CVS commit: [netbsd-6-1] src/sys/altq
Module Name:src
Committed By: snj
Date: Sat Aug 19 05:37:04 UTC 2017
Modified Files:
src/sys/altq [netbsd-6-1]: altq_cbq.c altq_hfsc.c altq_jobs.c
altq_priq.c altq_wfq.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1488):
sys/altq/altq_cbq.c: revision 1.31
sys/altq/altq_hfsc.c: revision 1.27
sys/altq/altq_jobs.c: revision 1.11
sys/altq/altq_priq.c: revision 1.24
sys/altq/altq_wfq.c: revision 1.22
Zero buffers copied to userland to avoid stack disclosure.
>From Ilja Van Sprundel.
--
Reject negative indices.
(Would be nice to change the types too, and it's *probably* safe to
replace int by u_int, but I'm reluctant to touch the ioctl
definitions without at least a modicum more thought. Also one of
them is a u_long, because why not?)
>From Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.26.32.1 src/sys/altq/altq_cbq.c
cvs rdiff -u -r1.24 -r1.24.52.1 src/sys/altq/altq_hfsc.c
cvs rdiff -u -r1.6.28.1 -r1.6.28.2 src/sys/altq/altq_jobs.c
cvs rdiff -u -r1.21 -r1.21.32.1 src/sys/altq/altq_priq.c
cvs rdiff -u -r1.19 -r1.19.50.1 src/sys/altq/altq_wfq.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/altq/altq_cbq.c
diff -u src/sys/altq/altq_cbq.c:1.26 src/sys/altq/altq_cbq.c:1.26.32.1
--- src/sys/altq/altq_cbq.c:1.26 Sun Nov 22 18:40:26 2009
+++ src/sys/altq/altq_cbq.c Sat Aug 19 05:37:04 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: altq_cbq.c,v 1.26 2009/11/22 18:40:26 mbalmer Exp $ */
+/* $NetBSD: altq_cbq.c,v 1.26.32.1 2017/08/19 05:37:04 snj Exp $ */
/* $KAME: altq_cbq.c,v 1.21 2005/04/13 03:44:24 suz Exp $ */
/*
@@ -32,7 +32,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: altq_cbq.c,v 1.26 2009/11/22 18:40:26 mbalmer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_cbq.c,v 1.26.32.1 2017/08/19 05:37:04 snj Exp $");
#ifdef _KERNEL_OPT
#include "opt_altq.h"
@@ -472,6 +472,7 @@ cbq_getqstats(struct pf_altq *a, void *u
if (*nbytes < sizeof(stats))
return (EINVAL);
+ memset(&stats, 0, sizeof(stats));
get_class_stats(&stats, cl);
if ((error = copyout((void *)&stats, ubuf, sizeof(stats))) != 0)
@@ -876,6 +877,7 @@ cbq_getstats(struct cbq_getstats *gsp)
if (++i >= CBQ_MAX_CLASSES)
goto out;
+ memset(&stats, 0, sizeof(stats));
get_class_stats(&stats, cl);
stats.handle = cl->stats_.handle;
Index: src/sys/altq/altq_hfsc.c
diff -u src/sys/altq/altq_hfsc.c:1.24 src/sys/altq/altq_hfsc.c:1.24.52.1
--- src/sys/altq/altq_hfsc.c:1.24 Wed Jun 18 09:06:27 2008
+++ src/sys/altq/altq_hfsc.c Sat Aug 19 05:37:04 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: altq_hfsc.c,v 1.24 2008/06/18 09:06:27 yamt Exp $ */
+/* $NetBSD: altq_hfsc.c,v 1.24.52.1 2017/08/19 05:37:04 snj Exp $ */
/* $KAME: altq_hfsc.c,v 1.26 2005/04/13 03:44:24 suz Exp $ */
/*
@@ -43,7 +43,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: altq_hfsc.c,v 1.24 2008/06/18 09:06:27 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_hfsc.c,v 1.24.52.1 2017/08/19 05:37:04 snj Exp $");
#ifdef _KERNEL_OPT
#include "opt_altq.h"
@@ -313,6 +313,7 @@ hfsc_getqstats(struct pf_altq *a, void *
if (*nbytes < sizeof(stats))
return (EINVAL);
+ memset(&stats, 0, sizeof(stats));
get_class_stats(&stats, cl);
if ((error = copyout((void *)&stats, ubuf, sizeof(stats))) != 0)
Index: src/sys/altq/altq_jobs.c
diff -u src/sys/altq/altq_jobs.c:1.6.28.1 src/sys/altq/altq_jobs.c:1.6.28.2
--- src/sys/altq/altq_jobs.c:1.6.28.1 Mon Nov 3 15:10:39 2014
+++ src/sys/altq/altq_jobs.c Sat Aug 19 05:37:04 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: altq_jobs.c,v 1.6.28.1 2014/11/03 15:10:39 msaitoh Exp $ */
+/* $NetBSD: altq_jobs.c,v 1.6.28.2 2017/08/19 05:37:04 snj Exp $ */
/* $KAME: altq_jobs.c,v 1.11 2005/04/13 03:44:25 suz Exp $ */
/*
* Copyright (c) 2001, the Rector and Board of Visitors of the
@@ -59,7 +59,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: altq_jobs.c,v 1.6.28.1 2014/11/03 15:10:39 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_jobs.c,v 1.6.28.2 2017/08/19 05:37:04 snj Exp $");
#ifdef _KERNEL_OPT
#include "opt_altq.h"
@@ -2111,10 +2111,9 @@ jobscmd_class_stats(struct jobs_class_st
usp = ap->stats;
for (pri = 0; pri <= jif->jif_maxpri; pri++) {
cl = jif->jif_classes[pri];
+ (void)memset(&stats, 0, sizeof(stats));
if (cl != NULL)
get_class_stats(&stats, cl);
- else
- (void)memset(&stats, 0, sizeof(stats));
if ((error = copyout((void *)&stats, (void *)usp++,
sizeof(stats))) != 0)
return (error);
Index: src/sys/altq/altq_priq.c
diff -u src/sys/altq/altq_priq.c:1.21 src/sys/altq/altq_priq.c:1.21.32.1
--- src/sys/altq/altq_priq.c:1.21 Sat Mar 14 15:35:58 2009
+++ src/sys/altq/altq_priq.c Sat Aug 19 05:37:04 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: altq_priq.c,v 1.21 2009/03/14 15:35:58 dsl Exp $ */
+/* $NetBSD: altq_priq.c,v 1.21.32.1 2017/08/19 05:37:04 snj Exp $ */
/* $KAME: altq_priq.c,v 1.13
CVS commit: [netbsd-6] src/sys/altq
Module Name:src
Committed By: snj
Date: Sat Aug 19 05:37:06 UTC 2017
Modified Files:
src/sys/altq [netbsd-6]: altq_cbq.c altq_hfsc.c altq_jobs.c altq_priq.c
altq_wfq.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1488):
sys/altq/altq_cbq.c: revision 1.31
sys/altq/altq_hfsc.c: revision 1.27
sys/altq/altq_jobs.c: revision 1.11
sys/altq/altq_priq.c: revision 1.24
sys/altq/altq_wfq.c: revision 1.22
Zero buffers copied to userland to avoid stack disclosure.
>From Ilja Van Sprundel.
--
Reject negative indices.
(Would be nice to change the types too, and it's *probably* safe to
replace int by u_int, but I'm reluctant to touch the ioctl
definitions without at least a modicum more thought. Also one of
them is a u_long, because why not?)
>From Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.26.18.1 src/sys/altq/altq_cbq.c
cvs rdiff -u -r1.24 -r1.24.36.1 src/sys/altq/altq_hfsc.c
cvs rdiff -u -r1.6.14.1 -r1.6.14.2 src/sys/altq/altq_jobs.c
cvs rdiff -u -r1.21 -r1.21.18.1 src/sys/altq/altq_priq.c
cvs rdiff -u -r1.19 -r1.19.34.1 src/sys/altq/altq_wfq.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/altq/altq_cbq.c
diff -u src/sys/altq/altq_cbq.c:1.26 src/sys/altq/altq_cbq.c:1.26.18.1
--- src/sys/altq/altq_cbq.c:1.26 Sun Nov 22 18:40:26 2009
+++ src/sys/altq/altq_cbq.c Sat Aug 19 05:37:06 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: altq_cbq.c,v 1.26 2009/11/22 18:40:26 mbalmer Exp $ */
+/* $NetBSD: altq_cbq.c,v 1.26.18.1 2017/08/19 05:37:06 snj Exp $ */
/* $KAME: altq_cbq.c,v 1.21 2005/04/13 03:44:24 suz Exp $ */
/*
@@ -32,7 +32,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: altq_cbq.c,v 1.26 2009/11/22 18:40:26 mbalmer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_cbq.c,v 1.26.18.1 2017/08/19 05:37:06 snj Exp $");
#ifdef _KERNEL_OPT
#include "opt_altq.h"
@@ -472,6 +472,7 @@ cbq_getqstats(struct pf_altq *a, void *u
if (*nbytes < sizeof(stats))
return (EINVAL);
+ memset(&stats, 0, sizeof(stats));
get_class_stats(&stats, cl);
if ((error = copyout((void *)&stats, ubuf, sizeof(stats))) != 0)
@@ -876,6 +877,7 @@ cbq_getstats(struct cbq_getstats *gsp)
if (++i >= CBQ_MAX_CLASSES)
goto out;
+ memset(&stats, 0, sizeof(stats));
get_class_stats(&stats, cl);
stats.handle = cl->stats_.handle;
Index: src/sys/altq/altq_hfsc.c
diff -u src/sys/altq/altq_hfsc.c:1.24 src/sys/altq/altq_hfsc.c:1.24.36.1
--- src/sys/altq/altq_hfsc.c:1.24 Wed Jun 18 09:06:27 2008
+++ src/sys/altq/altq_hfsc.c Sat Aug 19 05:37:06 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: altq_hfsc.c,v 1.24 2008/06/18 09:06:27 yamt Exp $ */
+/* $NetBSD: altq_hfsc.c,v 1.24.36.1 2017/08/19 05:37:06 snj Exp $ */
/* $KAME: altq_hfsc.c,v 1.26 2005/04/13 03:44:24 suz Exp $ */
/*
@@ -43,7 +43,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: altq_hfsc.c,v 1.24 2008/06/18 09:06:27 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_hfsc.c,v 1.24.36.1 2017/08/19 05:37:06 snj Exp $");
#ifdef _KERNEL_OPT
#include "opt_altq.h"
@@ -313,6 +313,7 @@ hfsc_getqstats(struct pf_altq *a, void *
if (*nbytes < sizeof(stats))
return (EINVAL);
+ memset(&stats, 0, sizeof(stats));
get_class_stats(&stats, cl);
if ((error = copyout((void *)&stats, ubuf, sizeof(stats))) != 0)
Index: src/sys/altq/altq_jobs.c
diff -u src/sys/altq/altq_jobs.c:1.6.14.1 src/sys/altq/altq_jobs.c:1.6.14.2
--- src/sys/altq/altq_jobs.c:1.6.14.1 Mon Nov 3 15:08:44 2014
+++ src/sys/altq/altq_jobs.c Sat Aug 19 05:37:06 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: altq_jobs.c,v 1.6.14.1 2014/11/03 15:08:44 msaitoh Exp $ */
+/* $NetBSD: altq_jobs.c,v 1.6.14.2 2017/08/19 05:37:06 snj Exp $ */
/* $KAME: altq_jobs.c,v 1.11 2005/04/13 03:44:25 suz Exp $ */
/*
* Copyright (c) 2001, the Rector and Board of Visitors of the
@@ -59,7 +59,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: altq_jobs.c,v 1.6.14.1 2014/11/03 15:08:44 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_jobs.c,v 1.6.14.2 2017/08/19 05:37:06 snj Exp $");
#ifdef _KERNEL_OPT
#include "opt_altq.h"
@@ -2111,10 +2111,9 @@ jobscmd_class_stats(struct jobs_class_st
usp = ap->stats;
for (pri = 0; pri <= jif->jif_maxpri; pri++) {
cl = jif->jif_classes[pri];
+ (void)memset(&stats, 0, sizeof(stats));
if (cl != NULL)
get_class_stats(&stats, cl);
- else
- (void)memset(&stats, 0, sizeof(stats));
if ((error = copyout((void *)&stats, (void *)usp++,
sizeof(stats))) != 0)
return (error);
Index: src/sys/altq/altq_priq.c
diff -u src/sys/altq/altq_priq.c:1.21 src/sys/altq/altq_priq.c:1.21.18.1
--- src/sys/altq/altq_priq.c:1.21 Sat Mar 14 15:35:58 2009
+++ src/sys/altq/altq_priq.c Sat Aug 19 05:37:06 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: altq_priq.c,v 1.21 2009/03/14 15:35:58 dsl Exp $ */
+/* $NetBSD: altq_priq.c,v 1.21.18.1 2017/08/19 05:37:06 snj Exp $ */
/* $KAME: altq_priq.c,v 1.13 2
CVS commit: [netbsd-6-0] src/sys/altq
Module Name:src
Committed By: snj
Date: Sat Aug 19 05:37:02 UTC 2017
Modified Files:
src/sys/altq [netbsd-6-0]: altq_cbq.c altq_hfsc.c altq_jobs.c
altq_priq.c altq_wfq.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1488):
sys/altq/altq_cbq.c: revision 1.31
sys/altq/altq_hfsc.c: revision 1.27
sys/altq/altq_jobs.c: revision 1.11
sys/altq/altq_priq.c: revision 1.24
sys/altq/altq_wfq.c: revision 1.22
Zero buffers copied to userland to avoid stack disclosure.
>From Ilja Van Sprundel.
--
Reject negative indices.
(Would be nice to change the types too, and it's *probably* safe to
replace int by u_int, but I'm reluctant to touch the ioctl
definitions without at least a modicum more thought. Also one of
them is a u_long, because why not?)
>From Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.26.24.1 src/sys/altq/altq_cbq.c
cvs rdiff -u -r1.24 -r1.24.42.1 src/sys/altq/altq_hfsc.c
cvs rdiff -u -r1.6.20.1 -r1.6.20.2 src/sys/altq/altq_jobs.c
cvs rdiff -u -r1.21 -r1.21.24.1 src/sys/altq/altq_priq.c
cvs rdiff -u -r1.19 -r1.19.40.1 src/sys/altq/altq_wfq.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/altq/altq_cbq.c
diff -u src/sys/altq/altq_cbq.c:1.26 src/sys/altq/altq_cbq.c:1.26.24.1
--- src/sys/altq/altq_cbq.c:1.26 Sun Nov 22 18:40:26 2009
+++ src/sys/altq/altq_cbq.c Sat Aug 19 05:37:02 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: altq_cbq.c,v 1.26 2009/11/22 18:40:26 mbalmer Exp $ */
+/* $NetBSD: altq_cbq.c,v 1.26.24.1 2017/08/19 05:37:02 snj Exp $ */
/* $KAME: altq_cbq.c,v 1.21 2005/04/13 03:44:24 suz Exp $ */
/*
@@ -32,7 +32,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: altq_cbq.c,v 1.26 2009/11/22 18:40:26 mbalmer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_cbq.c,v 1.26.24.1 2017/08/19 05:37:02 snj Exp $");
#ifdef _KERNEL_OPT
#include "opt_altq.h"
@@ -472,6 +472,7 @@ cbq_getqstats(struct pf_altq *a, void *u
if (*nbytes < sizeof(stats))
return (EINVAL);
+ memset(&stats, 0, sizeof(stats));
get_class_stats(&stats, cl);
if ((error = copyout((void *)&stats, ubuf, sizeof(stats))) != 0)
@@ -876,6 +877,7 @@ cbq_getstats(struct cbq_getstats *gsp)
if (++i >= CBQ_MAX_CLASSES)
goto out;
+ memset(&stats, 0, sizeof(stats));
get_class_stats(&stats, cl);
stats.handle = cl->stats_.handle;
Index: src/sys/altq/altq_hfsc.c
diff -u src/sys/altq/altq_hfsc.c:1.24 src/sys/altq/altq_hfsc.c:1.24.42.1
--- src/sys/altq/altq_hfsc.c:1.24 Wed Jun 18 09:06:27 2008
+++ src/sys/altq/altq_hfsc.c Sat Aug 19 05:37:02 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: altq_hfsc.c,v 1.24 2008/06/18 09:06:27 yamt Exp $ */
+/* $NetBSD: altq_hfsc.c,v 1.24.42.1 2017/08/19 05:37:02 snj Exp $ */
/* $KAME: altq_hfsc.c,v 1.26 2005/04/13 03:44:24 suz Exp $ */
/*
@@ -43,7 +43,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: altq_hfsc.c,v 1.24 2008/06/18 09:06:27 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_hfsc.c,v 1.24.42.1 2017/08/19 05:37:02 snj Exp $");
#ifdef _KERNEL_OPT
#include "opt_altq.h"
@@ -313,6 +313,7 @@ hfsc_getqstats(struct pf_altq *a, void *
if (*nbytes < sizeof(stats))
return (EINVAL);
+ memset(&stats, 0, sizeof(stats));
get_class_stats(&stats, cl);
if ((error = copyout((void *)&stats, ubuf, sizeof(stats))) != 0)
Index: src/sys/altq/altq_jobs.c
diff -u src/sys/altq/altq_jobs.c:1.6.20.1 src/sys/altq/altq_jobs.c:1.6.20.2
--- src/sys/altq/altq_jobs.c:1.6.20.1 Mon Nov 3 15:13:31 2014
+++ src/sys/altq/altq_jobs.c Sat Aug 19 05:37:02 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: altq_jobs.c,v 1.6.20.1 2014/11/03 15:13:31 msaitoh Exp $ */
+/* $NetBSD: altq_jobs.c,v 1.6.20.2 2017/08/19 05:37:02 snj Exp $ */
/* $KAME: altq_jobs.c,v 1.11 2005/04/13 03:44:25 suz Exp $ */
/*
* Copyright (c) 2001, the Rector and Board of Visitors of the
@@ -59,7 +59,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: altq_jobs.c,v 1.6.20.1 2014/11/03 15:13:31 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_jobs.c,v 1.6.20.2 2017/08/19 05:37:02 snj Exp $");
#ifdef _KERNEL_OPT
#include "opt_altq.h"
@@ -2111,10 +2111,9 @@ jobscmd_class_stats(struct jobs_class_st
usp = ap->stats;
for (pri = 0; pri <= jif->jif_maxpri; pri++) {
cl = jif->jif_classes[pri];
+ (void)memset(&stats, 0, sizeof(stats));
if (cl != NULL)
get_class_stats(&stats, cl);
- else
- (void)memset(&stats, 0, sizeof(stats));
if ((error = copyout((void *)&stats, (void *)usp++,
sizeof(stats))) != 0)
return (error);
Index: src/sys/altq/altq_priq.c
diff -u src/sys/altq/altq_priq.c:1.21 src/sys/altq/altq_priq.c:1.21.24.1
--- src/sys/altq/altq_priq.c:1.21 Sat Mar 14 15:35:58 2009
+++ src/sys/altq/altq_priq.c Sat Aug 19 05:37:02 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: altq_priq.c,v 1.21 2009/03/14 15:35:58 dsl Exp $ */
+/* $NetBSD: altq_priq.c,v 1.21.24.1 2017/08/19 05:37:02 snj Exp $ */
/* $KAME: altq_priq.c,v 1.13
CVS commit: [netbsd-6] src/doc
Module Name:src Committed By: snj Date: Sat Aug 19 05:26:02 UTC 2017 Modified Files: src/doc [netbsd-6]: CHANGES-6.2 Log Message: 1490 To generate a diff of this commit: cvs rdiff -u -r1.1.2.300 -r1.1.2.301 src/doc/CHANGES-6.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-6.2 diff -u src/doc/CHANGES-6.2:1.1.2.300 src/doc/CHANGES-6.2:1.1.2.301 --- src/doc/CHANGES-6.2:1.1.2.300 Sat Aug 19 05:06:56 2017 +++ src/doc/CHANGES-6.2 Sat Aug 19 05:26:02 2017 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-6.2,v 1.1.2.300 2017/08/19 05:06:56 snj Exp $ +# $NetBSD: CHANGES-6.2,v 1.1.2.301 2017/08/19 05:26:02 snj Exp $ A complete list of changes from the 6.1 release until the 6.2 release: @@ -18581,3 +18581,8 @@ sys/compat/linux/common/linux_time.c 1. missing cred check in linux_sys_settimeofday() [mrg, ticket #1489] +bin/rmdir/rmdir.c1.27 + + PR/48182: Fix rmdir -p handling of top-level (root) directory. + [ginsbach, ticket #1490] +
CVS commit: [netbsd-6] src/bin/rmdir
Module Name:src
Committed By: snj
Date: Sat Aug 19 05:25:27 UTC 2017
Modified Files:
src/bin/rmdir [netbsd-6]: rmdir.c
Log Message:
Pull up following revision(s) (requested by ginsbach in ticket #1490):
bin/rmdir/rmdir.c: revision 1.27
PR/48182: Fix rmdir -p handling of top-level (root) directory.
To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.26.4.1 src/bin/rmdir/rmdir.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/bin/rmdir/rmdir.c
diff -u src/bin/rmdir/rmdir.c:1.26 src/bin/rmdir/rmdir.c:1.26.4.1
--- src/bin/rmdir/rmdir.c:1.26 Mon Aug 29 14:49:38 2011
+++ src/bin/rmdir/rmdir.c Sat Aug 19 05:25:27 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: rmdir.c,v 1.26 2011/08/29 14:49:38 joerg Exp $ */
+/* $NetBSD: rmdir.c,v 1.26.4.1 2017/08/19 05:25:27 snj Exp $ */
/*-
* Copyright (c) 1992, 1993, 1994
@@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1992, 19
#if 0
static char sccsid[] = "@(#)rmdir.c 8.3 (Berkeley) 4/2/94";
#else
-__RCSID("$NetBSD: rmdir.c,v 1.26 2011/08/29 14:49:38 joerg Exp $");
+__RCSID("$NetBSD: rmdir.c,v 1.26.4.1 2017/08/19 05:25:27 snj Exp $");
#endif
#endif /* not lint */
@@ -103,6 +103,10 @@ rm_path(char *path)
/* Ignore trailing '/' on deleted name */
continue;
+ if (*path == 0)
+ /* At top level (root) directory */
+ break;
+
if (rmdir(path) < 0) {
warn("%s", path);
return (1);
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: snj Date: Sat Aug 19 05:24:21 UTC 2017 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.1 Log Message: 1476, 1481 To generate a diff of this commit: cvs rdiff -u -r1.1.2.24 -r1.1.2.25 src/doc/CHANGES-7.1.1 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.1 diff -u src/doc/CHANGES-7.1.1:1.1.2.24 src/doc/CHANGES-7.1.1:1.1.2.25 --- src/doc/CHANGES-7.1.1:1.1.2.24 Sat Aug 12 19:10:23 2017 +++ src/doc/CHANGES-7.1.1 Sat Aug 19 05:24:21 2017 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.1,v 1.1.2.24 2017/08/12 19:10:23 martin Exp $ +# $NetBSD: CHANGES-7.1.1,v 1.1.2.25 2017/08/19 05:24:21 snj Exp $ A complete list of changes from the NetBSD 7.1 release to the NetBSD 7.1.1 release: @@ -2505,3 +2505,14 @@ external/bsd/wpa/dist/wpa_supplicant/wps Update wpa_supplicant/hostapd to 2.6. [mrg, ticket #1490] +sys/dev/vnd.c 1.260, 1.262 via patch + + int overflows / truncation issues in vndioctl can cause + memory corruption + [mrg, ticket #1476] + +sys/kern/kern_ktrace.c1.171 via patch + + infoleak in ktruser() if copyin fails. + [mrg, ticket #1481] +
CVS commit: [netbsd-7-0] src/doc
Module Name:src Committed By: snj Date: Sat Aug 19 05:24:31 UTC 2017 Modified Files: src/doc [netbsd-7-0]: CHANGES-7.0.3 Log Message: 1476, 1481 To generate a diff of this commit: cvs rdiff -u -r1.1.2.55 -r1.1.2.56 src/doc/CHANGES-7.0.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.0.3 diff -u src/doc/CHANGES-7.0.3:1.1.2.55 src/doc/CHANGES-7.0.3:1.1.2.56 --- src/doc/CHANGES-7.0.3:1.1.2.55 Sat Aug 12 19:12:04 2017 +++ src/doc/CHANGES-7.0.3 Sat Aug 19 05:24:31 2017 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.0.3,v 1.1.2.55 2017/08/12 19:12:04 martin Exp $ +# $NetBSD: CHANGES-7.0.3,v 1.1.2.56 2017/08/19 05:24:31 snj Exp $ A complete list of changes from the NetBSD 7.0.2 release to the NetBSD 7.0.3 release: @@ -3795,3 +3795,14 @@ external/bsd/wpa/dist/wpa_supplicant/wps Update wpa_supplicant/hostapd to 2.6. [mrg, ticket #1490] +sys/dev/vnd.c 1.260, 1.262 via patch + + int overflows / truncation issues in vndioctl can cause + memory corruption + [mrg, ticket #1476] + +sys/kern/kern_ktrace.c1.171 via patch + + infoleak in ktruser() if copyin fails. + [mrg, ticket #1481] +
CVS commit: [netbsd-7] src/doc
Module Name:src Committed By: snj Date: Sat Aug 19 05:24:10 UTC 2017 Modified Files: src/doc [netbsd-7]: CHANGES-7.2 Log Message: 1476, 1481, 1488 To generate a diff of this commit: cvs rdiff -u -r1.1.2.38 -r1.1.2.39 src/doc/CHANGES-7.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.2 diff -u src/doc/CHANGES-7.2:1.1.2.38 src/doc/CHANGES-7.2:1.1.2.39 --- src/doc/CHANGES-7.2:1.1.2.38 Sat Aug 12 19:08:20 2017 +++ src/doc/CHANGES-7.2 Sat Aug 19 05:24:10 2017 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.2,v 1.1.2.38 2017/08/12 19:08:20 martin Exp $ +# $NetBSD: CHANGES-7.2,v 1.1.2.39 2017/08/19 05:24:10 snj Exp $ A complete list of changes from the NetBSD 7.1 release to the NetBSD 7.2 release: @@ -3460,3 +3460,19 @@ external/bsd/wpa/dist/wpa_supplicant/wps Update wpa_supplicant/hostapd to 2.6. [mrg, ticket #1490] +sys/dev/vnd.c 1.260, 1.262 via patch + + int overflows / truncation issues in vndioctl can cause + memory corruption + [mrg, ticket #1476] + +sys/kern/kern_ktrace.c1.171 via patch + + infoleak in ktruser() if copyin fails. + [mrg, ticket #1481] + +bin/rmdir/rmdir.c1.27 + + PR/48182: Fix rmdir -p handling of top-level (root) directory. + [ginsbach, ticket #1488] +
CVS commit: [netbsd-7] src/bin/rmdir
Module Name:src
Committed By: snj
Date: Sat Aug 19 05:23:16 UTC 2017
Modified Files:
src/bin/rmdir [netbsd-7]: rmdir.c
Log Message:
Pull up following revision(s) (requested by ginsbach in ticket #1488):
bin/rmdir/rmdir.c: revision 1.27
PR/48182: Fix rmdir -p handling of top-level (root) directory.
To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.26.22.1 src/bin/rmdir/rmdir.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/bin/rmdir/rmdir.c
diff -u src/bin/rmdir/rmdir.c:1.26 src/bin/rmdir/rmdir.c:1.26.22.1
--- src/bin/rmdir/rmdir.c:1.26 Mon Aug 29 14:49:38 2011
+++ src/bin/rmdir/rmdir.c Sat Aug 19 05:23:16 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: rmdir.c,v 1.26 2011/08/29 14:49:38 joerg Exp $ */
+/* $NetBSD: rmdir.c,v 1.26.22.1 2017/08/19 05:23:16 snj Exp $ */
/*-
* Copyright (c) 1992, 1993, 1994
@@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1992, 19
#if 0
static char sccsid[] = "@(#)rmdir.c 8.3 (Berkeley) 4/2/94";
#else
-__RCSID("$NetBSD: rmdir.c,v 1.26 2011/08/29 14:49:38 joerg Exp $");
+__RCSID("$NetBSD: rmdir.c,v 1.26.22.1 2017/08/19 05:23:16 snj Exp $");
#endif
#endif /* not lint */
@@ -103,6 +103,10 @@ rm_path(char *path)
/* Ignore trailing '/' on deleted name */
continue;
+ if (*path == 0)
+ /* At top level (root) directory */
+ break;
+
if (rmdir(path) < 0) {
warn("%s", path);
return (1);
CVS commit: [netbsd-7-1] src/sys/kern
Module Name:src Committed By: snj Date: Sat Aug 19 05:21:58 UTC 2017 Modified Files: src/sys/kern [netbsd-7-1]: kern_ktrace.c Log Message: Pull up following revision(s) (requested by mrg in ticket #1481): sys/kern/kern_ktrace.c: 1.171 via patch Clamp the length we use, not the length we don't. Avoids uninitialized memory disclosure to userland. >From Ilja Van Sprundel. To generate a diff of this commit: cvs rdiff -u -r1.164.4.1 -r1.164.4.1.6.1 src/sys/kern/kern_ktrace.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_ktrace.c diff -u src/sys/kern/kern_ktrace.c:1.164.4.1 src/sys/kern/kern_ktrace.c:1.164.4.1.6.1 --- src/sys/kern/kern_ktrace.c:1.164.4.1 Mon Dec 1 11:38:42 2014 +++ src/sys/kern/kern_ktrace.c Sat Aug 19 05:21:57 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_ktrace.c,v 1.164.4.1 2014/12/01 11:38:42 martin Exp $ */ +/* $NetBSD: kern_ktrace.c,v 1.164.4.1.6.1 2017/08/19 05:21:57 snj Exp $ */ /*- * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.164.4.1 2014/12/01 11:38:42 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.164.4.1.6.1 2017/08/19 05:21:57 snj Exp $"); #include #include @@ -931,7 +931,7 @@ ktruser(const char *id, void *addr, size user_dta = (void *)(ktp + 1); if ((error = copyin(addr, (void *)user_dta, len)) != 0) - len = 0; + kte->kte_kth.ktr_len = 0; ktraddentry(l, kte, KTA_WAITOK); return error;
CVS commit: [netbsd-7] src/sys/kern
Module Name:src Committed By: snj Date: Sat Aug 19 05:22:00 UTC 2017 Modified Files: src/sys/kern [netbsd-7]: kern_ktrace.c Log Message: Pull up following revision(s) (requested by mrg in ticket #1481): sys/kern/kern_ktrace.c: 1.171 via patch Clamp the length we use, not the length we don't. Avoids uninitialized memory disclosure to userland. >From Ilja Van Sprundel. To generate a diff of this commit: cvs rdiff -u -r1.164.4.1 -r1.164.4.2 src/sys/kern/kern_ktrace.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_ktrace.c diff -u src/sys/kern/kern_ktrace.c:1.164.4.1 src/sys/kern/kern_ktrace.c:1.164.4.2 --- src/sys/kern/kern_ktrace.c:1.164.4.1 Mon Dec 1 11:38:42 2014 +++ src/sys/kern/kern_ktrace.c Sat Aug 19 05:21:59 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_ktrace.c,v 1.164.4.1 2014/12/01 11:38:42 martin Exp $ */ +/* $NetBSD: kern_ktrace.c,v 1.164.4.2 2017/08/19 05:21:59 snj Exp $ */ /*- * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.164.4.1 2014/12/01 11:38:42 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.164.4.2 2017/08/19 05:21:59 snj Exp $"); #include #include @@ -931,7 +931,7 @@ ktruser(const char *id, void *addr, size user_dta = (void *)(ktp + 1); if ((error = copyin(addr, (void *)user_dta, len)) != 0) - len = 0; + kte->kte_kth.ktr_len = 0; ktraddentry(l, kte, KTA_WAITOK); return error;
CVS commit: [netbsd-7-0] src/sys/kern
Module Name:src Committed By: snj Date: Sat Aug 19 05:21:56 UTC 2017 Modified Files: src/sys/kern [netbsd-7-0]: kern_ktrace.c Log Message: Pull up following revision(s) (requested by mrg in ticket #1481): sys/kern/kern_ktrace.c: 1.171 via patch Clamp the length we use, not the length we don't. Avoids uninitialized memory disclosure to userland. >From Ilja Van Sprundel. To generate a diff of this commit: cvs rdiff -u -r1.164.4.1 -r1.164.4.1.2.1 src/sys/kern/kern_ktrace.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_ktrace.c diff -u src/sys/kern/kern_ktrace.c:1.164.4.1 src/sys/kern/kern_ktrace.c:1.164.4.1.2.1 --- src/sys/kern/kern_ktrace.c:1.164.4.1 Mon Dec 1 11:38:42 2014 +++ src/sys/kern/kern_ktrace.c Sat Aug 19 05:21:56 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_ktrace.c,v 1.164.4.1 2014/12/01 11:38:42 martin Exp $ */ +/* $NetBSD: kern_ktrace.c,v 1.164.4.1.2.1 2017/08/19 05:21:56 snj Exp $ */ /*- * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.164.4.1 2014/12/01 11:38:42 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.164.4.1.2.1 2017/08/19 05:21:56 snj Exp $"); #include #include @@ -931,7 +931,7 @@ ktruser(const char *id, void *addr, size user_dta = (void *)(ktp + 1); if ((error = copyin(addr, (void *)user_dta, len)) != 0) - len = 0; + kte->kte_kth.ktr_len = 0; ktraddentry(l, kte, KTA_WAITOK); return error;
CVS commit: [netbsd-7-0] src/sys/dev
Module Name:src
Committed By: snj
Date: Sat Aug 19 05:19:28 UTC 2017
Modified Files:
src/sys/dev [netbsd-7-0]: vnd.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1476):
sys/dev/vnd.c: revision 1.260, 1.262 via patch
Put in a litany of judicious bounds checks around vnd headers.
Thought I was done with this crap after I rewrote vndcompress(1)!
>From Ilja Van Sprundel.
--
Appease toxic bullshit warning from gcc.
If you have a better way to write a useful bounds check that happens
to always pass on LP64 but doesn't always on LP32, without making it
fail to compile on LP64 or making it an #ifdef conditional on LP32,
please put it in here instead.
To generate a diff of this commit:
cvs rdiff -u -r1.232.2.3.2.1 -r1.232.2.3.2.2 src/sys/dev/vnd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/vnd.c
diff -u src/sys/dev/vnd.c:1.232.2.3.2.1 src/sys/dev/vnd.c:1.232.2.3.2.2
--- src/sys/dev/vnd.c:1.232.2.3.2.1 Sat Jan 2 14:38:45 2016
+++ src/sys/dev/vnd.c Sat Aug 19 05:19:28 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: vnd.c,v 1.232.2.3.2.1 2016/01/02 14:38:45 riz Exp $ */
+/* $NetBSD: vnd.c,v 1.232.2.3.2.2 2017/08/19 05:19:28 snj Exp $ */
/*-
* Copyright (c) 1996, 1997, 1998, 2008 The NetBSD Foundation, Inc.
@@ -91,7 +91,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: vnd.c,v 1.232.2.3.2.1 2016/01/02 14:38:45 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vnd.c,v 1.232.2.3.2.2 2017/08/19 05:19:28 snj Exp $");
#if defined(_KERNEL_OPT)
#include "opt_vnd.h"
@@ -1238,6 +1238,13 @@ vndioctl(dev_t dev, u_long cmd, void *da
VOP_UNLOCK(nd.ni_vp);
goto close_and_exit;
}
+
+ if (ntohl(ch->block_size) == 0 ||
+ ntohl(ch->num_blocks) > UINT32_MAX - 1) {
+free(ch, M_TEMP);
+VOP_UNLOCK(nd.ni_vp);
+goto close_and_exit;
+ }
/* save some header info */
vnd->sc_comp_blksz = ntohl(ch->block_size);
@@ -1249,20 +1256,40 @@ vndioctl(dev_t dev, u_long cmd, void *da
error = EINVAL;
goto close_and_exit;
}
- if (sizeof(struct vnd_comp_header) +
- sizeof(u_int64_t) * vnd->sc_comp_numoffs >
- vattr.va_size) {
+ KASSERT(0 < vnd->sc_comp_blksz);
+ KASSERT(0 < vnd->sc_comp_numoffs);
+ /*
+ * @#^@!$& gcc -Wtype-limits refuses to let me
+ * write SIZE_MAX/sizeof(uint64_t) < numoffs,
+ * because the range of the type on amd64 makes
+ * the comparisons always false.
+ */
+#if SIZE_MAX <= UINT32_MAX*(64/CHAR_BIT)
+ if (SIZE_MAX/sizeof(uint64_t) < vnd->sc_comp_numoffs) {
+VOP_UNLOCK(nd.ni_vp);
+error = EINVAL;
+goto close_and_exit;
+ }
+#endif
+ if ((vattr.va_size < sizeof(struct vnd_comp_header)) ||
+ (vattr.va_size - sizeof(struct vnd_comp_header) <
+sizeof(uint64_t)*vnd->sc_comp_numoffs) ||
+ (UQUAD_MAX/vnd->sc_comp_blksz <
+vnd->sc_comp_numoffs - 1)) {
VOP_UNLOCK(nd.ni_vp);
error = EINVAL;
goto close_and_exit;
}
/* set decompressed file size */
+ KASSERT(vnd->sc_comp_numoffs - 1 <=
+ UQUAD_MAX/vnd->sc_comp_blksz);
vattr.va_size =
((u_quad_t)vnd->sc_comp_numoffs - 1) *
(u_quad_t)vnd->sc_comp_blksz;
/* allocate space for all the compressed offsets */
+ __CTASSERT(UINT32_MAX <= UQUAD_MAX/sizeof(uint64_t));
vnd->sc_comp_offsets =
malloc(sizeof(u_int64_t) * vnd->sc_comp_numoffs,
M_DEVBUF, M_WAITOK);
CVS commit: [netbsd-7-1] src/sys/dev
Module Name:src
Committed By: snj
Date: Sat Aug 19 05:19:30 UTC 2017
Modified Files:
src/sys/dev [netbsd-7-1]: vnd.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1476):
sys/dev/vnd.c: revision 1.260, 1.262 via patch
Put in a litany of judicious bounds checks around vnd headers.
Thought I was done with this crap after I rewrote vndcompress(1)!
>From Ilja Van Sprundel.
--
Appease toxic bullshit warning from gcc.
If you have a better way to write a useful bounds check that happens
to always pass on LP64 but doesn't always on LP32, without making it
fail to compile on LP64 or making it an #ifdef conditional on LP32,
please put it in here instead.
To generate a diff of this commit:
cvs rdiff -u -r1.232.2.4 -r1.232.2.4.4.1 src/sys/dev/vnd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/vnd.c
diff -u src/sys/dev/vnd.c:1.232.2.4 src/sys/dev/vnd.c:1.232.2.4.4.1
--- src/sys/dev/vnd.c:1.232.2.4 Wed Nov 18 08:48:46 2015
+++ src/sys/dev/vnd.c Sat Aug 19 05:19:30 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: vnd.c,v 1.232.2.4 2015/11/18 08:48:46 msaitoh Exp $ */
+/* $NetBSD: vnd.c,v 1.232.2.4.4.1 2017/08/19 05:19:30 snj Exp $ */
/*-
* Copyright (c) 1996, 1997, 1998, 2008 The NetBSD Foundation, Inc.
@@ -91,7 +91,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: vnd.c,v 1.232.2.4 2015/11/18 08:48:46 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vnd.c,v 1.232.2.4.4.1 2017/08/19 05:19:30 snj Exp $");
#if defined(_KERNEL_OPT)
#include "opt_vnd.h"
@@ -1238,6 +1238,13 @@ vndioctl(dev_t dev, u_long cmd, void *da
VOP_UNLOCK(nd.ni_vp);
goto close_and_exit;
}
+
+ if (ntohl(ch->block_size) == 0 ||
+ ntohl(ch->num_blocks) > UINT32_MAX - 1) {
+free(ch, M_TEMP);
+VOP_UNLOCK(nd.ni_vp);
+goto close_and_exit;
+ }
/* save some header info */
vnd->sc_comp_blksz = ntohl(ch->block_size);
@@ -1249,20 +1256,40 @@ vndioctl(dev_t dev, u_long cmd, void *da
error = EINVAL;
goto close_and_exit;
}
- if (sizeof(struct vnd_comp_header) +
- sizeof(u_int64_t) * vnd->sc_comp_numoffs >
- vattr.va_size) {
+ KASSERT(0 < vnd->sc_comp_blksz);
+ KASSERT(0 < vnd->sc_comp_numoffs);
+ /*
+ * @#^@!$& gcc -Wtype-limits refuses to let me
+ * write SIZE_MAX/sizeof(uint64_t) < numoffs,
+ * because the range of the type on amd64 makes
+ * the comparisons always false.
+ */
+#if SIZE_MAX <= UINT32_MAX*(64/CHAR_BIT)
+ if (SIZE_MAX/sizeof(uint64_t) < vnd->sc_comp_numoffs) {
+VOP_UNLOCK(nd.ni_vp);
+error = EINVAL;
+goto close_and_exit;
+ }
+#endif
+ if ((vattr.va_size < sizeof(struct vnd_comp_header)) ||
+ (vattr.va_size - sizeof(struct vnd_comp_header) <
+sizeof(uint64_t)*vnd->sc_comp_numoffs) ||
+ (UQUAD_MAX/vnd->sc_comp_blksz <
+vnd->sc_comp_numoffs - 1)) {
VOP_UNLOCK(nd.ni_vp);
error = EINVAL;
goto close_and_exit;
}
/* set decompressed file size */
+ KASSERT(vnd->sc_comp_numoffs - 1 <=
+ UQUAD_MAX/vnd->sc_comp_blksz);
vattr.va_size =
((u_quad_t)vnd->sc_comp_numoffs - 1) *
(u_quad_t)vnd->sc_comp_blksz;
/* allocate space for all the compressed offsets */
+ __CTASSERT(UINT32_MAX <= UQUAD_MAX/sizeof(uint64_t));
vnd->sc_comp_offsets =
malloc(sizeof(u_int64_t) * vnd->sc_comp_numoffs,
M_DEVBUF, M_WAITOK);
CVS commit: [netbsd-7] src/sys/dev
Module Name:src
Committed By: snj
Date: Sat Aug 19 05:19:32 UTC 2017
Modified Files:
src/sys/dev [netbsd-7]: vnd.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1476):
sys/dev/vnd.c: revision 1.260, 1.262 via patch
Put in a litany of judicious bounds checks around vnd headers.
Thought I was done with this crap after I rewrote vndcompress(1)!
>From Ilja Van Sprundel.
--
Appease toxic bullshit warning from gcc.
If you have a better way to write a useful bounds check that happens
to always pass on LP64 but doesn't always on LP32, without making it
fail to compile on LP64 or making it an #ifdef conditional on LP32,
please put it in here instead.
To generate a diff of this commit:
cvs rdiff -u -r1.232.2.4 -r1.232.2.5 src/sys/dev/vnd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/vnd.c
diff -u src/sys/dev/vnd.c:1.232.2.4 src/sys/dev/vnd.c:1.232.2.5
--- src/sys/dev/vnd.c:1.232.2.4 Wed Nov 18 08:48:46 2015
+++ src/sys/dev/vnd.c Sat Aug 19 05:19:31 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: vnd.c,v 1.232.2.4 2015/11/18 08:48:46 msaitoh Exp $ */
+/* $NetBSD: vnd.c,v 1.232.2.5 2017/08/19 05:19:31 snj Exp $ */
/*-
* Copyright (c) 1996, 1997, 1998, 2008 The NetBSD Foundation, Inc.
@@ -91,7 +91,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: vnd.c,v 1.232.2.4 2015/11/18 08:48:46 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vnd.c,v 1.232.2.5 2017/08/19 05:19:31 snj Exp $");
#if defined(_KERNEL_OPT)
#include "opt_vnd.h"
@@ -1238,6 +1238,13 @@ vndioctl(dev_t dev, u_long cmd, void *da
VOP_UNLOCK(nd.ni_vp);
goto close_and_exit;
}
+
+ if (ntohl(ch->block_size) == 0 ||
+ ntohl(ch->num_blocks) > UINT32_MAX - 1) {
+free(ch, M_TEMP);
+VOP_UNLOCK(nd.ni_vp);
+goto close_and_exit;
+ }
/* save some header info */
vnd->sc_comp_blksz = ntohl(ch->block_size);
@@ -1249,20 +1256,40 @@ vndioctl(dev_t dev, u_long cmd, void *da
error = EINVAL;
goto close_and_exit;
}
- if (sizeof(struct vnd_comp_header) +
- sizeof(u_int64_t) * vnd->sc_comp_numoffs >
- vattr.va_size) {
+ KASSERT(0 < vnd->sc_comp_blksz);
+ KASSERT(0 < vnd->sc_comp_numoffs);
+ /*
+ * @#^@!$& gcc -Wtype-limits refuses to let me
+ * write SIZE_MAX/sizeof(uint64_t) < numoffs,
+ * because the range of the type on amd64 makes
+ * the comparisons always false.
+ */
+#if SIZE_MAX <= UINT32_MAX*(64/CHAR_BIT)
+ if (SIZE_MAX/sizeof(uint64_t) < vnd->sc_comp_numoffs) {
+VOP_UNLOCK(nd.ni_vp);
+error = EINVAL;
+goto close_and_exit;
+ }
+#endif
+ if ((vattr.va_size < sizeof(struct vnd_comp_header)) ||
+ (vattr.va_size - sizeof(struct vnd_comp_header) <
+sizeof(uint64_t)*vnd->sc_comp_numoffs) ||
+ (UQUAD_MAX/vnd->sc_comp_blksz <
+vnd->sc_comp_numoffs - 1)) {
VOP_UNLOCK(nd.ni_vp);
error = EINVAL;
goto close_and_exit;
}
/* set decompressed file size */
+ KASSERT(vnd->sc_comp_numoffs - 1 <=
+ UQUAD_MAX/vnd->sc_comp_blksz);
vattr.va_size =
((u_quad_t)vnd->sc_comp_numoffs - 1) *
(u_quad_t)vnd->sc_comp_blksz;
/* allocate space for all the compressed offsets */
+ __CTASSERT(UINT32_MAX <= UQUAD_MAX/sizeof(uint64_t));
vnd->sc_comp_offsets =
malloc(sizeof(u_int64_t) * vnd->sc_comp_numoffs,
M_DEVBUF, M_WAITOK);
CVS commit: [netbsd-6] src/doc
Module Name:src Committed By: snj Date: Sat Aug 19 05:06:56 UTC 2017 Modified Files: src/doc [netbsd-6]: CHANGES-6.2 Log Message: 1478-1489 To generate a diff of this commit: cvs rdiff -u -r1.1.2.299 -r1.1.2.300 src/doc/CHANGES-6.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-6.2 diff -u src/doc/CHANGES-6.2:1.1.2.299 src/doc/CHANGES-6.2:1.1.2.300 --- src/doc/CHANGES-6.2:1.1.2.299 Fri Aug 18 15:09:27 2017 +++ src/doc/CHANGES-6.2 Sat Aug 19 05:06:56 2017 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-6.2,v 1.1.2.299 2017/08/18 15:09:27 snj Exp $ +# $NetBSD: CHANGES-6.2,v 1.1.2.300 2017/08/19 05:06:56 snj Exp $ A complete list of changes from the 6.1 release until the 6.2 release: @@ -18484,3 +18484,100 @@ sys/dev/ic/dm9000.c1.12 dme_alloc_receive_buffer() [mrg, ticket #1477] +sys/dev/ic/bwi.c1.32 + + wrong error checking in bwi_newbuf() can cause an mbuf to + declare an mbuf length that is too big + [mrg, ticket #1478] + +sys/compat/svr4/svr4_lwp.c 1.20 +sys/compat/svr4/svr4_signal.c 1.67 +sys/compat/svr4/svr4_stream.c 1.89-1.91 via patch +sys/compat/svr4_32/svr4_32_signal.c 1.29-1.30 + + Fix some of the multitudinous holes in svr4 streams. + Zero stack data before copyout. + Fix indexing of svr4 signals. + Attempt to get reference counting less bad. + Check bounds in svr4_sys_putmsg. Check more svr4_strmcmd bounds. + [mrg, ticket #1479] + +sys/dev/vnd.c 1.260, 1.262 + + int overflows / truncation issues in vndioctl can cause + memory corruption + [mrg, ticket #1480] + +sys/compat/ibcs2/ibcs2_exec_coff.c 1.27-1.29 +sys/compat/ibcs2/ibcs2_ioctl.c 1.46 +sys/compat/ibcs2/ibcs2_stat.c 1.49-1.50 + + Out of bound read and endless loop in exec_ibcs2_coff_prep_zmagic(). + Infoleak in ibcs2_sys_ioctl. + Potenial use of expired pointers in ibcs2_sys_statfs()/ + ibcs2_sys_statvfs() + [mrg, ticket #1481] + +sys/kern/vfs_getcwd.c1.52 + + out of bound read in getcwd_scandir() + [mrg, ticket #1482] + +sys/compat/common/vfs_syscalls_12.c 1.34 +sys/compat/common/vfs_syscalls_43.c 1.60 +sys/compat/ibcs2/ibcs2_misc.c 1.114 +sys/compat/linux/common/linux_file64.c 1.59 +sys/compat/linux/common/linux_misc.c 1.239 +sys/compat/linux32/common/linux32_dirent.c 1.18 +sys/compat/osf1/osf1_file.c 1.44 +sys/compat/sunos/sunos_misc.c 1.171 +sys/compat/sunos32/sunos32_misc.c 1.78 +sys/compat/svr4/svr4_misc.c 1.158 +sys/compat/svr4_32/svr4_32_misc.c 1.78 + + puffs userland can trigger panic in compat getdents + [mrg, ticket #1483] + +sys/kern/kern_ktrace.c1.171 via patch + + infoleak in ktruser() if copyin fails. + [mrg, ticket #1484] + +sys/dev/ic/isp_netbsd.c1.89 + + unvalidated channel index in ISP_FC_GETDLIST case of + ispioctl() can cause out of bound read + [mrg, ticket #1485] + +sys/dev/ic/ciss.c1.37 + + out of bound read in ciss_ioctl_vol() + signedness bug in ciss_ioctl() + [mrg, ticket #1486] + +sys/netsmb/smb_dev.c1.50 +sys/netsmb/smb_subr.c1.38 +sys/netsmb/smb_subr.h1.22 +sys/netsmb/smb_usr.c1.17-1.19 + + - no length validation in smb_usr_vc2spec() can cause out + of bound read. + - signedness bug in smb_usr_t2request() can cause out of + bound read + [mrg, ticket #1487] + +sys/altq/altq_cbq.c1.31 +sys/altq/altq_hfsc.c1.27 +sys/altq/altq_jobs.c1.11 +sys/altq/altq_priq.c1.24 +sys/altq/altq_wfq.c1.22 + + infoleak in get_class_stats() + signedness bug in wfq_getstats() + [mrg, ticket #1488] + +sys/compat/linux/common/linux_time.c 1.38-1.39 via patch + + missing cred check in linux_sys_settimeofday() + [mrg, ticket #1489] +
CVS commit: [netbsd-6-1] src/doc
Module Name:src Committed By: snj Date: Sat Aug 19 05:06:42 UTC 2017 Modified Files: src/doc [netbsd-6-1]: CHANGES-6.1.6 Log Message: 1478-1489 To generate a diff of this commit: cvs rdiff -u -r1.1.2.105 -r1.1.2.106 src/doc/CHANGES-6.1.6 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-6.1.6 diff -u src/doc/CHANGES-6.1.6:1.1.2.105 src/doc/CHANGES-6.1.6:1.1.2.106 --- src/doc/CHANGES-6.1.6:1.1.2.105 Fri Aug 18 15:10:01 2017 +++ src/doc/CHANGES-6.1.6 Sat Aug 19 05:06:42 2017 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-6.1.6,v 1.1.2.105 2017/08/18 15:10:01 snj Exp $ +# $NetBSD: CHANGES-6.1.6,v 1.1.2.106 2017/08/19 05:06:42 snj Exp $ A complete list of changes from the NetBSD 6.1.5 release to the NetBSD 6.1.6 release: @@ -12436,3 +12436,100 @@ sys/dev/ic/dm9000.c1.12 dme_alloc_receive_buffer() [mrg, ticket #1477] +sys/dev/ic/bwi.c1.32 + + wrong error checking in bwi_newbuf() can cause an mbuf to + declare an mbuf length that is too big + [mrg, ticket #1478] + +sys/compat/svr4/svr4_lwp.c 1.20 +sys/compat/svr4/svr4_signal.c 1.67 +sys/compat/svr4/svr4_stream.c 1.89-1.91 via patch +sys/compat/svr4_32/svr4_32_signal.c 1.29-1.30 + + Fix some of the multitudinous holes in svr4 streams. + Zero stack data before copyout. + Fix indexing of svr4 signals. + Attempt to get reference counting less bad. + Check bounds in svr4_sys_putmsg. Check more svr4_strmcmd bounds. + [mrg, ticket #1479] + +sys/dev/vnd.c 1.260, 1.262 + + int overflows / truncation issues in vndioctl can cause + memory corruption + [mrg, ticket #1480] + +sys/compat/ibcs2/ibcs2_exec_coff.c 1.27-1.29 +sys/compat/ibcs2/ibcs2_ioctl.c 1.46 +sys/compat/ibcs2/ibcs2_stat.c 1.49-1.50 + + Out of bound read and endless loop in exec_ibcs2_coff_prep_zmagic(). + Infoleak in ibcs2_sys_ioctl. + Potenial use of expired pointers in ibcs2_sys_statfs()/ + ibcs2_sys_statvfs() + [mrg, ticket #1481] + +sys/kern/vfs_getcwd.c1.52 + + out of bound read in getcwd_scandir() + [mrg, ticket #1482] + +sys/compat/common/vfs_syscalls_12.c 1.34 +sys/compat/common/vfs_syscalls_43.c 1.60 +sys/compat/ibcs2/ibcs2_misc.c 1.114 +sys/compat/linux/common/linux_file64.c 1.59 +sys/compat/linux/common/linux_misc.c 1.239 +sys/compat/linux32/common/linux32_dirent.c 1.18 +sys/compat/osf1/osf1_file.c 1.44 +sys/compat/sunos/sunos_misc.c 1.171 +sys/compat/sunos32/sunos32_misc.c 1.78 +sys/compat/svr4/svr4_misc.c 1.158 +sys/compat/svr4_32/svr4_32_misc.c 1.78 + + puffs userland can trigger panic in compat getdents + [mrg, ticket #1483] + +sys/kern/kern_ktrace.c1.171 via patch + + infoleak in ktruser() if copyin fails. + [mrg, ticket #1484] + +sys/dev/ic/isp_netbsd.c1.89 + + unvalidated channel index in ISP_FC_GETDLIST case of + ispioctl() can cause out of bound read + [mrg, ticket #1485] + +sys/dev/ic/ciss.c1.37 + + out of bound read in ciss_ioctl_vol() + signedness bug in ciss_ioctl() + [mrg, ticket #1486] + +sys/netsmb/smb_dev.c1.50 +sys/netsmb/smb_subr.c1.38 +sys/netsmb/smb_subr.h1.22 +sys/netsmb/smb_usr.c1.17-1.19 + + - no length validation in smb_usr_vc2spec() can cause out + of bound read. + - signedness bug in smb_usr_t2request() can cause out of + bound read + [mrg, ticket #1487] + +sys/altq/altq_cbq.c1.31 +sys/altq/altq_hfsc.c1.27 +sys/altq/altq_jobs.c1.11 +sys/altq/altq_priq.c1.24 +sys/altq/altq_wfq.c1.22 + + infoleak in get_class_stats() + signedness bug in wfq_getstats() + [mrg, ticket #1488] + +sys/compat/linux/common/linux_time.c 1.38-1.39 via patch + + missing cred check in linux_sys_settimeofday() + [mrg, ticket #1489] +
CVS commit: [netbsd-6-0] src/doc
Module Name:src Committed By: snj Date: Sat Aug 19 05:06:29 UTC 2017 Modified Files: src/doc [netbsd-6-0]: CHANGES-6.0.7 Log Message: 1478-1489 To generate a diff of this commit: cvs rdiff -u -r1.1.2.108 -r1.1.2.109 src/doc/CHANGES-6.0.7 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-6.0.7 diff -u src/doc/CHANGES-6.0.7:1.1.2.108 src/doc/CHANGES-6.0.7:1.1.2.109 --- src/doc/CHANGES-6.0.7:1.1.2.108 Fri Aug 18 15:10:26 2017 +++ src/doc/CHANGES-6.0.7 Sat Aug 19 05:06:29 2017 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-6.0.7,v 1.1.2.108 2017/08/18 15:10:26 snj Exp $ +# $NetBSD: CHANGES-6.0.7,v 1.1.2.109 2017/08/19 05:06:29 snj Exp $ A complete list of changes from the NetBSD 6.0.6 release to the NetBSD 6.0.7 release: @@ -12763,3 +12763,100 @@ sys/dev/ic/dm9000.c1.12 dme_alloc_receive_buffer() [mrg, ticket #1477] +sys/dev/ic/bwi.c1.32 + + wrong error checking in bwi_newbuf() can cause an mbuf to + declare an mbuf length that is too big + [mrg, ticket #1478] + +sys/compat/svr4/svr4_lwp.c 1.20 +sys/compat/svr4/svr4_signal.c 1.67 +sys/compat/svr4/svr4_stream.c 1.89-1.91 via patch +sys/compat/svr4_32/svr4_32_signal.c 1.29-1.30 + + Fix some of the multitudinous holes in svr4 streams. + Zero stack data before copyout. + Fix indexing of svr4 signals. + Attempt to get reference counting less bad. + Check bounds in svr4_sys_putmsg. Check more svr4_strmcmd bounds. + [mrg, ticket #1479] + +sys/dev/vnd.c 1.260, 1.262 + + int overflows / truncation issues in vndioctl can cause + memory corruption + [mrg, ticket #1480] + +sys/compat/ibcs2/ibcs2_exec_coff.c 1.27-1.29 +sys/compat/ibcs2/ibcs2_ioctl.c 1.46 +sys/compat/ibcs2/ibcs2_stat.c 1.49-1.50 + + Out of bound read and endless loop in exec_ibcs2_coff_prep_zmagic(). + Infoleak in ibcs2_sys_ioctl. + Potenial use of expired pointers in ibcs2_sys_statfs()/ + ibcs2_sys_statvfs() + [mrg, ticket #1481] + +sys/kern/vfs_getcwd.c1.52 + + out of bound read in getcwd_scandir() + [mrg, ticket #1482] + +sys/compat/common/vfs_syscalls_12.c 1.34 +sys/compat/common/vfs_syscalls_43.c 1.60 +sys/compat/ibcs2/ibcs2_misc.c 1.114 +sys/compat/linux/common/linux_file64.c 1.59 +sys/compat/linux/common/linux_misc.c 1.239 +sys/compat/linux32/common/linux32_dirent.c 1.18 +sys/compat/osf1/osf1_file.c 1.44 +sys/compat/sunos/sunos_misc.c 1.171 +sys/compat/sunos32/sunos32_misc.c 1.78 +sys/compat/svr4/svr4_misc.c 1.158 +sys/compat/svr4_32/svr4_32_misc.c 1.78 + + puffs userland can trigger panic in compat getdents + [mrg, ticket #1483] + +sys/kern/kern_ktrace.c1.171 via patch + + infoleak in ktruser() if copyin fails. + [mrg, ticket #1484] + +sys/dev/ic/isp_netbsd.c1.89 + + unvalidated channel index in ISP_FC_GETDLIST case of + ispioctl() can cause out of bound read + [mrg, ticket #1485] + +sys/dev/ic/ciss.c1.37 + + out of bound read in ciss_ioctl_vol() + signedness bug in ciss_ioctl() + [mrg, ticket #1486] + +sys/netsmb/smb_dev.c1.50 +sys/netsmb/smb_subr.c1.38 +sys/netsmb/smb_subr.h1.22 +sys/netsmb/smb_usr.c1.17-1.19 + + - no length validation in smb_usr_vc2spec() can cause out + of bound read. + - signedness bug in smb_usr_t2request() can cause out of + bound read + [mrg, ticket #1487] + +sys/altq/altq_cbq.c1.31 +sys/altq/altq_hfsc.c1.27 +sys/altq/altq_jobs.c1.11 +sys/altq/altq_priq.c1.24 +sys/altq/altq_wfq.c1.22 + + infoleak in get_class_stats() + signedness bug in wfq_getstats() + [mrg, ticket #1488] + +sys/compat/linux/common/linux_time.c 1.38-1.39 via patch + + missing cred check in linux_sys_settimeofday() + [mrg, ticket #1489] +
CVS commit: [netbsd-6] src/sys/compat/linux/common
Module Name:src
Committed By: snj
Date: Sat Aug 19 05:04:00 UTC 2017
Modified Files:
src/sys/compat/linux/common [netbsd-6]: linux_time.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1489):
sys/compat/linux/common/linux_time.c: 1.38-1.39 via patch
Only let the superuser set the compat_linux timezone.
Not really keen to invent a new kauth cookie for this useless purpose.
>From Ilja Van Sprundel.
--
Put suser check in the right function: settimeofday, not gettimeofday.
While here, remove wrong comment.
Noted by kre@.
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.35.6.1 src/sys/compat/linux/common/linux_time.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/compat/linux/common/linux_time.c
diff -u src/sys/compat/linux/common/linux_time.c:1.35 src/sys/compat/linux/common/linux_time.c:1.35.6.1
--- src/sys/compat/linux/common/linux_time.c:1.35 Fri Nov 18 04:07:44 2011
+++ src/sys/compat/linux/common/linux_time.c Sat Aug 19 05:03:59 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_time.c,v 1.35 2011/11/18 04:07:44 christos Exp $ */
+/* $NetBSD: linux_time.c,v 1.35.6.1 2017/08/19 05:03:59 snj Exp $ */
/*-
* Copyright (c) 2001 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: linux_time.c,v 1.35 2011/11/18 04:07:44 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_time.c,v 1.35.6.1 2017/08/19 05:03:59 snj Exp $");
#include
#include
@@ -109,11 +109,10 @@ linux_sys_settimeofday(struct lwp *l, co
return (error);
}
- /*
- * If user is not the superuser, we returned
- * after the sys_settimeofday() call.
- */
if (SCARG(uap, tzp)) {
+ if (kauth_authorize_generic(kauth_cred_get(),
+ KAUTH_GENERIC_ISSUSER, NULL) != 0)
+ return (EPERM);
error = copyin(SCARG(uap, tzp), &linux_sys_tz, sizeof(linux_sys_tz));
if (error)
return (error);
CVS commit: [netbsd-6-0] src/sys/compat/linux/common
Module Name:src
Committed By: snj
Date: Sat Aug 19 05:03:57 UTC 2017
Modified Files:
src/sys/compat/linux/common [netbsd-6-0]: linux_time.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1489):
sys/compat/linux/common/linux_time.c: 1.38-1.39 via patch
Only let the superuser set the compat_linux timezone.
Not really keen to invent a new kauth cookie for this useless purpose.
>From Ilja Van Sprundel.
--
Put suser check in the right function: settimeofday, not gettimeofday.
While here, remove wrong comment.
Noted by kre@.
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.35.12.1 src/sys/compat/linux/common/linux_time.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/compat/linux/common/linux_time.c
diff -u src/sys/compat/linux/common/linux_time.c:1.35 src/sys/compat/linux/common/linux_time.c:1.35.12.1
--- src/sys/compat/linux/common/linux_time.c:1.35 Fri Nov 18 04:07:44 2011
+++ src/sys/compat/linux/common/linux_time.c Sat Aug 19 05:03:57 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_time.c,v 1.35 2011/11/18 04:07:44 christos Exp $ */
+/* $NetBSD: linux_time.c,v 1.35.12.1 2017/08/19 05:03:57 snj Exp $ */
/*-
* Copyright (c) 2001 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: linux_time.c,v 1.35 2011/11/18 04:07:44 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_time.c,v 1.35.12.1 2017/08/19 05:03:57 snj Exp $");
#include
#include
@@ -109,11 +109,10 @@ linux_sys_settimeofday(struct lwp *l, co
return (error);
}
- /*
- * If user is not the superuser, we returned
- * after the sys_settimeofday() call.
- */
if (SCARG(uap, tzp)) {
+ if (kauth_authorize_generic(kauth_cred_get(),
+ KAUTH_GENERIC_ISSUSER, NULL) != 0)
+ return (EPERM);
error = copyin(SCARG(uap, tzp), &linux_sys_tz, sizeof(linux_sys_tz));
if (error)
return (error);
CVS commit: [netbsd-6-1] src/sys/compat/linux/common
Module Name:src
Committed By: snj
Date: Sat Aug 19 05:03:58 UTC 2017
Modified Files:
src/sys/compat/linux/common [netbsd-6-1]: linux_time.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1489):
sys/compat/linux/common/linux_time.c: 1.38-1.39 via patch
Only let the superuser set the compat_linux timezone.
Not really keen to invent a new kauth cookie for this useless purpose.
>From Ilja Van Sprundel.
--
Put suser check in the right function: settimeofday, not gettimeofday.
While here, remove wrong comment.
Noted by kre@.
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.35.14.1 src/sys/compat/linux/common/linux_time.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/compat/linux/common/linux_time.c
diff -u src/sys/compat/linux/common/linux_time.c:1.35 src/sys/compat/linux/common/linux_time.c:1.35.14.1
--- src/sys/compat/linux/common/linux_time.c:1.35 Fri Nov 18 04:07:44 2011
+++ src/sys/compat/linux/common/linux_time.c Sat Aug 19 05:03:58 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_time.c,v 1.35 2011/11/18 04:07:44 christos Exp $ */
+/* $NetBSD: linux_time.c,v 1.35.14.1 2017/08/19 05:03:58 snj Exp $ */
/*-
* Copyright (c) 2001 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: linux_time.c,v 1.35 2011/11/18 04:07:44 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_time.c,v 1.35.14.1 2017/08/19 05:03:58 snj Exp $");
#include
#include
@@ -109,11 +109,10 @@ linux_sys_settimeofday(struct lwp *l, co
return (error);
}
- /*
- * If user is not the superuser, we returned
- * after the sys_settimeofday() call.
- */
if (SCARG(uap, tzp)) {
+ if (kauth_authorize_generic(kauth_cred_get(),
+ KAUTH_GENERIC_ISSUSER, NULL) != 0)
+ return (EPERM);
error = copyin(SCARG(uap, tzp), &linux_sys_tz, sizeof(linux_sys_tz));
if (error)
return (error);
CVS commit: [netbsd-6-1] src/sys/netsmb
Module Name:src
Committed By: snj
Date: Sat Aug 19 04:44:54 UTC 2017
Modified Files:
src/sys/netsmb [netbsd-6-1]: smb_dev.c smb_subr.c smb_subr.h smb_usr.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1487):
sys/netsmb/smb_dev.c: 1.50
sys/netsmb/smb_subr.c: 1.38
sys/netsmb/smb_subr.h: 1.22
sys/netsmb/smb_usr.c: 1.17-1.19
Reject allocations for too-small buffers from userland.
>From Ilja Van Sprundel.
--
Plug another overflow: refuse bogus sa_len from user.
--
Reject negative ioc_setupcnt.
--
Reject negative offset/count for smb read/write.
Not clear that this is actually a problem for the kernel -- might
overwrite user's buffers or return garbage to user, but that's their
own damn fault. But it's hard to imagine that negative offset/count
ever makes sense, and I haven't ruled out a problem for the kernel.
To generate a diff of this commit:
cvs rdiff -u -r1.39 -r1.39.20.1 src/sys/netsmb/smb_dev.c
cvs rdiff -u -r1.36 -r1.36.22.1 src/sys/netsmb/smb_subr.c
cvs rdiff -u -r1.20 -r1.20.20.1 src/sys/netsmb/smb_subr.h
cvs rdiff -u -r1.16 -r1.16.32.1 src/sys/netsmb/smb_usr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netsmb/smb_dev.c
diff -u src/sys/netsmb/smb_dev.c:1.39 src/sys/netsmb/smb_dev.c:1.39.20.1
--- src/sys/netsmb/smb_dev.c:1.39 Fri Dec 17 14:27:34 2010
+++ src/sys/netsmb/smb_dev.c Sat Aug 19 04:44:53 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: smb_dev.c,v 1.39 2010/12/17 14:27:34 pooka Exp $ */
+/* $NetBSD: smb_dev.c,v 1.39.20.1 2017/08/19 04:44:53 snj Exp $ */
/*
* Copyright (c) 2000-2001 Boris Popov
@@ -35,7 +35,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: smb_dev.c,v 1.39 2010/12/17 14:27:34 pooka Exp $");
+__KERNEL_RCSID(0, "$NetBSD: smb_dev.c,v 1.39.20.1 2017/08/19 04:44:53 snj Exp $");
#include
#include
@@ -334,6 +334,8 @@ nsmb_dev_ioctl(dev_t dev, u_long cmd, vo
struct uio auio;
struct iovec iov;
+ if (rwrq->ioc_cnt < 0 || rwrq->ioc_offset < 0)
+ return EINVAL;
if ((ssp = sdp->sd_share) == NULL)
return ENOTCONN;
iov.iov_base = rwrq->ioc_base;
Index: src/sys/netsmb/smb_subr.c
diff -u src/sys/netsmb/smb_subr.c:1.36 src/sys/netsmb/smb_subr.c:1.36.22.1
--- src/sys/netsmb/smb_subr.c:1.36 Sun Sep 25 13:42:30 2011
+++ src/sys/netsmb/smb_subr.c Sat Aug 19 04:44:53 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: smb_subr.c,v 1.36 2011/09/25 13:42:30 chs Exp $ */
+/* $NetBSD: smb_subr.c,v 1.36.22.1 2017/08/19 04:44:53 snj Exp $ */
/*
* Copyright (c) 2000-2001 Boris Popov
@@ -35,7 +35,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: smb_subr.c,v 1.36 2011/09/25 13:42:30 chs Exp $");
+__KERNEL_RCSID(0, "$NetBSD: smb_subr.c,v 1.36.22.1 2017/08/19 04:44:53 snj Exp $");
#include
#include
@@ -371,3 +371,32 @@ dup_sockaddr(struct sockaddr *sa, int ca
memcpy(sa2, sa, sa->sa_len);
return sa2;
}
+
+int
+dup_sockaddr_copyin(struct sockaddr **ksap, struct sockaddr *usa,
+size_t usalen)
+{
+ struct sockaddr *ksa;
+
+ /* Make sure user provided enough data for a generic sockaddr. */
+ if (usalen < sizeof(*ksa))
+ return EINVAL;
+
+ /* Don't let the user overfeed us. */
+ usalen = MIN(usalen, sizeof(struct sockaddr_storage));
+
+ /* Copy the buffer in from userland. */
+ ksa = smb_memdupin(usa, usalen);
+ if (ksa == NULL)
+ return ENOMEM;
+
+ /* Make sure the user's idea of sa_len is reasonable. */
+ if (ksa->sa_len > usalen) {
+ smb_memfree(ksa);
+ return EINVAL;
+ }
+
+ /* Success! */
+ *ksap = ksa;
+ return 0;
+}
Index: src/sys/netsmb/smb_subr.h
diff -u src/sys/netsmb/smb_subr.h:1.20 src/sys/netsmb/smb_subr.h:1.20.20.1
--- src/sys/netsmb/smb_subr.h:1.20 Fri Dec 17 13:05:29 2010
+++ src/sys/netsmb/smb_subr.h Sat Aug 19 04:44:53 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: smb_subr.h,v 1.20 2010/12/17 13:05:29 pooka Exp $ */
+/* $NetBSD: smb_subr.h,v 1.20.20.1 2017/08/19 04:44:53 snj Exp $ */
/*
* Copyright (c) 2000-2001, Boris Popov
@@ -127,5 +127,6 @@ int smb_put_asunistring(struct smb_rq *
#endif
struct sockaddr *dup_sockaddr(struct sockaddr *, int);
+int dup_sockaddr_copyin(struct sockaddr **, struct sockaddr *, size_t);
#endif /* !_NETSMB_SMB_SUBR_H_ */
Index: src/sys/netsmb/smb_usr.c
diff -u src/sys/netsmb/smb_usr.c:1.16 src/sys/netsmb/smb_usr.c:1.16.32.1
--- src/sys/netsmb/smb_usr.c:1.16 Wed Mar 18 16:00:24 2009
+++ src/sys/netsmb/smb_usr.c Sat Aug 19 04:44:53 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: smb_usr.c,v 1.16 2009/03/18 16:00:24 cegger Exp $ */
+/* $NetBSD: smb_usr.c,v 1.16.32.1 2017/08/19 04:44:53 snj Exp $ */
/*
* Copyright (c) 2000-2001 Boris Popov
@@ -35,7 +35,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: smb_usr.c,v 1.16 2009/03/18 16:00:24 cegger Exp $");
+__KERNEL_RCSID(0, "$NetBSD: smb_usr.c,v 1.16.32.1 2017/08/19 04:44:53 snj Exp $");
#include
#include
@@ -65,6 +65,7 @@ static int
smb_usr_vc2spec(struct smbioc_ossn *dp, struct smb_vcspec *spec)
{
CVS commit: [netbsd-6] src/sys/netsmb
Module Name:src
Committed By: snj
Date: Sat Aug 19 04:44:56 UTC 2017
Modified Files:
src/sys/netsmb [netbsd-6]: smb_dev.c smb_subr.c smb_subr.h smb_usr.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1487):
sys/netsmb/smb_dev.c: 1.50
sys/netsmb/smb_subr.c: 1.38
sys/netsmb/smb_subr.h: 1.22
sys/netsmb/smb_usr.c: 1.17-1.19
Reject allocations for too-small buffers from userland.
>From Ilja Van Sprundel.
--
Plug another overflow: refuse bogus sa_len from user.
--
Reject negative ioc_setupcnt.
--
Reject negative offset/count for smb read/write.
Not clear that this is actually a problem for the kernel -- might
overwrite user's buffers or return garbage to user, but that's their
own damn fault. But it's hard to imagine that negative offset/count
ever makes sense, and I haven't ruled out a problem for the kernel.
To generate a diff of this commit:
cvs rdiff -u -r1.39 -r1.39.14.1 src/sys/netsmb/smb_dev.c
cvs rdiff -u -r1.36 -r1.36.8.1 src/sys/netsmb/smb_subr.c
cvs rdiff -u -r1.20 -r1.20.14.1 src/sys/netsmb/smb_subr.h
cvs rdiff -u -r1.16 -r1.16.18.1 src/sys/netsmb/smb_usr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netsmb/smb_dev.c
diff -u src/sys/netsmb/smb_dev.c:1.39 src/sys/netsmb/smb_dev.c:1.39.14.1
--- src/sys/netsmb/smb_dev.c:1.39 Fri Dec 17 14:27:34 2010
+++ src/sys/netsmb/smb_dev.c Sat Aug 19 04:44:55 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: smb_dev.c,v 1.39 2010/12/17 14:27:34 pooka Exp $ */
+/* $NetBSD: smb_dev.c,v 1.39.14.1 2017/08/19 04:44:55 snj Exp $ */
/*
* Copyright (c) 2000-2001 Boris Popov
@@ -35,7 +35,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: smb_dev.c,v 1.39 2010/12/17 14:27:34 pooka Exp $");
+__KERNEL_RCSID(0, "$NetBSD: smb_dev.c,v 1.39.14.1 2017/08/19 04:44:55 snj Exp $");
#include
#include
@@ -334,6 +334,8 @@ nsmb_dev_ioctl(dev_t dev, u_long cmd, vo
struct uio auio;
struct iovec iov;
+ if (rwrq->ioc_cnt < 0 || rwrq->ioc_offset < 0)
+ return EINVAL;
if ((ssp = sdp->sd_share) == NULL)
return ENOTCONN;
iov.iov_base = rwrq->ioc_base;
Index: src/sys/netsmb/smb_subr.c
diff -u src/sys/netsmb/smb_subr.c:1.36 src/sys/netsmb/smb_subr.c:1.36.8.1
--- src/sys/netsmb/smb_subr.c:1.36 Sun Sep 25 13:42:30 2011
+++ src/sys/netsmb/smb_subr.c Sat Aug 19 04:44:55 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: smb_subr.c,v 1.36 2011/09/25 13:42:30 chs Exp $ */
+/* $NetBSD: smb_subr.c,v 1.36.8.1 2017/08/19 04:44:55 snj Exp $ */
/*
* Copyright (c) 2000-2001 Boris Popov
@@ -35,7 +35,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: smb_subr.c,v 1.36 2011/09/25 13:42:30 chs Exp $");
+__KERNEL_RCSID(0, "$NetBSD: smb_subr.c,v 1.36.8.1 2017/08/19 04:44:55 snj Exp $");
#include
#include
@@ -371,3 +371,32 @@ dup_sockaddr(struct sockaddr *sa, int ca
memcpy(sa2, sa, sa->sa_len);
return sa2;
}
+
+int
+dup_sockaddr_copyin(struct sockaddr **ksap, struct sockaddr *usa,
+size_t usalen)
+{
+ struct sockaddr *ksa;
+
+ /* Make sure user provided enough data for a generic sockaddr. */
+ if (usalen < sizeof(*ksa))
+ return EINVAL;
+
+ /* Don't let the user overfeed us. */
+ usalen = MIN(usalen, sizeof(struct sockaddr_storage));
+
+ /* Copy the buffer in from userland. */
+ ksa = smb_memdupin(usa, usalen);
+ if (ksa == NULL)
+ return ENOMEM;
+
+ /* Make sure the user's idea of sa_len is reasonable. */
+ if (ksa->sa_len > usalen) {
+ smb_memfree(ksa);
+ return EINVAL;
+ }
+
+ /* Success! */
+ *ksap = ksa;
+ return 0;
+}
Index: src/sys/netsmb/smb_subr.h
diff -u src/sys/netsmb/smb_subr.h:1.20 src/sys/netsmb/smb_subr.h:1.20.14.1
--- src/sys/netsmb/smb_subr.h:1.20 Fri Dec 17 13:05:29 2010
+++ src/sys/netsmb/smb_subr.h Sat Aug 19 04:44:55 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: smb_subr.h,v 1.20 2010/12/17 13:05:29 pooka Exp $ */
+/* $NetBSD: smb_subr.h,v 1.20.14.1 2017/08/19 04:44:55 snj Exp $ */
/*
* Copyright (c) 2000-2001, Boris Popov
@@ -127,5 +127,6 @@ int smb_put_asunistring(struct smb_rq *
#endif
struct sockaddr *dup_sockaddr(struct sockaddr *, int);
+int dup_sockaddr_copyin(struct sockaddr **, struct sockaddr *, size_t);
#endif /* !_NETSMB_SMB_SUBR_H_ */
Index: src/sys/netsmb/smb_usr.c
diff -u src/sys/netsmb/smb_usr.c:1.16 src/sys/netsmb/smb_usr.c:1.16.18.1
--- src/sys/netsmb/smb_usr.c:1.16 Wed Mar 18 16:00:24 2009
+++ src/sys/netsmb/smb_usr.c Sat Aug 19 04:44:55 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: smb_usr.c,v 1.16 2009/03/18 16:00:24 cegger Exp $ */
+/* $NetBSD: smb_usr.c,v 1.16.18.1 2017/08/19 04:44:55 snj Exp $ */
/*
* Copyright (c) 2000-2001 Boris Popov
@@ -35,7 +35,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: smb_usr.c,v 1.16 2009/03/18 16:00:24 cegger Exp $");
+__KERNEL_RCSID(0, "$NetBSD: smb_usr.c,v 1.16.18.1 2017/08/19 04:44:55 snj Exp $");
#include
#include
@@ -65,6 +65,7 @@ static int
smb_usr_vc2spec(struct smbioc_ossn *dp, struct smb_vcspec *spec)
{
int f
CVS commit: [netbsd-6-0] src/sys/netsmb
Module Name:src
Committed By: snj
Date: Sat Aug 19 04:44:52 UTC 2017
Modified Files:
src/sys/netsmb [netbsd-6-0]: smb_dev.c smb_subr.c smb_subr.h smb_usr.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1487):
sys/netsmb/smb_dev.c: 1.50
sys/netsmb/smb_subr.c: 1.38
sys/netsmb/smb_subr.h: 1.22
sys/netsmb/smb_usr.c: 1.17-1.19
Reject allocations for too-small buffers from userland.
>From Ilja Van Sprundel.
--
Plug another overflow: refuse bogus sa_len from user.
--
Reject negative ioc_setupcnt.
--
Reject negative offset/count for smb read/write.
Not clear that this is actually a problem for the kernel -- might
overwrite user's buffers or return garbage to user, but that's their
own damn fault. But it's hard to imagine that negative offset/count
ever makes sense, and I haven't ruled out a problem for the kernel.
To generate a diff of this commit:
cvs rdiff -u -r1.39 -r1.39.18.1 src/sys/netsmb/smb_dev.c
cvs rdiff -u -r1.36 -r1.36.14.1 src/sys/netsmb/smb_subr.c
cvs rdiff -u -r1.20 -r1.20.18.1 src/sys/netsmb/smb_subr.h
cvs rdiff -u -r1.16 -r1.16.24.1 src/sys/netsmb/smb_usr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netsmb/smb_dev.c
diff -u src/sys/netsmb/smb_dev.c:1.39 src/sys/netsmb/smb_dev.c:1.39.18.1
--- src/sys/netsmb/smb_dev.c:1.39 Fri Dec 17 14:27:34 2010
+++ src/sys/netsmb/smb_dev.c Sat Aug 19 04:44:52 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: smb_dev.c,v 1.39 2010/12/17 14:27:34 pooka Exp $ */
+/* $NetBSD: smb_dev.c,v 1.39.18.1 2017/08/19 04:44:52 snj Exp $ */
/*
* Copyright (c) 2000-2001 Boris Popov
@@ -35,7 +35,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: smb_dev.c,v 1.39 2010/12/17 14:27:34 pooka Exp $");
+__KERNEL_RCSID(0, "$NetBSD: smb_dev.c,v 1.39.18.1 2017/08/19 04:44:52 snj Exp $");
#include
#include
@@ -334,6 +334,8 @@ nsmb_dev_ioctl(dev_t dev, u_long cmd, vo
struct uio auio;
struct iovec iov;
+ if (rwrq->ioc_cnt < 0 || rwrq->ioc_offset < 0)
+ return EINVAL;
if ((ssp = sdp->sd_share) == NULL)
return ENOTCONN;
iov.iov_base = rwrq->ioc_base;
Index: src/sys/netsmb/smb_subr.c
diff -u src/sys/netsmb/smb_subr.c:1.36 src/sys/netsmb/smb_subr.c:1.36.14.1
--- src/sys/netsmb/smb_subr.c:1.36 Sun Sep 25 13:42:30 2011
+++ src/sys/netsmb/smb_subr.c Sat Aug 19 04:44:52 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: smb_subr.c,v 1.36 2011/09/25 13:42:30 chs Exp $ */
+/* $NetBSD: smb_subr.c,v 1.36.14.1 2017/08/19 04:44:52 snj Exp $ */
/*
* Copyright (c) 2000-2001 Boris Popov
@@ -35,7 +35,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: smb_subr.c,v 1.36 2011/09/25 13:42:30 chs Exp $");
+__KERNEL_RCSID(0, "$NetBSD: smb_subr.c,v 1.36.14.1 2017/08/19 04:44:52 snj Exp $");
#include
#include
@@ -371,3 +371,32 @@ dup_sockaddr(struct sockaddr *sa, int ca
memcpy(sa2, sa, sa->sa_len);
return sa2;
}
+
+int
+dup_sockaddr_copyin(struct sockaddr **ksap, struct sockaddr *usa,
+size_t usalen)
+{
+ struct sockaddr *ksa;
+
+ /* Make sure user provided enough data for a generic sockaddr. */
+ if (usalen < sizeof(*ksa))
+ return EINVAL;
+
+ /* Don't let the user overfeed us. */
+ usalen = MIN(usalen, sizeof(struct sockaddr_storage));
+
+ /* Copy the buffer in from userland. */
+ ksa = smb_memdupin(usa, usalen);
+ if (ksa == NULL)
+ return ENOMEM;
+
+ /* Make sure the user's idea of sa_len is reasonable. */
+ if (ksa->sa_len > usalen) {
+ smb_memfree(ksa);
+ return EINVAL;
+ }
+
+ /* Success! */
+ *ksap = ksa;
+ return 0;
+}
Index: src/sys/netsmb/smb_subr.h
diff -u src/sys/netsmb/smb_subr.h:1.20 src/sys/netsmb/smb_subr.h:1.20.18.1
--- src/sys/netsmb/smb_subr.h:1.20 Fri Dec 17 13:05:29 2010
+++ src/sys/netsmb/smb_subr.h Sat Aug 19 04:44:52 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: smb_subr.h,v 1.20 2010/12/17 13:05:29 pooka Exp $ */
+/* $NetBSD: smb_subr.h,v 1.20.18.1 2017/08/19 04:44:52 snj Exp $ */
/*
* Copyright (c) 2000-2001, Boris Popov
@@ -127,5 +127,6 @@ int smb_put_asunistring(struct smb_rq *
#endif
struct sockaddr *dup_sockaddr(struct sockaddr *, int);
+int dup_sockaddr_copyin(struct sockaddr **, struct sockaddr *, size_t);
#endif /* !_NETSMB_SMB_SUBR_H_ */
Index: src/sys/netsmb/smb_usr.c
diff -u src/sys/netsmb/smb_usr.c:1.16 src/sys/netsmb/smb_usr.c:1.16.24.1
--- src/sys/netsmb/smb_usr.c:1.16 Wed Mar 18 16:00:24 2009
+++ src/sys/netsmb/smb_usr.c Sat Aug 19 04:44:52 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: smb_usr.c,v 1.16 2009/03/18 16:00:24 cegger Exp $ */
+/* $NetBSD: smb_usr.c,v 1.16.24.1 2017/08/19 04:44:52 snj Exp $ */
/*
* Copyright (c) 2000-2001 Boris Popov
@@ -35,7 +35,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: smb_usr.c,v 1.16 2009/03/18 16:00:24 cegger Exp $");
+__KERNEL_RCSID(0, "$NetBSD: smb_usr.c,v 1.16.24.1 2017/08/19 04:44:52 snj Exp $");
#include
#include
@@ -65,6 +65,7 @@ static int
smb_usr_vc2spec(struct smbioc_ossn *dp, struct smb_vcspec *spec)
{
CVS commit: [netbsd-6] src/sys/dev/ic
Module Name:src
Committed By: snj
Date: Sat Aug 19 04:29:14 UTC 2017
Modified Files:
src/sys/dev/ic [netbsd-6]: ciss.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1486):
sys/dev/ic/ciss.c: revision 1.37
Reject negative indices from userland.
To generate a diff of this commit:
cvs rdiff -u -r1.27.8.1 -r1.27.8.2 src/sys/dev/ic/ciss.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/ic/ciss.c
diff -u src/sys/dev/ic/ciss.c:1.27.8.1 src/sys/dev/ic/ciss.c:1.27.8.2
--- src/sys/dev/ic/ciss.c:1.27.8.1 Thu Nov 22 17:24:52 2012
+++ src/sys/dev/ic/ciss.c Sat Aug 19 04:29:14 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ciss.c,v 1.27.8.1 2012/11/22 17:24:52 riz Exp $ */
+/* $NetBSD: ciss.c,v 1.27.8.2 2017/08/19 04:29:14 snj Exp $ */
/* $OpenBSD: ciss.c,v 1.14 2006/03/13 16:02:23 mickey Exp $ */
/*
@@ -19,7 +19,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: ciss.c,v 1.27.8.1 2012/11/22 17:24:52 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ciss.c,v 1.27.8.2 2017/08/19 04:29:14 snj Exp $");
#include "bio.h"
@@ -1198,12 +1198,12 @@ ciss_ioctl(device_t dev, u_long cmd, voi
/* FALLTHROUGH */
case BIOCDISK:
bd = (struct bioc_disk *)addr;
- if (bd->bd_volid > sc->maxunits) {
+ if (bd->bd_volid < 0 || bd->bd_volid > sc->maxunits) {
error = EINVAL;
break;
}
ldp = sc->sc_lds[0];
- if (!ldp || (pd = bd->bd_diskid) > ldp->ndrives) {
+ if (!ldp || (pd = bd->bd_diskid) < 0 || pd > ldp->ndrives) {
error = EINVAL;
break;
}
@@ -1304,7 +1304,7 @@ ciss_ioctl_vol(struct ciss_softc *sc, st
int error = 0;
u_int blks;
- if (bv->bv_volid > sc->maxunits) {
+ if (bv->bv_volid < 0 || bv->bv_volid > sc->maxunits) {
return EINVAL;
}
ldp = sc->sc_lds[bv->bv_volid];
CVS commit: [netbsd-6-1] src/sys/dev/ic
Module Name:src
Committed By: snj
Date: Sat Aug 19 04:29:12 UTC 2017
Modified Files:
src/sys/dev/ic [netbsd-6-1]: ciss.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1486):
sys/dev/ic/ciss.c: revision 1.37
Reject negative indices from userland.
To generate a diff of this commit:
cvs rdiff -u -r1.27.8.1 -r1.27.8.1.2.1 src/sys/dev/ic/ciss.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/ic/ciss.c
diff -u src/sys/dev/ic/ciss.c:1.27.8.1 src/sys/dev/ic/ciss.c:1.27.8.1.2.1
--- src/sys/dev/ic/ciss.c:1.27.8.1 Thu Nov 22 17:24:52 2012
+++ src/sys/dev/ic/ciss.c Sat Aug 19 04:29:12 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ciss.c,v 1.27.8.1 2012/11/22 17:24:52 riz Exp $ */
+/* $NetBSD: ciss.c,v 1.27.8.1.2.1 2017/08/19 04:29:12 snj Exp $ */
/* $OpenBSD: ciss.c,v 1.14 2006/03/13 16:02:23 mickey Exp $ */
/*
@@ -19,7 +19,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: ciss.c,v 1.27.8.1 2012/11/22 17:24:52 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ciss.c,v 1.27.8.1.2.1 2017/08/19 04:29:12 snj Exp $");
#include "bio.h"
@@ -1198,12 +1198,12 @@ ciss_ioctl(device_t dev, u_long cmd, voi
/* FALLTHROUGH */
case BIOCDISK:
bd = (struct bioc_disk *)addr;
- if (bd->bd_volid > sc->maxunits) {
+ if (bd->bd_volid < 0 || bd->bd_volid > sc->maxunits) {
error = EINVAL;
break;
}
ldp = sc->sc_lds[0];
- if (!ldp || (pd = bd->bd_diskid) > ldp->ndrives) {
+ if (!ldp || (pd = bd->bd_diskid) < 0 || pd > ldp->ndrives) {
error = EINVAL;
break;
}
@@ -1304,7 +1304,7 @@ ciss_ioctl_vol(struct ciss_softc *sc, st
int error = 0;
u_int blks;
- if (bv->bv_volid > sc->maxunits) {
+ if (bv->bv_volid < 0 || bv->bv_volid > sc->maxunits) {
return EINVAL;
}
ldp = sc->sc_lds[bv->bv_volid];
CVS commit: [netbsd-6-0] src/sys/dev/ic
Module Name:src
Committed By: snj
Date: Sat Aug 19 04:29:10 UTC 2017
Modified Files:
src/sys/dev/ic [netbsd-6-0]: ciss.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1486):
sys/dev/ic/ciss.c: revision 1.37
Reject negative indices from userland.
To generate a diff of this commit:
cvs rdiff -u -r1.27.14.1 -r1.27.14.2 src/sys/dev/ic/ciss.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/ic/ciss.c
diff -u src/sys/dev/ic/ciss.c:1.27.14.1 src/sys/dev/ic/ciss.c:1.27.14.2
--- src/sys/dev/ic/ciss.c:1.27.14.1 Thu Nov 22 17:26:37 2012
+++ src/sys/dev/ic/ciss.c Sat Aug 19 04:29:10 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ciss.c,v 1.27.14.1 2012/11/22 17:26:37 riz Exp $ */
+/* $NetBSD: ciss.c,v 1.27.14.2 2017/08/19 04:29:10 snj Exp $ */
/* $OpenBSD: ciss.c,v 1.14 2006/03/13 16:02:23 mickey Exp $ */
/*
@@ -19,7 +19,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: ciss.c,v 1.27.14.1 2012/11/22 17:26:37 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ciss.c,v 1.27.14.2 2017/08/19 04:29:10 snj Exp $");
#include "bio.h"
@@ -1198,12 +1198,12 @@ ciss_ioctl(device_t dev, u_long cmd, voi
/* FALLTHROUGH */
case BIOCDISK:
bd = (struct bioc_disk *)addr;
- if (bd->bd_volid > sc->maxunits) {
+ if (bd->bd_volid < 0 || bd->bd_volid > sc->maxunits) {
error = EINVAL;
break;
}
ldp = sc->sc_lds[0];
- if (!ldp || (pd = bd->bd_diskid) > ldp->ndrives) {
+ if (!ldp || (pd = bd->bd_diskid) < 0 || pd > ldp->ndrives) {
error = EINVAL;
break;
}
@@ -1304,7 +1304,7 @@ ciss_ioctl_vol(struct ciss_softc *sc, st
int error = 0;
u_int blks;
- if (bv->bv_volid > sc->maxunits) {
+ if (bv->bv_volid < 0 || bv->bv_volid > sc->maxunits) {
return EINVAL;
}
ldp = sc->sc_lds[bv->bv_volid];
CVS commit: [netbsd-6] src/sys/dev/ic
Module Name:src
Committed By: snj
Date: Sat Aug 19 04:27:39 UTC 2017
Modified Files:
src/sys/dev/ic [netbsd-6]: isp_netbsd.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1485):
sys/dev/ic/isp_netbsd.c: revision 1.89
Reject out-of-bounds channel index.
>From Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.85.2.1 -r1.85.2.2 src/sys/dev/ic/isp_netbsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/ic/isp_netbsd.c
diff -u src/sys/dev/ic/isp_netbsd.c:1.85.2.1 src/sys/dev/ic/isp_netbsd.c:1.85.2.2
--- src/sys/dev/ic/isp_netbsd.c:1.85.2.1 Mon Sep 3 18:38:34 2012
+++ src/sys/dev/ic/isp_netbsd.c Sat Aug 19 04:27:38 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: isp_netbsd.c,v 1.85.2.1 2012/09/03 18:38:34 riz Exp $ */
+/* $NetBSD: isp_netbsd.c,v 1.85.2.2 2017/08/19 04:27:38 snj Exp $ */
/*
* Platform (NetBSD) dependent common attachment code for Qlogic adapters.
*/
@@ -33,7 +33,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: isp_netbsd.c,v 1.85.2.1 2012/09/03 18:38:34 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: isp_netbsd.c,v 1.85.2.2 2017/08/19 04:27:38 snj Exp $");
#include
#include
@@ -475,6 +475,10 @@ ispioctl(struct scsipi_channel *chan, u_
}
lim = local.count;
channel = local.channel;
+ if (channel >= isp->isp_nchan) {
+ retval = EINVAL;
+ break;
+ }
ua = *(isp_dlist_t **)addr;
uptr = &ua->wwns[0];
CVS commit: [netbsd-6-1] src/sys/dev/ic
Module Name:src
Committed By: snj
Date: Sat Aug 19 04:27:37 UTC 2017
Modified Files:
src/sys/dev/ic [netbsd-6-1]: isp_netbsd.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1485):
sys/dev/ic/isp_netbsd.c: revision 1.89
Reject out-of-bounds channel index.
>From Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.85.2.1 -r1.85.2.1.4.1 src/sys/dev/ic/isp_netbsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/ic/isp_netbsd.c
diff -u src/sys/dev/ic/isp_netbsd.c:1.85.2.1 src/sys/dev/ic/isp_netbsd.c:1.85.2.1.4.1
--- src/sys/dev/ic/isp_netbsd.c:1.85.2.1 Mon Sep 3 18:38:34 2012
+++ src/sys/dev/ic/isp_netbsd.c Sat Aug 19 04:27:37 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: isp_netbsd.c,v 1.85.2.1 2012/09/03 18:38:34 riz Exp $ */
+/* $NetBSD: isp_netbsd.c,v 1.85.2.1.4.1 2017/08/19 04:27:37 snj Exp $ */
/*
* Platform (NetBSD) dependent common attachment code for Qlogic adapters.
*/
@@ -33,7 +33,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: isp_netbsd.c,v 1.85.2.1 2012/09/03 18:38:34 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: isp_netbsd.c,v 1.85.2.1.4.1 2017/08/19 04:27:37 snj Exp $");
#include
#include
@@ -475,6 +475,10 @@ ispioctl(struct scsipi_channel *chan, u_
}
lim = local.count;
channel = local.channel;
+ if (channel >= isp->isp_nchan) {
+ retval = EINVAL;
+ break;
+ }
ua = *(isp_dlist_t **)addr;
uptr = &ua->wwns[0];
CVS commit: [netbsd-6-0] src/sys/dev/ic
Module Name:src
Committed By: snj
Date: Sat Aug 19 04:27:35 UTC 2017
Modified Files:
src/sys/dev/ic [netbsd-6-0]: isp_netbsd.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1485):
sys/dev/ic/isp_netbsd.c: revision 1.89
Reject out-of-bounds channel index.
>From Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.85.2.1 -r1.85.2.1.2.1 src/sys/dev/ic/isp_netbsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/ic/isp_netbsd.c
diff -u src/sys/dev/ic/isp_netbsd.c:1.85.2.1 src/sys/dev/ic/isp_netbsd.c:1.85.2.1.2.1
--- src/sys/dev/ic/isp_netbsd.c:1.85.2.1 Mon Sep 3 18:38:34 2012
+++ src/sys/dev/ic/isp_netbsd.c Sat Aug 19 04:27:35 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: isp_netbsd.c,v 1.85.2.1 2012/09/03 18:38:34 riz Exp $ */
+/* $NetBSD: isp_netbsd.c,v 1.85.2.1.2.1 2017/08/19 04:27:35 snj Exp $ */
/*
* Platform (NetBSD) dependent common attachment code for Qlogic adapters.
*/
@@ -33,7 +33,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: isp_netbsd.c,v 1.85.2.1 2012/09/03 18:38:34 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: isp_netbsd.c,v 1.85.2.1.2.1 2017/08/19 04:27:35 snj Exp $");
#include
#include
@@ -475,6 +475,10 @@ ispioctl(struct scsipi_channel *chan, u_
}
lim = local.count;
channel = local.channel;
+ if (channel >= isp->isp_nchan) {
+ retval = EINVAL;
+ break;
+ }
ua = *(isp_dlist_t **)addr;
uptr = &ua->wwns[0];
CVS commit: [netbsd-6-0] src/sys/kern
Module Name:src Committed By: snj Date: Sat Aug 19 04:24:20 UTC 2017 Modified Files: src/sys/kern [netbsd-6-0]: kern_ktrace.c Log Message: Pull up following revision(s) (requested by mrg in ticket #1484): sys/kern/kern_ktrace.c: revision 1.171 via patch Clamp the length we use, not the length we don't. Avoids uninitialized memory disclosure to userland. >From Ilja Van Sprundel. To generate a diff of this commit: cvs rdiff -u -r1.160 -r1.160.6.1 src/sys/kern/kern_ktrace.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_ktrace.c diff -u src/sys/kern/kern_ktrace.c:1.160 src/sys/kern/kern_ktrace.c:1.160.6.1 --- src/sys/kern/kern_ktrace.c:1.160 Fri Dec 30 20:33:04 2011 +++ src/sys/kern/kern_ktrace.c Sat Aug 19 04:24:20 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_ktrace.c,v 1.160 2011/12/30 20:33:04 christos Exp $ */ +/* $NetBSD: kern_ktrace.c,v 1.160.6.1 2017/08/19 04:24:20 snj Exp $ */ /*- * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.160 2011/12/30 20:33:04 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.160.6.1 2017/08/19 04:24:20 snj Exp $"); #include #include @@ -952,7 +952,7 @@ ktruser(const char *id, void *addr, size user_dta = (void *)(ktp + 1); if ((error = copyin(addr, (void *)user_dta, len)) != 0) - len = 0; + kte->kte_kth.ktr_len = 0; ktraddentry(l, kte, KTA_WAITOK); return error;
CVS commit: [netbsd-6] src/sys/kern
Module Name:src Committed By: snj Date: Sat Aug 19 04:24:24 UTC 2017 Modified Files: src/sys/kern [netbsd-6]: kern_ktrace.c Log Message: Pull up following revision(s) (requested by mrg in ticket #1484): sys/kern/kern_ktrace.c: revision 1.171 via patch Clamp the length we use, not the length we don't. Avoids uninitialized memory disclosure to userland. >From Ilja Van Sprundel. To generate a diff of this commit: cvs rdiff -u -r1.160.2.1 -r1.160.2.2 src/sys/kern/kern_ktrace.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_ktrace.c diff -u src/sys/kern/kern_ktrace.c:1.160.2.1 src/sys/kern/kern_ktrace.c:1.160.2.2 --- src/sys/kern/kern_ktrace.c:1.160.2.1 Sun Dec 7 15:09:31 2014 +++ src/sys/kern/kern_ktrace.c Sat Aug 19 04:24:23 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_ktrace.c,v 1.160.2.1 2014/12/07 15:09:31 martin Exp $ */ +/* $NetBSD: kern_ktrace.c,v 1.160.2.2 2017/08/19 04:24:23 snj Exp $ */ /*- * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.160.2.1 2014/12/07 15:09:31 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.160.2.2 2017/08/19 04:24:23 snj Exp $"); #include #include @@ -952,7 +952,7 @@ ktruser(const char *id, void *addr, size user_dta = (void *)(ktp + 1); if ((error = copyin(addr, (void *)user_dta, len)) != 0) - len = 0; + kte->kte_kth.ktr_len = 0; ktraddentry(l, kte, KTA_WAITOK); return error;
CVS commit: [netbsd-6-1] src/sys/kern
Module Name:src Committed By: snj Date: Sat Aug 19 04:24:22 UTC 2017 Modified Files: src/sys/kern [netbsd-6-1]: kern_ktrace.c Log Message: Pull up following revision(s) (requested by mrg in ticket #1484): sys/kern/kern_ktrace.c: revision 1.171 via patch Clamp the length we use, not the length we don't. Avoids uninitialized memory disclosure to userland. >From Ilja Van Sprundel. To generate a diff of this commit: cvs rdiff -u -r1.160 -r1.160.8.1 src/sys/kern/kern_ktrace.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_ktrace.c diff -u src/sys/kern/kern_ktrace.c:1.160 src/sys/kern/kern_ktrace.c:1.160.8.1 --- src/sys/kern/kern_ktrace.c:1.160 Fri Dec 30 20:33:04 2011 +++ src/sys/kern/kern_ktrace.c Sat Aug 19 04:24:22 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_ktrace.c,v 1.160 2011/12/30 20:33:04 christos Exp $ */ +/* $NetBSD: kern_ktrace.c,v 1.160.8.1 2017/08/19 04:24:22 snj Exp $ */ /*- * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.160 2011/12/30 20:33:04 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.160.8.1 2017/08/19 04:24:22 snj Exp $"); #include #include @@ -952,7 +952,7 @@ ktruser(const char *id, void *addr, size user_dta = (void *)(ktp + 1); if ((error = copyin(addr, (void *)user_dta, len)) != 0) - len = 0; + kte->kte_kth.ktr_len = 0; ktraddentry(l, kte, KTA_WAITOK); return error;
CVS commit: [netbsd-6] src/sys/compat
Module Name:src
Committed By: snj
Date: Sat Aug 19 04:20:02 UTC 2017
Modified Files:
src/sys/compat/common [netbsd-6]: vfs_syscalls_12.c vfs_syscalls_43.c
src/sys/compat/ibcs2 [netbsd-6]: ibcs2_misc.c
src/sys/compat/linux/common [netbsd-6]: linux_file64.c linux_misc.c
src/sys/compat/linux32/common [netbsd-6]: linux32_dirent.c
src/sys/compat/osf1 [netbsd-6]: osf1_file.c
src/sys/compat/sunos [netbsd-6]: sunos_misc.c
src/sys/compat/sunos32 [netbsd-6]: sunos32_misc.c
src/sys/compat/svr4 [netbsd-6]: svr4_misc.c
src/sys/compat/svr4_32 [netbsd-6]: svr4_32_misc.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1483):
sys/compat/common/vfs_syscalls_12.c: revision 1.34
sys/compat/svr4_32/svr4_32_misc.c: revision 1.78
sys/compat/sunos32/sunos32_misc.c: revision 1.78
sys/compat/linux/common/linux_misc.c: revision 1.239
sys/compat/osf1/osf1_file.c: revision 1.44
sys/compat/common/vfs_syscalls_43.c: revision 1.60
sys/compat/svr4/svr4_misc.c: revision 1.158
sys/compat/ibcs2/ibcs2_misc.c: revision 1.114
sys/compat/linux/common/linux_file64.c: revision 1.59
sys/compat/linux32/common/linux32_dirent.c: revision 1.18
sys/compat/sunos/sunos_misc.c: revision 1.171
Fail, don't panic, on bad dirents from file system.
Controllable via puffs from userland.
>From Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.29.12.1 -r1.29.12.2 src/sys/compat/common/vfs_syscalls_12.c
cvs rdiff -u -r1.54.14.3 -r1.54.14.4 src/sys/compat/common/vfs_syscalls_43.c
cvs rdiff -u -r1.111 -r1.111.14.1 src/sys/compat/ibcs2/ibcs2_misc.c
cvs rdiff -u -r1.53 -r1.53.8.1 src/sys/compat/linux/common/linux_file64.c
cvs rdiff -u -r1.219.8.1 -r1.219.8.2 src/sys/compat/linux/common/linux_misc.c
cvs rdiff -u -r1.13 -r1.13.8.1 src/sys/compat/linux32/common/linux32_dirent.c
cvs rdiff -u -r1.41.8.1 -r1.41.8.2 src/sys/compat/osf1/osf1_file.c
cvs rdiff -u -r1.168 -r1.168.14.1 src/sys/compat/sunos/sunos_misc.c
cvs rdiff -u -r1.74 -r1.74.2.1 src/sys/compat/sunos32/sunos32_misc.c
cvs rdiff -u -r1.155 -r1.155.8.1 src/sys/compat/svr4/svr4_misc.c
cvs rdiff -u -r1.74 -r1.74.8.1 src/sys/compat/svr4_32/svr4_32_misc.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/compat/common/vfs_syscalls_12.c
diff -u src/sys/compat/common/vfs_syscalls_12.c:1.29.12.1 src/sys/compat/common/vfs_syscalls_12.c:1.29.12.2
--- src/sys/compat/common/vfs_syscalls_12.c:1.29.12.1 Sat Aug 12 16:23:28 2017
+++ src/sys/compat/common/vfs_syscalls_12.c Sat Aug 19 04:20:01 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: vfs_syscalls_12.c,v 1.29.12.1 2017/08/12 16:23:28 snj Exp $ */
+/* $NetBSD: vfs_syscalls_12.c,v 1.29.12.2 2017/08/19 04:20:01 snj Exp $ */
/*
* Copyright (c) 1989, 1993
@@ -37,7 +37,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_12.c,v 1.29.12.1 2017/08/12 16:23:28 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_12.c,v 1.29.12.2 2017/08/19 04:20:01 snj Exp $");
#include
#include
@@ -171,8 +171,10 @@ again:
for (cookie = cookiebuf; len > 0; len -= reclen) {
bdp = (struct dirent *)inp;
reclen = bdp->d_reclen;
- if (reclen & 3)
- panic(__func__);
+ if (reclen & 3) {
+ error = EIO;
+ goto out;
+ }
if (bdp->d_fileno == 0) {
inp += reclen; /* it is a hole; squish it out */
if (cookie)
Index: src/sys/compat/common/vfs_syscalls_43.c
diff -u src/sys/compat/common/vfs_syscalls_43.c:1.54.14.3 src/sys/compat/common/vfs_syscalls_43.c:1.54.14.4
--- src/sys/compat/common/vfs_syscalls_43.c:1.54.14.3 Sat Aug 12 16:23:28 2017
+++ src/sys/compat/common/vfs_syscalls_43.c Sat Aug 19 04:20:01 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: vfs_syscalls_43.c,v 1.54.14.3 2017/08/12 16:23:28 snj Exp $ */
+/* $NetBSD: vfs_syscalls_43.c,v 1.54.14.4 2017/08/19 04:20:01 snj Exp $ */
/*
* Copyright (c) 1989, 1993
@@ -37,7 +37,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_43.c,v 1.54.14.3 2017/08/12 16:23:28 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_43.c,v 1.54.14.4 2017/08/19 04:20:01 snj Exp $");
#if defined(_KERNEL_OPT)
#include "opt_compat_netbsd.h"
@@ -450,8 +450,10 @@ again:
for (cookie = cookiebuf; len > 0; len -= reclen) {
bdp = (struct dirent *)inp;
reclen = bdp->d_reclen;
- if (reclen & 3)
- panic(__func__);
+ if (reclen & 3) {
+ error = EIO;
+ goto out;
+ }
if (bdp->d_fileno == 0) {
inp += reclen; /* it is a hole; squish it out */
if (cookie)
Index: src/sys/compat/ibcs2/ibcs2_misc.c
diff -u src/sys/compat/ibcs2/ibcs2_misc.c:1.111 src/sys/compat/ibcs2/ibcs2_misc.c:1.111.14.1
--- src/sys/compat/ibcs2/ibcs2_misc.c:1.111 Thu Jun 24 13:03:06 2010
+++ src/sys/compat/ibcs2/ibcs2_misc.c Sat Aug 19 04:20:01 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ibcs2_misc.c,v 1.111 2010/06/24 13:03:06 hannken Exp $ */
+/* $
CVS commit: [netbsd-6-1] src/sys/compat
Module Name:src
Committed By: snj
Date: Sat Aug 19 04:19:59 UTC 2017
Modified Files:
src/sys/compat/common [netbsd-6-1]: vfs_syscalls_12.c vfs_syscalls_43.c
src/sys/compat/ibcs2 [netbsd-6-1]: ibcs2_misc.c
src/sys/compat/linux/common [netbsd-6-1]: linux_file64.c linux_misc.c
src/sys/compat/linux32/common [netbsd-6-1]: linux32_dirent.c
src/sys/compat/osf1 [netbsd-6-1]: osf1_file.c
src/sys/compat/sunos [netbsd-6-1]: sunos_misc.c
src/sys/compat/sunos32 [netbsd-6-1]: sunos32_misc.c
src/sys/compat/svr4 [netbsd-6-1]: svr4_misc.c
src/sys/compat/svr4_32 [netbsd-6-1]: svr4_32_misc.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1483):
sys/compat/common/vfs_syscalls_12.c: revision 1.34
sys/compat/svr4_32/svr4_32_misc.c: revision 1.78
sys/compat/sunos32/sunos32_misc.c: revision 1.78
sys/compat/linux/common/linux_misc.c: revision 1.239
sys/compat/osf1/osf1_file.c: revision 1.44
sys/compat/common/vfs_syscalls_43.c: revision 1.60
sys/compat/svr4/svr4_misc.c: revision 1.158
sys/compat/ibcs2/ibcs2_misc.c: revision 1.114
sys/compat/linux/common/linux_file64.c: revision 1.59
sys/compat/linux32/common/linux32_dirent.c: revision 1.18
sys/compat/sunos/sunos_misc.c: revision 1.171
Fail, don't panic, on bad dirents from file system.
Controllable via puffs from userland.
>From Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.29.26.1 -r1.29.26.2 src/sys/compat/common/vfs_syscalls_12.c
cvs rdiff -u -r1.54.14.1.2.2 -r1.54.14.1.2.3 \
src/sys/compat/common/vfs_syscalls_43.c
cvs rdiff -u -r1.111 -r1.111.22.1 src/sys/compat/ibcs2/ibcs2_misc.c
cvs rdiff -u -r1.53 -r1.53.22.1 src/sys/compat/linux/common/linux_file64.c
cvs rdiff -u -r1.219 -r1.219.16.1 src/sys/compat/linux/common/linux_misc.c
cvs rdiff -u -r1.13 -r1.13.22.1 \
src/sys/compat/linux32/common/linux32_dirent.c
cvs rdiff -u -r1.41.22.1 -r1.41.22.2 src/sys/compat/osf1/osf1_file.c
cvs rdiff -u -r1.168 -r1.168.28.1 src/sys/compat/sunos/sunos_misc.c
cvs rdiff -u -r1.74 -r1.74.16.1 src/sys/compat/sunos32/sunos32_misc.c
cvs rdiff -u -r1.155 -r1.155.22.1 src/sys/compat/svr4/svr4_misc.c
cvs rdiff -u -r1.74 -r1.74.22.1 src/sys/compat/svr4_32/svr4_32_misc.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/compat/common/vfs_syscalls_12.c
diff -u src/sys/compat/common/vfs_syscalls_12.c:1.29.26.1 src/sys/compat/common/vfs_syscalls_12.c:1.29.26.2
--- src/sys/compat/common/vfs_syscalls_12.c:1.29.26.1 Sat Aug 12 16:22:30 2017
+++ src/sys/compat/common/vfs_syscalls_12.c Sat Aug 19 04:19:58 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: vfs_syscalls_12.c,v 1.29.26.1 2017/08/12 16:22:30 snj Exp $ */
+/* $NetBSD: vfs_syscalls_12.c,v 1.29.26.2 2017/08/19 04:19:58 snj Exp $ */
/*
* Copyright (c) 1989, 1993
@@ -37,7 +37,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_12.c,v 1.29.26.1 2017/08/12 16:22:30 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_12.c,v 1.29.26.2 2017/08/19 04:19:58 snj Exp $");
#include
#include
@@ -171,8 +171,10 @@ again:
for (cookie = cookiebuf; len > 0; len -= reclen) {
bdp = (struct dirent *)inp;
reclen = bdp->d_reclen;
- if (reclen & 3)
- panic(__func__);
+ if (reclen & 3) {
+ error = EIO;
+ goto out;
+ }
if (bdp->d_fileno == 0) {
inp += reclen; /* it is a hole; squish it out */
if (cookie)
Index: src/sys/compat/common/vfs_syscalls_43.c
diff -u src/sys/compat/common/vfs_syscalls_43.c:1.54.14.1.2.2 src/sys/compat/common/vfs_syscalls_43.c:1.54.14.1.2.3
--- src/sys/compat/common/vfs_syscalls_43.c:1.54.14.1.2.2 Sat Aug 12 16:22:30 2017
+++ src/sys/compat/common/vfs_syscalls_43.c Sat Aug 19 04:19:58 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: vfs_syscalls_43.c,v 1.54.14.1.2.2 2017/08/12 16:22:30 snj Exp $ */
+/* $NetBSD: vfs_syscalls_43.c,v 1.54.14.1.2.3 2017/08/19 04:19:58 snj Exp $ */
/*
* Copyright (c) 1989, 1993
@@ -37,7 +37,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_43.c,v 1.54.14.1.2.2 2017/08/12 16:22:30 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_43.c,v 1.54.14.1.2.3 2017/08/19 04:19:58 snj Exp $");
#if defined(_KERNEL_OPT)
#include "opt_compat_netbsd.h"
@@ -450,8 +450,10 @@ again:
for (cookie = cookiebuf; len > 0; len -= reclen) {
bdp = (struct dirent *)inp;
reclen = bdp->d_reclen;
- if (reclen & 3)
- panic(__func__);
+ if (reclen & 3) {
+ error = EIO;
+ goto out;
+ }
if (bdp->d_fileno == 0) {
inp += reclen; /* it is a hole; squish it out */
if (cookie)
Index: src/sys/compat/ibcs2/ibcs2_misc.c
diff -u src/sys/compat/ibcs2/ibcs2_misc.c:1.111 src/sys/compat/ibcs2/ibcs2_misc.c:1.111.22.1
--- src/sys/compat/ibcs2/ibcs2_misc.c:1.111 Thu Jun 24 13:03:06 2010
+++ src/sys/compat/ibcs2/ibcs2_misc.c Sat Aug 19 04:19:58 2017
@@ -1,4 +1,4 @@
-/* $N
CVS commit: [netbsd-6-0] src/sys/compat
Module Name:src
Committed By: snj
Date: Sat Aug 19 04:19:56 UTC 2017
Modified Files:
src/sys/compat/common [netbsd-6-0]: vfs_syscalls_12.c vfs_syscalls_43.c
src/sys/compat/ibcs2 [netbsd-6-0]: ibcs2_misc.c
src/sys/compat/linux/common [netbsd-6-0]: linux_file64.c linux_misc.c
src/sys/compat/linux32/common [netbsd-6-0]: linux32_dirent.c
src/sys/compat/osf1 [netbsd-6-0]: osf1_file.c
src/sys/compat/sunos [netbsd-6-0]: sunos_misc.c
src/sys/compat/sunos32 [netbsd-6-0]: sunos32_misc.c
src/sys/compat/svr4 [netbsd-6-0]: svr4_misc.c
src/sys/compat/svr4_32 [netbsd-6-0]: svr4_32_misc.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1483):
sys/compat/common/vfs_syscalls_12.c: revision 1.34
sys/compat/svr4_32/svr4_32_misc.c: revision 1.78
sys/compat/sunos32/sunos32_misc.c: revision 1.78
sys/compat/linux/common/linux_misc.c: revision 1.239
sys/compat/osf1/osf1_file.c: revision 1.44
sys/compat/common/vfs_syscalls_43.c: revision 1.60
sys/compat/svr4/svr4_misc.c: revision 1.158
sys/compat/ibcs2/ibcs2_misc.c: revision 1.114
sys/compat/linux/common/linux_file64.c: revision 1.59
sys/compat/linux32/common/linux32_dirent.c: revision 1.18
sys/compat/sunos/sunos_misc.c: revision 1.171
Fail, don't panic, on bad dirents from file system.
Controllable via puffs from userland.
>From Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.29.18.1 -r1.29.18.2 src/sys/compat/common/vfs_syscalls_12.c
cvs rdiff -u -r1.54.20.2 -r1.54.20.3 src/sys/compat/common/vfs_syscalls_43.c
cvs rdiff -u -r1.111 -r1.111.20.1 src/sys/compat/ibcs2/ibcs2_misc.c
cvs rdiff -u -r1.53 -r1.53.14.1 src/sys/compat/linux/common/linux_file64.c
cvs rdiff -u -r1.219 -r1.219.14.1 src/sys/compat/linux/common/linux_misc.c
cvs rdiff -u -r1.13 -r1.13.14.1 \
src/sys/compat/linux32/common/linux32_dirent.c
cvs rdiff -u -r1.41.14.1 -r1.41.14.2 src/sys/compat/osf1/osf1_file.c
cvs rdiff -u -r1.168 -r1.168.20.1 src/sys/compat/sunos/sunos_misc.c
cvs rdiff -u -r1.74 -r1.74.8.1 src/sys/compat/sunos32/sunos32_misc.c
cvs rdiff -u -r1.155 -r1.155.14.1 src/sys/compat/svr4/svr4_misc.c
cvs rdiff -u -r1.74 -r1.74.14.1 src/sys/compat/svr4_32/svr4_32_misc.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/compat/common/vfs_syscalls_12.c
diff -u src/sys/compat/common/vfs_syscalls_12.c:1.29.18.1 src/sys/compat/common/vfs_syscalls_12.c:1.29.18.2
--- src/sys/compat/common/vfs_syscalls_12.c:1.29.18.1 Sat Aug 12 16:20:59 2017
+++ src/sys/compat/common/vfs_syscalls_12.c Sat Aug 19 04:19:55 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: vfs_syscalls_12.c,v 1.29.18.1 2017/08/12 16:20:59 snj Exp $ */
+/* $NetBSD: vfs_syscalls_12.c,v 1.29.18.2 2017/08/19 04:19:55 snj Exp $ */
/*
* Copyright (c) 1989, 1993
@@ -37,7 +37,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_12.c,v 1.29.18.1 2017/08/12 16:20:59 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_12.c,v 1.29.18.2 2017/08/19 04:19:55 snj Exp $");
#include
#include
@@ -171,8 +171,10 @@ again:
for (cookie = cookiebuf; len > 0; len -= reclen) {
bdp = (struct dirent *)inp;
reclen = bdp->d_reclen;
- if (reclen & 3)
- panic(__func__);
+ if (reclen & 3) {
+ error = EIO;
+ goto out;
+ }
if (bdp->d_fileno == 0) {
inp += reclen; /* it is a hole; squish it out */
if (cookie)
Index: src/sys/compat/common/vfs_syscalls_43.c
diff -u src/sys/compat/common/vfs_syscalls_43.c:1.54.20.2 src/sys/compat/common/vfs_syscalls_43.c:1.54.20.3
--- src/sys/compat/common/vfs_syscalls_43.c:1.54.20.2 Sat Aug 12 16:20:59 2017
+++ src/sys/compat/common/vfs_syscalls_43.c Sat Aug 19 04:19:55 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: vfs_syscalls_43.c,v 1.54.20.2 2017/08/12 16:20:59 snj Exp $ */
+/* $NetBSD: vfs_syscalls_43.c,v 1.54.20.3 2017/08/19 04:19:55 snj Exp $ */
/*
* Copyright (c) 1989, 1993
@@ -37,7 +37,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_43.c,v 1.54.20.2 2017/08/12 16:20:59 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_43.c,v 1.54.20.3 2017/08/19 04:19:55 snj Exp $");
#if defined(_KERNEL_OPT)
#include "opt_compat_netbsd.h"
@@ -448,8 +448,10 @@ again:
for (cookie = cookiebuf; len > 0; len -= reclen) {
bdp = (struct dirent *)inp;
reclen = bdp->d_reclen;
- if (reclen & 3)
- panic(__func__);
+ if (reclen & 3) {
+ error = EIO;
+ goto out;
+ }
if (bdp->d_fileno == 0) {
inp += reclen; /* it is a hole; squish it out */
if (cookie)
Index: src/sys/compat/ibcs2/ibcs2_misc.c
diff -u src/sys/compat/ibcs2/ibcs2_misc.c:1.111 src/sys/compat/ibcs2/ibcs2_misc.c:1.111.20.1
--- src/sys/compat/ibcs2/ibcs2_misc.c:1.111 Thu Jun 24 13:03:06 2010
+++ src/sys/compat/ibcs2/ibcs2_misc.c Sat Aug 19 04:19:55 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ibcs2_misc.c,v 1.111 2010/06/24 13:0
CVS commit: [netbsd-6-0] src/sys/kern
Module Name:src
Committed By: snj
Date: Sat Aug 19 04:17:08 UTC 2017
Modified Files:
src/sys/kern [netbsd-6-0]: vfs_getcwd.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1482):
sys/kern/vfs_getcwd.c: revision 1.52
Don't walk off the end of the dirent buffer.
>From Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.47.20.1 src/sys/kern/vfs_getcwd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/vfs_getcwd.c
diff -u src/sys/kern/vfs_getcwd.c:1.47 src/sys/kern/vfs_getcwd.c:1.47.20.1
--- src/sys/kern/vfs_getcwd.c:1.47 Tue Nov 30 10:30:02 2010
+++ src/sys/kern/vfs_getcwd.c Sat Aug 19 04:17:08 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: vfs_getcwd.c,v 1.47 2010/11/30 10:30:02 dholland Exp $ */
+/* $NetBSD: vfs_getcwd.c,v 1.47.20.1 2017/08/19 04:17:08 snj Exp $ */
/*-
* Copyright (c) 1999 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: vfs_getcwd.c,v 1.47 2010/11/30 10:30:02 dholland Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_getcwd.c,v 1.47.20.1 2017/08/19 04:17:08 snj Exp $");
#include
#include
@@ -207,7 +207,8 @@ unionread:
reclen = dp->d_reclen;
/* check for malformed directory.. */
-if (reclen < _DIRENT_MINSIZE(dp)) {
+if (reclen < _DIRENT_MINSIZE(dp) ||
+reclen > len) {
error = EINVAL;
goto out;
}
CVS commit: [netbsd-6] src/sys/kern
Module Name:src
Committed By: snj
Date: Sat Aug 19 04:17:11 UTC 2017
Modified Files:
src/sys/kern [netbsd-6]: vfs_getcwd.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1482):
sys/kern/vfs_getcwd.c: revision 1.52
Don't walk off the end of the dirent buffer.
>From Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.47.14.1 src/sys/kern/vfs_getcwd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/vfs_getcwd.c
diff -u src/sys/kern/vfs_getcwd.c:1.47 src/sys/kern/vfs_getcwd.c:1.47.14.1
--- src/sys/kern/vfs_getcwd.c:1.47 Tue Nov 30 10:30:02 2010
+++ src/sys/kern/vfs_getcwd.c Sat Aug 19 04:17:11 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: vfs_getcwd.c,v 1.47 2010/11/30 10:30:02 dholland Exp $ */
+/* $NetBSD: vfs_getcwd.c,v 1.47.14.1 2017/08/19 04:17:11 snj Exp $ */
/*-
* Copyright (c) 1999 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: vfs_getcwd.c,v 1.47 2010/11/30 10:30:02 dholland Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_getcwd.c,v 1.47.14.1 2017/08/19 04:17:11 snj Exp $");
#include
#include
@@ -207,7 +207,8 @@ unionread:
reclen = dp->d_reclen;
/* check for malformed directory.. */
-if (reclen < _DIRENT_MINSIZE(dp)) {
+if (reclen < _DIRENT_MINSIZE(dp) ||
+reclen > len) {
error = EINVAL;
goto out;
}
CVS commit: [netbsd-6-1] src/sys/kern
Module Name:src
Committed By: snj
Date: Sat Aug 19 04:17:10 UTC 2017
Modified Files:
src/sys/kern [netbsd-6-1]: vfs_getcwd.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1482):
sys/kern/vfs_getcwd.c: revision 1.52
Don't walk off the end of the dirent buffer.
>From Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.47.22.1 src/sys/kern/vfs_getcwd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/vfs_getcwd.c
diff -u src/sys/kern/vfs_getcwd.c:1.47 src/sys/kern/vfs_getcwd.c:1.47.22.1
--- src/sys/kern/vfs_getcwd.c:1.47 Tue Nov 30 10:30:02 2010
+++ src/sys/kern/vfs_getcwd.c Sat Aug 19 04:17:10 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: vfs_getcwd.c,v 1.47 2010/11/30 10:30:02 dholland Exp $ */
+/* $NetBSD: vfs_getcwd.c,v 1.47.22.1 2017/08/19 04:17:10 snj Exp $ */
/*-
* Copyright (c) 1999 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: vfs_getcwd.c,v 1.47 2010/11/30 10:30:02 dholland Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_getcwd.c,v 1.47.22.1 2017/08/19 04:17:10 snj Exp $");
#include
#include
@@ -207,7 +207,8 @@ unionread:
reclen = dp->d_reclen;
/* check for malformed directory.. */
-if (reclen < _DIRENT_MINSIZE(dp)) {
+if (reclen < _DIRENT_MINSIZE(dp) ||
+reclen > len) {
error = EINVAL;
goto out;
}
CVS commit: [netbsd-6-0] src/sys/compat/ibcs2
Module Name:src
Committed By: snj
Date: Sat Aug 19 04:13:48 UTC 2017
Modified Files:
src/sys/compat/ibcs2 [netbsd-6-0]: ibcs2_exec_coff.c ibcs2_ioctl.c
ibcs2_stat.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1481):
sys/compat/ibcs2/ibcs2_exec_coff.c: 1.27-1.29
sys/compat/ibcs2/ibcs2_ioctl.c: 1.46
sys/compat/ibcs2/ibcs2_stat.c: 1.49-1.50
Check for NUL termination within the buffer we have.
>From Ilja Van Sprundel.
--
Make sure we have enough space in the buffer before reading it.
>From Ilja Van Sprundel.
--
Make sure we move forward over the buffer.
>From Ilja Van Sprundel.
--
Zero buffers in ibcs2 ioctl to avoid disclosing stack to userland.
>From Ilja Van Sprundel.
--
Don't drop vnode ref until we're done with mount in ibcs2_stat(v)fs.
Nothing else guarantees the mount will stick around.
>From Ilja Van Sprundel.
--
Little happy on the commit trigger. Actually use the out label.
To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.25.20.1 src/sys/compat/ibcs2/ibcs2_exec_coff.c
cvs rdiff -u -r1.45 -r1.45.42.1 src/sys/compat/ibcs2/ibcs2_ioctl.c
cvs rdiff -u -r1.47 -r1.47.24.1 src/sys/compat/ibcs2/ibcs2_stat.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/compat/ibcs2/ibcs2_exec_coff.c
diff -u src/sys/compat/ibcs2/ibcs2_exec_coff.c:1.25 src/sys/compat/ibcs2/ibcs2_exec_coff.c:1.25.20.1
--- src/sys/compat/ibcs2/ibcs2_exec_coff.c:1.25 Thu Jul 22 03:19:02 2010
+++ src/sys/compat/ibcs2/ibcs2_exec_coff.c Sat Aug 19 04:13:48 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ibcs2_exec_coff.c,v 1.25 2010/07/22 03:19:02 christos Exp $ */
+/* $NetBSD: ibcs2_exec_coff.c,v 1.25.20.1 2017/08/19 04:13:48 snj Exp $ */
/*
* Copyright (c) 1994, 1995, 1998 Scott Bartram
@@ -35,7 +35,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: ibcs2_exec_coff.c,v 1.25 2010/07/22 03:19:02 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ibcs2_exec_coff.c,v 1.25.20.1 2017/08/19 04:13:48 snj Exp $");
#include
#include
@@ -454,6 +454,10 @@ exec_ibcs2_coff_prep_zmagic(struct lwp *
}
bufp = tbuf;
while (len) {
+ if (len < sizeof(struct coff_slhdr)) {
+free(tbuf, M_TEMP);
+return ENOEXEC;
+ }
slhdr = (struct coff_slhdr *)bufp;
if (slhdr->path_index > LONG_MAX / sizeof(long) ||
@@ -465,7 +469,9 @@ exec_ibcs2_coff_prep_zmagic(struct lwp *
path_index = slhdr->path_index * sizeof(long);
entry_len = slhdr->entry_len * sizeof(long);
- if (entry_len > len) {
+ if (entry_len < sizeof(struct coff_slhdr) ||
+ entry_len > len ||
+ strnlen(slhdr->sl_name, entry_len) == entry_len) {
free(tbuf, M_TEMP);
return ENOEXEC;
}
Index: src/sys/compat/ibcs2/ibcs2_ioctl.c
diff -u src/sys/compat/ibcs2/ibcs2_ioctl.c:1.45 src/sys/compat/ibcs2/ibcs2_ioctl.c:1.45.42.1
--- src/sys/compat/ibcs2/ibcs2_ioctl.c:1.45 Tue Jun 24 10:03:17 2008
+++ src/sys/compat/ibcs2/ibcs2_ioctl.c Sat Aug 19 04:13:48 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ibcs2_ioctl.c,v 1.45 2008/06/24 10:03:17 gmcgarry Exp $ */
+/* $NetBSD: ibcs2_ioctl.c,v 1.45.42.1 2017/08/19 04:13:48 snj Exp $ */
/*
* Copyright (c) 1994, 1995 Scott Bartram
@@ -27,7 +27,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: ibcs2_ioctl.c,v 1.45 2008/06/24 10:03:17 gmcgarry Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ibcs2_ioctl.c,v 1.45.42.1 2017/08/19 04:13:48 snj Exp $");
#include
#include
@@ -402,8 +402,10 @@ ibcs2_sys_ioctl(struct lwp *l, const str
if ((error = (*ctl)(fp, TIOCGETA, &bts)) != 0)
goto out;
+ memset(&sts, 0, sizeof(sts));
btios2stios(&bts, &sts);
if (SCARG(uap, cmd) == IBCS2_TCGETA) {
+ memset(&st, 0, sizeof(st));
stios2stio(&sts, &st);
error = copyout(&st, SCARG(uap, data), sizeof(st));
if (error)
@@ -559,6 +561,7 @@ ibcs2_sys_gtty(struct lwp *l, const stru
fd_putfile(SCARG(uap, fd));
+ memset(&itb, 0, sizeof(itb));
itb.sg_ispeed = tb.sg_ispeed;
itb.sg_ospeed = tb.sg_ospeed;
itb.sg_erase = tb.sg_erase;
Index: src/sys/compat/ibcs2/ibcs2_stat.c
diff -u src/sys/compat/ibcs2/ibcs2_stat.c:1.47 src/sys/compat/ibcs2/ibcs2_stat.c:1.47.24.1
--- src/sys/compat/ibcs2/ibcs2_stat.c:1.47 Mon Jun 29 05:08:16 2009
+++ src/sys/compat/ibcs2/ibcs2_stat.c Sat Aug 19 04:13:48 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ibcs2_stat.c,v 1.47 2009/06/29 05:08:16 dholland Exp $ */
+/* $NetBSD: ibcs2_stat.c,v 1.47.24.1 2017/08/19 04:13:48 snj Exp $ */
/*
* Copyright (c) 1995, 1998 Scott Bartram
* All rights reserved.
@@ -27,7 +27,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: ibcs2_stat.c,v 1.47 2009/06/29 05:08:16 dholland Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ibcs2_stat.c,v 1.47.24.1 2017/08/19 04:13:48 snj Exp $");
#include
#include
@@ -147,11 +147,13 @@ ibcs2_sys_statfs(struct lwp *l, const st
return (error);
mp = vp->v_mount;
sp = &mp->mnt_stat;
- vrele(vp);
if ((error = VFS_STATVFS(mp, sp)) != 0)
- return (error);
CVS commit: [netbsd-6-1] src/sys/compat/ibcs2
Module Name:src
Committed By: snj
Date: Sat Aug 19 04:13:50 UTC 2017
Modified Files:
src/sys/compat/ibcs2 [netbsd-6-1]: ibcs2_exec_coff.c ibcs2_ioctl.c
ibcs2_stat.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1481):
sys/compat/ibcs2/ibcs2_exec_coff.c: 1.27-1.29
sys/compat/ibcs2/ibcs2_ioctl.c: 1.46
sys/compat/ibcs2/ibcs2_stat.c: 1.49-1.50
Check for NUL termination within the buffer we have.
>From Ilja Van Sprundel.
--
Make sure we have enough space in the buffer before reading it.
>From Ilja Van Sprundel.
--
Make sure we move forward over the buffer.
>From Ilja Van Sprundel.
--
Zero buffers in ibcs2 ioctl to avoid disclosing stack to userland.
>From Ilja Van Sprundel.
--
Don't drop vnode ref until we're done with mount in ibcs2_stat(v)fs.
Nothing else guarantees the mount will stick around.
>From Ilja Van Sprundel.
--
Little happy on the commit trigger. Actually use the out label.
To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.25.28.1 src/sys/compat/ibcs2/ibcs2_exec_coff.c
cvs rdiff -u -r1.45 -r1.45.52.1 src/sys/compat/ibcs2/ibcs2_ioctl.c
cvs rdiff -u -r1.47 -r1.47.32.1 src/sys/compat/ibcs2/ibcs2_stat.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/compat/ibcs2/ibcs2_exec_coff.c
diff -u src/sys/compat/ibcs2/ibcs2_exec_coff.c:1.25 src/sys/compat/ibcs2/ibcs2_exec_coff.c:1.25.28.1
--- src/sys/compat/ibcs2/ibcs2_exec_coff.c:1.25 Thu Jul 22 03:19:02 2010
+++ src/sys/compat/ibcs2/ibcs2_exec_coff.c Sat Aug 19 04:13:50 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ibcs2_exec_coff.c,v 1.25 2010/07/22 03:19:02 christos Exp $ */
+/* $NetBSD: ibcs2_exec_coff.c,v 1.25.28.1 2017/08/19 04:13:50 snj Exp $ */
/*
* Copyright (c) 1994, 1995, 1998 Scott Bartram
@@ -35,7 +35,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: ibcs2_exec_coff.c,v 1.25 2010/07/22 03:19:02 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ibcs2_exec_coff.c,v 1.25.28.1 2017/08/19 04:13:50 snj Exp $");
#include
#include
@@ -454,6 +454,10 @@ exec_ibcs2_coff_prep_zmagic(struct lwp *
}
bufp = tbuf;
while (len) {
+ if (len < sizeof(struct coff_slhdr)) {
+free(tbuf, M_TEMP);
+return ENOEXEC;
+ }
slhdr = (struct coff_slhdr *)bufp;
if (slhdr->path_index > LONG_MAX / sizeof(long) ||
@@ -465,7 +469,9 @@ exec_ibcs2_coff_prep_zmagic(struct lwp *
path_index = slhdr->path_index * sizeof(long);
entry_len = slhdr->entry_len * sizeof(long);
- if (entry_len > len) {
+ if (entry_len < sizeof(struct coff_slhdr) ||
+ entry_len > len ||
+ strnlen(slhdr->sl_name, entry_len) == entry_len) {
free(tbuf, M_TEMP);
return ENOEXEC;
}
Index: src/sys/compat/ibcs2/ibcs2_ioctl.c
diff -u src/sys/compat/ibcs2/ibcs2_ioctl.c:1.45 src/sys/compat/ibcs2/ibcs2_ioctl.c:1.45.52.1
--- src/sys/compat/ibcs2/ibcs2_ioctl.c:1.45 Tue Jun 24 10:03:17 2008
+++ src/sys/compat/ibcs2/ibcs2_ioctl.c Sat Aug 19 04:13:50 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ibcs2_ioctl.c,v 1.45 2008/06/24 10:03:17 gmcgarry Exp $ */
+/* $NetBSD: ibcs2_ioctl.c,v 1.45.52.1 2017/08/19 04:13:50 snj Exp $ */
/*
* Copyright (c) 1994, 1995 Scott Bartram
@@ -27,7 +27,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: ibcs2_ioctl.c,v 1.45 2008/06/24 10:03:17 gmcgarry Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ibcs2_ioctl.c,v 1.45.52.1 2017/08/19 04:13:50 snj Exp $");
#include
#include
@@ -402,8 +402,10 @@ ibcs2_sys_ioctl(struct lwp *l, const str
if ((error = (*ctl)(fp, TIOCGETA, &bts)) != 0)
goto out;
+ memset(&sts, 0, sizeof(sts));
btios2stios(&bts, &sts);
if (SCARG(uap, cmd) == IBCS2_TCGETA) {
+ memset(&st, 0, sizeof(st));
stios2stio(&sts, &st);
error = copyout(&st, SCARG(uap, data), sizeof(st));
if (error)
@@ -559,6 +561,7 @@ ibcs2_sys_gtty(struct lwp *l, const stru
fd_putfile(SCARG(uap, fd));
+ memset(&itb, 0, sizeof(itb));
itb.sg_ispeed = tb.sg_ispeed;
itb.sg_ospeed = tb.sg_ospeed;
itb.sg_erase = tb.sg_erase;
Index: src/sys/compat/ibcs2/ibcs2_stat.c
diff -u src/sys/compat/ibcs2/ibcs2_stat.c:1.47 src/sys/compat/ibcs2/ibcs2_stat.c:1.47.32.1
--- src/sys/compat/ibcs2/ibcs2_stat.c:1.47 Mon Jun 29 05:08:16 2009
+++ src/sys/compat/ibcs2/ibcs2_stat.c Sat Aug 19 04:13:50 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ibcs2_stat.c,v 1.47 2009/06/29 05:08:16 dholland Exp $ */
+/* $NetBSD: ibcs2_stat.c,v 1.47.32.1 2017/08/19 04:13:50 snj Exp $ */
/*
* Copyright (c) 1995, 1998 Scott Bartram
* All rights reserved.
@@ -27,7 +27,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: ibcs2_stat.c,v 1.47 2009/06/29 05:08:16 dholland Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ibcs2_stat.c,v 1.47.32.1 2017/08/19 04:13:50 snj Exp $");
#include
#include
@@ -147,11 +147,13 @@ ibcs2_sys_statfs(struct lwp *l, const st
return (error);
mp = vp->v_mount;
sp = &mp->mnt_stat;
- vrele(vp);
if ((error = VFS_STATVFS(mp, sp)) != 0)
- return (error);
CVS commit: [netbsd-6] src/sys/compat/ibcs2
Module Name:src
Committed By: snj
Date: Sat Aug 19 04:13:52 UTC 2017
Modified Files:
src/sys/compat/ibcs2 [netbsd-6]: ibcs2_exec_coff.c ibcs2_ioctl.c
ibcs2_stat.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1481):
sys/compat/ibcs2/ibcs2_exec_coff.c: 1.27-1.29
sys/compat/ibcs2/ibcs2_ioctl.c: 1.46
sys/compat/ibcs2/ibcs2_stat.c: 1.49-1.50
Check for NUL termination within the buffer we have.
>From Ilja Van Sprundel.
--
Make sure we have enough space in the buffer before reading it.
>From Ilja Van Sprundel.
--
Make sure we move forward over the buffer.
>From Ilja Van Sprundel.
--
Zero buffers in ibcs2 ioctl to avoid disclosing stack to userland.
>From Ilja Van Sprundel.
--
Don't drop vnode ref until we're done with mount in ibcs2_stat(v)fs.
Nothing else guarantees the mount will stick around.
>From Ilja Van Sprundel.
--
Little happy on the commit trigger. Actually use the out label.
To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.25.14.1 src/sys/compat/ibcs2/ibcs2_exec_coff.c
cvs rdiff -u -r1.45 -r1.45.36.1 src/sys/compat/ibcs2/ibcs2_ioctl.c
cvs rdiff -u -r1.47 -r1.47.18.1 src/sys/compat/ibcs2/ibcs2_stat.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/compat/ibcs2/ibcs2_exec_coff.c
diff -u src/sys/compat/ibcs2/ibcs2_exec_coff.c:1.25 src/sys/compat/ibcs2/ibcs2_exec_coff.c:1.25.14.1
--- src/sys/compat/ibcs2/ibcs2_exec_coff.c:1.25 Thu Jul 22 03:19:02 2010
+++ src/sys/compat/ibcs2/ibcs2_exec_coff.c Sat Aug 19 04:13:51 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ibcs2_exec_coff.c,v 1.25 2010/07/22 03:19:02 christos Exp $ */
+/* $NetBSD: ibcs2_exec_coff.c,v 1.25.14.1 2017/08/19 04:13:51 snj Exp $ */
/*
* Copyright (c) 1994, 1995, 1998 Scott Bartram
@@ -35,7 +35,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: ibcs2_exec_coff.c,v 1.25 2010/07/22 03:19:02 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ibcs2_exec_coff.c,v 1.25.14.1 2017/08/19 04:13:51 snj Exp $");
#include
#include
@@ -454,6 +454,10 @@ exec_ibcs2_coff_prep_zmagic(struct lwp *
}
bufp = tbuf;
while (len) {
+ if (len < sizeof(struct coff_slhdr)) {
+free(tbuf, M_TEMP);
+return ENOEXEC;
+ }
slhdr = (struct coff_slhdr *)bufp;
if (slhdr->path_index > LONG_MAX / sizeof(long) ||
@@ -465,7 +469,9 @@ exec_ibcs2_coff_prep_zmagic(struct lwp *
path_index = slhdr->path_index * sizeof(long);
entry_len = slhdr->entry_len * sizeof(long);
- if (entry_len > len) {
+ if (entry_len < sizeof(struct coff_slhdr) ||
+ entry_len > len ||
+ strnlen(slhdr->sl_name, entry_len) == entry_len) {
free(tbuf, M_TEMP);
return ENOEXEC;
}
Index: src/sys/compat/ibcs2/ibcs2_ioctl.c
diff -u src/sys/compat/ibcs2/ibcs2_ioctl.c:1.45 src/sys/compat/ibcs2/ibcs2_ioctl.c:1.45.36.1
--- src/sys/compat/ibcs2/ibcs2_ioctl.c:1.45 Tue Jun 24 10:03:17 2008
+++ src/sys/compat/ibcs2/ibcs2_ioctl.c Sat Aug 19 04:13:51 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ibcs2_ioctl.c,v 1.45 2008/06/24 10:03:17 gmcgarry Exp $ */
+/* $NetBSD: ibcs2_ioctl.c,v 1.45.36.1 2017/08/19 04:13:51 snj Exp $ */
/*
* Copyright (c) 1994, 1995 Scott Bartram
@@ -27,7 +27,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: ibcs2_ioctl.c,v 1.45 2008/06/24 10:03:17 gmcgarry Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ibcs2_ioctl.c,v 1.45.36.1 2017/08/19 04:13:51 snj Exp $");
#include
#include
@@ -402,8 +402,10 @@ ibcs2_sys_ioctl(struct lwp *l, const str
if ((error = (*ctl)(fp, TIOCGETA, &bts)) != 0)
goto out;
+ memset(&sts, 0, sizeof(sts));
btios2stios(&bts, &sts);
if (SCARG(uap, cmd) == IBCS2_TCGETA) {
+ memset(&st, 0, sizeof(st));
stios2stio(&sts, &st);
error = copyout(&st, SCARG(uap, data), sizeof(st));
if (error)
@@ -559,6 +561,7 @@ ibcs2_sys_gtty(struct lwp *l, const stru
fd_putfile(SCARG(uap, fd));
+ memset(&itb, 0, sizeof(itb));
itb.sg_ispeed = tb.sg_ispeed;
itb.sg_ospeed = tb.sg_ospeed;
itb.sg_erase = tb.sg_erase;
Index: src/sys/compat/ibcs2/ibcs2_stat.c
diff -u src/sys/compat/ibcs2/ibcs2_stat.c:1.47 src/sys/compat/ibcs2/ibcs2_stat.c:1.47.18.1
--- src/sys/compat/ibcs2/ibcs2_stat.c:1.47 Mon Jun 29 05:08:16 2009
+++ src/sys/compat/ibcs2/ibcs2_stat.c Sat Aug 19 04:13:51 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ibcs2_stat.c,v 1.47 2009/06/29 05:08:16 dholland Exp $ */
+/* $NetBSD: ibcs2_stat.c,v 1.47.18.1 2017/08/19 04:13:51 snj Exp $ */
/*
* Copyright (c) 1995, 1998 Scott Bartram
* All rights reserved.
@@ -27,7 +27,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: ibcs2_stat.c,v 1.47 2009/06/29 05:08:16 dholland Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ibcs2_stat.c,v 1.47.18.1 2017/08/19 04:13:51 snj Exp $");
#include
#include
@@ -147,11 +147,13 @@ ibcs2_sys_statfs(struct lwp *l, const st
return (error);
mp = vp->v_mount;
sp = &mp->mnt_stat;
- vrele(vp);
if ((error = VFS_STATVFS(mp, sp)) != 0)
- return (error);
+
CVS commit: [netbsd-6] src/sys/compat/svr4_32
Module Name:src Committed By: snj Date: Sat Aug 19 04:02:49 UTC 2017 Modified Files: src/sys/compat/svr4_32 [netbsd-6]: svr4_32_signal.c Log Message: Pull up following revision(s) (requested by martin in ticket #1481): sys/compat/svr4_32/svr4_32_signal.c: 1.30 make it compile again. To generate a diff of this commit: cvs rdiff -u -r1.26.40.1 -r1.26.40.2 src/sys/compat/svr4_32/svr4_32_signal.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/compat/svr4_32/svr4_32_signal.c diff -u src/sys/compat/svr4_32/svr4_32_signal.c:1.26.40.1 src/sys/compat/svr4_32/svr4_32_signal.c:1.26.40.2 --- src/sys/compat/svr4_32/svr4_32_signal.c:1.26.40.1 Sat Aug 19 03:40:50 2017 +++ src/sys/compat/svr4_32/svr4_32_signal.c Sat Aug 19 04:02:49 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: svr4_32_signal.c,v 1.26.40.1 2017/08/19 03:40:50 snj Exp $ */ +/* $NetBSD: svr4_32_signal.c,v 1.26.40.2 2017/08/19 04:02:49 snj Exp $ */ /*- * Copyright (c) 1994, 1998 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: svr4_32_signal.c,v 1.26.40.1 2017/08/19 03:40:50 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: svr4_32_signal.c,v 1.26.40.2 2017/08/19 04:02:49 snj Exp $"); #if defined(_KERNEL_OPT) #include "opt_compat_svr4.h" @@ -397,16 +397,16 @@ svr4_32_sys_signal(struct lwp *l, const nbsa.sa_handler = (sig_t)SCARG(uap, handler); sigemptyset(&nbsa.sa_mask); nbsa.sa_flags = 0; - error = sigaction1(l, signum, &nbsa, &obsa, NULL, 0); + error = sigaction1(l, native_signo, &nbsa, &obsa, NULL, 0); if (error) - return (error); + return error; *retval = (u_int)(u_long)obsa.sa_handler; - return (0); + return 0; case SVR4_SIGHOLD_MASK: sighold: sigemptyset(&ss); - sigaddset(&ss, signum); + sigaddset(&ss, native_signo); mutex_enter(p->p_lock); error = sigprocmask1(l, SIG_BLOCK, &ss, 0); mutex_exit(p->p_lock); @@ -414,7 +414,7 @@ svr4_32_sys_signal(struct lwp *l, const case SVR4_SIGRELSE_MASK: sigemptyset(&ss); - sigaddset(&ss, signum); + sigaddset(&ss, native_signo); mutex_enter(p->p_lock); error = sigprocmask1(l, SIG_UNBLOCK, &ss, 0); mutex_exit(p->p_lock); @@ -424,17 +424,17 @@ svr4_32_sys_signal(struct lwp *l, const nbsa.sa_handler = SIG_IGN; sigemptyset(&nbsa.sa_mask); nbsa.sa_flags = 0; - return (sigaction1(l, signum, &nbsa, 0, NULL, 0)); + return sigaction1(l, native_signo, &nbsa, 0, NULL, 0); case SVR4_SIGPAUSE_MASK: mutex_enter(p->p_lock); ss = l->l_sigmask; mutex_exit(p->p_lock); - sigdelset(&ss, signum); - return (sigsuspend1(l, &ss)); + sigdelset(&ss, native_signo); + return sigsuspend1(l, &ss); default: - return (ENOSYS); + return ENOSYS; } }
CVS commit: [netbsd-6-1] src/sys/compat/svr4_32
Module Name:src Committed By: snj Date: Sat Aug 19 04:02:22 UTC 2017 Modified Files: src/sys/compat/svr4_32 [netbsd-6-1]: svr4_32_signal.c Log Message: Pull up following revision(s) (requested by martin in ticket #1481): sys/compat/svr4_32/svr4_32_signal.c: 1.30 make it compile again. To generate a diff of this commit: cvs rdiff -u -r1.26.56.1 -r1.26.56.2 src/sys/compat/svr4_32/svr4_32_signal.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/compat/svr4_32/svr4_32_signal.c diff -u src/sys/compat/svr4_32/svr4_32_signal.c:1.26.56.1 src/sys/compat/svr4_32/svr4_32_signal.c:1.26.56.2 --- src/sys/compat/svr4_32/svr4_32_signal.c:1.26.56.1 Sat Aug 19 03:40:48 2017 +++ src/sys/compat/svr4_32/svr4_32_signal.c Sat Aug 19 04:02:22 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: svr4_32_signal.c,v 1.26.56.1 2017/08/19 03:40:48 snj Exp $ */ +/* $NetBSD: svr4_32_signal.c,v 1.26.56.2 2017/08/19 04:02:22 snj Exp $ */ /*- * Copyright (c) 1994, 1998 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: svr4_32_signal.c,v 1.26.56.1 2017/08/19 03:40:48 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: svr4_32_signal.c,v 1.26.56.2 2017/08/19 04:02:22 snj Exp $"); #if defined(_KERNEL_OPT) #include "opt_compat_svr4.h" @@ -397,16 +397,16 @@ svr4_32_sys_signal(struct lwp *l, const nbsa.sa_handler = (sig_t)SCARG(uap, handler); sigemptyset(&nbsa.sa_mask); nbsa.sa_flags = 0; - error = sigaction1(l, signum, &nbsa, &obsa, NULL, 0); + error = sigaction1(l, native_signo, &nbsa, &obsa, NULL, 0); if (error) - return (error); + return error; *retval = (u_int)(u_long)obsa.sa_handler; - return (0); + return 0; case SVR4_SIGHOLD_MASK: sighold: sigemptyset(&ss); - sigaddset(&ss, signum); + sigaddset(&ss, native_signo); mutex_enter(p->p_lock); error = sigprocmask1(l, SIG_BLOCK, &ss, 0); mutex_exit(p->p_lock); @@ -414,7 +414,7 @@ svr4_32_sys_signal(struct lwp *l, const case SVR4_SIGRELSE_MASK: sigemptyset(&ss); - sigaddset(&ss, signum); + sigaddset(&ss, native_signo); mutex_enter(p->p_lock); error = sigprocmask1(l, SIG_UNBLOCK, &ss, 0); mutex_exit(p->p_lock); @@ -424,17 +424,17 @@ svr4_32_sys_signal(struct lwp *l, const nbsa.sa_handler = SIG_IGN; sigemptyset(&nbsa.sa_mask); nbsa.sa_flags = 0; - return (sigaction1(l, signum, &nbsa, 0, NULL, 0)); + return sigaction1(l, native_signo, &nbsa, 0, NULL, 0); case SVR4_SIGPAUSE_MASK: mutex_enter(p->p_lock); ss = l->l_sigmask; mutex_exit(p->p_lock); - sigdelset(&ss, signum); - return (sigsuspend1(l, &ss)); + sigdelset(&ss, native_signo); + return sigsuspend1(l, &ss); default: - return (ENOSYS); + return ENOSYS; } }
CVS commit: [netbsd-6-0] src/sys/compat/svr4_32
Module Name:src Committed By: snj Date: Sat Aug 19 04:01:28 UTC 2017 Modified Files: src/sys/compat/svr4_32 [netbsd-6-0]: svr4_32_signal.c Log Message: Pull up following revision(s) (requested by martin in ticket #1481): sys/compat/svr4_32/svr4_32_signal.c: 1.30 make it compile again. To generate a diff of this commit: cvs rdiff -u -r1.26.46.1 -r1.26.46.2 src/sys/compat/svr4_32/svr4_32_signal.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/compat/svr4_32/svr4_32_signal.c diff -u src/sys/compat/svr4_32/svr4_32_signal.c:1.26.46.1 src/sys/compat/svr4_32/svr4_32_signal.c:1.26.46.2 --- src/sys/compat/svr4_32/svr4_32_signal.c:1.26.46.1 Sat Aug 19 03:40:46 2017 +++ src/sys/compat/svr4_32/svr4_32_signal.c Sat Aug 19 04:01:28 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: svr4_32_signal.c,v 1.26.46.1 2017/08/19 03:40:46 snj Exp $ */ +/* $NetBSD: svr4_32_signal.c,v 1.26.46.2 2017/08/19 04:01:28 snj Exp $ */ /*- * Copyright (c) 1994, 1998 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: svr4_32_signal.c,v 1.26.46.1 2017/08/19 03:40:46 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: svr4_32_signal.c,v 1.26.46.2 2017/08/19 04:01:28 snj Exp $"); #if defined(_KERNEL_OPT) #include "opt_compat_svr4.h" @@ -397,16 +397,16 @@ svr4_32_sys_signal(struct lwp *l, const nbsa.sa_handler = (sig_t)SCARG(uap, handler); sigemptyset(&nbsa.sa_mask); nbsa.sa_flags = 0; - error = sigaction1(l, signum, &nbsa, &obsa, NULL, 0); + error = sigaction1(l, native_signo, &nbsa, &obsa, NULL, 0); if (error) - return (error); + return error; *retval = (u_int)(u_long)obsa.sa_handler; - return (0); + return 0; case SVR4_SIGHOLD_MASK: sighold: sigemptyset(&ss); - sigaddset(&ss, signum); + sigaddset(&ss, native_signo); mutex_enter(p->p_lock); error = sigprocmask1(l, SIG_BLOCK, &ss, 0); mutex_exit(p->p_lock); @@ -414,7 +414,7 @@ svr4_32_sys_signal(struct lwp *l, const case SVR4_SIGRELSE_MASK: sigemptyset(&ss); - sigaddset(&ss, signum); + sigaddset(&ss, native_signo); mutex_enter(p->p_lock); error = sigprocmask1(l, SIG_UNBLOCK, &ss, 0); mutex_exit(p->p_lock); @@ -424,17 +424,17 @@ svr4_32_sys_signal(struct lwp *l, const nbsa.sa_handler = SIG_IGN; sigemptyset(&nbsa.sa_mask); nbsa.sa_flags = 0; - return (sigaction1(l, signum, &nbsa, 0, NULL, 0)); + return sigaction1(l, native_signo, &nbsa, 0, NULL, 0); case SVR4_SIGPAUSE_MASK: mutex_enter(p->p_lock); ss = l->l_sigmask; mutex_exit(p->p_lock); - sigdelset(&ss, signum); - return (sigsuspend1(l, &ss)); + sigdelset(&ss, native_signo); + return sigsuspend1(l, &ss); default: - return (ENOSYS); + return ENOSYS; } }
CVS commit: [netbsd-6-1] src/sys/dev
Module Name:src
Committed By: snj
Date: Sat Aug 19 03:49:59 UTC 2017
Modified Files:
src/sys/dev [netbsd-6-1]: vnd.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1480):
sys/dev/vnd.c: 1.260, 1.262 via patch
Put in a litany of judicious bounds checks around vnd headers.
Thought I was done with this crap after I rewrote vndcompress(1)!
>From Ilja Van Sprundel.
--
Appease toxic bullshit warning from gcc.
If you have a better way to write a useful bounds check that happens
to always pass on LP64 but doesn't always on LP32, without making it
fail to compile on LP64 or making it an #ifdef conditional on LP32,
please put it in here instead.
To generate a diff of this commit:
cvs rdiff -u -r1.219.8.2 -r1.219.8.2.6.1 src/sys/dev/vnd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/vnd.c
diff -u src/sys/dev/vnd.c:1.219.8.2 src/sys/dev/vnd.c:1.219.8.2.6.1
--- src/sys/dev/vnd.c:1.219.8.2 Thu Jul 5 18:12:46 2012
+++ src/sys/dev/vnd.c Sat Aug 19 03:49:59 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: vnd.c,v 1.219.8.2 2012/07/05 18:12:46 riz Exp $ */
+/* $NetBSD: vnd.c,v 1.219.8.2.6.1 2017/08/19 03:49:59 snj Exp $ */
/*-
* Copyright (c) 1996, 1997, 1998, 2008 The NetBSD Foundation, Inc.
@@ -91,7 +91,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: vnd.c,v 1.219.8.2 2012/07/05 18:12:46 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vnd.c,v 1.219.8.2.6.1 2017/08/19 03:49:59 snj Exp $");
#if defined(_KERNEL_OPT)
#include "opt_vnd.h"
@@ -1149,6 +1149,13 @@ vndioctl(dev_t dev, u_long cmd, void *da
VOP_UNLOCK(nd.ni_vp);
goto close_and_exit;
}
+
+ if (ntohl(ch->block_size) == 0 ||
+ ntohl(ch->num_blocks) > UINT32_MAX - 1) {
+free(ch, M_TEMP);
+VOP_UNLOCK(nd.ni_vp);
+goto close_and_exit;
+ }
/* save some header info */
vnd->sc_comp_blksz = ntohl(ch->block_size);
@@ -1161,20 +1168,40 @@ vndioctl(dev_t dev, u_long cmd, void *da
error = EINVAL;
goto close_and_exit;
}
- if (sizeof(struct vnd_comp_header) +
- sizeof(u_int64_t) * vnd->sc_comp_numoffs >
- vattr.va_size) {
+ KASSERT(0 < vnd->sc_comp_blksz);
+ KASSERT(0 < vnd->sc_comp_numoffs);
+ /*
+ * @#^@!$& gcc -Wtype-limits refuses to let me
+ * write SIZE_MAX/sizeof(uint64_t) < numoffs,
+ * because the range of the type on amd64 makes
+ * the comparisons always false.
+ */
+#if SIZE_MAX <= UINT32_MAX*(64/CHAR_BIT)
+ if (SIZE_MAX/sizeof(uint64_t) < vnd->sc_comp_numoffs) {
+VOP_UNLOCK(nd.ni_vp);
+error = EINVAL;
+goto close_and_exit;
+ }
+#endif
+ if ((vattr.va_size < sizeof(struct vnd_comp_header)) ||
+ (vattr.va_size - sizeof(struct vnd_comp_header) <
+sizeof(uint64_t)*vnd->sc_comp_numoffs) ||
+ (UQUAD_MAX/vnd->sc_comp_blksz <
+vnd->sc_comp_numoffs - 1)) {
VOP_UNLOCK(nd.ni_vp);
error = EINVAL;
goto close_and_exit;
}
/* set decompressed file size */
+ KASSERT(vnd->sc_comp_numoffs - 1 <=
+ UQUAD_MAX/vnd->sc_comp_blksz);
vattr.va_size =
((u_quad_t)vnd->sc_comp_numoffs - 1) *
(u_quad_t)vnd->sc_comp_blksz;
/* allocate space for all the compressed offsets */
+ __CTASSERT(UINT32_MAX <= UQUAD_MAX/sizeof(uint64_t));
vnd->sc_comp_offsets =
malloc(sizeof(u_int64_t) * vnd->sc_comp_numoffs,
M_DEVBUF, M_WAITOK);
CVS commit: [netbsd-6] src/sys/dev
Module Name:src
Committed By: snj
Date: Sat Aug 19 03:50:01 UTC 2017
Modified Files:
src/sys/dev [netbsd-6]: vnd.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1480):
sys/dev/vnd.c: 1.260, 1.262 via patch
Put in a litany of judicious bounds checks around vnd headers.
Thought I was done with this crap after I rewrote vndcompress(1)!
>From Ilja Van Sprundel.
--
Appease toxic bullshit warning from gcc.
If you have a better way to write a useful bounds check that happens
to always pass on LP64 but doesn't always on LP32, without making it
fail to compile on LP64 or making it an #ifdef conditional on LP32,
please put it in here instead.
To generate a diff of this commit:
cvs rdiff -u -r1.219.8.3 -r1.219.8.4 src/sys/dev/vnd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/vnd.c
diff -u src/sys/dev/vnd.c:1.219.8.3 src/sys/dev/vnd.c:1.219.8.4
--- src/sys/dev/vnd.c:1.219.8.3 Wed Feb 4 04:18:23 2015
+++ src/sys/dev/vnd.c Sat Aug 19 03:50:00 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: vnd.c,v 1.219.8.3 2015/02/04 04:18:23 snj Exp $ */
+/* $NetBSD: vnd.c,v 1.219.8.4 2017/08/19 03:50:00 snj Exp $ */
/*-
* Copyright (c) 1996, 1997, 1998, 2008 The NetBSD Foundation, Inc.
@@ -91,7 +91,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: vnd.c,v 1.219.8.3 2015/02/04 04:18:23 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vnd.c,v 1.219.8.4 2017/08/19 03:50:00 snj Exp $");
#if defined(_KERNEL_OPT)
#include "opt_vnd.h"
@@ -1167,6 +1167,13 @@ vndioctl(dev_t dev, u_long cmd, void *da
VOP_UNLOCK(nd.ni_vp);
goto close_and_exit;
}
+
+ if (ntohl(ch->block_size) == 0 ||
+ ntohl(ch->num_blocks) > UINT32_MAX - 1) {
+free(ch, M_TEMP);
+VOP_UNLOCK(nd.ni_vp);
+goto close_and_exit;
+ }
/* save some header info */
vnd->sc_comp_blksz = ntohl(ch->block_size);
@@ -1179,20 +1186,40 @@ vndioctl(dev_t dev, u_long cmd, void *da
error = EINVAL;
goto close_and_exit;
}
- if (sizeof(struct vnd_comp_header) +
- sizeof(u_int64_t) * vnd->sc_comp_numoffs >
- vattr.va_size) {
+ KASSERT(0 < vnd->sc_comp_blksz);
+ KASSERT(0 < vnd->sc_comp_numoffs);
+ /*
+ * @#^@!$& gcc -Wtype-limits refuses to let me
+ * write SIZE_MAX/sizeof(uint64_t) < numoffs,
+ * because the range of the type on amd64 makes
+ * the comparisons always false.
+ */
+#if SIZE_MAX <= UINT32_MAX*(64/CHAR_BIT)
+ if (SIZE_MAX/sizeof(uint64_t) < vnd->sc_comp_numoffs) {
+VOP_UNLOCK(nd.ni_vp);
+error = EINVAL;
+goto close_and_exit;
+ }
+#endif
+ if ((vattr.va_size < sizeof(struct vnd_comp_header)) ||
+ (vattr.va_size - sizeof(struct vnd_comp_header) <
+sizeof(uint64_t)*vnd->sc_comp_numoffs) ||
+ (UQUAD_MAX/vnd->sc_comp_blksz <
+vnd->sc_comp_numoffs - 1)) {
VOP_UNLOCK(nd.ni_vp);
error = EINVAL;
goto close_and_exit;
}
/* set decompressed file size */
+ KASSERT(vnd->sc_comp_numoffs - 1 <=
+ UQUAD_MAX/vnd->sc_comp_blksz);
vattr.va_size =
((u_quad_t)vnd->sc_comp_numoffs - 1) *
(u_quad_t)vnd->sc_comp_blksz;
/* allocate space for all the compressed offsets */
+ __CTASSERT(UINT32_MAX <= UQUAD_MAX/sizeof(uint64_t));
vnd->sc_comp_offsets =
malloc(sizeof(u_int64_t) * vnd->sc_comp_numoffs,
M_DEVBUF, M_WAITOK);
CVS commit: [netbsd-6-0] src/sys/dev
Module Name:src
Committed By: snj
Date: Sat Aug 19 03:49:57 UTC 2017
Modified Files:
src/sys/dev [netbsd-6-0]: vnd.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1480):
sys/dev/vnd.c: 1.260, 1.262 via patch
Put in a litany of judicious bounds checks around vnd headers.
Thought I was done with this crap after I rewrote vndcompress(1)!
>From Ilja Van Sprundel.
--
Appease toxic bullshit warning from gcc.
If you have a better way to write a useful bounds check that happens
to always pass on LP64 but doesn't always on LP32, without making it
fail to compile on LP64 or making it an #ifdef conditional on LP32,
please put it in here instead.
To generate a diff of this commit:
cvs rdiff -u -r1.219.8.2 -r1.219.8.2.4.1 src/sys/dev/vnd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/vnd.c
diff -u src/sys/dev/vnd.c:1.219.8.2 src/sys/dev/vnd.c:1.219.8.2.4.1
--- src/sys/dev/vnd.c:1.219.8.2 Thu Jul 5 18:12:46 2012
+++ src/sys/dev/vnd.c Sat Aug 19 03:49:57 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: vnd.c,v 1.219.8.2 2012/07/05 18:12:46 riz Exp $ */
+/* $NetBSD: vnd.c,v 1.219.8.2.4.1 2017/08/19 03:49:57 snj Exp $ */
/*-
* Copyright (c) 1996, 1997, 1998, 2008 The NetBSD Foundation, Inc.
@@ -91,7 +91,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: vnd.c,v 1.219.8.2 2012/07/05 18:12:46 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vnd.c,v 1.219.8.2.4.1 2017/08/19 03:49:57 snj Exp $");
#if defined(_KERNEL_OPT)
#include "opt_vnd.h"
@@ -1149,6 +1149,13 @@ vndioctl(dev_t dev, u_long cmd, void *da
VOP_UNLOCK(nd.ni_vp);
goto close_and_exit;
}
+
+ if (ntohl(ch->block_size) == 0 ||
+ ntohl(ch->num_blocks) > UINT32_MAX - 1) {
+free(ch, M_TEMP);
+VOP_UNLOCK(nd.ni_vp);
+goto close_and_exit;
+ }
/* save some header info */
vnd->sc_comp_blksz = ntohl(ch->block_size);
@@ -1161,20 +1168,40 @@ vndioctl(dev_t dev, u_long cmd, void *da
error = EINVAL;
goto close_and_exit;
}
- if (sizeof(struct vnd_comp_header) +
- sizeof(u_int64_t) * vnd->sc_comp_numoffs >
- vattr.va_size) {
+ KASSERT(0 < vnd->sc_comp_blksz);
+ KASSERT(0 < vnd->sc_comp_numoffs);
+ /*
+ * @#^@!$& gcc -Wtype-limits refuses to let me
+ * write SIZE_MAX/sizeof(uint64_t) < numoffs,
+ * because the range of the type on amd64 makes
+ * the comparisons always false.
+ */
+#if SIZE_MAX <= UINT32_MAX*(64/CHAR_BIT)
+ if (SIZE_MAX/sizeof(uint64_t) < vnd->sc_comp_numoffs) {
+VOP_UNLOCK(nd.ni_vp);
+error = EINVAL;
+goto close_and_exit;
+ }
+#endif
+ if ((vattr.va_size < sizeof(struct vnd_comp_header)) ||
+ (vattr.va_size - sizeof(struct vnd_comp_header) <
+sizeof(uint64_t)*vnd->sc_comp_numoffs) ||
+ (UQUAD_MAX/vnd->sc_comp_blksz <
+vnd->sc_comp_numoffs - 1)) {
VOP_UNLOCK(nd.ni_vp);
error = EINVAL;
goto close_and_exit;
}
/* set decompressed file size */
+ KASSERT(vnd->sc_comp_numoffs - 1 <=
+ UQUAD_MAX/vnd->sc_comp_blksz);
vattr.va_size =
((u_quad_t)vnd->sc_comp_numoffs - 1) *
(u_quad_t)vnd->sc_comp_blksz;
/* allocate space for all the compressed offsets */
+ __CTASSERT(UINT32_MAX <= UQUAD_MAX/sizeof(uint64_t));
vnd->sc_comp_offsets =
malloc(sizeof(u_int64_t) * vnd->sc_comp_numoffs,
M_DEVBUF, M_WAITOK);
CVS commit: [netbsd-6-0] src/sys/compat
Module Name:src
Committed By: snj
Date: Sat Aug 19 03:40:46 UTC 2017
Modified Files:
src/sys/compat/svr4 [netbsd-6-0]: svr4_lwp.c svr4_signal.c
svr4_stream.c
src/sys/compat/svr4_32 [netbsd-6-0]: svr4_32_signal.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1479):
sys/compat/svr4/svr4_lwp.c: 1.20
sys/compat/svr4/svr4_signal.c: 1.67
sys/compat/svr4/svr4_stream.c: 1.89-1.91 via patch
sys/compat/svr4_32/svr4_32_signal.c: 1.29
Fix some of the multitudinous holes in svr4 streams.
We should never have enabled this by default; it is a minefield.
>From Ilja Van Sprundel.
--
Zero stack data before copyout.
>From Ilja Van Sprundel.
--
Fix indexing of svr4 signals.
>From Ilja Van Sprundel.
--
Feebly attempt to get this reference counting less bad.
This svr4 streams code is bad and it should feel bad.
>From Ilja Van Sprundel.
--
Check bounds in svr4_sys_putmsg. Check more svr4_strmcmd bounds.
svr4 streams code is still a disaster.
>From Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.19.24.1 src/sys/compat/svr4/svr4_lwp.c
cvs rdiff -u -r1.65 -r1.65.16.1 src/sys/compat/svr4/svr4_signal.c
cvs rdiff -u -r1.79 -r1.79.14.1 src/sys/compat/svr4/svr4_stream.c
cvs rdiff -u -r1.26 -r1.26.46.1 src/sys/compat/svr4_32/svr4_32_signal.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/compat/svr4/svr4_lwp.c
diff -u src/sys/compat/svr4/svr4_lwp.c:1.19 src/sys/compat/svr4/svr4_lwp.c:1.19.24.1
--- src/sys/compat/svr4/svr4_lwp.c:1.19 Mon Nov 23 00:46:07 2009
+++ src/sys/compat/svr4/svr4_lwp.c Sat Aug 19 03:40:46 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: svr4_lwp.c,v 1.19 2009/11/23 00:46:07 rmind Exp $ */
+/* $NetBSD: svr4_lwp.c,v 1.19.24.1 2017/08/19 03:40:46 snj Exp $ */
/*-
* Copyright (c) 1999 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: svr4_lwp.c,v 1.19 2009/11/23 00:46:07 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: svr4_lwp.c,v 1.19.24.1 2017/08/19 03:40:46 snj Exp $");
#include
#include
@@ -108,6 +108,8 @@ svr4_sys__lwp_info(struct lwp *l, const
struct svr4_lwpinfo lwpinfo;
int error;
+ memset(&lwpinfo, 0, sizeof(lwpinfo));
+
/* XXX NJWLWP */
TIMEVAL_TO_TIMESPEC(&l->l_proc->p_stats->p_ru.ru_stime, &lwpinfo.lwp_stime);
TIMEVAL_TO_TIMESPEC(&l->l_proc->p_stats->p_ru.ru_utime, &lwpinfo.lwp_utime);
Index: src/sys/compat/svr4/svr4_signal.c
diff -u src/sys/compat/svr4/svr4_signal.c:1.65 src/sys/compat/svr4/svr4_signal.c:1.65.16.1
--- src/sys/compat/svr4/svr4_signal.c:1.65 Thu Feb 3 21:45:31 2011
+++ src/sys/compat/svr4/svr4_signal.c Sat Aug 19 03:40:46 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: svr4_signal.c,v 1.65 2011/02/03 21:45:31 joerg Exp $ */
+/* $NetBSD: svr4_signal.c,v 1.65.16.1 2017/08/19 03:40:46 snj Exp $ */
/*-
* Copyright (c) 1994, 1998 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: svr4_signal.c,v 1.65 2011/02/03 21:45:31 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: svr4_signal.c,v 1.65.16.1 2017/08/19 03:40:46 snj Exp $");
#include
#include
@@ -73,6 +73,21 @@ void native_to_svr4_sigaction(const stru
extern const int native_to_svr4_signo[];
extern const int svr4_to_native_signo[];
+static int
+svr4_decode_signum(int signum, int *native_signo, int *sigcall)
+{
+
+ if (SVR4_SIGNO(signum) >= SVR4_NSIG)
+ return EINVAL;
+
+ if (native_signo)
+ *native_signo = svr4_to_native_signo[SVR4_SIGNO(signum)];
+ if (sigcall)
+ *sigcall = SVR4_SIGCALL(signum);
+
+ return 0;
+}
+
static inline void
svr4_sigfillset(svr4_sigset_t *s)
{
@@ -174,6 +189,7 @@ svr4_sys_sigaction(struct lwp *l, const
} */
struct svr4_sigaction nssa, ossa;
struct sigaction nbsa, obsa;
+ int native_signo;
int error;
if (SCARG(uap, nsa)) {
@@ -182,7 +198,12 @@ svr4_sys_sigaction(struct lwp *l, const
return (error);
svr4_to_native_sigaction(&nssa, &nbsa);
}
- error = sigaction1(l, svr4_to_native_signo[SVR4_SIGNO(SCARG(uap, signum))],
+
+ error = svr4_decode_signum(SCARG(uap, signum), &native_signo, NULL);
+ if (error)
+ return error;
+
+ error = sigaction1(l, native_signo,
SCARG(uap, nsa) ? &nbsa : 0, SCARG(uap, osa) ? &obsa : 0,
NULL, 0);
if (error)
@@ -217,16 +238,18 @@ svr4_sys_signal(struct lwp *l, const str
syscallarg(int) signum;
syscallarg(svr4_sig_t) handler;
} */
- int signum = svr4_to_native_signo[SVR4_SIGNO(SCARG(uap, signum))];
+ int native_signo, sigcall;
struct proc *p = l->l_proc;
struct sigaction nbsa, obsa;
sigset_t ss;
int error;
- if (signum <= 0 || signum >= SVR4_NSIG)
- return (EINVAL);
+ error = svr4_decode_signum(SCARG(uap, signum), &native_signo,
+ &sigcall);
+ if (error)
+ return error;
- switch (SVR4_SIGCALL(SCARG(uap, signum))) {
+ switch (sigcall) {
case SVR4_SIGDEFER_MASK:
if (SCARG(uap, handler) == SVR4_SIG_HOLD)
CVS commit: [netbsd-6-1] src/sys/compat
Module Name:src
Committed By: snj
Date: Sat Aug 19 03:40:48 UTC 2017
Modified Files:
src/sys/compat/svr4 [netbsd-6-1]: svr4_lwp.c svr4_signal.c
svr4_stream.c
src/sys/compat/svr4_32 [netbsd-6-1]: svr4_32_signal.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1479):
sys/compat/svr4/svr4_lwp.c: 1.20
sys/compat/svr4/svr4_signal.c: 1.67
sys/compat/svr4/svr4_stream.c: 1.89-1.91 via patch
sys/compat/svr4_32/svr4_32_signal.c: 1.29
Fix some of the multitudinous holes in svr4 streams.
We should never have enabled this by default; it is a minefield.
>From Ilja Van Sprundel.
--
Zero stack data before copyout.
>From Ilja Van Sprundel.
--
Fix indexing of svr4 signals.
>From Ilja Van Sprundel.
--
Feebly attempt to get this reference counting less bad.
This svr4 streams code is bad and it should feel bad.
>From Ilja Van Sprundel.
--
Check bounds in svr4_sys_putmsg. Check more svr4_strmcmd bounds.
svr4 streams code is still a disaster.
>From Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.19.32.1 src/sys/compat/svr4/svr4_lwp.c
cvs rdiff -u -r1.65 -r1.65.24.1 src/sys/compat/svr4/svr4_signal.c
cvs rdiff -u -r1.79 -r1.79.22.1 src/sys/compat/svr4/svr4_stream.c
cvs rdiff -u -r1.26 -r1.26.56.1 src/sys/compat/svr4_32/svr4_32_signal.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/compat/svr4/svr4_lwp.c
diff -u src/sys/compat/svr4/svr4_lwp.c:1.19 src/sys/compat/svr4/svr4_lwp.c:1.19.32.1
--- src/sys/compat/svr4/svr4_lwp.c:1.19 Mon Nov 23 00:46:07 2009
+++ src/sys/compat/svr4/svr4_lwp.c Sat Aug 19 03:40:48 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: svr4_lwp.c,v 1.19 2009/11/23 00:46:07 rmind Exp $ */
+/* $NetBSD: svr4_lwp.c,v 1.19.32.1 2017/08/19 03:40:48 snj Exp $ */
/*-
* Copyright (c) 1999 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: svr4_lwp.c,v 1.19 2009/11/23 00:46:07 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: svr4_lwp.c,v 1.19.32.1 2017/08/19 03:40:48 snj Exp $");
#include
#include
@@ -108,6 +108,8 @@ svr4_sys__lwp_info(struct lwp *l, const
struct svr4_lwpinfo lwpinfo;
int error;
+ memset(&lwpinfo, 0, sizeof(lwpinfo));
+
/* XXX NJWLWP */
TIMEVAL_TO_TIMESPEC(&l->l_proc->p_stats->p_ru.ru_stime, &lwpinfo.lwp_stime);
TIMEVAL_TO_TIMESPEC(&l->l_proc->p_stats->p_ru.ru_utime, &lwpinfo.lwp_utime);
Index: src/sys/compat/svr4/svr4_signal.c
diff -u src/sys/compat/svr4/svr4_signal.c:1.65 src/sys/compat/svr4/svr4_signal.c:1.65.24.1
--- src/sys/compat/svr4/svr4_signal.c:1.65 Thu Feb 3 21:45:31 2011
+++ src/sys/compat/svr4/svr4_signal.c Sat Aug 19 03:40:48 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: svr4_signal.c,v 1.65 2011/02/03 21:45:31 joerg Exp $ */
+/* $NetBSD: svr4_signal.c,v 1.65.24.1 2017/08/19 03:40:48 snj Exp $ */
/*-
* Copyright (c) 1994, 1998 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: svr4_signal.c,v 1.65 2011/02/03 21:45:31 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: svr4_signal.c,v 1.65.24.1 2017/08/19 03:40:48 snj Exp $");
#include
#include
@@ -73,6 +73,21 @@ void native_to_svr4_sigaction(const stru
extern const int native_to_svr4_signo[];
extern const int svr4_to_native_signo[];
+static int
+svr4_decode_signum(int signum, int *native_signo, int *sigcall)
+{
+
+ if (SVR4_SIGNO(signum) >= SVR4_NSIG)
+ return EINVAL;
+
+ if (native_signo)
+ *native_signo = svr4_to_native_signo[SVR4_SIGNO(signum)];
+ if (sigcall)
+ *sigcall = SVR4_SIGCALL(signum);
+
+ return 0;
+}
+
static inline void
svr4_sigfillset(svr4_sigset_t *s)
{
@@ -174,6 +189,7 @@ svr4_sys_sigaction(struct lwp *l, const
} */
struct svr4_sigaction nssa, ossa;
struct sigaction nbsa, obsa;
+ int native_signo;
int error;
if (SCARG(uap, nsa)) {
@@ -182,7 +198,12 @@ svr4_sys_sigaction(struct lwp *l, const
return (error);
svr4_to_native_sigaction(&nssa, &nbsa);
}
- error = sigaction1(l, svr4_to_native_signo[SVR4_SIGNO(SCARG(uap, signum))],
+
+ error = svr4_decode_signum(SCARG(uap, signum), &native_signo, NULL);
+ if (error)
+ return error;
+
+ error = sigaction1(l, native_signo,
SCARG(uap, nsa) ? &nbsa : 0, SCARG(uap, osa) ? &obsa : 0,
NULL, 0);
if (error)
@@ -217,16 +238,18 @@ svr4_sys_signal(struct lwp *l, const str
syscallarg(int) signum;
syscallarg(svr4_sig_t) handler;
} */
- int signum = svr4_to_native_signo[SVR4_SIGNO(SCARG(uap, signum))];
+ int native_signo, sigcall;
struct proc *p = l->l_proc;
struct sigaction nbsa, obsa;
sigset_t ss;
int error;
- if (signum <= 0 || signum >= SVR4_NSIG)
- return (EINVAL);
+ error = svr4_decode_signum(SCARG(uap, signum), &native_signo,
+ &sigcall);
+ if (error)
+ return error;
- switch (SVR4_SIGCALL(SCARG(uap, signum))) {
+ switch (sigcall) {
case SVR4_SIGDEFER_MASK:
if (SCARG(uap, handler) == SVR4_SIG_HOLD)
CVS commit: [netbsd-6] src/sys/compat
Module Name:src
Committed By: snj
Date: Sat Aug 19 03:40:50 UTC 2017
Modified Files:
src/sys/compat/svr4 [netbsd-6]: svr4_lwp.c svr4_signal.c svr4_stream.c
src/sys/compat/svr4_32 [netbsd-6]: svr4_32_signal.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1479):
sys/compat/svr4/svr4_lwp.c: 1.20
sys/compat/svr4/svr4_signal.c: 1.67
sys/compat/svr4/svr4_stream.c: 1.89-1.91 via patch
sys/compat/svr4_32/svr4_32_signal.c: 1.29
Fix some of the multitudinous holes in svr4 streams.
We should never have enabled this by default; it is a minefield.
>From Ilja Van Sprundel.
--
Zero stack data before copyout.
>From Ilja Van Sprundel.
--
Fix indexing of svr4 signals.
>From Ilja Van Sprundel.
--
Feebly attempt to get this reference counting less bad.
This svr4 streams code is bad and it should feel bad.
>From Ilja Van Sprundel.
--
Check bounds in svr4_sys_putmsg. Check more svr4_strmcmd bounds.
svr4 streams code is still a disaster.
>From Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.19.18.1 src/sys/compat/svr4/svr4_lwp.c
cvs rdiff -u -r1.65 -r1.65.10.1 src/sys/compat/svr4/svr4_signal.c
cvs rdiff -u -r1.79 -r1.79.8.1 src/sys/compat/svr4/svr4_stream.c
cvs rdiff -u -r1.26 -r1.26.40.1 src/sys/compat/svr4_32/svr4_32_signal.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/compat/svr4/svr4_lwp.c
diff -u src/sys/compat/svr4/svr4_lwp.c:1.19 src/sys/compat/svr4/svr4_lwp.c:1.19.18.1
--- src/sys/compat/svr4/svr4_lwp.c:1.19 Mon Nov 23 00:46:07 2009
+++ src/sys/compat/svr4/svr4_lwp.c Sat Aug 19 03:40:49 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: svr4_lwp.c,v 1.19 2009/11/23 00:46:07 rmind Exp $ */
+/* $NetBSD: svr4_lwp.c,v 1.19.18.1 2017/08/19 03:40:49 snj Exp $ */
/*-
* Copyright (c) 1999 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: svr4_lwp.c,v 1.19 2009/11/23 00:46:07 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: svr4_lwp.c,v 1.19.18.1 2017/08/19 03:40:49 snj Exp $");
#include
#include
@@ -108,6 +108,8 @@ svr4_sys__lwp_info(struct lwp *l, const
struct svr4_lwpinfo lwpinfo;
int error;
+ memset(&lwpinfo, 0, sizeof(lwpinfo));
+
/* XXX NJWLWP */
TIMEVAL_TO_TIMESPEC(&l->l_proc->p_stats->p_ru.ru_stime, &lwpinfo.lwp_stime);
TIMEVAL_TO_TIMESPEC(&l->l_proc->p_stats->p_ru.ru_utime, &lwpinfo.lwp_utime);
Index: src/sys/compat/svr4/svr4_signal.c
diff -u src/sys/compat/svr4/svr4_signal.c:1.65 src/sys/compat/svr4/svr4_signal.c:1.65.10.1
--- src/sys/compat/svr4/svr4_signal.c:1.65 Thu Feb 3 21:45:31 2011
+++ src/sys/compat/svr4/svr4_signal.c Sat Aug 19 03:40:49 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: svr4_signal.c,v 1.65 2011/02/03 21:45:31 joerg Exp $ */
+/* $NetBSD: svr4_signal.c,v 1.65.10.1 2017/08/19 03:40:49 snj Exp $ */
/*-
* Copyright (c) 1994, 1998 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: svr4_signal.c,v 1.65 2011/02/03 21:45:31 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: svr4_signal.c,v 1.65.10.1 2017/08/19 03:40:49 snj Exp $");
#include
#include
@@ -73,6 +73,21 @@ void native_to_svr4_sigaction(const stru
extern const int native_to_svr4_signo[];
extern const int svr4_to_native_signo[];
+static int
+svr4_decode_signum(int signum, int *native_signo, int *sigcall)
+{
+
+ if (SVR4_SIGNO(signum) >= SVR4_NSIG)
+ return EINVAL;
+
+ if (native_signo)
+ *native_signo = svr4_to_native_signo[SVR4_SIGNO(signum)];
+ if (sigcall)
+ *sigcall = SVR4_SIGCALL(signum);
+
+ return 0;
+}
+
static inline void
svr4_sigfillset(svr4_sigset_t *s)
{
@@ -174,6 +189,7 @@ svr4_sys_sigaction(struct lwp *l, const
} */
struct svr4_sigaction nssa, ossa;
struct sigaction nbsa, obsa;
+ int native_signo;
int error;
if (SCARG(uap, nsa)) {
@@ -182,7 +198,12 @@ svr4_sys_sigaction(struct lwp *l, const
return (error);
svr4_to_native_sigaction(&nssa, &nbsa);
}
- error = sigaction1(l, svr4_to_native_signo[SVR4_SIGNO(SCARG(uap, signum))],
+
+ error = svr4_decode_signum(SCARG(uap, signum), &native_signo, NULL);
+ if (error)
+ return error;
+
+ error = sigaction1(l, native_signo,
SCARG(uap, nsa) ? &nbsa : 0, SCARG(uap, osa) ? &obsa : 0,
NULL, 0);
if (error)
@@ -217,16 +238,18 @@ svr4_sys_signal(struct lwp *l, const str
syscallarg(int) signum;
syscallarg(svr4_sig_t) handler;
} */
- int signum = svr4_to_native_signo[SVR4_SIGNO(SCARG(uap, signum))];
+ int native_signo, sigcall;
struct proc *p = l->l_proc;
struct sigaction nbsa, obsa;
sigset_t ss;
int error;
- if (signum <= 0 || signum >= SVR4_NSIG)
- return (EINVAL);
+ error = svr4_decode_signum(SCARG(uap, signum), &native_signo,
+ &sigcall);
+ if (error)
+ return error;
- switch (SVR4_SIGCALL(SCARG(uap, signum))) {
+ switch (sigcall) {
case SVR4_SIGDEFER_MASK:
if (SCARG(uap, handler) == SVR4_SIG_HOLD)
goto sighold;
@@
CVS commit: [netbsd-6] src/sys/dev/ic
Module Name:src
Committed By: snj
Date: Sat Aug 19 03:15:57 UTC 2017
Modified Files:
src/sys/dev/ic [netbsd-6]: bwi.c
Log Message:
`cat ~/releng/r-commit`
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.18.8.1 src/sys/dev/ic/bwi.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/ic/bwi.c
diff -u src/sys/dev/ic/bwi.c:1.18 src/sys/dev/ic/bwi.c:1.18.8.1
--- src/sys/dev/ic/bwi.c:1.18 Mon Oct 10 11:15:24 2011
+++ src/sys/dev/ic/bwi.c Sat Aug 19 03:15:56 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: bwi.c,v 1.18 2011/10/10 11:15:24 njoly Exp $ */
+/* $NetBSD: bwi.c,v 1.18.8.1 2017/08/19 03:15:56 snj Exp $ */
/* $OpenBSD: bwi.c,v 1.74 2008/02/25 21:13:30 mglocker Exp $ */
/*
@@ -48,7 +48,7 @@
#include
-__KERNEL_RCSID(0, "$NetBSD: bwi.c,v 1.18 2011/10/10 11:15:24 njoly Exp $");
+__KERNEL_RCSID(0, "$NetBSD: bwi.c,v 1.18.8.1 2017/08/19 03:15:56 snj Exp $");
#include
#include
@@ -8315,7 +8315,7 @@ bwi_newbuf(struct bwi_softc *sc, int buf
if (m == NULL)
return (ENOBUFS);
MCLGET(m, init ? M_WAITOK : M_DONTWAIT);
- if (m == NULL) {
+ if ((m->m_flags & M_EXT) == 0) {
error = ENOBUFS;
/*
CVS commit: [netbsd-6-1] src/sys/dev/ic
Module Name:src
Committed By: snj
Date: Sat Aug 19 03:15:55 UTC 2017
Modified Files:
src/sys/dev/ic [netbsd-6-1]: bwi.c
Log Message:
`cat ~/releng/r-commit`
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.18.14.1 src/sys/dev/ic/bwi.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/ic/bwi.c
diff -u src/sys/dev/ic/bwi.c:1.18 src/sys/dev/ic/bwi.c:1.18.14.1
--- src/sys/dev/ic/bwi.c:1.18 Mon Oct 10 11:15:24 2011
+++ src/sys/dev/ic/bwi.c Sat Aug 19 03:15:55 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: bwi.c,v 1.18 2011/10/10 11:15:24 njoly Exp $ */
+/* $NetBSD: bwi.c,v 1.18.14.1 2017/08/19 03:15:55 snj Exp $ */
/* $OpenBSD: bwi.c,v 1.74 2008/02/25 21:13:30 mglocker Exp $ */
/*
@@ -48,7 +48,7 @@
#include
-__KERNEL_RCSID(0, "$NetBSD: bwi.c,v 1.18 2011/10/10 11:15:24 njoly Exp $");
+__KERNEL_RCSID(0, "$NetBSD: bwi.c,v 1.18.14.1 2017/08/19 03:15:55 snj Exp $");
#include
#include
@@ -8315,7 +8315,7 @@ bwi_newbuf(struct bwi_softc *sc, int buf
if (m == NULL)
return (ENOBUFS);
MCLGET(m, init ? M_WAITOK : M_DONTWAIT);
- if (m == NULL) {
+ if ((m->m_flags & M_EXT) == 0) {
error = ENOBUFS;
/*
CVS commit: [netbsd-6-0] src/sys/dev/ic
Module Name:src
Committed By: snj
Date: Sat Aug 19 03:15:53 UTC 2017
Modified Files:
src/sys/dev/ic [netbsd-6-0]: bwi.c
Log Message:
`cat ~/releng/r-commit`
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.18.12.1 src/sys/dev/ic/bwi.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/ic/bwi.c
diff -u src/sys/dev/ic/bwi.c:1.18 src/sys/dev/ic/bwi.c:1.18.12.1
--- src/sys/dev/ic/bwi.c:1.18 Mon Oct 10 11:15:24 2011
+++ src/sys/dev/ic/bwi.c Sat Aug 19 03:15:53 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: bwi.c,v 1.18 2011/10/10 11:15:24 njoly Exp $ */
+/* $NetBSD: bwi.c,v 1.18.12.1 2017/08/19 03:15:53 snj Exp $ */
/* $OpenBSD: bwi.c,v 1.74 2008/02/25 21:13:30 mglocker Exp $ */
/*
@@ -48,7 +48,7 @@
#include
-__KERNEL_RCSID(0, "$NetBSD: bwi.c,v 1.18 2011/10/10 11:15:24 njoly Exp $");
+__KERNEL_RCSID(0, "$NetBSD: bwi.c,v 1.18.12.1 2017/08/19 03:15:53 snj Exp $");
#include
#include
@@ -8315,7 +8315,7 @@ bwi_newbuf(struct bwi_softc *sc, int buf
if (m == NULL)
return (ENOBUFS);
MCLGET(m, init ? M_WAITOK : M_DONTWAIT);
- if (m == NULL) {
+ if ((m->m_flags & M_EXT) == 0) {
error = ENOBUFS;
/*
CVS commit: src/usr.bin/sys_info
Module Name:src
Committed By: agc
Date: Sat Aug 19 03:06:50 UTC 2017
Modified Files:
src/usr.bin/sys_info: sys_info.sh
Log Message:
+ don't assume that tcsh is always installed, pointed out by jmcneill - thanks!
+ a "sys_info" invocation without any args is now the equivalent of sys_info -a,
just like pkg_info
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/usr.bin/sys_info/sys_info.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/sys_info/sys_info.sh
diff -u src/usr.bin/sys_info/sys_info.sh:1.1 src/usr.bin/sys_info/sys_info.sh:1.2
--- src/usr.bin/sys_info/sys_info.sh:1.1 Sat Jun 4 15:27:11 2016
+++ src/usr.bin/sys_info/sys_info.sh Sat Aug 19 03:06:50 2017
@@ -1,6 +1,6 @@
#! /bin/sh
-# $NetBSD: sys_info.sh,v 1.1 2016/06/04 15:27:11 agc Exp $
+# $NetBSD: sys_info.sh,v 1.2 2017/08/19 03:06:50 agc Exp $
# Copyright (c) 2016 Alistair Crooks
# All rights reserved.
@@ -107,7 +107,7 @@ getversion() {
sshd -V 2>&1 | awk '/OpenSSH/ { sub("_", "D-", $1); print tolower($1) }'
;;
tcsh)
- tcsh -c 'echo $version' | awk '{ print $1 "-" $2 }'
+ grep '/tcsh' /etc/shells > /dev/null 2>&1 && tcsh -c 'echo $version' | awk '{ print $1 "-" $2 }'
;;
unbound)
case $(uname -s) in
@@ -122,7 +122,11 @@ getversion() {
esac
}
-all=false
+case $# in
+0) all=true ;;
+*) all=false ;;
+esac
+
while [ $# -gt 0 ]; do
case "$1" in
-a) all=true ;;
CVS commit: src/sys/arch/arm/imx
Module Name:src Committed By: jakllsch Date: Fri Aug 18 21:45:25 UTC 2017 Modified Files: src/sys/arch/arm/imx: files.imx51 files.imx6 files.imx7 Log Message: Sprinkle 'bus_dma_generic needs-flag' to fix build after previous. To generate a diff of this commit: cvs rdiff -u -r1.15 -r1.16 src/sys/arch/arm/imx/files.imx51 cvs rdiff -u -r1.9 -r1.10 src/sys/arch/arm/imx/files.imx6 cvs rdiff -u -r1.3 -r1.4 src/sys/arch/arm/imx/files.imx7 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/arm/imx/files.imx51 diff -u src/sys/arch/arm/imx/files.imx51:1.15 src/sys/arch/arm/imx/files.imx51:1.16 --- src/sys/arch/arm/imx/files.imx51:1.15 Thu Aug 17 09:11:04 2017 +++ src/sys/arch/arm/imx/files.imx51 Fri Aug 18 21:45:25 2017 @@ -1,4 +1,4 @@ -# $NetBSD: files.imx51,v 1.15 2017/08/17 09:11:04 hkenken Exp $ +# $NetBSD: files.imx51,v 1.16 2017/08/18 21:45:25 jakllsch Exp $ # # Configuration info for the Freescale i.MX5x # @@ -16,7 +16,7 @@ file arch/arm/arm32/irq_dispatch.S define bus_dma_generic file arch/arm/arm32/armv7_generic_space.c -file arch/arm/arm32/armv7_generic_dma.c +file arch/arm/arm32/armv7_generic_dma.c bus_dma_generic needs-flag file arch/arm/arm/bus_space_a4x.S # iMX51 AXI/AHB bus interface and SoC domains Index: src/sys/arch/arm/imx/files.imx6 diff -u src/sys/arch/arm/imx/files.imx6:1.9 src/sys/arch/arm/imx/files.imx6:1.10 --- src/sys/arch/arm/imx/files.imx6:1.9 Thu Aug 17 09:11:04 2017 +++ src/sys/arch/arm/imx/files.imx6 Fri Aug 18 21:45:25 2017 @@ -1,4 +1,4 @@ -# $NetBSD: files.imx6,v 1.9 2017/08/17 09:11:04 hkenken Exp $ +# $NetBSD: files.imx6,v 1.10 2017/08/18 21:45:25 jakllsch Exp $ # # Configuration info for the Freescale i.MX6 # @@ -16,7 +16,7 @@ file arch/arm/arm32/irq_dispatch.S define bus_dma_generic file arch/arm/arm32/armv7_generic_space.c -file arch/arm/arm32/armv7_generic_dma.c +file arch/arm/arm32/armv7_generic_dma.c bus_dma_generic needs-flag file arch/arm/arm/bus_space_a4x.S file arch/arm/imx/imx6_board.c Index: src/sys/arch/arm/imx/files.imx7 diff -u src/sys/arch/arm/imx/files.imx7:1.3 src/sys/arch/arm/imx/files.imx7:1.4 --- src/sys/arch/arm/imx/files.imx7:1.3 Thu Aug 17 09:11:04 2017 +++ src/sys/arch/arm/imx/files.imx7 Fri Aug 18 21:45:25 2017 @@ -1,4 +1,4 @@ -# $NetBSD: files.imx7,v 1.3 2017/08/17 09:11:04 hkenken Exp $ +# $NetBSD: files.imx7,v 1.4 2017/08/18 21:45:25 jakllsch Exp $ # # Configuration info for the Freescale i.MX7 # @@ -17,7 +17,7 @@ file arch/arm/arm32/irq_dispatch.S define bus_dma_generic file arch/arm/arm32/armv7_generic_space.c -file arch/arm/arm32/armv7_generic_dma.c +file arch/arm/arm32/armv7_generic_dma.c bus_dma_generic needs-flag file arch/arm/arm/bus_space_a4x.S file arch/arm/imx/imx7_board.c
CVS commit: src/tests/bin/sh
Module Name:src
Committed By: kre
Date: Fri Aug 18 21:22:30 UTC 2017
Modified Files:
src/tests/bin/sh: t_syntax.sh
Log Message:
Add a basic test for $'...' quoting (roughly C ctyle strings).
This test will be skipped on shells (such as /bin/sh in -current as of
the date of this commit) which do not support $'...'
While here fix a typo in a comment (there are probably more...)
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/tests/bin/sh/t_syntax.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/bin/sh/t_syntax.sh
diff -u src/tests/bin/sh/t_syntax.sh:1.6 src/tests/bin/sh/t_syntax.sh:1.7
--- src/tests/bin/sh/t_syntax.sh:1.6 Wed Jul 26 17:50:20 2017
+++ src/tests/bin/sh/t_syntax.sh Fri Aug 18 21:22:30 2017
@@ -1,4 +1,4 @@
-# $NetBSD: t_syntax.sh,v 1.6 2017/07/26 17:50:20 kre Exp $
+# $NetBSD: t_syntax.sh,v 1.7 2017/08/18 21:22:30 kre Exp $
#
# Copyright (c) 2017 The NetBSD Foundation, Inc.
# All rights reserved.
@@ -261,7 +261,7 @@ c_line_wrapping_body() {
done
# inspired by pkgsrc/pkgtools/cwrappers :: libnbcompat/configure
- # failure with (broken) sh LINENO core .. avoid recurrence
+ # failure with (broken) sh LINENO code .. avoid recurrence
# This test would have failed.
cat <<- 'DONE' | atf_check -s exit:0 -o inline:'/tmp\n' ${TEST_SH}
dn=/tmp/foo
@@ -295,11 +295,83 @@ c_line_wrapping_body() {
return 0
}
-atf_test_case d_redirects
-d_redirects_head() {
+atf_test_case d_cstrings
+d_cstrings_head() {
+ atf_set "descr" "Check processing of $' ' quoting (C style strings)"
+}
+d_cstrings_body() {
+ set -xv
+ unset ENV
+ if ! ${TEST_SH} -c ": \$'abc'" ||
+ test $( ${TEST_SH} -c "printf %s \$'abc'" ) != abc
+ then
+ atf_skip "\$'...' (C style quoted strings) not supported"
+ fi
+
+ # simple stuff
+ atf_check -s exit:0 -e empty -o inline:'abc\tdef\n' ${TEST_SH} -c \
+ "printf '%s\\n' \$'abc\tdef'"
+ atf_check -s exit:0 -e empty -o inline:'abc\tdef\n' ${TEST_SH} -c \
+ "printf '%s\\n' \$'abc\011def'"
+ atf_check -s exit:0 -e empty -o inline:'abc\tdef\n' ${TEST_SH} -c \
+ "printf '%s\\n' \$'abc\x09'def"
+ atf_check -s exit:0 -e empty -o inline:'abc$def\n' ${TEST_SH} -c \
+ "def=xyz; printf '%s\\n' \$'abc\$def'"
+
+ # control chars (\c) and unicode \u
+ atf_check -s exit:0 -e empty -o empty ${TEST_SH} -c \
+ "test \$'\\1-\\2-\\3' = \$'\\ca-\\cb-\\cc'"
+ atf_check -s exit:0 -e empty -o empty ${TEST_SH} -c \
+ "test \$'\\r-\\n-\\f' = \$'\\cm-\\cj-\\cl'"
+ atf_check -s exit:0 -e empty -o empty ${TEST_SH} -c \
+ "test \$'\\u0123' = \$'\\304\\243'"
+ atf_check -s exit:0 -e empty -o empty ${TEST_SH} -c \
+ "test \$'\\u0123' = \$'\\xC4\\xA3'"
+ atf_check -s exit:0 -e empty -o empty ${TEST_SH} -c \
+ "test \$'\\c' = \$'\\x1C'"
+ atf_check -s exit:0 -e empty -o empty ${TEST_SH} -c \
+ "test \$'\\c[\\c]\\c^\\c_\\c?' = \$'\\x1B\\x1D\\x1E\\x1F\\x7F'"
+
+ # all the \X sequences for a single char X (ie: not hex/octal/unicode)
+ atf_check -s exit:0 -e empty -o inline:'
\n\r\t
\n' \
+ ${TEST_SH} -c "printf '%s\\n' \$'\\a\\b\\e\\f\\n\\r\\t\\v'"
+# atf_check -s exit:0 -e empty -o inline:'\7\10\33\14\12\15\11\13' \
+ atf_check -s exit:0 -e empty -o inline:'
\n\r\t
\n' \
+ ${TEST_SH} -c "printf '%s\\n' \$'\\cG\\cH\\x1b\\cl\\cJ\\cm\\cI\\ck'"
+ atf_check -s exit:0 -e empty -o inline:"'"'"\\\n' \
+ ${TEST_SH} -c "printf '%s\\n' \$'\\'\\\"'"
+
+ # various invalid $'...' sequences
+ atf_check -s not-exit:0 -e not-empty -o ignore ${TEST_SH} -c \
+ ": \$'\\q'"
+ atf_check -s not-exit:0 -e not-empty -o ignore ${TEST_SH} -c \
+ ": \$'\\c\\q'"
+ atf_check -s not-exit:0 -e not-empty -o ignore ${TEST_SH} -c \
+ ": \$'\\uDEFF'"
+ atf_check -s not-exit:0 -e not-empty -o ignore ${TEST_SH} -c \
+ ": \$'\\u00'"
+ atf_check -s not-exit:0 -e not-empty -o ignore ${TEST_SH} -c \
+ ": \$'\\u8'"
+ atf_check -s not-exit:0 -e not-empty -o ignore ${TEST_SH} -c \
+ ": \$'abcd"
+ atf_check -s not-exit:0 -e not-empty -o ignore ${TEST_SH} -c \
+ ": \$'abcd\\"
+
+ # anything that generates \0 ends the $'...' immediately (\u cannot)
+ atf_check -s exit:0 -e empty -o inline:'aAa' ${TEST_SH} -c \
+ "printf '%s' \$'a\\0x'\$'A\\x00X'\$'a\\c@x'"
+
+ # \newline in a $'...' is dropped (just like in "" strings)
+ atf_check -s exit:0 -e empty -o inline:'abcdef' ${TEST_SH} -c \
+ "printf '%s' \$'abc\\
+def'"
+}
+
+atf_test_case f_redirects
+f_redirects_head() {
atf_set "descr" "Check parsing of redirect operators"
}
-d_redirects_body() {
+f_redirects_body() {
atf_check -s exit:0 -o empty -e empty ${TEST_SH} -c \
'>/dev/null'
@@ -355,11 +427,11 @@ d_redirects_body() {
return 0
}
-atf_test_case f_variable_syntax
-f_variable_syntax_head() {
+atf_test_case g_variable_syntax
+g_variable_syntax_head() {
atf_set "descr" "Check that var names of all legal forms work"
}
-f_variable_syntax_body() {
+g_variable_syntax_body() {
# don't test _ as a variable, it ca
CVS commit: [netbsd-6-0] src/doc
Module Name:src Committed By: snj Date: Fri Aug 18 15:10:27 UTC 2017 Modified Files: src/doc [netbsd-6-0]: CHANGES-6.0.7 Log Message: 1465, 1473-1477 To generate a diff of this commit: cvs rdiff -u -r1.1.2.107 -r1.1.2.108 src/doc/CHANGES-6.0.7 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-6.0.7 diff -u src/doc/CHANGES-6.0.7:1.1.2.107 src/doc/CHANGES-6.0.7:1.1.2.108 --- src/doc/CHANGES-6.0.7:1.1.2.107 Fri Aug 18 05:37:22 2017 +++ src/doc/CHANGES-6.0.7 Fri Aug 18 15:10:26 2017 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-6.0.7,v 1.1.2.107 2017/08/18 05:37:22 snj Exp $ +# $NetBSD: CHANGES-6.0.7,v 1.1.2.108 2017/08/18 15:10:26 snj Exp $ A complete list of changes from the NetBSD 6.0.6 release to the NetBSD 6.0.7 release: @@ -12732,3 +12732,34 @@ crypto/external/bsd/openssl/dist/ssl/ssl namespace clashes with zlib.h. [mrg, ticket #1497] +sys/kern/kern_malloc.c1.146 + + Avoid integer overflow in kern_malloc(). + [martin, ticket #1465] + +sys/dev/pci/if_ipw.c1.65 via patch + + double free in ipw_dma_alloc() + [mrg, ticket #1473] + +sys/dev/pci/if_et.c1.15 + + missing mbuf cluster allocation error checking in et_newbuf() + [mrg, ticket #1474] + +sys/dev/ic/i82596.c1.37 + + potential double free in iee_init()/iee_stop() + [mrg, ticket #1475] + +sys/dev/ic/dp83932.c1.41 + + Plug mbuf leak on MCLGET failure in sonic_rxintr. + [mrg, ticket #1476] + +sys/dev/ic/dm9000.c1.12 + + missing mbuf cluster allocation error checking in + dme_alloc_receive_buffer() + [mrg, ticket #1477] +
CVS commit: [netbsd-6-1] src/doc
Module Name:src Committed By: snj Date: Fri Aug 18 15:10:01 UTC 2017 Modified Files: src/doc [netbsd-6-1]: CHANGES-6.1.6 Log Message: 1465, 1473-1477 To generate a diff of this commit: cvs rdiff -u -r1.1.2.104 -r1.1.2.105 src/doc/CHANGES-6.1.6 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-6.1.6 diff -u src/doc/CHANGES-6.1.6:1.1.2.104 src/doc/CHANGES-6.1.6:1.1.2.105 --- src/doc/CHANGES-6.1.6:1.1.2.104 Fri Aug 18 05:37:44 2017 +++ src/doc/CHANGES-6.1.6 Fri Aug 18 15:10:01 2017 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-6.1.6,v 1.1.2.104 2017/08/18 05:37:44 snj Exp $ +# $NetBSD: CHANGES-6.1.6,v 1.1.2.105 2017/08/18 15:10:01 snj Exp $ A complete list of changes from the NetBSD 6.1.5 release to the NetBSD 6.1.6 release: @@ -12405,3 +12405,34 @@ crypto/external/bsd/openssl/dist/ssl/ssl namespace clashes with zlib.h. [mrg, ticket #1497] +sys/kern/kern_malloc.c1.146 + + Avoid integer overflow in kern_malloc(). + [martin, ticket #1465] + +sys/dev/pci/if_ipw.c1.65 via patch + + double free in ipw_dma_alloc() + [mrg, ticket #1473] + +sys/dev/pci/if_et.c1.15 + + missing mbuf cluster allocation error checking in et_newbuf() + [mrg, ticket #1474] + +sys/dev/ic/i82596.c1.37 + + potential double free in iee_init()/iee_stop() + [mrg, ticket #1475] + +sys/dev/ic/dp83932.c1.41 + + Plug mbuf leak on MCLGET failure in sonic_rxintr. + [mrg, ticket #1476] + +sys/dev/ic/dm9000.c1.12 + + missing mbuf cluster allocation error checking in + dme_alloc_receive_buffer() + [mrg, ticket #1477] +
CVS commit: [netbsd-6] src/doc
Module Name:src Committed By: snj Date: Fri Aug 18 15:09:27 UTC 2017 Modified Files: src/doc [netbsd-6]: CHANGES-6.2 Log Message: 1465, 1473-1477 To generate a diff of this commit: cvs rdiff -u -r1.1.2.298 -r1.1.2.299 src/doc/CHANGES-6.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-6.2 diff -u src/doc/CHANGES-6.2:1.1.2.298 src/doc/CHANGES-6.2:1.1.2.299 --- src/doc/CHANGES-6.2:1.1.2.298 Fri Aug 18 05:38:06 2017 +++ src/doc/CHANGES-6.2 Fri Aug 18 15:09:27 2017 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-6.2,v 1.1.2.298 2017/08/18 05:38:06 snj Exp $ +# $NetBSD: CHANGES-6.2,v 1.1.2.299 2017/08/18 15:09:27 snj Exp $ A complete list of changes from the 6.1 release until the 6.2 release: @@ -18453,3 +18453,34 @@ crypto/external/bsd/openssl/dist/ssl/ssl namespace clashes with zlib.h. [mrg, ticket #1497] +sys/kern/kern_malloc.c1.146 + + Avoid integer overflow in kern_malloc(). + [martin, ticket #1465] + +sys/dev/pci/if_ipw.c1.65 via patch + + double free in ipw_dma_alloc() + [mrg, ticket #1473] + +sys/dev/pci/if_et.c1.15 + + missing mbuf cluster allocation error checking in et_newbuf() + [mrg, ticket #1474] + +sys/dev/ic/i82596.c1.37 + + potential double free in iee_init()/iee_stop() + [mrg, ticket #1475] + +sys/dev/ic/dp83932.c1.41 + + Plug mbuf leak on MCLGET failure in sonic_rxintr. + [mrg, ticket #1476] + +sys/dev/ic/dm9000.c1.12 + + missing mbuf cluster allocation error checking in + dme_alloc_receive_buffer() + [mrg, ticket #1477] +
CVS commit: [netbsd-6] src/sys/dev/ic
Module Name:src
Committed By: snj
Date: Fri Aug 18 15:08:21 UTC 2017
Modified Files:
src/sys/dev/ic [netbsd-6]: dm9000.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1477):
sys/dev/ic/dm9000.c: revision 1.12
Check for MCLGET failure in dme_alloc_receive_buffer.
>From Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.4.2.1 src/sys/dev/ic/dm9000.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/ic/dm9000.c
diff -u src/sys/dev/ic/dm9000.c:1.4 src/sys/dev/ic/dm9000.c:1.4.2.1
--- src/sys/dev/ic/dm9000.c:1.4 Sat Jan 28 08:29:55 2012
+++ src/sys/dev/ic/dm9000.c Fri Aug 18 15:08:21 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: dm9000.c,v 1.4 2012/01/28 08:29:55 nisimura Exp $ */
+/* $NetBSD: dm9000.c,v 1.4.2.1 2017/08/18 15:08:21 snj Exp $ */
/*
* Copyright (c) 2009 Paul Fleischer
@@ -1123,8 +1123,13 @@ dme_alloc_receive_buffer(struct ifnet *i
sizeof(struct ether_header);
/* All our frames have the CRC attached */
m->m_flags |= M_HASFCS;
- if (m->m_pkthdr.len + pad > MHLEN )
+ if (m->m_pkthdr.len + pad > MHLEN) {
MCLGET(m, M_DONTWAIT);
+ if ((m->m_flags & M_EXT) == 0) {
+ m_freem(m);
+ return NULL;
+ }
+ }
m->m_data += pad;
m->m_len = frame_length + (frame_length % sc->sc_data_width);
CVS commit: [netbsd-6-1] src/sys/dev/ic
Module Name:src
Committed By: snj
Date: Fri Aug 18 15:08:02 UTC 2017
Modified Files:
src/sys/dev/ic [netbsd-6-1]: dm9000.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1477):
sys/dev/ic/dm9000.c: revision 1.12
Check for MCLGET failure in dme_alloc_receive_buffer.
>From Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.4.16.1 src/sys/dev/ic/dm9000.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/ic/dm9000.c
diff -u src/sys/dev/ic/dm9000.c:1.4 src/sys/dev/ic/dm9000.c:1.4.16.1
--- src/sys/dev/ic/dm9000.c:1.4 Sat Jan 28 08:29:55 2012
+++ src/sys/dev/ic/dm9000.c Fri Aug 18 15:08:02 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: dm9000.c,v 1.4 2012/01/28 08:29:55 nisimura Exp $ */
+/* $NetBSD: dm9000.c,v 1.4.16.1 2017/08/18 15:08:02 snj Exp $ */
/*
* Copyright (c) 2009 Paul Fleischer
@@ -1123,8 +1123,13 @@ dme_alloc_receive_buffer(struct ifnet *i
sizeof(struct ether_header);
/* All our frames have the CRC attached */
m->m_flags |= M_HASFCS;
- if (m->m_pkthdr.len + pad > MHLEN )
+ if (m->m_pkthdr.len + pad > MHLEN) {
MCLGET(m, M_DONTWAIT);
+ if ((m->m_flags & M_EXT) == 0) {
+ m_freem(m);
+ return NULL;
+ }
+ }
m->m_data += pad;
m->m_len = frame_length + (frame_length % sc->sc_data_width);
CVS commit: [netbsd-6-0] src/sys/dev/ic
Module Name:src
Committed By: snj
Date: Fri Aug 18 15:07:37 UTC 2017
Modified Files:
src/sys/dev/ic [netbsd-6-0]: dm9000.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1477):
sys/dev/ic/dm9000.c: revision 1.12
Check for MCLGET failure in dme_alloc_receive_buffer.
>From Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.4.8.1 src/sys/dev/ic/dm9000.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/ic/dm9000.c
diff -u src/sys/dev/ic/dm9000.c:1.4 src/sys/dev/ic/dm9000.c:1.4.8.1
--- src/sys/dev/ic/dm9000.c:1.4 Sat Jan 28 08:29:55 2012
+++ src/sys/dev/ic/dm9000.c Fri Aug 18 15:07:37 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: dm9000.c,v 1.4 2012/01/28 08:29:55 nisimura Exp $ */
+/* $NetBSD: dm9000.c,v 1.4.8.1 2017/08/18 15:07:37 snj Exp $ */
/*
* Copyright (c) 2009 Paul Fleischer
@@ -1123,8 +1123,13 @@ dme_alloc_receive_buffer(struct ifnet *i
sizeof(struct ether_header);
/* All our frames have the CRC attached */
m->m_flags |= M_HASFCS;
- if (m->m_pkthdr.len + pad > MHLEN )
+ if (m->m_pkthdr.len + pad > MHLEN) {
MCLGET(m, M_DONTWAIT);
+ if ((m->m_flags & M_EXT) == 0) {
+ m_freem(m);
+ return NULL;
+ }
+ }
m->m_data += pad;
m->m_len = frame_length + (frame_length % sc->sc_data_width);
CVS commit: [netbsd-6-0] src/sys/dev/ic
Module Name:src
Committed By: snj
Date: Fri Aug 18 15:05:52 UTC 2017
Modified Files:
src/sys/dev/ic [netbsd-6-0]: dp83932.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1476):
sys/dev/ic/dp83932.c: revision 1.41
Plug mbuf leak on MCLGET failure in sonic_rxintr.
>From Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.35.20.1 src/sys/dev/ic/dp83932.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/ic/dp83932.c
diff -u src/sys/dev/ic/dp83932.c:1.35 src/sys/dev/ic/dp83932.c:1.35.20.1
--- src/sys/dev/ic/dp83932.c:1.35 Sat Nov 13 13:52:00 2010
+++ src/sys/dev/ic/dp83932.c Fri Aug 18 15:05:52 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: dp83932.c,v 1.35 2010/11/13 13:52:00 uebayasi Exp $ */
+/* $NetBSD: dp83932.c,v 1.35.20.1 2017/08/18 15:05:52 snj Exp $ */
/*-
* Copyright (c) 2001 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: dp83932.c,v 1.35 2010/11/13 13:52:00 uebayasi Exp $");
+__KERNEL_RCSID(0, "$NetBSD: dp83932.c,v 1.35.20.1 2017/08/18 15:05:52 snj Exp $");
#include
@@ -785,8 +785,10 @@ sonic_rxintr(struct sonic_softc *sc)
goto dropit;
if (len > (MHLEN - 2)) {
MCLGET(m, M_DONTWAIT);
-if ((m->m_flags & M_EXT) == 0)
+if ((m->m_flags & M_EXT) == 0) {
+ m_freem(m);
goto dropit;
+}
}
m->m_data += 2;
/*
CVS commit: [netbsd-6-1] src/sys/dev/ic
Module Name:src
Committed By: snj
Date: Fri Aug 18 15:05:29 UTC 2017
Modified Files:
src/sys/dev/ic [netbsd-6-1]: dp83932.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1476):
sys/dev/ic/dp83932.c: revision 1.41
Plug mbuf leak on MCLGET failure in sonic_rxintr.
>From Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.35.28.1 src/sys/dev/ic/dp83932.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/ic/dp83932.c
diff -u src/sys/dev/ic/dp83932.c:1.35 src/sys/dev/ic/dp83932.c:1.35.28.1
--- src/sys/dev/ic/dp83932.c:1.35 Sat Nov 13 13:52:00 2010
+++ src/sys/dev/ic/dp83932.c Fri Aug 18 15:05:29 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: dp83932.c,v 1.35 2010/11/13 13:52:00 uebayasi Exp $ */
+/* $NetBSD: dp83932.c,v 1.35.28.1 2017/08/18 15:05:29 snj Exp $ */
/*-
* Copyright (c) 2001 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: dp83932.c,v 1.35 2010/11/13 13:52:00 uebayasi Exp $");
+__KERNEL_RCSID(0, "$NetBSD: dp83932.c,v 1.35.28.1 2017/08/18 15:05:29 snj Exp $");
#include
@@ -785,8 +785,10 @@ sonic_rxintr(struct sonic_softc *sc)
goto dropit;
if (len > (MHLEN - 2)) {
MCLGET(m, M_DONTWAIT);
-if ((m->m_flags & M_EXT) == 0)
+if ((m->m_flags & M_EXT) == 0) {
+ m_freem(m);
goto dropit;
+}
}
m->m_data += 2;
/*
CVS commit: [netbsd-6] src/sys/dev/ic
Module Name:src
Committed By: snj
Date: Fri Aug 18 15:04:58 UTC 2017
Modified Files:
src/sys/dev/ic [netbsd-6]: dp83932.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1476):
sys/dev/ic/dp83932.c: revision 1.41
Plug mbuf leak on MCLGET failure in sonic_rxintr.
>From Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.35.14.1 src/sys/dev/ic/dp83932.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/ic/dp83932.c
diff -u src/sys/dev/ic/dp83932.c:1.35 src/sys/dev/ic/dp83932.c:1.35.14.1
--- src/sys/dev/ic/dp83932.c:1.35 Sat Nov 13 13:52:00 2010
+++ src/sys/dev/ic/dp83932.c Fri Aug 18 15:04:58 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: dp83932.c,v 1.35 2010/11/13 13:52:00 uebayasi Exp $ */
+/* $NetBSD: dp83932.c,v 1.35.14.1 2017/08/18 15:04:58 snj Exp $ */
/*-
* Copyright (c) 2001 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: dp83932.c,v 1.35 2010/11/13 13:52:00 uebayasi Exp $");
+__KERNEL_RCSID(0, "$NetBSD: dp83932.c,v 1.35.14.1 2017/08/18 15:04:58 snj Exp $");
#include
@@ -785,8 +785,10 @@ sonic_rxintr(struct sonic_softc *sc)
goto dropit;
if (len > (MHLEN - 2)) {
MCLGET(m, M_DONTWAIT);
-if ((m->m_flags & M_EXT) == 0)
+if ((m->m_flags & M_EXT) == 0) {
+ m_freem(m);
goto dropit;
+}
}
m->m_data += 2;
/*
CVS commit: [netbsd-6-1] src/sys/dev/ic
Module Name:src
Committed By: snj
Date: Fri Aug 18 15:03:04 UTC 2017
Modified Files:
src/sys/dev/ic [netbsd-6-1]: i82596.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1475):
sys/dev/ic/i82596.c: revision 1.37
Null out sc_rx_mbuf[i] after m_freem to avoid double-free later.
>From Ilja Van Sprundel.
Also null out sc_tx_mbuf[i] after m_freem, out of paranoia.
XXX Not entirely clear to how tx mbufs are freed, but no way to test
this since it's ews4800mips- and hp700-only, so not keen to make any
more elaborate changes...
To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.29.28.1 src/sys/dev/ic/i82596.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/ic/i82596.c
diff -u src/sys/dev/ic/i82596.c:1.29 src/sys/dev/ic/i82596.c:1.29.28.1
--- src/sys/dev/ic/i82596.c:1.29 Mon Apr 5 07:19:35 2010
+++ src/sys/dev/ic/i82596.c Fri Aug 18 15:03:03 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: i82596.c,v 1.29 2010/04/05 07:19:35 joerg Exp $ */
+/* $NetBSD: i82596.c,v 1.29.28.1 2017/08/18 15:03:03 snj Exp $ */
/*
* Copyright (c) 2003 Jochen Kunz.
@@ -43,7 +43,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: i82596.c,v 1.29 2010/04/05 07:19:35 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: i82596.c,v 1.29.28.1 2017/08/18 15:03:03 snj Exp $");
/* autoconfig and device stuff */
#include
@@ -754,6 +754,7 @@ iee_start(struct ifnet *ifp)
printf("%s: iee_start: can't allocate mbuf\n",
device_xname(sc->sc_dev));
m_freem(sc->sc_tx_mbuf[t]);
+sc->sc_tx_mbuf[t] = NULL;
t--;
continue;
}
@@ -763,6 +764,7 @@ iee_start(struct ifnet *ifp)
printf("%s: iee_start: can't allocate mbuf "
"cluster\n", device_xname(sc->sc_dev));
m_freem(sc->sc_tx_mbuf[t]);
+sc->sc_tx_mbuf[t] = NULL;
m_freem(m);
t--;
continue;
@@ -778,6 +780,7 @@ iee_start(struct ifnet *ifp)
printf("%s: iee_start: can't load TX DMA map\n",
device_xname(sc->sc_dev));
m_freem(sc->sc_tx_mbuf[t]);
+sc->sc_tx_mbuf[t] = NULL;
t--;
continue;
}
@@ -927,6 +930,7 @@ iee_init(struct ifnet *ifp)
printf("%s: iee_init: can't allocate mbuf"
" cluster\n", device_xname(sc->sc_dev));
m_freem(sc->sc_rx_mbuf[r]);
+sc->sc_rx_mbuf[r] = NULL;
err = 1;
break;
}
@@ -940,6 +944,7 @@ iee_init(struct ifnet *ifp)
printf("%s: iee_init: can't create RX "
"DMA map\n", device_xname(sc->sc_dev));
m_freem(sc->sc_rx_mbuf[r]);
+sc->sc_rx_mbuf[r] = NULL;
err = 1;
break;
}
@@ -949,6 +954,7 @@ iee_init(struct ifnet *ifp)
device_xname(sc->sc_dev));
bus_dmamap_destroy(sc->sc_dmat, sc->sc_rx_map[r]);
m_freem(sc->sc_rx_mbuf[r]);
+ sc->sc_rx_mbuf[r] = NULL;
err = 1;
break;
}
CVS commit: [netbsd-6] src/sys/dev/ic
Module Name:src
Committed By: snj
Date: Fri Aug 18 15:03:22 UTC 2017
Modified Files:
src/sys/dev/ic [netbsd-6]: i82596.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1475):
sys/dev/ic/i82596.c: revision 1.37
Null out sc_rx_mbuf[i] after m_freem to avoid double-free later.
>From Ilja Van Sprundel.
Also null out sc_tx_mbuf[i] after m_freem, out of paranoia.
XXX Not entirely clear to how tx mbufs are freed, but no way to test
this since it's ews4800mips- and hp700-only, so not keen to make any
more elaborate changes...
To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.29.14.1 src/sys/dev/ic/i82596.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/ic/i82596.c
diff -u src/sys/dev/ic/i82596.c:1.29 src/sys/dev/ic/i82596.c:1.29.14.1
--- src/sys/dev/ic/i82596.c:1.29 Mon Apr 5 07:19:35 2010
+++ src/sys/dev/ic/i82596.c Fri Aug 18 15:03:22 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: i82596.c,v 1.29 2010/04/05 07:19:35 joerg Exp $ */
+/* $NetBSD: i82596.c,v 1.29.14.1 2017/08/18 15:03:22 snj Exp $ */
/*
* Copyright (c) 2003 Jochen Kunz.
@@ -43,7 +43,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: i82596.c,v 1.29 2010/04/05 07:19:35 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: i82596.c,v 1.29.14.1 2017/08/18 15:03:22 snj Exp $");
/* autoconfig and device stuff */
#include
@@ -754,6 +754,7 @@ iee_start(struct ifnet *ifp)
printf("%s: iee_start: can't allocate mbuf\n",
device_xname(sc->sc_dev));
m_freem(sc->sc_tx_mbuf[t]);
+sc->sc_tx_mbuf[t] = NULL;
t--;
continue;
}
@@ -763,6 +764,7 @@ iee_start(struct ifnet *ifp)
printf("%s: iee_start: can't allocate mbuf "
"cluster\n", device_xname(sc->sc_dev));
m_freem(sc->sc_tx_mbuf[t]);
+sc->sc_tx_mbuf[t] = NULL;
m_freem(m);
t--;
continue;
@@ -778,6 +780,7 @@ iee_start(struct ifnet *ifp)
printf("%s: iee_start: can't load TX DMA map\n",
device_xname(sc->sc_dev));
m_freem(sc->sc_tx_mbuf[t]);
+sc->sc_tx_mbuf[t] = NULL;
t--;
continue;
}
@@ -927,6 +930,7 @@ iee_init(struct ifnet *ifp)
printf("%s: iee_init: can't allocate mbuf"
" cluster\n", device_xname(sc->sc_dev));
m_freem(sc->sc_rx_mbuf[r]);
+sc->sc_rx_mbuf[r] = NULL;
err = 1;
break;
}
@@ -940,6 +944,7 @@ iee_init(struct ifnet *ifp)
printf("%s: iee_init: can't create RX "
"DMA map\n", device_xname(sc->sc_dev));
m_freem(sc->sc_rx_mbuf[r]);
+sc->sc_rx_mbuf[r] = NULL;
err = 1;
break;
}
@@ -949,6 +954,7 @@ iee_init(struct ifnet *ifp)
device_xname(sc->sc_dev));
bus_dmamap_destroy(sc->sc_dmat, sc->sc_rx_map[r]);
m_freem(sc->sc_rx_mbuf[r]);
+ sc->sc_rx_mbuf[r] = NULL;
err = 1;
break;
}
CVS commit: [netbsd-6-0] src/sys/dev/ic
Module Name:src
Committed By: snj
Date: Fri Aug 18 15:02:11 UTC 2017
Modified Files:
src/sys/dev/ic [netbsd-6-0]: i82596.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1475):
sys/dev/ic/i82596.c: revision 1.37
Null out sc_rx_mbuf[i] after m_freem to avoid double-free later.
>From Ilja Van Sprundel.
Also null out sc_tx_mbuf[i] after m_freem, out of paranoia.
XXX Not entirely clear to how tx mbufs are freed, but no way to test
this since it's ews4800mips- and hp700-only, so not keen to make any
more elaborate changes...
To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.29.20.1 src/sys/dev/ic/i82596.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/ic/i82596.c
diff -u src/sys/dev/ic/i82596.c:1.29 src/sys/dev/ic/i82596.c:1.29.20.1
--- src/sys/dev/ic/i82596.c:1.29 Mon Apr 5 07:19:35 2010
+++ src/sys/dev/ic/i82596.c Fri Aug 18 15:02:11 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: i82596.c,v 1.29 2010/04/05 07:19:35 joerg Exp $ */
+/* $NetBSD: i82596.c,v 1.29.20.1 2017/08/18 15:02:11 snj Exp $ */
/*
* Copyright (c) 2003 Jochen Kunz.
@@ -43,7 +43,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: i82596.c,v 1.29 2010/04/05 07:19:35 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: i82596.c,v 1.29.20.1 2017/08/18 15:02:11 snj Exp $");
/* autoconfig and device stuff */
#include
@@ -754,6 +754,7 @@ iee_start(struct ifnet *ifp)
printf("%s: iee_start: can't allocate mbuf\n",
device_xname(sc->sc_dev));
m_freem(sc->sc_tx_mbuf[t]);
+sc->sc_tx_mbuf[t] = NULL;
t--;
continue;
}
@@ -763,6 +764,7 @@ iee_start(struct ifnet *ifp)
printf("%s: iee_start: can't allocate mbuf "
"cluster\n", device_xname(sc->sc_dev));
m_freem(sc->sc_tx_mbuf[t]);
+sc->sc_tx_mbuf[t] = NULL;
m_freem(m);
t--;
continue;
@@ -778,6 +780,7 @@ iee_start(struct ifnet *ifp)
printf("%s: iee_start: can't load TX DMA map\n",
device_xname(sc->sc_dev));
m_freem(sc->sc_tx_mbuf[t]);
+sc->sc_tx_mbuf[t] = NULL;
t--;
continue;
}
@@ -927,6 +930,7 @@ iee_init(struct ifnet *ifp)
printf("%s: iee_init: can't allocate mbuf"
" cluster\n", device_xname(sc->sc_dev));
m_freem(sc->sc_rx_mbuf[r]);
+sc->sc_rx_mbuf[r] = NULL;
err = 1;
break;
}
@@ -940,6 +944,7 @@ iee_init(struct ifnet *ifp)
printf("%s: iee_init: can't create RX "
"DMA map\n", device_xname(sc->sc_dev));
m_freem(sc->sc_rx_mbuf[r]);
+sc->sc_rx_mbuf[r] = NULL;
err = 1;
break;
}
@@ -949,6 +954,7 @@ iee_init(struct ifnet *ifp)
device_xname(sc->sc_dev));
bus_dmamap_destroy(sc->sc_dmat, sc->sc_rx_map[r]);
m_freem(sc->sc_rx_mbuf[r]);
+ sc->sc_rx_mbuf[r] = NULL;
err = 1;
break;
}
CVS commit: [netbsd-6] src/sys/dev/pci
Module Name:src
Committed By: snj
Date: Fri Aug 18 15:00:53 UTC 2017
Modified Files:
src/sys/dev/pci [netbsd-6]: if_et.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1474):
sys/dev/pci/if_et.c: revision 1.15
Check for MCLGET failure in et_newbuf.
>From Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.3.2.1 -r1.3.2.2 src/sys/dev/pci/if_et.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/pci/if_et.c
diff -u src/sys/dev/pci/if_et.c:1.3.2.1 src/sys/dev/pci/if_et.c:1.3.2.2
--- src/sys/dev/pci/if_et.c:1.3.2.1 Mon Nov 19 18:41:59 2012
+++ src/sys/dev/pci/if_et.c Fri Aug 18 15:00:53 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if_et.c,v 1.3.2.1 2012/11/19 18:41:59 riz Exp $ */
+/* $NetBSD: if_et.c,v 1.3.2.2 2017/08/18 15:00:53 snj Exp $ */
/* $OpenBSD: if_et.c,v 1.11 2008/06/08 06:18:07 jsg Exp $ */
/*
* Copyright (c) 2007 The DragonFly Project. All rights reserved.
@@ -37,7 +37,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: if_et.c,v 1.3.2.1 2012/11/19 18:41:59 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_et.c,v 1.3.2.2 2017/08/18 15:00:53 snj Exp $");
#include "opt_inet.h"
#include "vlan.h"
@@ -2048,6 +2048,10 @@ et_newbuf(struct et_rxbuf_data *rbd, int
if (m == NULL)
return (ENOBUFS);
MCLGET(m, init ? M_WAITOK : M_DONTWAIT);
+ if ((m->m_flags & M_EXT) == 0) {
+ m_freem(m);
+ return (ENOBUFS);
+ }
len = MCLBYTES;
} else {
MGETHDR(m, init ? M_WAITOK : M_DONTWAIT, MT_DATA);
CVS commit: [netbsd-6-1] src/sys/dev/pci
Module Name:src
Committed By: snj
Date: Fri Aug 18 15:00:32 UTC 2017
Modified Files:
src/sys/dev/pci [netbsd-6-1]: if_et.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1474):
sys/dev/pci/if_et.c: revision 1.15
Check for MCLGET failure in et_newbuf.
>From Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.3.2.1 -r1.3.2.1.2.1 src/sys/dev/pci/if_et.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/pci/if_et.c
diff -u src/sys/dev/pci/if_et.c:1.3.2.1 src/sys/dev/pci/if_et.c:1.3.2.1.2.1
--- src/sys/dev/pci/if_et.c:1.3.2.1 Mon Nov 19 18:41:59 2012
+++ src/sys/dev/pci/if_et.c Fri Aug 18 15:00:32 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if_et.c,v 1.3.2.1 2012/11/19 18:41:59 riz Exp $ */
+/* $NetBSD: if_et.c,v 1.3.2.1.2.1 2017/08/18 15:00:32 snj Exp $ */
/* $OpenBSD: if_et.c,v 1.11 2008/06/08 06:18:07 jsg Exp $ */
/*
* Copyright (c) 2007 The DragonFly Project. All rights reserved.
@@ -37,7 +37,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: if_et.c,v 1.3.2.1 2012/11/19 18:41:59 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_et.c,v 1.3.2.1.2.1 2017/08/18 15:00:32 snj Exp $");
#include "opt_inet.h"
#include "vlan.h"
@@ -2048,6 +2048,10 @@ et_newbuf(struct et_rxbuf_data *rbd, int
if (m == NULL)
return (ENOBUFS);
MCLGET(m, init ? M_WAITOK : M_DONTWAIT);
+ if ((m->m_flags & M_EXT) == 0) {
+ m_freem(m);
+ return (ENOBUFS);
+ }
len = MCLBYTES;
} else {
MGETHDR(m, init ? M_WAITOK : M_DONTWAIT, MT_DATA);
CVS commit: [netbsd-6-0] src/sys/dev/pci
Module Name:src
Committed By: snj
Date: Fri Aug 18 15:00:13 UTC 2017
Modified Files:
src/sys/dev/pci [netbsd-6-0]: if_et.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1474):
sys/dev/pci/if_et.c: revision 1.15
Check for MCLGET failure in et_newbuf.
>From Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.3.6.1 src/sys/dev/pci/if_et.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/pci/if_et.c
diff -u src/sys/dev/pci/if_et.c:1.3 src/sys/dev/pci/if_et.c:1.3.6.1
--- src/sys/dev/pci/if_et.c:1.3 Mon Jan 30 19:41:20 2012
+++ src/sys/dev/pci/if_et.c Fri Aug 18 15:00:13 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if_et.c,v 1.3 2012/01/30 19:41:20 drochner Exp $ */
+/* $NetBSD: if_et.c,v 1.3.6.1 2017/08/18 15:00:13 snj Exp $ */
/* $OpenBSD: if_et.c,v 1.11 2008/06/08 06:18:07 jsg Exp $ */
/*
* Copyright (c) 2007 The DragonFly Project. All rights reserved.
@@ -37,7 +37,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: if_et.c,v 1.3 2012/01/30 19:41:20 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_et.c,v 1.3.6.1 2017/08/18 15:00:13 snj Exp $");
#include "opt_inet.h"
#include "vlan.h"
@@ -2056,6 +2056,10 @@ et_newbuf(struct et_rxbuf_data *rbd, int
if (m == NULL)
return (ENOBUFS);
MCLGET(m, init ? M_WAITOK : M_DONTWAIT);
+ if ((m->m_flags & M_EXT) == 0) {
+ m_freem(m);
+ return (ENOBUFS);
+ }
len = MCLBYTES;
} else {
MGETHDR(m, init ? M_WAITOK : M_DONTWAIT, MT_DATA);
CVS commit: [netbsd-6] src/sys/dev/pci
Module Name:src
Committed By: snj
Date: Fri Aug 18 14:58:15 UTC 2017
Modified Files:
src/sys/dev/pci [netbsd-6]: if_ipw.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1473):
sys/dev/pci/if_ipw.c: revision 1.65 via patch
Null out sbuf->m on failure to avoid double-free later.
>From Ilja Van Sprundel.
Also null out sbuf->map out of paranoia.
To generate a diff of this commit:
cvs rdiff -u -r1.53 -r1.53.2.1 src/sys/dev/pci/if_ipw.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/pci/if_ipw.c
diff -u src/sys/dev/pci/if_ipw.c:1.53 src/sys/dev/pci/if_ipw.c:1.53.2.1
--- src/sys/dev/pci/if_ipw.c:1.53 Mon Jan 30 19:41:20 2012
+++ src/sys/dev/pci/if_ipw.c Fri Aug 18 14:58:15 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if_ipw.c,v 1.53 2012/01/30 19:41:20 drochner Exp $ */
+/* $NetBSD: if_ipw.c,v 1.53.2.1 2017/08/18 14:58:15 snj Exp $ */
/* FreeBSD: src/sys/dev/ipw/if_ipw.c,v 1.15 2005/11/13 17:17:40 damien Exp */
/*-
@@ -29,7 +29,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: if_ipw.c,v 1.53 2012/01/30 19:41:20 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_ipw.c,v 1.53.2.1 2017/08/18 14:58:15 snj Exp $");
/*-
* Intel(R) PRO/Wireless 2100 MiniPCI driver
@@ -590,6 +590,7 @@ ipw_dma_alloc(struct ipw_softc *sc)
MCLGET(sbuf->m, M_DONTWAIT);
if (!(sbuf->m->m_flags & M_EXT)) {
m_freem(sbuf->m);
+ sbuf->m = NULL;
aprint_error_dev(&sc->sc_dev, "could not allocate rx mbuf cluster\n");
error = ENOMEM;
goto fail;
@@ -602,6 +603,7 @@ ipw_dma_alloc(struct ipw_softc *sc)
if (error != 0) {
aprint_error_dev(&sc->sc_dev, "could not create rxbuf dma map\n");
m_freem(sbuf->m);
+ sbuf->m = NULL;
goto fail;
}
@@ -609,7 +611,9 @@ ipw_dma_alloc(struct ipw_softc *sc)
sbuf->m, BUS_DMA_READ | BUS_DMA_NOWAIT);
if (error != 0) {
bus_dmamap_destroy(sc->sc_dmat, sbuf->map);
+ sbuf->map = NULL;
m_freem(sbuf->m);
+ sbuf->m = NULL;
aprint_error_dev(&sc->sc_dev, "could not map rxbuf dma memory\n");
goto fail;
}
CVS commit: [netbsd-6-1] src/sys/dev/pci
Module Name:src
Committed By: snj
Date: Fri Aug 18 14:57:55 UTC 2017
Modified Files:
src/sys/dev/pci [netbsd-6-1]: if_ipw.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1473):
sys/dev/pci/if_ipw.c: revision 1.65 via patch
Null out sbuf->m on failure to avoid double-free later.
>From Ilja Van Sprundel.
Also null out sbuf->map out of paranoia.
To generate a diff of this commit:
cvs rdiff -u -r1.53 -r1.53.10.1 src/sys/dev/pci/if_ipw.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/pci/if_ipw.c
diff -u src/sys/dev/pci/if_ipw.c:1.53 src/sys/dev/pci/if_ipw.c:1.53.10.1
--- src/sys/dev/pci/if_ipw.c:1.53 Mon Jan 30 19:41:20 2012
+++ src/sys/dev/pci/if_ipw.c Fri Aug 18 14:57:55 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if_ipw.c,v 1.53 2012/01/30 19:41:20 drochner Exp $ */
+/* $NetBSD: if_ipw.c,v 1.53.10.1 2017/08/18 14:57:55 snj Exp $ */
/* FreeBSD: src/sys/dev/ipw/if_ipw.c,v 1.15 2005/11/13 17:17:40 damien Exp */
/*-
@@ -29,7 +29,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: if_ipw.c,v 1.53 2012/01/30 19:41:20 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_ipw.c,v 1.53.10.1 2017/08/18 14:57:55 snj Exp $");
/*-
* Intel(R) PRO/Wireless 2100 MiniPCI driver
@@ -590,6 +590,7 @@ ipw_dma_alloc(struct ipw_softc *sc)
MCLGET(sbuf->m, M_DONTWAIT);
if (!(sbuf->m->m_flags & M_EXT)) {
m_freem(sbuf->m);
+ sbuf->m = NULL;
aprint_error_dev(&sc->sc_dev, "could not allocate rx mbuf cluster\n");
error = ENOMEM;
goto fail;
@@ -602,6 +603,7 @@ ipw_dma_alloc(struct ipw_softc *sc)
if (error != 0) {
aprint_error_dev(&sc->sc_dev, "could not create rxbuf dma map\n");
m_freem(sbuf->m);
+ sbuf->m = NULL;
goto fail;
}
@@ -609,7 +611,9 @@ ipw_dma_alloc(struct ipw_softc *sc)
sbuf->m, BUS_DMA_READ | BUS_DMA_NOWAIT);
if (error != 0) {
bus_dmamap_destroy(sc->sc_dmat, sbuf->map);
+ sbuf->map = NULL;
m_freem(sbuf->m);
+ sbuf->m = NULL;
aprint_error_dev(&sc->sc_dev, "could not map rxbuf dma memory\n");
goto fail;
}
CVS commit: [netbsd-6-0] src/sys/dev/pci
Module Name:src
Committed By: snj
Date: Fri Aug 18 14:57:35 UTC 2017
Modified Files:
src/sys/dev/pci [netbsd-6-0]: if_ipw.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1473):
sys/dev/pci/if_ipw.c: revision 1.65 via patch
Null out sbuf->m on failure to avoid double-free later.
>From Ilja Van Sprundel.
Also null out sbuf->map out of paranoia.
To generate a diff of this commit:
cvs rdiff -u -r1.53 -r1.53.8.1 src/sys/dev/pci/if_ipw.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/pci/if_ipw.c
diff -u src/sys/dev/pci/if_ipw.c:1.53 src/sys/dev/pci/if_ipw.c:1.53.8.1
--- src/sys/dev/pci/if_ipw.c:1.53 Mon Jan 30 19:41:20 2012
+++ src/sys/dev/pci/if_ipw.c Fri Aug 18 14:57:35 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if_ipw.c,v 1.53 2012/01/30 19:41:20 drochner Exp $ */
+/* $NetBSD: if_ipw.c,v 1.53.8.1 2017/08/18 14:57:35 snj Exp $ */
/* FreeBSD: src/sys/dev/ipw/if_ipw.c,v 1.15 2005/11/13 17:17:40 damien Exp */
/*-
@@ -29,7 +29,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: if_ipw.c,v 1.53 2012/01/30 19:41:20 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_ipw.c,v 1.53.8.1 2017/08/18 14:57:35 snj Exp $");
/*-
* Intel(R) PRO/Wireless 2100 MiniPCI driver
@@ -590,6 +590,7 @@ ipw_dma_alloc(struct ipw_softc *sc)
MCLGET(sbuf->m, M_DONTWAIT);
if (!(sbuf->m->m_flags & M_EXT)) {
m_freem(sbuf->m);
+ sbuf->m = NULL;
aprint_error_dev(&sc->sc_dev, "could not allocate rx mbuf cluster\n");
error = ENOMEM;
goto fail;
@@ -602,6 +603,7 @@ ipw_dma_alloc(struct ipw_softc *sc)
if (error != 0) {
aprint_error_dev(&sc->sc_dev, "could not create rxbuf dma map\n");
m_freem(sbuf->m);
+ sbuf->m = NULL;
goto fail;
}
@@ -609,7 +611,9 @@ ipw_dma_alloc(struct ipw_softc *sc)
sbuf->m, BUS_DMA_READ | BUS_DMA_NOWAIT);
if (error != 0) {
bus_dmamap_destroy(sc->sc_dmat, sbuf->map);
+ sbuf->map = NULL;
m_freem(sbuf->m);
+ sbuf->m = NULL;
aprint_error_dev(&sc->sc_dev, "could not map rxbuf dma memory\n");
goto fail;
}
CVS commit: [netbsd-6] src/sys/kern
Module Name:src
Committed By: snj
Date: Fri Aug 18 14:53:10 UTC 2017
Modified Files:
src/sys/kern [netbsd-6]: kern_malloc.c
Log Message:
Pull up following revision(s) (requested by martin in ticket #1465):
sys/kern/kern_malloc.c: revision 1.146
Avoid integer overflow in kern_malloc(). Reported by Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.138 -r1.138.2.1 src/sys/kern/kern_malloc.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_malloc.c
diff -u src/sys/kern/kern_malloc.c:1.138 src/sys/kern/kern_malloc.c:1.138.2.1
--- src/sys/kern/kern_malloc.c:1.138 Mon Feb 6 12:13:44 2012
+++ src/sys/kern/kern_malloc.c Fri Aug 18 14:53:10 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_malloc.c,v 1.138 2012/02/06 12:13:44 drochner Exp $ */
+/* $NetBSD: kern_malloc.c,v 1.138.2.1 2017/08/18 14:53:10 snj Exp $ */
/*
* Copyright (c) 1987, 1991, 1993
@@ -66,7 +66,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: kern_malloc.c,v 1.138 2012/02/06 12:13:44 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_malloc.c,v 1.138.2.1 2017/08/18 14:53:10 snj Exp $");
#include
#include
@@ -113,7 +113,10 @@ kern_malloc(unsigned long size, struct m
void *p;
if (size >= PAGE_SIZE) {
- allocsize = PAGE_SIZE + size; /* for page alignment */
+ if (size > (ULONG_MAX-PAGE_SIZE))
+ allocsize = ULONG_MAX; /* this will fail later */
+ else
+ allocsize = PAGE_SIZE + size; /* for page alignment */
hdroffset = PAGE_SIZE - sizeof(struct malloc_header);
} else {
allocsize = sizeof(struct malloc_header) + size;
CVS commit: [netbsd-6-1] src/sys/kern
Module Name:src
Committed By: snj
Date: Fri Aug 18 14:52:43 UTC 2017
Modified Files:
src/sys/kern [netbsd-6-1]: kern_malloc.c
Log Message:
Pull up following revision(s) (requested by martin in ticket #1465):
sys/kern/kern_malloc.c: revision 1.146
Avoid integer overflow in kern_malloc(). Reported by Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.138 -r1.138.8.1 src/sys/kern/kern_malloc.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_malloc.c
diff -u src/sys/kern/kern_malloc.c:1.138 src/sys/kern/kern_malloc.c:1.138.8.1
--- src/sys/kern/kern_malloc.c:1.138 Mon Feb 6 12:13:44 2012
+++ src/sys/kern/kern_malloc.c Fri Aug 18 14:52:43 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_malloc.c,v 1.138 2012/02/06 12:13:44 drochner Exp $ */
+/* $NetBSD: kern_malloc.c,v 1.138.8.1 2017/08/18 14:52:43 snj Exp $ */
/*
* Copyright (c) 1987, 1991, 1993
@@ -66,7 +66,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: kern_malloc.c,v 1.138 2012/02/06 12:13:44 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_malloc.c,v 1.138.8.1 2017/08/18 14:52:43 snj Exp $");
#include
#include
@@ -113,7 +113,10 @@ kern_malloc(unsigned long size, struct m
void *p;
if (size >= PAGE_SIZE) {
- allocsize = PAGE_SIZE + size; /* for page alignment */
+ if (size > (ULONG_MAX-PAGE_SIZE))
+ allocsize = ULONG_MAX; /* this will fail later */
+ else
+ allocsize = PAGE_SIZE + size; /* for page alignment */
hdroffset = PAGE_SIZE - sizeof(struct malloc_header);
} else {
allocsize = sizeof(struct malloc_header) + size;
CVS commit: src/sys/arch
Module Name:src Committed By: maxv Date: Fri Aug 18 14:52:19 UTC 2017 Modified Files: src/sys/arch/amd64/amd64: amd64_trap.S src/sys/arch/i386/i386: i386_trap.S vector.S Log Message: Revert my previous change. I hadn't checked carefully enough: the symbols are used in src/external. There is a number of things that seem wrong to me here, but I'm not changing them for now. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/sys/arch/amd64/amd64/amd64_trap.S cvs rdiff -u -r1.10 -r1.11 src/sys/arch/i386/i386/i386_trap.S cvs rdiff -u -r1.72 -r1.73 src/sys/arch/i386/i386/vector.S Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/amd64/amd64_trap.S diff -u src/sys/arch/amd64/amd64/amd64_trap.S:1.6 src/sys/arch/amd64/amd64/amd64_trap.S:1.7 --- src/sys/arch/amd64/amd64/amd64_trap.S:1.6 Fri Aug 18 10:02:37 2017 +++ src/sys/arch/amd64/amd64/amd64_trap.S Fri Aug 18 14:52:19 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: amd64_trap.S,v 1.6 2017/08/18 10:02:37 maxv Exp $ */ +/* $NetBSD: amd64_trap.S,v 1.7 2017/08/18 14:52:19 maxv Exp $ */ /*- * Copyright (c) 1998, 2007, 2008 The NetBSD Foundation, Inc. @@ -66,7 +66,7 @@ #if 0 #include -__KERNEL_RCSID(0, "$NetBSD: amd64_trap.S,v 1.6 2017/08/18 10:02:37 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: amd64_trap.S,v 1.7 2017/08/18 14:52:19 maxv Exp $"); #endif /* @@ -154,7 +154,47 @@ nmileave: IDTVEC_END(trap02) IDTVEC(trap03) +#ifndef KDTRACE_HOOKS ZTRAP(T_BPTFLT) +#else + ZTRAP_NJ(T_BPTFLT) + INTRENTRY + STI(si) + /* + * DTrace Function Boundary Trace (fbt) probes are triggered + * by int3 (0xcc). + */ + /* Check if there is no DTrace hook registered. */ + cmpq $0,dtrace_invop_jump_addr + je calltrap + + /* + * Set our jump address for the jump back in the event that + * the exception wasn't caused by DTrace at all. + */ + /* XXX: This doesn't look right for SMP - unless it is a + * constant - so why set it everytime. (dsl) */ + movq $calltrap, dtrace_invop_calltrap_addr(%rip) + + /* Jump to the code hooked in by DTrace. */ + movq dtrace_invop_jump_addr, %rax + jmpq *dtrace_invop_jump_addr + + .bss + .globl dtrace_invop_jump_addr + .align 8 + .type dtrace_invop_jump_addr, @object + .size dtrace_invop_jump_addr, 8 +dtrace_invop_jump_addr: + .zero 8 + .globl dtrace_invop_calltrap_addr + .align 8 + .type dtrace_invop_calltrap_addr, @object + .size dtrace_invop_calltrap_addr, 8 +dtrace_invop_calltrap_addr: + .zero 8 + .text +#endif IDTVEC_END(trap03) IDTVEC(trap04) Index: src/sys/arch/i386/i386/i386_trap.S diff -u src/sys/arch/i386/i386/i386_trap.S:1.10 src/sys/arch/i386/i386/i386_trap.S:1.11 --- src/sys/arch/i386/i386/i386_trap.S:1.10 Fri Aug 18 10:02:37 2017 +++ src/sys/arch/i386/i386/i386_trap.S Fri Aug 18 14:52:19 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: i386_trap.S,v 1.10 2017/08/18 10:02:37 maxv Exp $ */ +/* $NetBSD: i386_trap.S,v 1.11 2017/08/18 14:52:19 maxv Exp $ */ /* * Copyright 2002 (c) Wasabi Systems, Inc. @@ -66,7 +66,7 @@ #if 0 #include -__KERNEL_RCSID(0, "$NetBSD: i386_trap.S,v 1.10 2017/08/18 10:02:37 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: i386_trap.S,v 1.11 2017/08/18 14:52:19 maxv Exp $"); #endif /* @@ -132,9 +132,48 @@ IDTVEC(trap05) ZTRAP(T_BOUND) IDTVEC_END(trap05) +/* + * Privileged instruction fault. + */ +#ifdef KDTRACE_HOOKS + SUPERALIGN_TEXT +IDTVEC(trap06) + /* Check if there is no DTrace hook registered. */ + cmpl $0,dtrace_invop_jump_addr + je norm_ill + + /* Check if this is a user fault. */ + /* XXX this was 0x0020 in FreeBSD */ + cmpl $GSEL(GCODE_SEL, SEL_KPL),4(%esp) /* Check code segment. */ + + /* If so, just handle it as a normal trap. */ + jne norm_ill + + /* + * This is a kernel instruction fault that might have been caused + * by a DTrace provider. + */ + + /* + * Set our jump address for the jump back in the event that + * the exception wasn't caused by DTrace at all. + */ + movl $norm_ill,dtrace_invop_calltrap_addr + + /* Jump to the code hooked in by DTrace. */ + jmpl *dtrace_invop_jump_addr + + /* + * Process the instruction fault in the normal way. + */ +norm_ill: + ZTRAP(T_PRIVINFLT) +IDTVEC_END(trap06) +#else IDTVEC(trap06) ZTRAP(T_PRIVINFLT) IDTVEC_END(trap06) +#endif IDTVEC(trap07) pushl $0 /* dummy error code */ Index: src/sys/arch/i386/i386/vector.S diff -u src/sys/arch/i386/i386/vector.S:1.72 src/sys/arch/i386/i386/vector.S:1.73 --- src/sys/arch/i386/i386/vector.S:1.72 Fri Aug 18 10:02:37 2017 +++ src/sys/arch/i386/i386/vector.S Fri Aug 18 14:52:19 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: vector.S,v 1.72 2017/08/18 10:02:37 maxv Exp $ */ +/* $NetBSD: vector.S,v 1.73 2017/08/18 14:52:19 maxv Exp $ */ /* * Copyright 2002 (c) Wasabi Systems, Inc. @@ -65,7 +65,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: vector.S,v 1.72 2017/08/18 10:02:37 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: vector.S,v 1.73 2017/08/18 14:52:19 maxv
CVS commit: [netbsd-6-0] src/sys/kern
Module Name:src
Committed By: snj
Date: Fri Aug 18 14:52:09 UTC 2017
Modified Files:
src/sys/kern [netbsd-6-0]: kern_malloc.c
Log Message:
Pull up following revision(s) (requested by martin in ticket #1465):
sys/kern/kern_malloc.c: revision 1.146
Avoid integer overflow in kern_malloc(). Reported by Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.138 -r1.138.6.1 src/sys/kern/kern_malloc.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_malloc.c
diff -u src/sys/kern/kern_malloc.c:1.138 src/sys/kern/kern_malloc.c:1.138.6.1
--- src/sys/kern/kern_malloc.c:1.138 Mon Feb 6 12:13:44 2012
+++ src/sys/kern/kern_malloc.c Fri Aug 18 14:52:09 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_malloc.c,v 1.138 2012/02/06 12:13:44 drochner Exp $ */
+/* $NetBSD: kern_malloc.c,v 1.138.6.1 2017/08/18 14:52:09 snj Exp $ */
/*
* Copyright (c) 1987, 1991, 1993
@@ -66,7 +66,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: kern_malloc.c,v 1.138 2012/02/06 12:13:44 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_malloc.c,v 1.138.6.1 2017/08/18 14:52:09 snj Exp $");
#include
#include
@@ -113,7 +113,10 @@ kern_malloc(unsigned long size, struct m
void *p;
if (size >= PAGE_SIZE) {
- allocsize = PAGE_SIZE + size; /* for page alignment */
+ if (size > (ULONG_MAX-PAGE_SIZE))
+ allocsize = ULONG_MAX; /* this will fail later */
+ else
+ allocsize = PAGE_SIZE + size; /* for page alignment */
hdroffset = PAGE_SIZE - sizeof(struct malloc_header);
} else {
allocsize = sizeof(struct malloc_header) + size;
CVS commit: src/sys/arch
Module Name:src
Committed By: maxv
Date: Fri Aug 18 10:28:53 UTC 2017
Modified Files:
src/sys/arch/amd64/conf: kern.ldscript
src/sys/arch/i386/conf: kern.ldscript kern.ldscript.4MB
Log Message:
Fill the .text padding with 0xcc (int3), in such a way that any jump into
this area will automatically fault. The alignment within the section is
necessary, in order to fill strictly all of the padding (took me a while
to figure this out); but it does not change the kernel size.
Greatly inspired from FreeBSD, but for some reason they decided not to
apply the alignment.
To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 src/sys/arch/amd64/conf/kern.ldscript
cvs rdiff -u -r1.19 -r1.20 src/sys/arch/i386/conf/kern.ldscript
cvs rdiff -u -r1.17 -r1.18 src/sys/arch/i386/conf/kern.ldscript.4MB
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/amd64/conf/kern.ldscript
diff -u src/sys/arch/amd64/conf/kern.ldscript:1.23 src/sys/arch/amd64/conf/kern.ldscript:1.24
--- src/sys/arch/amd64/conf/kern.ldscript:1.23 Wed Jun 14 07:45:45 2017
+++ src/sys/arch/amd64/conf/kern.ldscript Fri Aug 18 10:28:53 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: kern.ldscript,v 1.23 2017/06/14 07:45:45 maxv Exp $ */
+/* $NetBSD: kern.ldscript,v 1.24 2017/08/18 10:28:53 maxv Exp $ */
#include "assym.h"
@@ -13,12 +13,13 @@ __LARGE_PAGE_SIZE = 0x20 ;
ENTRY(_start)
SECTIONS
{
- .text :
+ .text : AT (ADDR(.text) & 0x0fff)
{
*(.text)
*(.text.*)
*(.stub)
- }
+ . = ALIGN(__LARGE_PAGE_SIZE);
+ } =0xCC
_etext = . ;
PROVIDE (etext = .) ;
@@ -79,11 +80,3 @@ SECTIONS
}
}
-SECTIONS
-{
- .text :
- AT (ADDR(.text) & 0x0fff)
- {
- *(.text)
- } = 0
-}
Index: src/sys/arch/i386/conf/kern.ldscript
diff -u src/sys/arch/i386/conf/kern.ldscript:1.19 src/sys/arch/i386/conf/kern.ldscript:1.20
--- src/sys/arch/i386/conf/kern.ldscript:1.19 Sat May 14 08:19:42 2016
+++ src/sys/arch/i386/conf/kern.ldscript Fri Aug 18 10:28:53 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: kern.ldscript,v 1.19 2016/05/14 08:19:42 maxv Exp $ */
+/* $NetBSD: kern.ldscript,v 1.20 2017/08/18 10:28:53 maxv Exp $ */
#include "assym.h"
@@ -7,12 +7,13 @@ __PAGE_SIZE = 0x1000 ;
ENTRY(_start)
SECTIONS
{
- .text :
+ .text : AT (ADDR(.text) & 0x0fff)
{
*(.text)
*(.text.*)
*(.stub)
- }
+ . = ALIGN(__PAGE_SIZE);
+ } =0xCC
_etext = . ;
PROVIDE (etext = .) ;
@@ -69,11 +70,3 @@ SECTIONS
}
}
-SECTIONS
-{
- .text :
- AT (ADDR(.text) & 0x0fff)
- {
- *(.text)
- } = 0
-}
Index: src/sys/arch/i386/conf/kern.ldscript.4MB
diff -u src/sys/arch/i386/conf/kern.ldscript.4MB:1.17 src/sys/arch/i386/conf/kern.ldscript.4MB:1.18
--- src/sys/arch/i386/conf/kern.ldscript.4MB:1.17 Mon May 16 07:52:31 2016
+++ src/sys/arch/i386/conf/kern.ldscript.4MB Fri Aug 18 10:28:53 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: kern.ldscript.4MB,v 1.17 2016/05/16 07:52:31 maxv Exp $ */
+/* $NetBSD: kern.ldscript.4MB,v 1.18 2017/08/18 10:28:53 maxv Exp $ */
#include "assym.h"
@@ -12,12 +12,13 @@ __LARGE_PAGE_SIZE = 0x40 ;
ENTRY(_start)
SECTIONS
{
- .text :
+ .text : AT (ADDR(.text) & 0x0fff)
{
*(.text)
*(.text.*)
*(.stub)
- }
+ . = ALIGN(__LARGE_PAGE_SIZE);
+ } =0xCC
_etext = . ;
PROVIDE (etext = .) ;
@@ -78,11 +79,3 @@ SECTIONS
}
}
-SECTIONS
-{
- .text :
- AT (ADDR(.text) & 0x0fff)
- {
- *(.text)
- } = 0
-}
CVS commit: src/sys/arch
Module Name:src Committed By: maxv Date: Fri Aug 18 10:02:37 UTC 2017 Modified Files: src/sys/arch/amd64/amd64: amd64_trap.S src/sys/arch/i386/i386: i386_trap.S vector.S Log Message: Remove unused and broken code. On amd64 we won't want int3 from kernel mode to be valid. To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/sys/arch/amd64/amd64/amd64_trap.S cvs rdiff -u -r1.9 -r1.10 src/sys/arch/i386/i386/i386_trap.S cvs rdiff -u -r1.71 -r1.72 src/sys/arch/i386/i386/vector.S Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/amd64/amd64_trap.S diff -u src/sys/arch/amd64/amd64/amd64_trap.S:1.5 src/sys/arch/amd64/amd64/amd64_trap.S:1.6 --- src/sys/arch/amd64/amd64/amd64_trap.S:1.5 Fri Mar 24 18:03:32 2017 +++ src/sys/arch/amd64/amd64/amd64_trap.S Fri Aug 18 10:02:37 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: amd64_trap.S,v 1.5 2017/03/24 18:03:32 maxv Exp $ */ +/* $NetBSD: amd64_trap.S,v 1.6 2017/08/18 10:02:37 maxv Exp $ */ /*- * Copyright (c) 1998, 2007, 2008 The NetBSD Foundation, Inc. @@ -66,7 +66,7 @@ #if 0 #include -__KERNEL_RCSID(0, "$NetBSD: amd64_trap.S,v 1.5 2017/03/24 18:03:32 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: amd64_trap.S,v 1.6 2017/08/18 10:02:37 maxv Exp $"); #endif /* @@ -154,47 +154,7 @@ nmileave: IDTVEC_END(trap02) IDTVEC(trap03) -#ifndef KDTRACE_HOOKS ZTRAP(T_BPTFLT) -#else - ZTRAP_NJ(T_BPTFLT) - INTRENTRY - STI(si) - /* - * DTrace Function Boundary Trace (fbt) probes are triggered - * by int3 (0xcc). - */ - /* Check if there is no DTrace hook registered. */ - cmpq $0,dtrace_invop_jump_addr - je calltrap - - /* - * Set our jump address for the jump back in the event that - * the exception wasn't caused by DTrace at all. - */ - /* XXX: This doesn't look right for SMP - unless it is a - * constant - so why set it everytime. (dsl) */ - movq $calltrap, dtrace_invop_calltrap_addr(%rip) - - /* Jump to the code hooked in by DTrace. */ - movq dtrace_invop_jump_addr, %rax - jmpq *dtrace_invop_jump_addr - - .bss - .globl dtrace_invop_jump_addr - .align 8 - .type dtrace_invop_jump_addr, @object - .size dtrace_invop_jump_addr, 8 -dtrace_invop_jump_addr: - .zero 8 - .globl dtrace_invop_calltrap_addr - .align 8 - .type dtrace_invop_calltrap_addr, @object - .size dtrace_invop_calltrap_addr, 8 -dtrace_invop_calltrap_addr: - .zero 8 - .text -#endif IDTVEC_END(trap03) IDTVEC(trap04) Index: src/sys/arch/i386/i386/i386_trap.S diff -u src/sys/arch/i386/i386/i386_trap.S:1.9 src/sys/arch/i386/i386/i386_trap.S:1.10 --- src/sys/arch/i386/i386/i386_trap.S:1.9 Sat Aug 12 07:07:53 2017 +++ src/sys/arch/i386/i386/i386_trap.S Fri Aug 18 10:02:37 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: i386_trap.S,v 1.9 2017/08/12 07:07:53 maxv Exp $ */ +/* $NetBSD: i386_trap.S,v 1.10 2017/08/18 10:02:37 maxv Exp $ */ /* * Copyright 2002 (c) Wasabi Systems, Inc. @@ -66,7 +66,7 @@ #if 0 #include -__KERNEL_RCSID(0, "$NetBSD: i386_trap.S,v 1.9 2017/08/12 07:07:53 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: i386_trap.S,v 1.10 2017/08/18 10:02:37 maxv Exp $"); #endif /* @@ -132,48 +132,9 @@ IDTVEC(trap05) ZTRAP(T_BOUND) IDTVEC_END(trap05) -/* - * Privileged instruction fault. - */ -#ifdef KDTRACE_HOOKS - SUPERALIGN_TEXT -IDTVEC(trap06) - /* Check if there is no DTrace hook registered. */ - cmpl $0,dtrace_invop_jump_addr - je norm_ill - - /* Check if this is a user fault. */ - /* XXX this was 0x0020 in FreeBSD */ - cmpl $GSEL(GCODE_SEL, SEL_KPL),4(%esp) /* Check code segment. */ - - /* If so, just handle it as a normal trap. */ - jne norm_ill - - /* - * This is a kernel instruction fault that might have been caused - * by a DTrace provider. - */ - - /* - * Set our jump address for the jump back in the event that - * the exception wasn't caused by DTrace at all. - */ - movl $norm_ill,dtrace_invop_calltrap_addr - - /* Jump to the code hooked in by DTrace. */ - jmpl *dtrace_invop_jump_addr - - /* - * Process the instruction fault in the normal way. - */ -norm_ill: - ZTRAP(T_PRIVINFLT) -IDTVEC_END(trap06) -#else IDTVEC(trap06) ZTRAP(T_PRIVINFLT) IDTVEC_END(trap06) -#endif IDTVEC(trap07) pushl $0 /* dummy error code */ Index: src/sys/arch/i386/i386/vector.S diff -u src/sys/arch/i386/i386/vector.S:1.71 src/sys/arch/i386/i386/vector.S:1.72 --- src/sys/arch/i386/i386/vector.S:1.71 Sat Aug 12 07:21:57 2017 +++ src/sys/arch/i386/i386/vector.S Fri Aug 18 10:02:37 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: vector.S,v 1.71 2017/08/12 07:21:57 maxv Exp $ */ +/* $NetBSD: vector.S,v 1.72 2017/08/18 10:02:37 maxv Exp $ */ /* * Copyright 2002 (c) Wasabi Systems, Inc. @@ -65,7 +65,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: vector.S,v 1.71 2017/08/12 07:21:57 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: vector.S,v 1.72 2017/08/18 10:02:37 maxv Exp $"); #include "opt_ddb.h" #include "opt_multiprocessor.h" @@ -125,23 +125,6 @@ __KERNEL_RCSID(0, "$
CVS commit: src/usr.sbin/acpitools/acpidump
Module Name:src
Committed By: msaitoh
Date: Fri Aug 18 09:49:24 UTC 2017
Modified Files:
src/usr.sbin/acpitools/acpidump: acpi.c
Log Message:
Check DSDT signature in acpi_handle_fadt() for broken ACPI table.
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 src/usr.sbin/acpitools/acpidump/acpi.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.sbin/acpitools/acpidump/acpi.c
diff -u src/usr.sbin/acpitools/acpidump/acpi.c:1.16 src/usr.sbin/acpitools/acpidump/acpi.c:1.17
--- src/usr.sbin/acpitools/acpidump/acpi.c:1.16 Fri Aug 4 06:30:36 2017
+++ src/usr.sbin/acpitools/acpidump/acpi.c Fri Aug 18 09:49:24 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: acpi.c,v 1.16 2017/08/04 06:30:36 msaitoh Exp $ */
+/* $NetBSD: acpi.c,v 1.17 2017/08/18 09:49:24 msaitoh Exp $ */
/*-
* Copyright (c) 1998 Doug Rabson
@@ -30,7 +30,7 @@
*/
#include
-__RCSID("$NetBSD: acpi.c,v 1.16 2017/08/04 06:30:36 msaitoh Exp $");
+__RCSID("$NetBSD: acpi.c,v 1.17 2017/08/18 09:49:24 msaitoh Exp $");
#include
#include
@@ -775,6 +775,8 @@ acpi_handle_fadt(ACPI_TABLE_HEADER *sdp)
dsdp = (ACPI_TABLE_HEADER *)acpi_map_sdt(fadt->Dsdt);
else
dsdp = (ACPI_TABLE_HEADER *)acpi_map_sdt(fadt->XDsdt);
+ if (memcmp(dsdp->Signature, ACPI_SIG_DSDT, 4) != 0)
+ errx(EXIT_FAILURE, "DSDT signature mismatch");
if (acpi_checksum(dsdp, dsdp->Length))
errx(EXIT_FAILURE, "DSDT is corrupt");
acpi_print_dsdt(dsdp);
