CVS commit: src/sys/kern
Module Name:src Committed By: haad Date: Thu Aug 13 08:57:43 UTC 2009 Modified Files: src/sys/kern: sys_generic.c Log Message: Allow undescribed, direct ioctls as used by Unix. This capability was removed in BSD, presumably because nothing used it any more. Third party system software written for Unix (like ZFS) requires this to work without significant modifications. Ok supremeleader@ To generate a diff of this commit: cvs rdiff -u -r1.123 -r1.124 src/sys/kern/sys_generic.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/sys_generic.c diff -u src/sys/kern/sys_generic.c:1.123 src/sys/kern/sys_generic.c:1.124 --- src/sys/kern/sys_generic.c:1.123 Sun May 24 21:41:26 2009 +++ src/sys/kern/sys_generic.c Thu Aug 13 08:57:43 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: sys_generic.c,v 1.123 2009/05/24 21:41:26 ad Exp $ */ +/* $NetBSD: sys_generic.c,v 1.124 2009/08/13 08:57:43 haad Exp $ */ /*- * Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc. @@ -70,7 +70,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: sys_generic.c,v 1.123 2009/05/24 21:41:26 ad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: sys_generic.c,v 1.124 2009/08/13 08:57:43 haad Exp $"); #include #include @@ -565,31 +565,40 @@ goto out; } memp = NULL; - if (size > sizeof(stkbuf)) { - memp = kmem_alloc(size, KM_SLEEP); - data = memp; - } else - data = (void *)stkbuf; - if (com&IOC_IN) { - if (size) { - error = copyin(SCARG(uap, data), data, size); - if (error) { -if (memp) - kmem_free(memp, size); -goto out; + if ((com >> IOCPARM_SHIFT) == 0) { + /* UNIX-style ioctl. */ + data = SCARG(uap, data); + } else { + if (size > sizeof(stkbuf)) { + memp = kmem_alloc(size, KM_SLEEP); + data = memp; + } else { + data = (void *)stkbuf; + } + if (com&IOC_IN) { + if (size) { +error = copyin(SCARG(uap, data), data, size); +if (error) { + if (memp) { + kmem_free(memp, size); + } + goto out; +} +ktrgenio(SCARG(uap, fd), UIO_WRITE, +SCARG(uap, data), size, 0); + } else { +*(void **)data = SCARG(uap, data); } - ktrgenio(SCARG(uap, fd), UIO_WRITE, SCARG(uap, data), - size, 0); - } else + } else if ((com&IOC_OUT) && size) { + /* + * Zero the buffer so the user always + * gets back something deterministic. + */ + memset(data, 0, size); + } else if (com&IOC_VOID) { *(void **)data = SCARG(uap, data); - } else if ((com&IOC_OUT) && size) - /* - * Zero the buffer so the user always - * gets back something deterministic. - */ - memset(data, 0, size); - else if (com&IOC_VOID) - *(void **)data = SCARG(uap, data); + } + } switch (com) {
CVS commit: src/sys/netinet6
Module Name:src Committed By: cegger Date: Thu Aug 13 09:04:03 UTC 2009 Modified Files: src/sys/netinet6: in6_ifattach.c Log Message: buildfix: if_indexlim is of type size_t To generate a diff of this commit: cvs rdiff -u -r1.83 -r1.84 src/sys/netinet6/in6_ifattach.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/in6_ifattach.c diff -u src/sys/netinet6/in6_ifattach.c:1.83 src/sys/netinet6/in6_ifattach.c:1.84 --- src/sys/netinet6/in6_ifattach.c:1.83 Thu Aug 13 00:34:04 2009 +++ src/sys/netinet6/in6_ifattach.c Thu Aug 13 09:04:03 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: in6_ifattach.c,v 1.83 2009/08/13 00:34:04 dyoung Exp $ */ +/* $NetBSD: in6_ifattach.c,v 1.84 2009/08/13 09:04:03 cegger Exp $ */ /* $KAME: in6_ifattach.c,v 1.124 2001/07/18 08:32:51 jinmei Exp $ */ /* @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: in6_ifattach.c,v 1.83 2009/08/13 00:34:04 dyoung Exp $"); +__KERNEL_RCSID(0, "$NetBSD: in6_ifattach.c,v 1.84 2009/08/13 09:04:03 cegger Exp $"); #include #include @@ -899,7 +899,7 @@ if (ifindex2ifnet == NULL) printf("%s: no ifindices in use\n", __func__); else if (ifindex >= if_indexlim) { - printf("%s: ifindex %d >= limit %d\n", __func__, ifindex, + printf("%s: ifindex %d >= limit %zu\n", __func__, ifindex, if_indexlim); } else if ((ifp = ifindex2ifnet[ifindex]) == NULL) printf("%s: ifindex %d not in use\n", __func__, ifindex);
CVS commit: src/crypto/dist/ipsec-tools/src/racoon
Module Name:src Committed By: vanhu Date: Thu Aug 13 09:18:28 UTC 2009 Modified Files: src/crypto/dist/ipsec-tools/src/racoon: oakley.c Log Message: fixed a potential DoS in oakley_do_decrypt(), reported by Orange Labs To generate a diff of this commit: cvs rdiff -u -r1.14 -r1.15 src/crypto/dist/ipsec-tools/src/racoon/oakley.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/racoon/oakley.c diff -u src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.14 src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.15 --- src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.14 Thu Mar 12 10:57:26 2009 +++ src/crypto/dist/ipsec-tools/src/racoon/oakley.c Thu Aug 13 09:18:28 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: oakley.c,v 1.14 2009/03/12 10:57:26 tteras Exp $ */ +/* $NetBSD: oakley.c,v 1.15 2009/08/13 09:18:28 vanhu Exp $ */ /* Id: oakley.c,v 1.32 2006/05/26 12:19:46 manubsd Exp */ @@ -3001,7 +3001,7 @@ /* do decrypt */ new = alg_oakley_encdef_decrypt(iph1->approval->enctype, buf, iph1->key, ivdp); - if (new == NULL) { + if (new == NULL || new->v == NULL || new->l == 0) { plog(LLV_ERROR, LOCATION, NULL, "decryption %d failed.\n", iph1->approval->enctype); goto end;
CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon
Module Name:src Committed By: vanhu Date: Thu Aug 13 09:18:45 UTC 2009 Modified Files: src/crypto/dist/ipsec-tools/src/racoon [ipsec-tools-0_7-branch]: oakley.c Log Message: fixed a potential DoS in oakley_do_decrypt(), reported by Orange Labs To generate a diff of this commit: cvs rdiff -u -r1.9.6.3 -r1.9.6.4 \ src/crypto/dist/ipsec-tools/src/racoon/oakley.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/src/racoon/oakley.c diff -u src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.9.6.3 src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.9.6.4 --- src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.9.6.3 Thu Mar 6 17:00:25 2008 +++ src/crypto/dist/ipsec-tools/src/racoon/oakley.c Thu Aug 13 09:18:45 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: oakley.c,v 1.9.6.3 2008/03/06 17:00:25 vanhu Exp $ */ +/* $NetBSD: oakley.c,v 1.9.6.4 2009/08/13 09:18:45 vanhu Exp $ */ /* Id: oakley.c,v 1.32 2006/05/26 12:19:46 manubsd Exp */ @@ -3116,7 +3116,7 @@ /* do decrypt */ new = alg_oakley_encdef_decrypt(iph1->approval->enctype, buf, iph1->key, ivdp); - if (new == NULL) { + if (new == NULL || new->v == NULL || new->l == 0) { plog(LLV_ERROR, LOCATION, NULL, "decryption %d failed.\n", iph1->approval->enctype); goto end;
CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools
Module Name:src Committed By: vanhu Date: Thu Aug 13 09:19:22 UTC 2009 Modified Files: src/crypto/dist/ipsec-tools [ipsec-tools-0_7-branch]: NEWS configure.ac Log Message: 0.7.3 release To generate a diff of this commit: cvs rdiff -u -r1.1.1.6.6.4 -r1.1.1.6.6.5 src/crypto/dist/ipsec-tools/NEWS cvs rdiff -u -r1.3.4.12 -r1.3.4.13 src/crypto/dist/ipsec-tools/configure.ac Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ipsec-tools/NEWS diff -u src/crypto/dist/ipsec-tools/NEWS:1.1.1.6.6.4 src/crypto/dist/ipsec-tools/NEWS:1.1.1.6.6.5 --- src/crypto/dist/ipsec-tools/NEWS:1.1.1.6.6.4 Wed Apr 22 11:26:50 2009 +++ src/crypto/dist/ipsec-tools/NEWS Thu Aug 13 09:19:22 2009 @@ -1,6 +1,11 @@ Version history: +0.7.3 - 23 August 2009 + o Fix a remote crash and a memory leak + o Fixed a NAT-T flag check + o Some code cleanups/compilation fixes with recent gcc + 0.7.2 - 22 April 2009 o Fix a remote crash in fragmentation code o Phase2 message identities are phase1 specific (Vista compatibility= Index: src/crypto/dist/ipsec-tools/configure.ac diff -u src/crypto/dist/ipsec-tools/configure.ac:1.3.4.12 src/crypto/dist/ipsec-tools/configure.ac:1.3.4.13 --- src/crypto/dist/ipsec-tools/configure.ac:1.3.4.12 Wed Apr 22 11:26:50 2009 +++ src/crypto/dist/ipsec-tools/configure.ac Thu Aug 13 09:19:22 2009 @@ -2,7 +2,7 @@ dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp AC_PREREQ(2.52) -AC_INIT(ipsec-tools, 0.7.2) +AC_INIT(ipsec-tools, 0.7.3) AC_CONFIG_SRCDIR([configure.ac]) AM_CONFIG_HEADER(config.h)
CVS commit: src/sys/arch/x86/include
Module Name:src Committed By: cegger Date: Thu Aug 13 11:27:35 UTC 2009 Modified Files: src/sys/arch/x86/include: specialreg.h Log Message: recognize virtual cpu feature indicating guest state. To generate a diff of this commit: cvs rdiff -u -r1.36 -r1.37 src/sys/arch/x86/include/specialreg.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/x86/include/specialreg.h diff -u src/sys/arch/x86/include/specialreg.h:1.36 src/sys/arch/x86/include/specialreg.h:1.37 --- src/sys/arch/x86/include/specialreg.h:1.36 Tue May 26 01:42:02 2009 +++ src/sys/arch/x86/include/specialreg.h Thu Aug 13 11:27:34 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: specialreg.h,v 1.36 2009/05/26 01:42:02 rmind Exp $ */ +/* $NetBSD: specialreg.h,v 1.37 2009/08/13 11:27:34 cegger Exp $ */ /*- * Copyright (c) 1991 The Regents of the University of California. @@ -246,13 +246,14 @@ #define CPUID2_SSE41 0x0008 /* Streaming SIMD Extensions 4.1 */ #define CPUID2_SSE42 0x0010 /* Streaming SIMD Extensions 4.2 */ #define CPUID2_X2APIC 0x0020 /* xAPIC Extensions */ -#define CPUID2_POPCNT 0x0080 +#define CPUID2_POPCNT 0x0080 /* popcount instruction available */ +#define CPUID2_RAZ 0x8000 /* RAZ. Indicates guest state. */ #define CPUID2_FLAGS1 "\20\1SSE3\2B01\3DTES64\4MONITOR\5DS-CPL\6VMX\7SMX" \ "\10EST\11TM2\12SSSE3\13CID\14B11\15B12\16CX16" \ "\17xTPR\20PDCM\21B16\22B17\23DCA\24SSE41\25SSE42" \ "\26X2APIC\27MOVBE\30POPCNT\31B24\32B25\33XSAVE" \ - "\34OSXSAVE\35B28\36B29\37B30\40B31" + "\34OSXSAVE\35B28\36B29\37B30\40RAZ" #define CPUID2FAMILY(cpuid) (((cpuid) >> 8) & 0xf) #define CPUID2MODEL(cpuid) (((cpuid) >> 4) & 0xf)
CVS commit: src/usr.sbin/sdpd
Module Name:src Committed By: drochner Date: Thu Aug 13 17:50:41 UTC 2009 Modified Files: src/usr.sbin/sdpd: main.c Log Message: give up root's supplementary group memberships when switching to _sdpd._sdpd privileges, approved by plunky To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/usr.sbin/sdpd/main.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.sbin/sdpd/main.c diff -u src/usr.sbin/sdpd/main.c:1.5 src/usr.sbin/sdpd/main.c:1.6 --- src/usr.sbin/sdpd/main.c:1.5 Tue May 12 10:05:06 2009 +++ src/usr.sbin/sdpd/main.c Thu Aug 13 17:50:41 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: main.c,v 1.5 2009/05/12 10:05:06 plunky Exp $ */ +/* $NetBSD: main.c,v 1.6 2009/08/13 17:50:41 drochner Exp $ */ /*- * Copyright (c) 2009 The NetBSD Foundation, Inc. @@ -34,7 +34,7 @@ Copyright (c) 2006 Itronix, Inc.\ Copyright (c) 2004 Maksim Yevmenkin m_evmen...@yahoo.com.\ All rights reserved."); -__RCSID("$NetBSD: main.c,v 1.5 2009/05/12 10:05:06 plunky Exp $"); +__RCSID("$NetBSD: main.c,v 1.6 2009/08/13 17:50:41 drochner Exp $"); #include #include @@ -200,6 +200,13 @@ return false; } + if (setgroups(0, NULL) < 0) { + log_err("Could not setgroups(0). %s (%d)", + strerror(errno), errno); + + return false; + } + if (setuid(uid) < 0) { log_err("Could not setuid(%s). %s (%d)", user, strerror(errno), errno);
CVS commit: src/usr.bin/ftp
Module Name:src Committed By: drochner Date: Thu Aug 13 17:55:18 UTC 2009 Modified Files: src/usr.bin/ftp: fetch.c Log Message: avoid NULL dereference in log output if the command line parser failed to extract a port number from the URL To generate a diff of this commit: cvs rdiff -u -r1.188 -r1.189 src/usr.bin/ftp/fetch.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.bin/ftp/fetch.c diff -u src/usr.bin/ftp/fetch.c:1.188 src/usr.bin/ftp/fetch.c:1.189 --- src/usr.bin/ftp/fetch.c:1.188 Mon Jul 13 19:05:41 2009 +++ src/usr.bin/ftp/fetch.c Thu Aug 13 17:55:18 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: fetch.c,v 1.188 2009/07/13 19:05:41 roy Exp $ */ +/* $NetBSD: fetch.c,v 1.189 2009/08/13 17:55:18 drochner Exp $ */ /*- * Copyright (c) 1997-2009 The NetBSD Foundation, Inc. @@ -34,7 +34,7 @@ #include #ifndef lint -__RCSID("$NetBSD: fetch.c,v 1.188 2009/07/13 19:05:41 roy Exp $"); +__RCSID("$NetBSD: fetch.c,v 1.189 2009/08/13 17:55:18 drochner Exp $"); #endif /* not lint */ /* @@ -1498,7 +1498,8 @@ autologin = oautologin; if ((connected == 0) || (connected == 1 && !ftp_login(host, uuser, pass))) { - warnx("Can't connect or login to host `%s:%s'", host, port); + warnx("Can't connect or login to host `%s:%s'", + host, port ? port : "?"); goto cleanup_fetch_ftp; }