openbsd
10 years agoIntroducing: void *mallocarray(size_t nmemb, size_t size);
deraadt [Mon, 21 Apr 2014 13:17:32 +0000 (13:17 +0000)]
Introducing:      void *mallocarray(size_t nmemb, size_t size);
Like calloc(), except without the cleared-memory gaurantee
ok beck guenther, discussed for more than a year...

10 years agowrong calloc, see people do care
deraadt [Mon, 21 Apr 2014 13:13:43 +0000 (13:13 +0000)]
wrong calloc, see people do care

10 years agoSimplify the update process a bit. Don't try to skip parts based on what
jmatthew [Mon, 21 Apr 2014 13:05:20 +0000 (13:05 +0000)]
Simplify the update process a bit.  Don't try to skip parts based on what
we think might have changed, since the update steps depend on each other
too much for that to really work anyway.

10 years agoKNF.
jsing [Mon, 21 Apr 2014 13:04:02 +0000 (13:04 +0000)]
KNF.

10 years agoBack out most of v1.47 changes which mess up the block size on these
beck [Mon, 21 Apr 2014 12:49:34 +0000 (12:49 +0000)]
Back out most of v1.47 changes which mess up the block size on these
reads.
ok deraadt@ guenther@

10 years agoNIFS is supposed to represent the number of configured interfaces.
rpe [Mon, 21 Apr 2014 12:41:36 +0000 (12:41 +0000)]
NIFS is supposed to represent the number of configured interfaces.
If an interface got configured twice, NIFS must not be incremented.
So count the number of hostname.if files instead.

discussed with and OK krw@

10 years agoremove rshd example; ok sthen
okan [Mon, 21 Apr 2014 12:35:25 +0000 (12:35 +0000)]
remove rshd example; ok sthen

10 years agoHandle EAGAIN, ENOBUFS and EINTR a bit better. Ignore them one layer above
claudio [Mon, 21 Apr 2014 12:26:50 +0000 (12:26 +0000)]
Handle EAGAIN, ENOBUFS and EINTR a bit better. Ignore them one layer above
and do not fail and tear down the world when they happen.

10 years agoIt is possible that we can't burst all of the data in the immediate data
claudio [Mon, 21 Apr 2014 12:24:58 +0000 (12:24 +0000)]
It is possible that we can't burst all of the data in the immediate data
part of the write request. In that case R2T requests with be sent for the
rest of the data. The amount of data we can send is defined by
MaxRecvDataSegmentLength which is per connection and so a bit hackish to
read out. In the long run the min() of all connection MaxRecvDataSegmentLength
should be stored in the session struct.

10 years agoip_output() using varargs always struck me as bizarre, esp since it's only
henning [Mon, 21 Apr 2014 12:22:25 +0000 (12:22 +0000)]
ip_output() using varargs always struck me as bizarre, esp since it's only
ever used to pass on uint32 (for ipsec). stop that madness and just pass
the uint32, 0 in all cases but the two that pass the ipsec flowinfo.
ok deraadt reyk guenther

10 years agoFix off-by-one error in PG_LGFRAME mask
guenther [Mon, 21 Apr 2014 11:58:48 +0000 (11:58 +0000)]
Fix off-by-one error in PG_LGFRAME mask

ok mlarkin@

10 years agoadd support for reading/writing long paths and linkpaths as extended
espie [Mon, 21 Apr 2014 11:42:31 +0000 (11:42 +0000)]
add support for reading/writing long paths and linkpaths as extended
headers

10 years agoimprove realloc/calloc/malloc patterns; ok guenther
deraadt [Mon, 21 Apr 2014 11:37:41 +0000 (11:37 +0000)]
improve realloc/calloc/malloc patterns; ok guenther

10 years agoUse internal '__' names for __attributes__ in public headers
guenther [Mon, 21 Apr 2014 11:27:34 +0000 (11:27 +0000)]
Use internal '__' names for __attributes__ in public headers

10 years agoDelete #if 0'd time related functions which are totally expired.
deraadt [Mon, 21 Apr 2014 11:23:09 +0000 (11:23 +0000)]
Delete #if 0'd time related functions which are totally expired.
No point even seeing these when we do the 2038 audit later on...

10 years agomodernize malloc call
deraadt [Mon, 21 Apr 2014 11:19:28 +0000 (11:19 +0000)]
modernize malloc call

10 years agoReplace entire printf-like guts with calls to libc snprintf.
deraadt [Mon, 21 Apr 2014 11:18:34 +0000 (11:18 +0000)]
Replace entire printf-like guts with calls to libc snprintf.
funopen(3) is used to interface to BIO descriptors.
ok guenther

10 years agoBring malloc/calloc/realloc sequences to modern standard
deraadt [Mon, 21 Apr 2014 11:12:49 +0000 (11:12 +0000)]
Bring malloc/calloc/realloc sequences to modern standard
ok guenther

10 years agowe'll do fine without casting NULL to struct foo * / void *
henning [Mon, 21 Apr 2014 11:10:54 +0000 (11:10 +0000)]
we'll do fine without casting NULL to struct foo * / void *
ok gcc & md5 (alas, no binary change)

10 years agoremove a define in an #ifdef notyet - "not yet" for 19 years gotta be
henning [Mon, 21 Apr 2014 10:07:58 +0000 (10:07 +0000)]
remove a define in an #ifdef notyet - "not yet" for 19 years gotta be
enough.
remove a define in an #ifdef notdef /* obsolete */ - 14 years are enough

10 years agoannotate all #endifs to make clear what #if(def) they end
henning [Mon, 21 Apr 2014 10:05:27 +0000 (10:05 +0000)]
annotate all #endifs to make clear what #if(def) they end

10 years agocosmetic changes regarding #ifdef to make things more obvious, ok reyk
henning [Mon, 21 Apr 2014 09:57:27 +0000 (09:57 +0000)]
cosmetic changes regarding #ifdef to make things more obvious, ok reyk

10 years agoNow that we properly negotiate the session params we can enable sending
claudio [Mon, 21 Apr 2014 09:48:31 +0000 (09:48 +0000)]
Now that we properly negotiate the session params we can enable sending
of immediate data for write commands. This gives a nice 20% performance
boost on writes compared to the solicited data transaction we did before.

10 years agoremove macros wrapping malloc/calloc/free/realloc
deraadt [Mon, 21 Apr 2014 09:23:41 +0000 (09:23 +0000)]
remove macros wrapping malloc/calloc/free/realloc

10 years agoWhile we don't recommend using ext2fs, the directions for doing so
guenther [Mon, 21 Apr 2014 09:22:15 +0000 (09:22 +0000)]
While we don't recommend using ext2fs, the directions for doing so
shouldn't be misleading

ok krw@

10 years agosync
deraadt [Mon, 21 Apr 2014 09:00:56 +0000 (09:00 +0000)]
sync

10 years agoCorrectly document the return value of getenv(3)
guenther [Mon, 21 Apr 2014 08:46:59 +0000 (08:46 +0000)]
Correctly document the return value of getenv(3)

From Ben Cornett (ben (at) lantern.is)

10 years agoBye bye *hosts.equiv.
ajacoutot [Mon, 21 Apr 2014 08:42:01 +0000 (08:42 +0000)]
Bye bye *hosts.equiv.

ok deraadt@

10 years agoKNF.
jsing [Mon, 21 Apr 2014 08:41:26 +0000 (08:41 +0000)]
KNF.

10 years agoDon't leak mountpoint info. Now with replacement for silly realloc() dance
krw [Mon, 21 Apr 2014 08:19:38 +0000 (08:19 +0000)]
Don't leak mountpoint info. Now with replacement for silly realloc() dance
that appears to fix mysterious crashes seen with previous version that
tried to sneak in to 5.5.

ok otto@

10 years agoIn qla_get_port_name_list, handle malloc failure, skip special fabric ports,
jmatthew [Mon, 21 Apr 2014 04:17:07 +0000 (04:17 +0000)]
In qla_get_port_name_list, handle malloc failure, skip special fabric ports,
and set location on ports as best we can.  Take the port mutex too.

10 years agoth_code is in network byte order
dlg [Mon, 21 Apr 2014 04:02:52 +0000 (04:02 +0000)]
th_code is in network byte order

10 years agoclean up files we don't need
tedu [Mon, 21 Apr 2014 02:44:28 +0000 (02:44 +0000)]
clean up files we don't need

10 years agofix accidentally deleted deref.
beck [Mon, 21 Apr 2014 00:52:00 +0000 (00:52 +0000)]
fix accidentally deleted deref.

10 years agoASN1_STRING cleanup - realloc has handled NULL since I had a mullet
beck [Sun, 20 Apr 2014 23:30:12 +0000 (23:30 +0000)]
ASN1_STRING cleanup - realloc has handled NULL since I had a mullet
and parachute pants - and since it's obvious there is no guarantee
the caller doesn't pass in the data area in the argument, use memmove
instead of memcpy so overlapping areas are handled correctly.
 Also, pointers can be usefully printed in hex with %p, in error messaeges
rather than the bizzaro stuff that was there using mystical buffer lengths
and abuse of strlcpy-converted-blindly-from-strcpy

10 years agotweak previous;
jmc [Sun, 20 Apr 2014 22:52:26 +0000 (22:52 +0000)]
tweak previous;

10 years agoPrevent lpd(8) from looking into hosts.equiv.
ajacoutot [Sun, 20 Apr 2014 22:35:10 +0000 (22:35 +0000)]
Prevent lpd(8) from looking into hosts.equiv.
Access control is now done only using hosts.lpd.
See lpd(8) for more information about the format of this file.

"seems reasonable" tedu@
"looks good" deraadt@
ok sthen@

10 years agoreplace a bunch of pointer-arithmatic-strcpy-converted-blindly-to-strlcpy
beck [Sun, 20 Apr 2014 22:32:58 +0000 (22:32 +0000)]
replace a bunch of pointer-arithmatic-strcpy-converted-blindly-to-strlcpy
cruft with an snprintf.
"better than what was there"  ok guenther@

10 years agoEliminate duplicated logic by switching from malloc+snprintf to asprintf
guenther [Sun, 20 Apr 2014 22:31:55 +0000 (22:31 +0000)]
Eliminate duplicated logic by switching from malloc+snprintf to asprintf

ok beck@

10 years agoAdd iscsictl bits to show the vscsi stats.
claudio [Sun, 20 Apr 2014 22:22:18 +0000 (22:22 +0000)]
Add iscsictl bits to show the vscsi stats.

10 years agoIntroduce some basic stats for the vscsi layer. Just counting the commands
claudio [Sun, 20 Apr 2014 22:18:04 +0000 (22:18 +0000)]
Introduce some basic stats for the vscsi layer. Just counting the commands
and the bytes we push through vscsi(4).

10 years agocheck_hosts_equiv -> check_hosts_lpd
ajacoutot [Sun, 20 Apr 2014 22:15:49 +0000 (22:15 +0000)]
check_hosts_equiv -> check_hosts_lpd
i.e. don't check for hosts.equiv anymore.

input/ok schwarze@, ok sthen@

10 years agoin debug messages, truncating strings of excessive lengths is actually
schwarze [Sun, 20 Apr 2014 22:03:40 +0000 (22:03 +0000)]
in debug messages, truncating strings of excessive lengths is actually
a good thing, so cast the return value from sprintf to (void);
this concludes the mandoc sprintf audit

10 years agoMake -L even more useful to monitoring processes. Truncate and
krw [Sun, 20 Apr 2014 21:25:07 +0000 (21:25 +0000)]
Make -L even more useful to monitoring processes. Truncate and
refill the file rather than creating a new one, which preserves
an fd being monitored. And truncate file on losing link.

Things like sysutils/ertn should now be able to see new leases, lease
renewals and cable unplugs.

tweaks by and ok sthen@

10 years agostrlen+malloc+snprintf is error prone;
schwarze [Sun, 20 Apr 2014 20:48:34 +0000 (20:48 +0000)]
strlen+malloc+snprintf is error prone;
rewrite post_lb() to use asprintf(3) instead

10 years agoregen
stsp [Sun, 20 Apr 2014 20:35:07 +0000 (20:35 +0000)]
regen

10 years agoAdd device ID for Ralink (now branded Mediatek) MT7601 USB wifi device
stsp [Sun, 20 Apr 2014 20:34:57 +0000 (20:34 +0000)]
Add device ID for Ralink (now branded Mediatek) MT7601 USB wifi device

10 years agofix unchecked snprintf(3) in page header printing:
schwarze [Sun, 20 Apr 2014 20:17:36 +0000 (20:17 +0000)]
fix unchecked snprintf(3) in page header printing:
the length of the title is unknown, and speed doesn't matter here,
so use asprintf/free rather than a static buffer

10 years agoChop off more SSLv2 tentacles and start fixing and noting y2038 issues.
guenther [Sun, 20 Apr 2014 20:14:09 +0000 (20:14 +0000)]
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.
APIs that pass times as longs will have to change at some point...
Bump major on both libcrypto and libssl.

ok tedu@

10 years agoAfter doing all of the loging dance to get the target's params it makes
claudio [Sun, 20 Apr 2014 20:12:31 +0000 (20:12 +0000)]
After doing all of the loging dance to get the target's params it makes
sense to merge them into the active set. At least that way we run with
the right params and finally do reads and writes that are > 8k.

10 years agoRestore beck's (void)snprintf(): they were reviewed.
guenther [Sun, 20 Apr 2014 20:06:19 +0000 (20:06 +0000)]
Restore beck's (void)snprintf(): they were reviewed.

10 years agoRestore beck's rev 1.8: snprintf() was reviewed.
guenther [Sun, 20 Apr 2014 19:56:25 +0000 (19:56 +0000)]
Restore beck's rev 1.8: snprintf() was reviewed.

10 years agoRestore tedu's rev 1.4: snprintf() was reviewed.
guenther [Sun, 20 Apr 2014 19:55:09 +0000 (19:55 +0000)]
Restore tedu's rev 1.4: snprintf() was reviewed.

10 years agoRestore beck's rev 1.7: snprintf() was reviewed.
guenther [Sun, 20 Apr 2014 19:52:41 +0000 (19:52 +0000)]
Restore beck's rev 1.7: snprintf() was reviewed.
Also, use sizeof() for snprintf()'s size argument

10 years agomake sure static buffers for snprintf(3) are large enough
schwarze [Sun, 20 Apr 2014 19:39:35 +0000 (19:39 +0000)]
make sure static buffers for snprintf(3) are large enough
and cast snprintf return value to (void) where they are

10 years agoRemove unused/never installed libssl tools and docs and references to them
afresh1 [Sun, 20 Apr 2014 19:23:08 +0000 (19:23 +0000)]
Remove unused/never installed libssl tools and docs and references to them

Sure deraadt

10 years agoRestore beck's rev 1.21: snprintf() was reviewed
guenther [Sun, 20 Apr 2014 18:53:37 +0000 (18:53 +0000)]
Restore beck's rev 1.21: snprintf() was reviewed

10 years agoUse only one style for "return foo;"
claudio [Sun, 20 Apr 2014 18:17:12 +0000 (18:17 +0000)]
Use only one style for "return foo;"

10 years agoAdd a few more overflow checks for strlc* functions in parse.y
reyk [Sun, 20 Apr 2014 18:16:11 +0000 (18:16 +0000)]
Add a few more overflow checks for strlc* functions in parse.y

10 years agoclarify a bit about hosts.lpd
tedu [Sun, 20 Apr 2014 18:11:45 +0000 (18:11 +0000)]
clarify a bit about hosts.lpd

10 years agohosts.equiv is a ghost from bsd past
tedu [Sun, 20 Apr 2014 18:06:37 +0000 (18:06 +0000)]
hosts.equiv is a ghost from bsd past

10 years agotheo found a file we don't seem to need, but just in case, i will paste
tedu [Sun, 20 Apr 2014 17:50:12 +0000 (17:50 +0000)]
theo found a file we don't seem to need, but just in case, i will paste
the contents below:
#!/usr/local/bin/perl
# x86 assember

10 years agoStyle improvement based on espie@'s feedback: provide and use
zhuk [Sun, 20 Apr 2014 17:34:26 +0000 (17:34 +0000)]
Style improvement based on espie@'s feedback: provide and use
LT::UList->new() instead of calling tie() manually. As a bonus, few
extra lines in actual code go away.

okay espie@ who still thinks that I test things _before_ commit

10 years agoRestore beck's rev 1.9: snprintf() was reviewed
guenther [Sun, 20 Apr 2014 17:01:35 +0000 (17:01 +0000)]
Restore beck's rev 1.9: snprintf() was reviewed

10 years agoMove session params initialization to when we start a session and not
claudio [Sun, 20 Apr 2014 16:52:11 +0000 (16:52 +0000)]
Move session params initialization to when we start a session and not
when it is created. That way the config params from the config file have
a chance to stick.

10 years agoFix conn_gen_kvp and its caller to fill the kvp array properly (including
claudio [Sun, 20 Apr 2014 16:49:56 +0000 (16:49 +0000)]
Fix conn_gen_kvp and its caller to fill the kvp array properly (including
the NULL terminator at the end). Now iscsid does proper LoginOperational
negotiation (which will bump the MaxRecvDataSegmentLength to 64k)

10 years agomove in6_cksum_phdr from in6.h to ip6_output.c to mirror in_cksum_phdr
naddy [Sun, 20 Apr 2014 16:48:22 +0000 (16:48 +0000)]
move in6_cksum_phdr from in6.h to ip6_output.c to mirror in_cksum_phdr
ok henning@

10 years agoKNF: case (FOO): -> case FOO, remove /* LINTED */ and /* ARGSUSED */,
schwarze [Sun, 20 Apr 2014 16:44:44 +0000 (16:44 +0000)]
KNF: case (FOO):  ->  case FOO, remove /* LINTED */ and /* ARGSUSED */,
remove trailing whitespace and blanks before tabs, improve some indenting;
no functional change

10 years agoKNF.
jsing [Sun, 20 Apr 2014 16:24:15 +0000 (16:24 +0000)]
KNF.

10 years agoCheck another strlcpy overflow that is very unlikely to happen.
reyk [Sun, 20 Apr 2014 16:23:33 +0000 (16:23 +0000)]
Check another strlcpy overflow that is very unlikely to happen.

10 years agoCheck for strlcpy overflow when expanding the HTTP input value.
reyk [Sun, 20 Apr 2014 16:18:32 +0000 (16:18 +0000)]
Check for strlcpy overflow when expanding the HTTP input value.

10 years agoRestore beck's rev 1.3: snprintf() was reviewed
guenther [Sun, 20 Apr 2014 16:18:06 +0000 (16:18 +0000)]
Restore beck's rev 1.3: snprintf() was reviewed

10 years agoMore KNF.
jsing [Sun, 20 Apr 2014 16:15:01 +0000 (16:15 +0000)]
More KNF.

10 years agoCheck strlcpy of the script path names for overflow and use the size of the
reyk [Sun, 20 Apr 2014 16:13:36 +0000 (16:13 +0000)]
Check strlcpy of the script path names for overflow and use the size of the
destination buffer instead of the source buffer as the argument.

10 years agoKNF.
jsing [Sun, 20 Apr 2014 16:10:10 +0000 (16:10 +0000)]
KNF.

10 years agoJust to be pedantic, fail if strlcpy managed to overflow the socket path.
reyk [Sun, 20 Apr 2014 16:07:10 +0000 (16:07 +0000)]
Just to be pedantic, fail if strlcpy managed to overflow the socket path.

10 years agoOnly issue a single dhcp requests per interface with the host-name
rpe [Sun, 20 Apr 2014 15:53:57 +0000 (15:53 +0000)]
Only issue a single dhcp requests per interface with the host-name
option set. Remove the second request, which does not provide the
host-name option. The client supplied hostname is used in certain
setups by DHCP servers to update DNS records on behalf of clients
and ensures that the hostname information is in the lease db.

discussed with deraadt
ok krw@ halex@

10 years agoKNF.
jsing [Sun, 20 Apr 2014 15:36:20 +0000 (15:36 +0000)]
KNF.

10 years agofactor our ether_addheader for readability; there's more to come there
henning [Sun, 20 Apr 2014 15:29:52 +0000 (15:29 +0000)]
factor our ether_addheader for readability; there's more to come there
ok claudio reyk

10 years agoKNF.
jsing [Sun, 20 Apr 2014 15:06:11 +0000 (15:06 +0000)]
KNF.

10 years agoether_output: instead of assembling the ethernet header and then calling
henning [Sun, 20 Apr 2014 14:54:39 +0000 (14:54 +0000)]
ether_output: instead of assembling the ethernet header and then calling
carp_rewrite_lladdr to overwrite the src lladdr, get the intended src
lladdr before assembling the ethernet header.
carp_rewrite_lladdr -> carp_get_srclladdr
ok reyk claudio

10 years agoether_output: instead of using an esrc buffer in which we copy the intended
henning [Sun, 20 Apr 2014 14:51:50 +0000 (14:51 +0000)]
ether_output: instead of using an esrc buffer in which we copy the intended
src lladdr just to copy it from the esrc buffer into the ethernet header
a few lines later, use an esrc pointer to figure out where to copy the
src lladdr from. ok claudio reyk

10 years agoReimplement the multi-dimensional arrays that are used to set up the
reyk [Sun, 20 Apr 2014 14:48:29 +0000 (14:48 +0000)]
Reimplement the multi-dimensional arrays that are used to set up the
process to process imsg communication.  It became a maze after we
added support for multiple relay processes and even worse with the ca
processes.  This change makes it easier to understand.  Now it only
opens socketpairs that are needed - the code previously wasted lots of
fds.

ok blambert@

10 years agoMore KNF.
jsing [Sun, 20 Apr 2014 14:32:19 +0000 (14:32 +0000)]
More KNF.

10 years agoMore KNF.
jsing [Sun, 20 Apr 2014 14:24:11 +0000 (14:24 +0000)]
More KNF.

10 years agogettimeofday() is portable enough and does not need a wrapper
deraadt [Sun, 20 Apr 2014 14:14:52 +0000 (14:14 +0000)]
gettimeofday() is portable enough and does not need a wrapper

10 years agocalloc() rather than malloc+memset
deraadt [Sun, 20 Apr 2014 14:03:55 +0000 (14:03 +0000)]
calloc() rather than malloc+memset

10 years agoFix indentation, adding braces and combining a nested if to reduce depth
guenther [Sun, 20 Apr 2014 14:03:04 +0000 (14:03 +0000)]
Fix indentation, adding braces and combining a nested if to reduce depth

10 years agoMore dead stores removal in subr_hibernate.c
mlarkin [Sun, 20 Apr 2014 14:02:57 +0000 (14:02 +0000)]
More dead stores removal in subr_hibernate.c

10 years agoKNF.
jsing [Sun, 20 Apr 2014 13:54:10 +0000 (13:54 +0000)]
KNF.

10 years agoKNF.
jsing [Sun, 20 Apr 2014 13:42:57 +0000 (13:42 +0000)]
KNF.

10 years agosync
deraadt [Sun, 20 Apr 2014 12:51:18 +0000 (12:51 +0000)]
sync

10 years agoChop off more SSLv2 tentacles and start fixing and noting y2038 issues.
guenther [Sun, 20 Apr 2014 12:48:19 +0000 (12:48 +0000)]
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.
APIs that pass times as longs will have to change at some point...
Bump major on both libcrypto and libssl.

ok tedu@

10 years agoreturn after error instead of plowing ahead. noticed by mancha1 at zoho
tedu [Sun, 20 Apr 2014 12:30:41 +0000 (12:30 +0000)]
return after error instead of plowing ahead. noticed by mancha1 at zoho

10 years agoCleanup a bit, switch on bcopy to memcpy and move a function a bit up
claudio [Sun, 20 Apr 2014 12:22:16 +0000 (12:22 +0000)]
Cleanup a bit, switch on bcopy to memcpy and move a function a bit up

10 years agoWhen switching rdomains the sadl needs to be removed and re-added from the
claudio [Sun, 20 Apr 2014 11:25:18 +0000 (11:25 +0000)]
When switching rdomains the sadl needs to be removed and re-added from the
RB lookup tree because the rdomain id is part of the lookup key.
Without this the RB tree gets corrupted and in the worst case a use after
free can happen when the interface is destroyed.
Why the sadl addresses are added to the tree in the first place is something
to reconsider.
OK henning@, mpi@, sthen@

10 years agoSimplify shell pattern.
rpe [Sun, 20 Apr 2014 10:51:59 +0000 (10:51 +0000)]
Simplify shell pattern.

OK krw@

10 years agoPartially revert the previous: snmp_agentx_ping() didn't leak the pdu
reyk [Sun, 20 Apr 2014 10:46:20 +0000 (10:46 +0000)]
Partially revert the previous: snmp_agentx_ping() didn't leak the pdu
because it is added to a list on the handle and eventually released
later with the handle itself.  This confuses leak detection tools like
clang, so at least add a comment that it is not a leak.

ok blambert@

10 years agosync
deraadt [Sun, 20 Apr 2014 10:43:15 +0000 (10:43 +0000)]
sync

10 years agoUse calloc(a,b) instead of malloc(a*b) + memset(a*b). I don't know if
deraadt [Sun, 20 Apr 2014 10:31:43 +0000 (10:31 +0000)]
Use calloc(a,b) instead of malloc(a*b) + memset(a*b).  I don't know if
this instance is integer-overflowable, but we cannot keep hand-auditing
every instance (or apathetically ignoring these issues) when the simple
calloc idiom is better in the presence of a good calloc().  It is simply
unfeasible to always enter correct range checks before the aggregate
size calculation, just go find some 4000 lines of code, REPAIR THEM ALL,
then come back and tell me I am wrong.

This only works on systems where calloc() does the integer overflow
check, but if your system doesn't do this, you need to ask your vendor
WHY THEY ARE 10 YEARS BEHIND IN BEST PRACTICE?  This is the kind of
problem that needs to be solved at the right layer.

malloc integer-overflow was implicated in the 2002 OpenSSH hole.  OpenSSH
and much other code is now written to use calloc(), for instance OpenSSH
has 103 calls to it.  We feel safer with our use of calloc().  It is a
natural approach for us to use calloc().  How safe do you feel on systems
which lack that range check in their calloc()?

Good writeup from 2006: http://undeadly.org/cgi?action=article&sid=20060330071917