openbsd
10 years agoremove references to rshd;
jmc [Fri, 18 Apr 2014 22:04:54 +0000 (22:04 +0000)]
remove references to rshd;

10 years agotone down some XXXXX to not appear in grep
tedu [Fri, 18 Apr 2014 21:57:17 +0000 (21:57 +0000)]
tone down some XXXXX to not appear in grep

10 years agorename wd33c93 to wd33c93ctrl (but keep the filenames as is) so we can
jasper [Fri, 18 Apr 2014 21:55:23 +0000 (21:55 +0000)]
rename wd33c93 to wd33c93ctrl (but keep the filenames as is) so we can
add attributes to it later; as wd33c93 is not a valid device name.

ok miod@

10 years agoIn update mode, when opening the database fails, probably because it is
schwarze [Fri, 18 Apr 2014 21:54:48 +0000 (21:54 +0000)]
In update mode, when opening the database fails, probably because it is
missing or corrupt, just rebuild it from scratch.  This also helps when
installing the very first port on a freshly installed machine
and is similar to what espie@'s classical makewhatis(8) did.

Issue reported by naddy@ via kili@.

10 years agoXXXXXXXXXXXXXXXX -> XXX
tedu [Fri, 18 Apr 2014 21:49:19 +0000 (21:49 +0000)]
XXXXXXXXXXXXXXXX -> XXX
XXXXXXXXXXXXXXXXXXXXXXX -> XXXX

10 years agofix SEE ALSO;
jmc [Fri, 18 Apr 2014 21:42:04 +0000 (21:42 +0000)]
fix SEE ALSO;

10 years agounifdef NO_SOCK
tedu [Fri, 18 Apr 2014 21:41:15 +0000 (21:41 +0000)]
unifdef NO_SOCK

10 years agoround up some enemy sympathizers found calling RAND_seed().
tedu [Fri, 18 Apr 2014 21:29:20 +0000 (21:29 +0000)]
round up some enemy sympathizers found calling RAND_seed().
ok beck reyk

10 years agonow that knf carpet bombing is finished, switch to hand to hand combat.
tedu [Fri, 18 Apr 2014 21:19:20 +0000 (21:19 +0000)]
now that knf carpet bombing is finished, switch to hand to hand combat.
still not sure what to make of mysteries like this:
for (i = 7; i >= 0; i--) {      /* increment */

10 years agoFor the WSDISPLAY_COMPAT_USL protocol, send the synchronizing signals to
guenther [Fri, 18 Apr 2014 21:18:50 +0000 (21:18 +0000)]
For the WSDISPLAY_COMPAT_USL protocol, send the synchronizing signals to
the process, not just the thread.

ok kettenis@

10 years agoSince we've been making heavy use of unifdef recently: update it to the
sthen [Fri, 18 Apr 2014 21:11:34 +0000 (21:11 +0000)]
Since we've been making heavy use of unifdef recently: update it to the
recent 2.10 release.

"This code was derived from software contributed to Berkeley by Dave Yost.
It was rewritten to support ANSI C by Tony Finch. The original version
of unifdef carried the 4-clause BSD copyright licence. None of its code
remains in this version (though some of the names remain) so it now
carries a more liberal licence."

ok deraadt@

10 years agoUnsurprisingly, since <unistd.h> was so darn hard to find for OpenSSL developers
beck [Fri, 18 Apr 2014 21:11:00 +0000 (21:11 +0000)]
Unsurprisingly, since <unistd.h> was so darn hard to find for OpenSSL developers
they had resorted to manually protyping read(2) instead of incredible amount of
preprocessor wizardry needed to find the ever illusive <unistd.h>. Let's just
include <unistd.h> and we don't need to do this.. While we're at it flense
out _OSD_POSIX and __DGJPP__ cruft.
ok krw@

10 years agoECDSA signature computation involves a random number. Remove the test trying to
miod [Fri, 18 Apr 2014 20:23:42 +0000 (20:23 +0000)]
ECDSA signature computation involves a random number. Remove the test trying to
force what RAND_bytes() will return and comparing it against known values -
I can't let you do this, Dave.

10 years agoraise file limit to something more web scale, but lower connections so
tedu [Fri, 18 Apr 2014 20:22:17 +0000 (20:22 +0000)]
raise file limit to something more web scale, but lower connections so
there are some files to spare for other things.

10 years agounbreak tree - this was not the rand.c I was looking for
beck [Fri, 18 Apr 2014 20:01:31 +0000 (20:01 +0000)]
unbreak tree - this was not the rand.c I was looking for

10 years agocollateral damage
tedu [Fri, 18 Apr 2014 19:58:42 +0000 (19:58 +0000)]
collateral damage

10 years agono app_rand.c
tedu [Fri, 18 Apr 2014 19:55:15 +0000 (19:55 +0000)]
no app_rand.c

10 years ago$HOME/.rnd will never be a good source of entropy. ok beck
tedu [Fri, 18 Apr 2014 19:54:57 +0000 (19:54 +0000)]
$HOME/.rnd will never be a good source of entropy. ok beck

10 years agoDo not ask the user to pass either -DB_ENDIAN or -DL_ENDIAN to the compiler,
miod [Fri, 18 Apr 2014 19:41:21 +0000 (19:41 +0000)]
Do not ask the user to pass either -DB_ENDIAN or -DL_ENDIAN to the compiler,
but rather figure out the endianness from <machine/endian.h> automagically;
help from guenther@

ok jca@ guenther@ beck@ and the rest of the `Buena SSL rampage club'

10 years agoShrink a local buffer to the size it really needs to be; this is the only
miod [Fri, 18 Apr 2014 19:38:26 +0000 (19:38 +0000)]
Shrink a local buffer to the size it really needs to be; this is the only
discrepancy found while checking proper {HEX,DECIMAL}_SIZE macro usage, which
is confusing enough.
tweaks and ok jca@, ok guenther@

10 years agoremove bdes(1) so as to not encourage its use; if someone really
okan [Fri, 18 Apr 2014 19:13:16 +0000 (19:13 +0000)]
remove bdes(1) so as to not encourage its use; if someone really
wants to use DES, there's another way.

ok deraadt sthen sobrado (and probably tedu)

10 years agoRemove the dead KAME code that dealt with IPv4-mapped IPv6 addresses.
jca [Fri, 18 Apr 2014 18:56:25 +0000 (18:56 +0000)]
Remove the dead KAME code that dealt with IPv4-mapped IPv6 addresses.
Add a check for IPv4-mapped IPv6 destination addresses, like in the most
recent KAME code, for non-connected sockets.  This prevents packets from
reaching the wire through the default route, if a reject route
for ::ffff:0.0.0.0/96 isn't present.  ok claudio@

10 years agoThis remnant comment doesn't belong here. ok claudio@
jca [Fri, 18 Apr 2014 18:44:18 +0000 (18:44 +0000)]
This remnant comment doesn't belong here.  ok claudio@

10 years agoeroMgib dne- nai 68xtnetelca .s
miod [Fri, 18 Apr 2014 18:38:45 +0000 (18:38 +0000)]
eroMgib dne- nai 68xtnetelca  .s

10 years agoNot welcome
miod [Fri, 18 Apr 2014 18:33:39 +0000 (18:33 +0000)]
Not welcome

10 years agotypo
miod [Fri, 18 Apr 2014 18:33:18 +0000 (18:33 +0000)]
typo

10 years agoIt seems a generation of programmers is aping OpenSSL. We need re-education
beck [Fri, 18 Apr 2014 18:25:04 +0000 (18:25 +0000)]
It seems a generation of programmers is aping OpenSSL. We need re-education
camps.  RAND_ is considered hamful, we should not *re-implement* it here.
"fire bomb it" - tedu@, "dresdenizing" - beck@, "SSLaughterhouse five" miod@

10 years agoUse the cleaned up asprintf-based make_config_name() to make the name of
lteo [Fri, 18 Apr 2014 18:08:36 +0000 (18:08 +0000)]
Use the cleaned up asprintf-based make_config_name() to make the name of
the config file instead of the malloc/BUF_strlcpy/BUF_strlcat calls with
no return value checks (that make_config_name() also used to do prior to
being cleaned up).

ok beck@

10 years agofirst round of static config. ok miod
tedu [Fri, 18 Apr 2014 18:08:36 +0000 (18:08 +0000)]
first round of static config. ok miod

10 years agoCheck the return value of make_config_name() before attempting to use
lteo [Fri, 18 Apr 2014 18:07:59 +0000 (18:07 +0000)]
Check the return value of make_config_name() before attempting to use
the config filename.

ok beck@

10 years agoanother
tedu [Fri, 18 Apr 2014 18:03:26 +0000 (18:03 +0000)]
another

10 years agoanother "string to make the random number generator think it has entropy"
tedu [Fri, 18 Apr 2014 18:01:06 +0000 (18:01 +0000)]
another "string to make the random number generator think it has entropy"

10 years agodelete "string to make the random number generator think it has entropy"
tedu [Fri, 18 Apr 2014 17:44:24 +0000 (17:44 +0000)]
delete "string to make the random number generator think it has entropy"

10 years agoPut back i2d_ASN1_SET() and d2i_ASN1_SET() from the NO_ASN1_OLD prune, as there
miod [Fri, 18 Apr 2014 17:32:31 +0000 (17:32 +0000)]
Put back i2d_ASN1_SET() and d2i_ASN1_SET() from the NO_ASN1_OLD prune, as there
are still some 3rd-party code using it, and fixing them is not trivial.

As an excuse gift, the memory leaks on failure in resurrected a_set.c have
been fixed.

10 years agoRAND_xxx considered harmful. use arc4random_buf instead of nasty stuff.
beck [Fri, 18 Apr 2014 17:25:17 +0000 (17:25 +0000)]
RAND_xxx considered harmful. use arc4random_buf instead of nasty stuff.
ok tedu@

10 years agoWrap long lines.
florian [Fri, 18 Apr 2014 17:01:47 +0000 (17:01 +0000)]
Wrap long lines.
OK lteo@, benno@

10 years agoMove ident / perturb initialisation up, this is AF independent.
florian [Fri, 18 Apr 2014 17:01:06 +0000 (17:01 +0000)]
Move ident / perturb initialisation up, this is AF independent.
OK benno@

10 years agosync to traceroute6: use getnameinfo for destination ip
florian [Fri, 18 Apr 2014 17:00:07 +0000 (17:00 +0000)]
sync to traceroute6: use getnameinfo for destination ip
OK benno@

10 years agoDeclare socklen_t len in main, it's used in two places, no need
florian [Fri, 18 Apr 2014 16:58:02 +0000 (16:58 +0000)]
Declare socklen_t len in main, it's used in two places, no need
to declare it twice. We can get rid of a { } block.
OK benno@

10 years agoReplace fprintf(stderr, ..); exit() with errx() and fprintf(stderr, ...)
florian [Fri, 18 Apr 2014 16:56:25 +0000 (16:56 +0000)]
Replace fprintf(stderr, ..); exit() with errx() and fprintf(stderr, ...)
with warnx()
OK lteo@, benno@

10 years agoDrop rh0 support (-g), it doesn't work anyway.
florian [Fri, 18 Apr 2014 16:48:19 +0000 (16:48 +0000)]
Drop rh0 support (-g), it doesn't work anyway.
OK benno@

10 years agoUse getaddrinfo to resolve destination. I kept the inet_aton so the
florian [Fri, 18 Apr 2014 16:46:18 +0000 (16:46 +0000)]
Use getaddrinfo to resolve destination. I kept the inet_aton so the
great old ones can still traceroute 010.010.010.010.
OK benno@

10 years agoRAND_egd is considered harmful. Unbreak the tree by making kerberos not use
beck [Fri, 18 Apr 2014 16:40:46 +0000 (16:40 +0000)]
RAND_egd is considered harmful.  Unbreak the tree by making kerberos not use
it. The rest of the RAND_ horror in here needs checking.
ok deraadt@

10 years agoIntroduce some regress tests against our routing table. At least that way
claudio [Fri, 18 Apr 2014 16:38:28 +0000 (16:38 +0000)]
Introduce some regress tests against our routing table. At least that way
there is a chance that we do not break the network stack even more.
These regress tests already found a few issues.
The framework is ugly and does not properly recover from failures. Somebody
more skilled can come up with a better solution.
mpi@, blambert@ and sthen@ support this

10 years agothis file is not relevant
deraadt [Fri, 18 Apr 2014 16:36:42 +0000 (16:36 +0000)]
this file is not relevant

10 years agoWe do have SO_SNDBUF.
florian [Fri, 18 Apr 2014 16:33:21 +0000 (16:33 +0000)]
We do have SO_SNDBUF.
OK benno@

10 years agoWe do have SO_SNDBUF and IP_HDRINCL.
florian [Fri, 18 Apr 2014 16:32:42 +0000 (16:32 +0000)]
We do have SO_SNDBUF and IP_HDRINCL.
OK benno@

10 years agoreplace perror(3) with err(3)/warn(3)
florian [Fri, 18 Apr 2014 16:29:26 +0000 (16:29 +0000)]
replace perror(3) with err(3)/warn(3)
OK lteo@, benno@

10 years agoStructure wait_for_reply() loop like traceroute, thereby moving the
florian [Fri, 18 Apr 2014 16:26:47 +0000 (16:26 +0000)]
Structure wait_for_reply() loop like traceroute, thereby moving the
loop body one indent layer up.
OK benno@

10 years agomove cast from packet to ip up to avoid casts in print()
florian [Fri, 18 Apr 2014 16:24:41 +0000 (16:24 +0000)]
move cast from packet to ip up to avoid casts in print()
OK benno@

10 years agomove ICMP6 code parsing to function
florian [Fri, 18 Apr 2014 16:23:00 +0000 (16:23 +0000)]
move ICMP6 code parsing to function
OK benno@

10 years agomove ICMP code parsing to function
florian [Fri, 18 Apr 2014 16:22:18 +0000 (16:22 +0000)]
move ICMP code parsing to function
OK benno@

10 years agosync to traceroute:
florian [Fri, 18 Apr 2014 16:20:56 +0000 (16:20 +0000)]
sync to traceroute:
* s/Dst/to/
* s/Src/from/
* drop Rcv
OK benno@

10 years agoIf -s is not given do a dummy connect to get outgoing ip,
florian [Fri, 18 Apr 2014 16:19:11 +0000 (16:19 +0000)]
If -s is not given do a dummy connect to get outgoing ip,
unconditionally try to bind to this ip and get a source port for udp
this way, like traceroute6 is doing.  This means you can no longer
traceroute from IPs not present on the system. (There are probably
better tools if you want to send traffic from spoofed IPs.)
OK benno@

10 years agofix previous
reyk [Fri, 18 Apr 2014 16:13:02 +0000 (16:13 +0000)]
fix previous

10 years agoSync to tracroute: don't print source IP if -s is not given
florian [Fri, 18 Apr 2014 16:11:36 +0000 (16:11 +0000)]
Sync to tracroute: don't print source IP if -s is not given
OK benno@ (who wants it back in some form after the merge)

10 years agoguenther would prefer more separation
tedu [Fri, 18 Apr 2014 16:11:22 +0000 (16:11 +0000)]
guenther would prefer more separation

10 years agospacing
reyk [Fri, 18 Apr 2014 16:08:06 +0000 (16:08 +0000)]
spacing

10 years agoSync to tracroute: handle "time exceeded in transit" before the
florian [Fri, 18 Apr 2014 16:07:54 +0000 (16:07 +0000)]
Sync to tracroute: handle "time exceeded in transit" before the
switch and add a default case.
OK benno@

10 years agosync packet_ok signature to traceroute6
florian [Fri, 18 Apr 2014 16:04:39 +0000 (16:04 +0000)]
sync packet_ok signature to traceroute6
OK benno@

10 years agosync to traceroute: s/opacket/packetdata/
florian [Fri, 18 Apr 2014 16:02:08 +0000 (16:02 +0000)]
sync to traceroute: s/opacket/packetdata/
OK lteo@, benno@

10 years agoEmbed struct tv32 into struct opacket like traceroute.
florian [Fri, 18 Apr 2014 16:00:38 +0000 (16:00 +0000)]
Embed struct tv32 into struct opacket like traceroute.
This changes the data part of an icmp6 paket, before it only
contained the timestamp, now it contains a whole struct opacket.
Shouldn't be an issue as nobody looks at this data anyway.
OK benno@

10 years agoMalak: I think we made the merchant angry.
tedu [Fri, 18 Apr 2014 15:59:36 +0000 (15:59 +0000)]
Malak: I think we made the merchant angry.
Conan: Are you surprised?
Malak: But we didn't steal everything he had!
Conan: We didn't have time.

10 years agoFactor out build_probe{4,6} from send_probe; now send_probe is
florian [Fri, 18 Apr 2014 15:58:43 +0000 (15:58 +0000)]
Factor out build_probe{4,6} from send_probe; now send_probe is
AF independent. While there define outpacket as u_char and
cast as needed in traceroute6.
OK benno@

10 years agosync
deraadt [Fri, 18 Apr 2014 15:58:18 +0000 (15:58 +0000)]
sync

10 years agomillert said i can kill rshd
tedu [Fri, 18 Apr 2014 15:57:12 +0000 (15:57 +0000)]
millert said i can kill rshd

10 years agowe need to crank
tedu [Fri, 18 Apr 2014 15:53:49 +0000 (15:53 +0000)]
we need to crank

10 years agoFix SSL client-only mode when no RSA private key is needed.
reyk [Fri, 18 Apr 2014 15:53:28 +0000 (15:53 +0000)]
Fix SSL client-only mode when no RSA private key is needed.

Found by andre@ with the args-ssl-server.pl regress test.

ok andre@

10 years agoremove include files not needed
deraadt [Fri, 18 Apr 2014 15:53:24 +0000 (15:53 +0000)]
remove include files not needed

10 years agoDocument support for "openssl s_client -starttls lmtp"
guenther [Fri, 18 Apr 2014 15:46:50 +0000 (15:46 +0000)]
Document support for "openssl s_client -starttls lmtp"

10 years agoFinish zapping SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION usage; only keep
guenther [Fri, 18 Apr 2014 15:39:53 +0000 (15:39 +0000)]
Finish zapping SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION usage; only keep
the #define for compat, but document that it's a no-op now.  Also, neuter
the -legacy_renegotiation option to "openssl s_{client,server}"

ok beck@

10 years agouse the portable construct around asprintf; pointed out by halex
deraadt [Fri, 18 Apr 2014 15:38:16 +0000 (15:38 +0000)]
use the portable construct around asprintf; pointed out by halex

10 years agoreaching into altq outside #ifdef ALTQ is bad, mmkay? ok claudio
henning [Fri, 18 Apr 2014 15:20:00 +0000 (15:20 +0000)]
reaching into altq outside #ifdef ALTQ is bad, mmkay? ok claudio

10 years agotcp_respond: let the stack worry about the cksum instead of doing it
henning [Fri, 18 Apr 2014 15:14:25 +0000 (15:14 +0000)]
tcp_respond: let the stack worry about the cksum instead of doing it
manually, ok naddy (in january)

10 years agopf_send_tcp: ask the stack to do the cksum instead of doing it manually
henning [Fri, 18 Apr 2014 15:13:01 +0000 (15:13 +0000)]
pf_send_tcp: ask the stack to do the cksum instead of doing it manually
ok benno lteo naddy (back in january)

10 years agoIt's been a quarter century: we can assume volatile is present with that name.
guenther [Fri, 18 Apr 2014 15:09:52 +0000 (15:09 +0000)]
It's been a quarter century: we can assume volatile is present with that name.

10 years agoSome dude named Tavis Ormandy reported a bug which has gone unfixed.
tedu [Fri, 18 Apr 2014 15:03:20 +0000 (15:03 +0000)]
Some dude named Tavis Ormandy reported a bug which has gone unfixed.
http://marc.info/?l=openssl-users&m=138014120223264&w=2
Arguably a doc bug, but we argue not. If you parse a new cert into memory
occupied by a previously verified cert, the new cert will inherit that
state, bypassing future verification checks. To avoid this, we will always
start fresh with a new object.

grudging ok from guenther, after i threatened to make him read the code yet
again. "that ok was way more painful and tiring then it should have been"

10 years agoreaching into altq unconditionally (and w/o ifdef ALTQ) is bad, mmkay?
henning [Fri, 18 Apr 2014 14:56:59 +0000 (14:56 +0000)]
reaching into altq unconditionally (and w/o ifdef ALTQ) is bad, mmkay?

10 years agosince e_os.h is dead, and e_os2.h is installed, we can fetch from there.
deraadt [Fri, 18 Apr 2014 14:41:54 +0000 (14:41 +0000)]
since e_os.h is dead, and e_os2.h is installed, we can fetch from there.
This means we don't need the reach-around anymore.

10 years agoIt's been a quarter century: we can assume volatile is present with that name.
guenther [Fri, 18 Apr 2014 14:38:21 +0000 (14:38 +0000)]
It's been a quarter century: we can assume volatile is present with that name.

10 years agoPut the final pieces from e_os.h in the required places, and remove it.
deraadt [Fri, 18 Apr 2014 14:37:41 +0000 (14:37 +0000)]
Put the final pieces from e_os.h in the required places, and remove it.
"dance on it's grave" says beck
ok guenther beck

10 years agocut altq here
henning [Fri, 18 Apr 2014 14:34:24 +0000 (14:34 +0000)]
cut altq here

10 years agoblank lines between decls and code
tedu [Fri, 18 Apr 2014 14:34:07 +0000 (14:34 +0000)]
blank lines between decls and code

10 years agoThe RSA_FLAG_SIGN_VER is not yet supported and the current code uses
reyk [Fri, 18 Apr 2014 14:32:22 +0000 (14:32 +0000)]
The RSA_FLAG_SIGN_VER is not yet supported and the current code uses
the rsa_priv_enc() and rsa_pub_dec() callbacks for sign and verify
operations.

A tale from OpenSSL's rsa.h:

  New sign and verify functions: some libraries don't allow arbitrary
  data to be signed/verified: this allows them to be used. Note: for
  this to work the RSA_public_decrypt() and RSA_private_encrypt() should
  *NOT* be used RSA_sign(), RSA_verify() should be used instead. Note:
  for backwards compatibility this functionality is only enabled if the
  RSA_FLAG_SIGN_VER option is set in 'flags'.

In OpenSSL, RSA engines should provide the rsa_sign() and rsa_verify()
callbacks and this should be the default.  By the "default" is
disabled by default and RSA engines that provide extra sign and verify
callbacks have to set the non-default RSA_FLAG_SIGN_VER flag.  This is
not used by OpenSSL's own RSA code and was only set by two non-default
RSA engines: IBM 4758 and Windows CAPI - both of them got removed from
our library.  And btw., this comment about the new non-default default
was added in 1999.

Thanks to Piotr Sikora, who pointed out that I didn't handle the
sign/verify case.

10 years agoWe should probably thank OpenSSL.
schwarze [Fri, 18 Apr 2014 14:25:52 +0000 (14:25 +0000)]
We should probably thank OpenSSL.
They gave Theo another chance to be happy.

10 years agoThese files were never installed in the past, and are not generally
deraadt [Fri, 18 Apr 2014 14:05:01 +0000 (14:05 +0000)]
These files were never installed in the past, and are not generally
used.  They can go away.
ok guenther reyk

10 years agoIntroduce privsep for private keys:
reyk [Fri, 18 Apr 2014 13:55:26 +0000 (13:55 +0000)]
Introduce privsep for private keys:

- Move RSA private keys to a new separate process instead of copying
them to the relays.  A custom RSA engine is used by the SSL/TLS code
of the relay processes to send RSA private key encryption/decryption
(also used for sign/verify) requests to the new "ca" processes instead
of operating on the private key directly.

- Each relay process gets its own related ca process.  Setting
"prefork 5" in the config file will spawn 10 processes (5 relay, 5
ca).  This diff also reduces the default number of relay processes
from 5 to 3 which should be suitable in most installations without a
very heavy load.

- Don't keep text versions of the keys in memory, parse them once and
keep the binary representation.  This might still be the case in
OpenSSL's internals but will be fixed in the library.

This diff doesn't prevent something like "heartbleed" but adds an
additional mitigation to prevent leakage of the private keys from the
processes doing SSL/TLS.

With feedback from many
ok benno@

10 years agoUse asprintf() for generating path, instead of multiple
deraadt [Fri, 18 Apr 2014 13:41:20 +0000 (13:41 +0000)]
Use asprintf() for generating path, instead of multiple
return-value-not-checked strlcpy and strlcat

10 years agoin CONF_get1_default_config_file(), don't calculate a buffer size,
deraadt [Fri, 18 Apr 2014 13:38:31 +0000 (13:38 +0000)]
in CONF_get1_default_config_file(), don't calculate a buffer size,
malloc it, do unbounded strlcpy's to it... but instead of asnprintf.
While there, let's put a '/' between the two path components!  Wonder
how old that bug is..
ok guenther

10 years agoIf somebody else is already processing the RPC requests on a stream socket,
kettenis [Fri, 18 Apr 2014 13:35:31 +0000 (13:35 +0000)]
If somebody else is already processing the RPC requests on a stream socket,
don't panic, but just return.

tested by nicm@
ok tedu@

10 years agoMore KNF.
jsing [Fri, 18 Apr 2014 13:26:34 +0000 (13:26 +0000)]
More KNF.

10 years agoanother round of chemo for the RAND code to provide clarity.
tedu [Fri, 18 Apr 2014 13:19:03 +0000 (13:19 +0000)]
another round of chemo for the RAND code to provide clarity.
ok deraadt

10 years agoMore KNF.
jsing [Fri, 18 Apr 2014 13:14:31 +0000 (13:14 +0000)]
More KNF.

10 years agoegd support is too dangerous to leave where somebody might find it.
tedu [Fri, 18 Apr 2014 13:13:50 +0000 (13:13 +0000)]
egd support is too dangerous to leave where somebody might find it.
ok deraadt.

10 years agoMore KNF.
jsing [Fri, 18 Apr 2014 12:15:48 +0000 (12:15 +0000)]
More KNF.

10 years agoThe proc.c code sets up some socketpair for the communication between
reyk [Fri, 18 Apr 2014 12:02:37 +0000 (12:02 +0000)]
The proc.c code sets up some socketpair for the communication between
different privsep processes.  The implementation is using
multi-dimensional arrays and and some complicated process to process
relations.  This is the first attempt of cleaning it up and to allow
N:N communications for the upcoming "CA" processes.

Discussed with some, but nobody dared to comment on the code.

10 years agoHave each thread keeps its own (counted!) reference to the process's ucreds
guenther [Fri, 18 Apr 2014 11:51:16 +0000 (11:51 +0000)]
Have each thread keeps its own (counted!) reference to the process's ucreds
to avoid possible use-after-free references when swapping ids in threaded
processes.  "Do I have the right creds?" checks are always made with the
threads creds.

Inspired by FreeBSD and NetBSD
"right time" deraadt@

10 years agono more altq hier^Where either
henning [Fri, 18 Apr 2014 11:41:10 +0000 (11:41 +0000)]
no more altq hier^Where either

10 years agono more altq
henning [Fri, 18 Apr 2014 11:36:06 +0000 (11:36 +0000)]
no more altq

10 years agoHandle passing zero to a variable fieldwidth or precision.
guenther [Fri, 18 Apr 2014 11:35:51 +0000 (11:35 +0000)]
Handle passing zero to a variable fieldwidth or precision.

ok deraadt@