19 +0000 (09:38 +0000)]
move in_cksum_phdr from in.h (under #ifdef _KERNEL, at least) to ip_output.c
nothing except in_proto_cksum_out() uses it any more, and that's a good
thing. was on tech for 3 months, discussed with many

10 years agonuke in_cksum_addword()
henning [Sun, 20 Apr 2014 09:30:56 +0000 (09:30 +0000)]
nuke in_cksum_addword()
don't we all love functions implemented in header files? was under #ifdef
_KERNEL at least.
incremental checksum updates don't really make sense any more, this is
incredibly hard to get right, and doesn't fit the way our kernel deals
with the checksums these days. consequently, nothing uses in_cksum_addword
any more.
was on tech for 3 months, tested by & discussed with many.

10 years agoRemove more commentary about recently removed des support
deraadt [Sun, 20 Apr 2014 09:29:36 +0000 (09:29 +0000)]
Remove more commentary about recently removed des support
from Daniel Dickman

10 years agoFix a small leak in the error path.
reyk [Sun, 20 Apr 2014 09:29:22 +0000 (09:29 +0000)]
Fix a small leak in the error path.

10 years agoAdd support for SSHFP DNS records for ED25519 key types.
logan [Sun, 20 Apr 2014 09:24:26 +0000 (09:24 +0000)]
Add support for SSHFP DNS records for ED25519 key types.

OK from djm@

10 years agoKNF.
jsing [Sun, 20 Apr 2014 09:04:56 +0000 (09:04 +0000)]
KNF.

10 years agoreset imprint to NULL to avoid double free. from mancha1 at zoho
tedu [Sun, 20 Apr 2014 04:45:09 +0000 (04:45 +0000)]
reset imprint to NULL to avoid double free. from mancha1 at zoho

10 years agoadd a canonical 6.6 + curve25519 bignum fix fake version that I can
djm [Sun, 20 Apr 2014 02:49:32 +0000 (02:49 +0000)]
add a canonical 6.6 + curve25519 bignum fix fake version that I can
recommend people use ahead of the openssh-6.7 release

10 years agouse get/put_u32 to load values rather than *((UINT32 *)p) that breaks on
djm [Sun, 20 Apr 2014 02:30:25 +0000 (02:30 +0000)]
use get/put_u32 to load values rather than *((UINT32 *)p) that breaks on
strict-alignment architectures; reported by and ok stsp@

10 years agomake the status handler more like rdac and emc. the big functional change
dlg [Sun, 20 Apr 2014 00:50:18 +0000 (00:50 +0000)]
make the status handler more like rdac and emc. the big functional change
is to check xs->status on completion to make sure it worked.

10 years agoemc on my cx500 works as well as rdac on all my rebadged engenio kit.
dlg [Sun, 20 Apr 2014 00:08:26 +0000 (00:08 +0000)]
emc on my cx500 works as well as rdac on all my rebadged engenio kit.

10 years agoHardware receive IP checksum offload for IPv4 is no longer supported.
naddy [Sat, 19 Apr 2014 19:44:23 +0000 (19:44 +0000)]
Hardware receive IP checksum offload for IPv4 is no longer supported.

10 years agorelease buffers fix was lost in merge. put it back.
tedu [Sat, 19 Apr 2014 19:40:11 +0000 (19:40 +0000)]
release buffers fix was lost in merge. put it back.

10 years agoremove hosts.equiv xr
tedu [Sat, 19 Apr 2014 18:44:25 +0000 (18:44 +0000)]
remove hosts.equiv xr

10 years agodelete .xr to hosts.equiv. there's still an unfortunate amount of
tedu [Sat, 19 Apr 2014 18:42:19 +0000 (18:42 +0000)]
delete .xr to hosts.equiv. there's still an unfortunate amount of
documentation referring to rhosts equivalency in here.

10 years agostop talking about hosts.equiv
tedu [Sat, 19 Apr 2014 18:39:51 +0000 (18:39 +0000)]
stop talking about hosts.equiv

10 years agoCOnveret the bcopy() to memcpy()
claudio [Sat, 19 Apr 2014 18:31:33 +0000 (18:31 +0000)]
COnveret the bcopy() to memcpy()

10 years agopopulateusrlocal() is used only once in finish_up(). Just fold it in there.
rpe [Sat, 19 Apr 2014 18:31:24 +0000 (18:31 +0000)]
populateusrlocal() is used only once in finish_up(). Just fold it in there.

OK krw@ halex@

10 years agokill checksum offloading in sk.
henning [Sat, 19 Apr 2014 18:29:39 +0000 (18:29 +0000)]
kill checksum offloading in sk.
it was RX only, nothing on the TX side
rather complex, might eat up (or more) offloading benefits in many cases
the hardware miscomputes the cksums sometimes, so we don't trust it
claiming a cksum is bad and re-do the cksum verification in sw then...
(but we trust it to not mark bad ones good? hmmmmmmmmm.)
diff was on tech for 3 months, nobody disagreed, everybody who spoke up
agrees or doesn't care.
pretty exactly a revert of the cksum offloading addition years ago, tested
by several, the only report i quickly find now is from David Higgs <higgsd
at gmail dot com>, thanks!

10 years agoReplace a magic number.
claudio [Sat, 19 Apr 2014 18:19:57 +0000 (18:19 +0000)]
Replace a magic number.

10 years agoremove some really old rsh references
tedu [Sat, 19 Apr 2014 18:15:16 +0000 (18:15 +0000)]
remove some really old rsh references

10 years agochange some rsh references to ssh. poke by jmc
tedu [Sat, 19 Apr 2014 18:11:19 +0000 (18:11 +0000)]
change some rsh references to ssh. poke by jmc

10 years agoMore KNF.
jsing [Sat, 19 Apr 2014 18:02:36 +0000 (18:02 +0000)]
More KNF.

10 years agothese snprintf() calls can't possibly truncate because they copy data from
gilles [Sat, 19 Apr 2014 18:01:01 +0000 (18:01 +0000)]
these snprintf() calls can't possibly truncate because they copy data from
buffers that are already protected against truncation and that do not
exceed the destination buffer size when copied together ...

however, i think we should add checks here too because it'll help us catch
errors in table backends when adding new ones if we miss a truncation check
there.

10 years agoMore KNF.
jsing [Sat, 19 Apr 2014 17:56:49 +0000 (17:56 +0000)]
More KNF.

10 years ago(void) cast snprintf() that cannot truncate
gilles [Sat, 19 Apr 2014 17:47:40 +0000 (17:47 +0000)]
(void) cast snprintf() that cannot truncate

10 years ago(void) cast snprintf() call used to craft fatalx() message from within
gilles [Sat, 19 Apr 2014 17:45:05 +0000 (17:45 +0000)]
(void) cast snprintf() call used to craft fatalx() message from within
smtpd, buffer is large enough and truncation harmless, we want to
avoid memory allocation in that case and use a best-effort

10 years ago(void) cast snprintf calls that cannot truncate or for which earlier checks
gilles [Sat, 19 Apr 2014 17:42:18 +0000 (17:42 +0000)]
(void) cast snprintf calls that cannot truncate or for which earlier checks
ensure the copy won't fail

10 years agoanother attempt at fixing stale x509 data. since we don't know where the
tedu [Sat, 19 Apr 2014 17:40:49 +0000 (17:40 +0000)]
another attempt at fixing stale x509 data. since we don't know where the
initial storage came from, we can't free it. just memset in the sequence
case. probably ok beck

10 years ago(void) cast snprintf() calls that cannot truncate (and would be harmless
gilles [Sat, 19 Apr 2014 17:36:54 +0000 (17:36 +0000)]
(void) cast snprintf() calls that cannot truncate (and would be harmless
otherwise)

10 years agoremove dead code ... in code that's not plugged in yet ;-)
gilles [Sat, 19 Apr 2014 17:35:48 +0000 (17:35 +0000)]
remove dead code ... in code that's not plugged in yet ;-)

10 years ago(void) cast snprintf that cannot truncate
gilles [Sat, 19 Apr 2014 17:32:58 +0000 (17:32 +0000)]
(void) cast snprintf that cannot truncate

10 years ago(void) cast snprintf calls that cannot truncate
gilles [Sat, 19 Apr 2014 17:31:35 +0000 (17:31 +0000)]
(void) cast snprintf calls that cannot truncate

10 years ago(void) cast snprintf call that cannot truncate
gilles [Sat, 19 Apr 2014 17:29:56 +0000 (17:29 +0000)]
(void) cast snprintf call that cannot truncate

10 years ago(void) cast snprintf() calls that cannot truncate
gilles [Sat, 19 Apr 2014 17:27:40 +0000 (17:27 +0000)]
(void) cast snprintf() calls that cannot truncate

10 years agoreplace warnx message
gilles [Sat, 19 Apr 2014 17:24:59 +0000 (17:24 +0000)]
replace warnx message

10 years agoadd missing strlcpy() check in create_filter_chain() that would cause smtpd
gilles [Sat, 19 Apr 2014 17:23:19 +0000 (17:23 +0000)]
add missing strlcpy() check in create_filter_chain() that would cause smtpd
to fatal at startup if truncation occured and we had enabled filters

(void) cast a strlcpy() that cannot truncate

10 years agoadd missing strlcpy() checks in create_filter() that would cause smtpd to
gilles [Sat, 19 Apr 2014 17:21:19 +0000 (17:21 +0000)]
add missing strlcpy() checks in create_filter() that would cause smtpd to
fatal at startup if truncation occured and we had enabled filters

10 years agoadd missing strlcpy() check in is_if_in_group() to detect and warn about
gilles [Sat, 19 Apr 2014 17:18:58 +0000 (17:18 +0000)]
add missing strlcpy() check in is_if_in_group() to detect and warn about
the truncation rather than failing the ioctl() call that follows.

10 years agoadd missing strlcpy() check when parsing "backup hostname" in smtpd.conf,
gilles [Sat, 19 Apr 2014 17:12:02 +0000 (17:12 +0000)]
add missing strlcpy() check when parsing "backup hostname" in smtpd.conf,
it could lead to smtpd not finding itself in a MX lookup if a hostname is
specified that exceeds the max hostname len.

while at it, add a missing free()

10 years ago(void) cast strlcpy() calls that cannot truncate
gilles [Sat, 19 Apr 2014 17:08:49 +0000 (17:08 +0000)]
(void) cast strlcpy() calls that cannot truncate

10 years agoknf
gilles [Sat, 19 Apr 2014 17:04:42 +0000 (17:04 +0000)]
knf

10 years agoadd a missing strlcpy() check in MAIL FROM's DSN parameters parsing, the
gilles [Sat, 19 Apr 2014 17:03:42 +0000 (17:03 +0000)]
add a missing strlcpy() check in MAIL FROM's DSN parameters parsing, the
truncation would lead to a failure later in the code path but we can fail
earlier with a nice enhanced status code

10 years agoMore KNF.
jsing [Sat, 19 Apr 2014 17:03:41 +0000 (17:03 +0000)]
More KNF.

10 years ago(void) cast strlcpy() calls that cannot truncate (copies between buffers of
gilles [Sat, 19 Apr 2014 16:56:34 +0000 (16:56 +0000)]
(void) cast strlcpy() calls that cannot truncate (copies between buffers of
same size with a truncation check on the initial buffer)