lex(1): warning with -Wmisleading-indentation in generated scanner
Hi, When I build my program with the lex(1) in OpenBSD I get the following warning: src/lexer.c:2415:3: warning: misleading indentation; statement is not part of the previous 'if' [-Wmisleading-indentation] return yy_is_jam ? 0 : yy_current_state; ^ src/lexer.c:2412:2: note: previous statement is here if ( ! yy_is_jam ) ^ It comes from this section of code in the generated scanner: if ( ! yy_is_jam ) *(yy_state_ptr)++ = yy_current_state; return yy_is_jam ? 0 : yy_current_state; This also happens when building lex(1) with WARNINGS=yes and possibly other programs in base. The diff below adds a blank line to the M4 skeleton file and changes the indentation to if ( ! yy_is_jam ) *(yy_state_ptr)++ = yy_current_state; return yy_is_jam ? 0 : yy_current_state; I noticed upstream flex fixed the same problem by removing the leading whitespace before the return which produces identical output, but I prefer the diff below as it preserves the correct indentation in the skeleton file. https://github.com/westes/flex/blob/master/src/flex.skl#L1761 Index: usr.bin/lex/flex.skl === RCS file: /cvs/src/usr.bin/lex/flex.skl,v retrieving revision 1.17 diff -u -p -u -p -r1.17 flex.skl --- usr.bin/lex/flex.skl6 Aug 2020 17:23:29 - 1.17 +++ usr.bin/lex/flex.skl5 May 2021 02:32:47 - @@ -1807,6 +1807,7 @@ m4_ifdef( [[M4_YY_USES_REJECT]], %% [17.0] code to find the next state, and perhaps do backing up, goes here M4_YY_NOOP_GUTS_VAR(); + return yy_is_jam ? 0 : yy_current_state; }
systat(1): improve parsing of delay value
Hi, I incorrectly ran "systat netstat -N" instead of "systat -N netstat" and got confused why it wasn't resolving host names. The -N gets parsed with atof to a 0s delay that is then clamped to 5s. The patch below instead prints an error if the delay cannot be parsed. I think the <= 0 case should also produce an error but I left the existing behaviour of setting it to 5s. Index: usr.bin/systat/main.c === RCS file: /cvs/src/usr.bin/systat/main.c,v retrieving revision 1.72 diff -u -p -u -p -r1.72 main.c --- usr.bin/systat/main.c 12 Jan 2020 20:51:08 - 1.72 +++ usr.bin/systat/main.c 25 Jan 2021 08:07:34 - @@ -415,6 +415,22 @@ gethz(void) } int +parse_delay(const char *str, double *delay) +{ + char *endptr = NULL; + double value; + + value = strtod(str, &endptr); + if (*endptr == '\0') { + if (value <= 0) + value = 5; + *delay = value; + return 0; + } else + return 1; +} + +int main(int argc, char *argv[]) { char errbuf[_POSIX2_LINE_MAX]; @@ -475,9 +491,8 @@ main(int argc, char *argv[]) nflag = 1; break; case 's': - delay = atof(optarg); - if (delay <= 0) - delay = 5; + if (parse_delay(optarg, &delay)) + errx(1, "-s %s: invalid delay value", optarg); break; case 'w': rawwidth = strtonum(optarg, 1, MAX_LINE_BUF-1, &errstr); @@ -497,16 +512,14 @@ main(int argc, char *argv[]) argv += optind; if (argc == 1) { - double del = atof(argv[0]); - if (del == 0) + if (parse_delay(argv[0], &delay)) viewstr = argv[0]; - else - delay = del; } else if (argc == 2) { viewstr = argv[0]; - delay = atof(argv[1]); - if (delay <= 0) - delay = 5; + if (parse_delay(argv[1], &delay)) + errx(1, "invalid delay value: %s", argv[1]); + } else { + usage(); } udelay = (useconds_t)(delay * 100.0);
Re: ftp(1): add SOCKS proxy support
Hi Steffen, On 11/27/20 05:59 AM, Steffen Nurpmeso wrote: > Nick Gasson wrote in > <87im9srza8@bertha.nickg.me.uk>: > |Hi, > | > |I often need to go through a SOCKS proxy to access certain sites. The > |diff below adds SOCKS5 support to ftp(1) for HTTP transfers, similar to > |curl(1). Enabled when http_proxy is set to a socks5:// URL. > | > |Also fixes two existing memory leaks: proxyurl (set to NULL on line 646 > |before freeing) and sslpath (never freed). > | > |Tested with ssh -D and a few other SOCKS5 proxies. Also verified the > |existing HTTP proxy feature still works with squid(8). > > By the way, the $SOCKS5_PROXY environment variable becomes used > for automatic selection of SOCKS5. (Some things on FreeBSD, > lynx(1), and, hm, the MUA i maintain, s-nail; maybe more.) > (Sorry for the late reply.) Yes I see FreeBSD fetch added SOCKS5_PROXY recently. I've updated the diff below to support that too. Anyone interested? -- Thanks, Nick Index: usr.bin/ftp/fetch.c === RCS file: /cvs/src/usr.bin/ftp/fetch.c,v retrieving revision 1.199 diff -u -p -u -r1.199 fetch.c --- usr.bin/ftp/fetch.c 1 Jan 2021 17:39:54 - 1.199 +++ usr.bin/ftp/fetch.c 2 Jan 2021 12:02:39 - @@ -88,13 +88,18 @@ static int proxy_connect(int, char *, ch static int stdio_tls_write_wrapper(void *, const char *, int); static int stdio_tls_read_wrapper(void *, char *, int); #endif /* !NOSSL */ +static int read_fully(int, void *, size_t); +static int write_fully(int, const void *, size_t); +static int socks5_connect(int, const char *, const char *); #defineFTP_URL "ftp://";/* ftp URL prefix */ #defineHTTP_URL"http://"; /* http URL prefix */ #defineHTTPS_URL "https://"; /* https URL prefix */ +#defineSOCKS5_URL "socks5://" /* socks5 URL prefix */ #defineFILE_URL"file:" /* file URL prefix */ #define FTP_PROXY "ftp_proxy" /* env var with ftp proxy location */ #define HTTP_PROXY "http_proxy"/* env var with http proxy location */ +#define SOCKS5_PROXY "SOCKS5_PROXY" /* env var with socks5 proxy location */ #define EMPTYSTRING(x) ((x) == NULL || (*(x) == '\0')) @@ -345,6 +350,7 @@ url_get(const char *origline, const char int save_errno; const size_t buflen = 128 * 1024; int chunked = 0; + enum proxy_scheme proxy = PROXY_NONE; direction = "received"; @@ -455,11 +461,16 @@ noslash: proxyurl = strdup(proxyenv); if (proxyurl == NULL) errx(1, "Can't allocate memory for proxy URL."); - if (strncasecmp(proxyurl, HTTP_URL, sizeof(HTTP_URL) - 1) == 0) + if (strncasecmp(proxyurl, HTTP_URL, sizeof(HTTP_URL) - 1) == 0) { host = proxyurl + sizeof(HTTP_URL) - 1; - else if (strncasecmp(proxyurl, FTP_URL, sizeof(FTP_URL) - 1) == 0) + proxy = PROXY_HTTP; + } else if (strncasecmp(proxyurl, FTP_URL, sizeof(FTP_URL) - 1) == 0) { host = proxyurl + sizeof(FTP_URL) - 1; - else { + proxy = PROXY_HTTP; /* Treat ftp:// as a HTTP proxy */ + } else if (strncasecmp(proxyurl, SOCKS5_URL, sizeof(SOCKS5_URL) - 1) == 0) { + host = proxyurl + sizeof(SOCKS5_URL) - 1; + proxy = PROXY_SOCKS5; + } else { warnx("Malformed proxy URL: %s", proxyenv); goto cleanup_url_get; } @@ -467,11 +478,14 @@ noslash: warnx("Malformed proxy URL: %s", proxyenv); goto cleanup_url_get; } + } + + if (proxy == PROXY_HTTP) { if (*--path == '\0') *path = '/';/* add / back to real path */ path = strchr(host, '/'); /* remove trailing / on host */ if (!EMPTYSTRING(path)) - *path++ = '\0'; /* i guess this ++ is useless */ + *path = '\0'; path = strchr(host, '@'); /* look for credentials in proxy */ if (!EMPTYSTRING(path)) { @@ -623,9 +637,25 @@ noslash: port = NULL; #ifndef NOSSL - if (proxyenv && sslhost) + if (proxy == PROXY_HTTP && sslhost) proxy_connect(fd, sslhost, proxy_credentials); #endif /* !NOSSL */ + + if (proxy ==
ftp(1): add SOCKS proxy support
Hi, I often need to go through a SOCKS proxy to access certain sites. The diff below adds SOCKS5 support to ftp(1) for HTTP transfers, similar to curl(1). Enabled when http_proxy is set to a socks5:// URL. Also fixes two existing memory leaks: proxyurl (set to NULL on line 646 before freeing) and sslpath (never freed). Tested with ssh -D and a few other SOCKS5 proxies. Also verified the existing HTTP proxy feature still works with squid(8). Index: usr.bin/ftp/fetch.c === RCS file: /cvs/src/usr.bin/ftp/fetch.c,v retrieving revision 1.198 diff -u -p -u -r1.198 fetch.c --- usr.bin/ftp/fetch.c 18 Oct 2020 20:35:18 - 1.198 +++ usr.bin/ftp/fetch.c 26 Nov 2020 13:51:10 - @@ -88,10 +88,14 @@ static int proxy_connect(int, char *, ch static int stdio_tls_write_wrapper(void *, const char *, int); static int stdio_tls_read_wrapper(void *, char *, int); #endif /* !NOSSL */ +static int read_fully(int, void *, size_t); +static int write_fully(int, const void *, size_t); +static int socks5_connect(int, const char *, const char *); #defineFTP_URL "ftp://";/* ftp URL prefix */ #defineHTTP_URL"http://"; /* http URL prefix */ #defineHTTPS_URL "https://"; /* https URL prefix */ +#defineSOCKS5_URL "socks5://" /* socks5 URL prefix */ #defineFILE_URL"file:" /* file URL prefix */ #define FTP_PROXY "ftp_proxy" /* env var with ftp proxy location */ #define HTTP_PROXY "http_proxy"/* env var with http proxy location */ @@ -345,6 +349,7 @@ url_get(const char *origline, const char int save_errno; const size_t buflen = 128 * 1024; int chunked = 0; + enum proxy_scheme proxy = PROXY_NONE; direction = "received"; @@ -455,11 +460,16 @@ noslash: proxyurl = strdup(proxyenv); if (proxyurl == NULL) errx(1, "Can't allocate memory for proxy URL."); - if (strncasecmp(proxyurl, HTTP_URL, sizeof(HTTP_URL) - 1) == 0) + if (strncasecmp(proxyurl, HTTP_URL, sizeof(HTTP_URL) - 1) == 0) { host = proxyurl + sizeof(HTTP_URL) - 1; - else if (strncasecmp(proxyurl, FTP_URL, sizeof(FTP_URL) - 1) == 0) + proxy = PROXY_HTTP; + } else if (strncasecmp(proxyurl, FTP_URL, sizeof(FTP_URL) - 1) == 0) { host = proxyurl + sizeof(FTP_URL) - 1; - else { + proxy = PROXY_HTTP; /* Treat ftp:// as a HTTP proxy */ + } else if (strncasecmp(proxyurl, SOCKS5_URL, sizeof(SOCKS5_URL) - 1) == 0) { + host = proxyurl + sizeof(SOCKS5_URL) - 1; + proxy = PROXY_SOCKS5; + } else { warnx("Malformed proxy URL: %s", proxyenv); goto cleanup_url_get; } @@ -467,11 +477,14 @@ noslash: warnx("Malformed proxy URL: %s", proxyenv); goto cleanup_url_get; } + } + + if (proxy == PROXY_HTTP) { if (*--path == '\0') *path = '/';/* add / back to real path */ path = strchr(host, '/'); /* remove trailing / on host */ if (!EMPTYSTRING(path)) - *path++ = '\0'; /* i guess this ++ is useless */ + *path = '\0'; path = strchr(host, '@'); /* look for credentials in proxy */ if (!EMPTYSTRING(path)) { @@ -623,9 +636,21 @@ noslash: port = NULL; #ifndef NOSSL - if (proxyenv && sslhost) + if (proxy == PROXY_HTTP && sslhost) proxy_connect(fd, sslhost, proxy_credentials); #endif /* !NOSSL */ + + if (proxy == PROXY_SOCKS5) { + portnum = strrchr(proxyhost, ':'); + if (portnum != NULL) + *portnum++ = '\0'; + else + portnum = ishttpsurl ? httpsport : httpport; + + if (socks5_connect(fd, proxyhost, portnum) != 0) + goto cleanup_url_get; + } + break; } freeaddrinfo(res0); @@ -641,9 +666,10 @@ noslash: #ifndef NOSSL if (ishttpsurl) { ssize_t ret; - if (proxyenv && sslpath) { + if (proxy == PROXY_HTTP && sslpath) { + /* HTTP proxy CONNECT handled above. */ ishttpsurl = 0; - proxyurl = NULL; + proxy = PROXY_NONE; path = sslpath; } if (sslhost ==
smtpd: document "pki" option for relay delivery in smtpd.conf(5)
Hi, I struggled a bit to configure smtpd to relay to a remote server that requires SSL client certificates. The solution is to just add a "pki host.example.org" option, but "pki" is not listed as a valid option for the relay delivery method, even though the parser accepts it. Index: smtpd.conf.5 === RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v retrieving revision 1.251 diff -u -p -u -p -r1.251 smtpd.conf.5 --- smtpd.conf.527 Aug 2020 08:58:30 - 1.251 +++ smtpd.conf.513 Sep 2020 12:37:03 - @@ -280,6 +280,14 @@ and .Dq smtps protocols for authentication. Server certificates for those protocols are verified by default. +.It Cm pki Ar pkiname +For secure connections, +use the certificate associated with +.Ar pkiname +(declared in a +.Ic pki +directive) +to prove the client's identity to the remote mail server. .It Cm srs When relaying a mail resulting from a forward, use the Sender Rewriting Scheme to rewrite sender address. -- Thanks, Nick