CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: sborrill Date: Thu May 7 12:07:13 UTC 2020 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1731 To generate a diff of this commit: cvs rdiff -u -r1.1.2.70 -r1.1.2.71 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.70 src/doc/CHANGES-7.1.3:1.1.2.71 --- src/doc/CHANGES-7.1.3:1.1.2.70 Thu Apr 30 16:24:26 2020 +++ src/doc/CHANGES-7.1.3 Thu May 7 12:07:13 2020 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.70 2020/04/30 16:24:26 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.71 2020/05/07 12:07:13 sborrill Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -682,4 +682,10 @@ games/fortune/unstr/unstr.c 1.15 Fix potential buffer overflows in fortune tools. [nia, ticket #1729] - +bin/rcp/rcp.c 1.50 + + In sink(), upon error, avoid multiple replies to the source + as this would lead to a desynchronization of the protocol and + further files or directories to be ignored or corrupted. + [aymeric, ticket #1731] +
CVS commit: [netbsd-7-1] src/bin/rcp
Module Name:src
Committed By: sborrill
Date: Thu May 7 12:05:51 UTC 2020
Modified Files:
src/bin/rcp [netbsd-7-1]: rcp.c
Log Message:
Pull up the following revisions(s) (requested by aymeric in ticket #1731):
bin/rcp/rcp.c: revision 1.50
In sink(), upon error, avoid multiple replies to the source as this
would lead to a desynchronization of the protocol and further files or
directories to be ignored or corrupted.
To generate a diff of this commit:
cvs rdiff -u -r1.49 -r1.49.22.1 src/bin/rcp/rcp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/bin/rcp/rcp.c
diff -u src/bin/rcp/rcp.c:1.49 src/bin/rcp/rcp.c:1.49.22.1
--- src/bin/rcp/rcp.c:1.49 Mon May 7 15:22:54 2012
+++ src/bin/rcp/rcp.c Thu May 7 12:05:51 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: rcp.c,v 1.49 2012/05/07 15:22:54 chs Exp $ */
+/* $NetBSD: rcp.c,v 1.49.22.1 2020/05/07 12:05:51 sborrill Exp $ */
/*
* Copyright (c) 1983, 1990, 1992, 1993
@@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1983, 19
#if 0
static char sccsid[] = "@(#)rcp.c 8.2 (Berkeley) 4/2/94";
#else
-__RCSID("$NetBSD: rcp.c,v 1.49 2012/05/07 15:22:54 chs Exp $");
+__RCSID("$NetBSD: rcp.c,v 1.49.22.1 2020/05/07 12:05:51 sborrill Exp $");
#endif
#endif /* not lint */
@@ -470,7 +470,6 @@ sink(int argc, char *argv[])
static BUF buffer;
struct stat stb;
struct timeval tv[2];
- enum { YES, NO, DISPLAYED } wrerr;
BUF *bp;
ssize_t j;
off_t i;
@@ -480,8 +479,9 @@ sink(int argc, char *argv[])
mode_t mask;
mode_t mode;
mode_t omode;
- int setimes, targisdir;
+ int setimes, targisdir, wrerr;
int wrerrno = 0; /* pacify gcc */
+ const char *wrcontext = NULL;
char ch, *cp, *np, *targ, *vect[1], buf[BUFSIZ];
const char *why;
off_t size;
@@ -624,9 +624,7 @@ sink(int argc, char *argv[])
sink(1, vect);
if (setimes) {
setimes = 0;
-if (utimes(np, tv) < 0)
-run_err("%s: set times: %s",
- np, strerror(errno));
+(void) utimes(np, tv);
}
if (mod_flag)
(void)chmod(np, mode);
@@ -644,7 +642,20 @@ bad: run_err("%s: %s", np, strerror(er
continue;
}
cp = bp->buf;
- wrerr = NO;
+ wrerr = 0;
+
+/*
+ * Like run_err(), but don't send any message to the remote end.
+ * Instead, record the first error and send that in the end.
+ */
+#define RUN_ERR(w_context) do { \
+ if (!wrerr) { \
+ wrerrno = errno; \
+ wrcontext = w_context; \
+ wrerr = 1; \
+ }\
+} while(0)
+
count = 0;
for (i = 0; i < size; i += BUFSIZ) {
amt = BUFSIZ;
@@ -663,69 +674,56 @@ bad: run_err("%s: %s", np, strerror(er
} while (amt > 0);
if (count == bp->cnt) {
/* Keep reading so we stay sync'd up. */
-if (wrerr == NO) {
+if (!wrerr) {
j = write(ofd, bp->buf, (size_t)count);
if (j != count) {
- wrerr = YES;
- wrerrno = j >= 0 ? EIO : errno;
+ if (j >= 0)
+ errno = EIO;
+ RUN_ERR("write");
}
}
count = 0;
cp = bp->buf;
}
}
- if (count != 0 && wrerr == NO &&
+ if (count != 0 && !wrerr &&
(j = write(ofd, bp->buf, (size_t)count)) != count) {
- wrerr = YES;
- wrerrno = j >= 0 ? EIO : errno;
- }
- if (ftruncate(ofd, size)) {
- run_err("%s: truncate: %s", np, strerror(errno));
- wrerr = DISPLAYED;
+ if (j >= 0)
+errno = EIO;
+ RUN_ERR("write");
}
+ if (ftruncate(ofd, size))
+ RUN_ERR("truncate");
+
if (pflag) {
if (exists || omode != mode)
if (fchmod(ofd, omode))
- run_err("%s: set mode: %s",
- np, strerror(errno));
+ RUN_ERR("set mode");
} else {
if (!exists && omode != mode)
if (fchmod(ofd, omode & ~mask))
- run_err("%s: set mode: %s",
- np, strerror(errno));
+ RUN_ERR("set mode");
}
#ifndef __SVR4
- if (setimes && wrerr == NO) {
+ if (setimes && !wrerr) {
setimes = 0;
- if (futimes(ofd, tv) < 0) {
-run_err("%s: set times: %s",
-np, strerror(errno));
-wrerr = DISPLAYED;
- }
+ if (futimes(ofd, tv) < 0)
+RUN_ERR("set times");
}
#endif
(void)close(ofd);
#ifdef __SVR4
- if (setimes && wrerr == NO) {
+ if (setimes && !wrerr) {
setimes = 0;
- if (utimes(np, tv) < 0) {
-run_err("%s: set times: %s",
-np, strerror(errno));
-wrerr = DISPLAYED;
- }
+ if (utimes(np, tv) < 0)
+RUN_ERR("set times");
}
#endif
(void)response();
- switch(wrerr) {
- case YES:
- run_err("%s: write: %s", np, strerror(wrerrno));
- break;
- case NO:
+ if (wrerr)
+ run_err("%s: %s: %s", np, wrcontext, strerror(wrerrno));
+ else
(void)write(rem, "", 1);
- break;
- case DISPLAYED:
- break;
- }
}
out:
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Thu Apr 30 16:24:26 UTC 2020 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1729 To generate a diff of this commit: cvs rdiff -u -r1.1.2.69 -r1.1.2.70 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.69 src/doc/CHANGES-7.1.3:1.1.2.70 --- src/doc/CHANGES-7.1.3:1.1.2.69 Wed Apr 15 14:59:15 2020 +++ src/doc/CHANGES-7.1.3 Thu Apr 30 16:24:26 2020 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.69 2020/04/15 14:59:15 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.70 2020/04/30 16:24:26 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -676,3 +676,10 @@ sys/netinet6/nd6_rtr.c1.148 (via pat PR kern/55091 and PR bin/54997: fix default route selection. [kim, ticket #1727] +games/fortune/strfile/strfile.c 1.39 +games/fortune/unstr/unstr.c 1.15 + + Fix potential buffer overflows in fortune tools. + [nia, ticket #1729] + +
CVS commit: [netbsd-7-1] src/games/fortune
Module Name:src
Committed By: martin
Date: Thu Apr 30 16:24:03 UTC 2020
Modified Files:
src/games/fortune/strfile [netbsd-7-1]: strfile.c
src/games/fortune/unstr [netbsd-7-1]: unstr.c
Log Message:
Pull up following revision(s) (requested by nia in ticket #1729):
games/fortune/strfile/strfile.c: revision 1.39
games/fortune/unstr/unstr.c: revision 1.15
strfile: Check that input/output filenames don't exceed the buffer size
unstr: Check that the input filename fits in the buffer.
To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.38.14.1 src/games/fortune/strfile/strfile.c
cvs rdiff -u -r1.14 -r1.14.20.1 src/games/fortune/unstr/unstr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/games/fortune/strfile/strfile.c
diff -u src/games/fortune/strfile/strfile.c:1.38 src/games/fortune/strfile/strfile.c:1.38.14.1
--- src/games/fortune/strfile/strfile.c:1.38 Thu Sep 19 00:34:00 2013
+++ src/games/fortune/strfile/strfile.c Thu Apr 30 16:24:03 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: strfile.c,v 1.38 2013/09/19 00:34:00 uwe Exp $ */
+/* $NetBSD: strfile.c,v 1.38.14.1 2020/04/30 16:24:03 martin Exp $ */
/*-
* Copyright (c) 1989, 1993
@@ -47,7 +47,7 @@ __COPYRIGHT("@(#) Copyright (c) 1989, 19
#if 0
static char sccsid[] = "@(#)strfile.c 8.1 (Berkeley) 5/31/93";
#else
-__RCSID("$NetBSD: strfile.c,v 1.38 2013/09/19 00:34:00 uwe Exp $");
+__RCSID("$NetBSD: strfile.c,v 1.38.14.1 2020/04/30 16:24:03 martin Exp $");
#endif
#endif /* not lint */
#endif /* __NetBSD__ */
@@ -267,6 +267,7 @@ getargs(int argc, char **argv)
int ch;
extern int optind;
extern char *optarg;
+ size_t len;
while ((ch = getopt(argc, argv, "c:iorsx")) != -1)
switch(ch) {
@@ -300,14 +301,25 @@ getargs(int argc, char **argv)
if (*argv) {
Infile = *argv;
- if (*++argv)
- (void) strcpy(Outfile, *argv);
+ if (*++argv) {
+ len = strlen(*argv);
+ if (len >= sizeof(Outfile)) {
+puts("Bad output filename");
+usage();
+ }
+ (void) memcpy(Outfile, *argv, len + 1);
+ }
}
if (!Infile) {
puts("No input file name");
usage();
}
if (*Outfile == '\0') {
+ len = strlen(Infile) + sizeof(".dat");
+ if (len > sizeof(Outfile)) {
+ puts("Bad input filename");
+ usage();
+ }
(void) strcpy(Outfile, Infile);
(void) strcat(Outfile, ".dat");
}
Index: src/games/fortune/unstr/unstr.c
diff -u src/games/fortune/unstr/unstr.c:1.14 src/games/fortune/unstr/unstr.c:1.14.20.1
--- src/games/fortune/unstr/unstr.c:1.14 Tue Jun 19 05:46:08 2012
+++ src/games/fortune/unstr/unstr.c Thu Apr 30 16:24:03 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: unstr.c,v 1.14 2012/06/19 05:46:08 dholland Exp $ */
+/* $NetBSD: unstr.c,v 1.14.20.1 2020/04/30 16:24:03 martin Exp $ */
/*-
* Copyright (c) 1991, 1993
@@ -42,7 +42,7 @@ __COPYRIGHT("@(#) Copyright (c) 1991, 19
#if 0
static char sccsid[] = "@(#)unstr.c 8.1 (Berkeley) 5/31/93";
#else
-__RCSID("$NetBSD: unstr.c,v 1.14 2012/06/19 05:46:08 dholland Exp $");
+__RCSID("$NetBSD: unstr.c,v 1.14.20.1 2020/04/30 16:24:03 martin Exp $");
#endif
#endif /* not lint */
@@ -114,7 +114,7 @@ main(int ac __unused, char **av)
void
getargs(char *av[])
{
- if (!*++av) {
+ if (!*++av || (strlen(*av) + sizeof(".dat")) > sizeof(Datafile)) {
(void) fprintf(stderr, "usage: unstr datafile\n");
exit(1);
}
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Wed Apr 15 14:59:15 UTC 2020 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1727 To generate a diff of this commit: cvs rdiff -u -r1.1.2.68 -r1.1.2.69 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.68 src/doc/CHANGES-7.1.3:1.1.2.69 --- src/doc/CHANGES-7.1.3:1.1.2.68 Wed Feb 12 20:22:35 2020 +++ src/doc/CHANGES-7.1.3 Wed Apr 15 14:59:15 2020 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.68 2020/02/12 20:22:35 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.69 2020/04/15 14:59:15 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -671,3 +671,8 @@ external/bsd/ppp/dist/pppd/eap.c 1.5 pppd: Fix bounds check in EAP code [christos, ticket #1722] +sys/netinet6/nd6_rtr.c1.148 (via patch) + + PR kern/55091 and PR bin/54997: fix default route selection. + [kim, ticket #1727] +
CVS commit: [netbsd-7-1] src/sys/netinet6
Module Name:src
Committed By: martin
Date: Wed Apr 15 14:58:41 UTC 2020
Modified Files:
src/sys/netinet6 [netbsd-7-1]: nd6_rtr.c
Log Message:
Pull up following revision(s) (requested by kim in ticket #1727):
sys/netinet6/nd6_rtr.c: revision 1.148 (via patch)
Fix default route selection
The primary issue was that in revision 1.79 a check was added in the
nd6_defrouter_select() search loop to ignore the entry if RA processing
is enabled on its interface. In practice this results in all entries
being ignored.
This fix reverses the condition, so that an entry is ignored when RA
processing is NOT enabled on its interface. Further, the entry is
only ignored for being selected as the default router. The currently
installed router must be identified regardless of the (current) status
of its interface, so that we can delete the route before installing a
new one.
I also added error logging when adding or deleting a route fails. This
should help the administrator (or kernel developer) in noticing possible
problems.
Finally, if deleting a route fails, the corresponding default route
entry no longer has its "installed" flag cleared, so that deletion will
be retried. At a minimum, this will cause repeated messages about the
failed deletion as opposed to only getting repeated messages about the
installation of a new default route failing.
Fixes PR kern/55091 and also PR bin/54997 as far as the behaviour
observed with ndp(8).
To generate a diff of this commit:
cvs rdiff -u -r1.93.2.3 -r1.93.2.3.6.1 src/sys/netinet6/nd6_rtr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet6/nd6_rtr.c
diff -u src/sys/netinet6/nd6_rtr.c:1.93.2.3 src/sys/netinet6/nd6_rtr.c:1.93.2.3.6.1
--- src/sys/netinet6/nd6_rtr.c:1.93.2.3 Sat May 2 18:23:25 2015
+++ src/sys/netinet6/nd6_rtr.c Wed Apr 15 14:58:41 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: nd6_rtr.c,v 1.93.2.3 2015/05/02 18:23:25 martin Exp $ */
+/* $NetBSD: nd6_rtr.c,v 1.93.2.3.6.1 2020/04/15 14:58:41 martin Exp $ */
/* $KAME: nd6_rtr.c,v 1.95 2001/02/07 08:09:47 itojun Exp $ */
/*
@@ -31,7 +31,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: nd6_rtr.c,v 1.93.2.3 2015/05/02 18:23:25 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nd6_rtr.c,v 1.93.2.3.6.1 2020/04/15 14:58:41 martin Exp $");
#include
#include
@@ -472,6 +472,10 @@ defrouter_addreq(struct nd_defrouter *ne
}
if (error == 0)
new->installed = 1;
+ else
+ log(LOG_ERR, "defrouter_addreq: "
+ "error %d adding default router %s on %s\n",
+ error, ip6_sprintf(&new->rtaddr), new->ifp->if_xname);
splx(s);
return;
}
@@ -559,6 +563,7 @@ defrouter_delreq(struct nd_defrouter *dr
struct sockaddr sa;
} def, mask, gw;
struct rtentry *oldrt = NULL;
+ int error;
#ifdef DIAGNOSTIC
if (dr == NULL)
@@ -577,7 +582,7 @@ defrouter_delreq(struct nd_defrouter *dr
gw.sin6.sin6_scope_id = 0; /* XXX */
#endif
- rtrequest(RTM_DELETE, &def.sa, &gw.sa, &mask.sa, RTF_GATEWAY, &oldrt);
+ error = rtrequest(RTM_DELETE, &def.sa, &gw.sa, &mask.sa, RTF_GATEWAY, &oldrt);
if (oldrt) {
nd6_rtmsg(RTM_DELETE, oldrt);
if (oldrt->rt_refcnt <= 0) {
@@ -591,7 +596,12 @@ defrouter_delreq(struct nd_defrouter *dr
}
}
- dr->installed = 0;
+ if (error == 0)
+ dr->installed = 0;
+ else
+ log(LOG_ERR, "defrouter_delreq: "
+ "error %d deleting default router %s on %s\n",
+ error, ip6_sprintf(&dr->rtaddr), dr->ifp->if_xname);
}
/*
@@ -672,8 +682,16 @@ defrouter_select(void)
*/
for (dr = TAILQ_FIRST(&nd_defrouter); dr;
dr = TAILQ_NEXT(dr, dr_entry)) {
+ if (dr->installed && !installed_dr)
+ installed_dr = dr;
+ else if (dr->installed && installed_dr) {
+ /* this should not happen. warn for diagnosis. */
+ log(LOG_ERR, "defrouter_select: more than one router"
+ " is installed\n");
+ }
+
ndi = ND_IFINFO(dr->ifp);
- if (nd6_accepts_rtadv(ndi))
+ if (!nd6_accepts_rtadv(ndi))
continue;
if (selected_dr == NULL &&
@@ -682,14 +700,6 @@ defrouter_select(void)
ND6_IS_LLINFO_PROBREACH(ln)) {
selected_dr = dr;
}
-
- if (dr->installed && !installed_dr)
- installed_dr = dr;
- else if (dr->installed && installed_dr) {
- /* this should not happen. warn for diagnosis. */
- log(LOG_ERR, "defrouter_select: more than one router"
- " is installed\n");
- }
}
/*
* If none of the default routers was found to be reachable,
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Wed Feb 12 20:22:35 UTC 2020 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1722 To generate a diff of this commit: cvs rdiff -u -r1.1.2.67 -r1.1.2.68 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.67 src/doc/CHANGES-7.1.3:1.1.2.68 --- src/doc/CHANGES-7.1.3:1.1.2.67 Tue Jan 21 19:24:10 2020 +++ src/doc/CHANGES-7.1.3 Wed Feb 12 20:22:35 2020 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.67 2020/01/21 19:24:10 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.68 2020/02/12 20:22:35 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -666,3 +666,8 @@ sys/sys/shm.h 1.54 (patch) subsystems. [christos, ticket #1720] +external/bsd/ppp/dist/pppd/eap.c 1.5 + + pppd: Fix bounds check in EAP code + [christos, ticket #1722] +
CVS commit: [netbsd-7-1] src/external/bsd/ppp/dist/pppd
Module Name:src
Committed By: martin
Date: Wed Feb 12 20:22:07 UTC 2020
Modified Files:
src/external/bsd/ppp/dist/pppd [netbsd-7-1]: eap.c
Log Message:
Pull up following revision(s) (requested by christos in ticket #1722):
external/bsd/ppp/dist/pppd/eap.c: revision 1.5
pppd: Fix bounds check in EAP code
Given that we have just checked vallen < len, it can never be the case
that vallen >= len + sizeof(rhostname). This fixes the check so we
actually avoid overflowing the rhostname array.
Reported-by: Ilja Van Sprundel
Signed-off-by: Paul Mackerras
From:
https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.2.14.1 src/external/bsd/ppp/dist/pppd/eap.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/ppp/dist/pppd/eap.c
diff -u src/external/bsd/ppp/dist/pppd/eap.c:1.2 src/external/bsd/ppp/dist/pppd/eap.c:1.2.14.1
--- src/external/bsd/ppp/dist/pppd/eap.c:1.2 Thu Nov 28 22:33:42 2013
+++ src/external/bsd/ppp/dist/pppd/eap.c Wed Feb 12 20:22:07 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: eap.c,v 1.2 2013/11/28 22:33:42 christos Exp $ */
+/* $NetBSD: eap.c,v 1.2.14.1 2020/02/12 20:22:07 martin Exp $ */
/*
* eap.c - Extensible Authentication Protocol for PPP (RFC 2284)
*
@@ -49,7 +49,7 @@
#define RCSID "Id: eap.c,v 1.4 2004/11/09 22:39:25 paulus Exp "
static const char rcsid[] = RCSID;
#else
-__RCSID("$NetBSD: eap.c,v 1.2 2013/11/28 22:33:42 christos Exp $");
+__RCSID("$NetBSD: eap.c,v 1.2.14.1 2020/02/12 20:22:07 martin Exp $");
#endif
/*
@@ -1433,7 +1433,7 @@ int len;
}
/* Not so likely to happen. */
- if (vallen >= len + sizeof (rhostname)) {
+ if (len - vallen >= sizeof (rhostname)) {
dbglog("EAP: trimming really long peer name down");
BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
rhostname[sizeof (rhostname) - 1] = '\0';
@@ -1859,7 +1859,7 @@ int len;
}
/* Not so likely to happen. */
- if (vallen >= len + sizeof (rhostname)) {
+ if (len - vallen >= sizeof (rhostname)) {
dbglog("EAP: trimming really long peer name down");
BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
rhostname[sizeof (rhostname) - 1] = '\0';
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Tue Jan 21 19:24:10 UTC 2020 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1720 To generate a diff of this commit: cvs rdiff -u -r1.1.2.66 -r1.1.2.67 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.66 src/doc/CHANGES-7.1.3:1.1.2.67 --- src/doc/CHANGES-7.1.3:1.1.2.66 Thu Jan 2 09:57:40 2020 +++ src/doc/CHANGES-7.1.3 Tue Jan 21 19:24:10 2020 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.66 2020/01/02 09:57:40 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.67 2020/01/21 19:24:10 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -633,3 +633,36 @@ sys/conf/copyright1.18 Welcome to 2020. [mlelstv, ticket #1719] +sys/compat/common/kern_sig_43.c1.36 +sys/compat/linux/arch/amd64/linux_machdep.c 1.59 +sys/compat/linux/common/linux_fcntl.h 1.18 +sys/compat/linux/common/linux_file64.c 1.62 +sys/compat/linux/common/linux_ipc.c 1.57 +sys/compat/linux/common/linux_misc.c 1.243 +sys/compat/linux/common/linux_signal.c 1.81 +sys/compat/linux/common/linux_socket.c 1.149 (patch) +sys/compat/linux/common/linux_socket.h 1.24 +sys/compat/linux/common/linux_statfs.h 1.7 +sys/compat/linux/common/linux_termios.c 1.38 +sys/compat/linux/common/linux_termios.h 1.22 +sys/compat/linux32/common/linux32_dirent.c 1.20 +sys/compat/linux32/common/linux32_ioctl.c 1.14 +sys/compat/linux32/common/linux32_misc.c 1.27 +sys/compat/linux32/common/linux32_signal.c 1.20 +sys/compat/linux32/common/linux32_sysinfo.c 1.8 +sys/compat/linux32/common/linux32_termios.c 1.15 +sys/compat/linux32/common/linux32_utsname.c 1.10 +sys/compat/netbsd32/netbsd32_compat_20.c 1.39 +sys/compat/netbsd32/netbsd32_compat_43.c 1.59 +sys/compat/netbsd32/netbsd32_compat_50.c 1.44 +sys/compat/ossaudio/ossaudio.c1.75 +sys/kern/sysv_shm.c 1.138 +sys/miscfs/procfs/procfs_linux.c 1.75 (patch) +sys/sys/shm.h 1.54 (patch) + + Fix various info leaks, out of bound access, usage of uninitialized + values and direct access to userland variables from kernel space + and memory leaks in system calls implemented for the compatibility + subsystems. + [christos, ticket #1720] +
CVS commit: [netbsd-7-1] src/sys
Module Name:src Committed By: martin Date: Tue Jan 21 19:23:38 UTC 2020 Modified Files: src/sys/compat/common [netbsd-7-1]: kern_sig_43.c src/sys/compat/linux/arch/amd64 [netbsd-7-1]: linux_machdep.c src/sys/compat/linux/common [netbsd-7-1]: linux_fcntl.h linux_file64.c linux_ipc.c linux_misc.c linux_signal.c linux_socket.c linux_socket.h linux_statfs.h linux_termios.c linux_termios.h src/sys/compat/linux32/common [netbsd-7-1]: linux32_dirent.c linux32_ioctl.c linux32_misc.c linux32_signal.c linux32_sysinfo.c linux32_termios.c linux32_utsname.c src/sys/compat/netbsd32 [netbsd-7-1]: netbsd32_compat_20.c netbsd32_compat_43.c netbsd32_compat_50.c src/sys/compat/ossaudio [netbsd-7-1]: ossaudio.c src/sys/kern [netbsd-7-1]: sysv_shm.c src/sys/miscfs/procfs [netbsd-7-1]: procfs_linux.c src/sys/sys [netbsd-7-1]: shm.h Log Message: Pull up the following, requested by christos in ticket #1720: sys/compat/common/kern_sig_43.c 1.36 sys/compat/linux/arch/amd64/linux_machdep.c 1.59 sys/compat/linux/common/linux_fcntl.h 1.18 sys/compat/linux/common/linux_file64.c 1.62 sys/compat/linux/common/linux_ipc.c 1.57 sys/compat/linux/common/linux_misc.c1.243 sys/compat/linux/common/linux_signal.c 1.81 sys/compat/linux/common/linux_socket.c 1.149 (patch) sys/compat/linux/common/linux_socket.h 1.24 sys/compat/linux/common/linux_statfs.h 1.7 sys/compat/linux/common/linux_termios.c 1.38 sys/compat/linux/common/linux_termios.h 1.22 sys/compat/linux32/common/linux32_dirent.c 1.20 sys/compat/linux32/common/linux32_ioctl.c 1.14 sys/compat/linux32/common/linux32_misc.c1.27 sys/compat/linux32/common/linux32_signal.c 1.20 sys/compat/linux32/common/linux32_sysinfo.c 1.8 sys/compat/linux32/common/linux32_termios.c 1.15 sys/compat/linux32/common/linux32_utsname.c 1.10 sys/compat/netbsd32/netbsd32_compat_20.c1.39 sys/compat/netbsd32/netbsd32_compat_43.c1.59 sys/compat/netbsd32/netbsd32_compat_50.c1.44 sys/compat/ossaudio/ossaudio.c 1.75 sys/kern/sysv_shm.c 1.138 sys/miscfs/procfs/procfs_linux.c1.75 (patch) sys/sys/shm.h 1.54 (patch) Fix various info leaks, out of bound access, usage of uninitialized values and direct access to userland variables from kernel space and memory leaks in system calls implemented for the compatibility subsystems. To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.34.44.1 src/sys/compat/common/kern_sig_43.c cvs rdiff -u -r1.48.4.1 -r1.48.4.1.2.1 \ src/sys/compat/linux/arch/amd64/linux_machdep.c cvs rdiff -u -r1.16 -r1.16.10.1 src/sys/compat/linux/common/linux_fcntl.h cvs rdiff -u -r1.55.14.1 -r1.55.14.2 \ src/sys/compat/linux/common/linux_file64.c cvs rdiff -u -r1.55.42.1 -r1.55.42.2 src/sys/compat/linux/common/linux_ipc.c cvs rdiff -u -r1.229.8.1 -r1.229.8.2 src/sys/compat/linux/common/linux_misc.c cvs rdiff -u -r1.75.26.1 -r1.75.26.1.6.1 \ src/sys/compat/linux/common/linux_signal.c cvs rdiff -u -r1.119.2.1.6.1 -r1.119.2.1.6.2 \ src/sys/compat/linux/common/linux_socket.c cvs rdiff -u -r1.22 -r1.22.16.1 src/sys/compat/linux/common/linux_socket.h cvs rdiff -u -r1.6 -r1.6.24.1 src/sys/compat/linux/common/linux_statfs.h cvs rdiff -u -r1.37 -r1.37.16.1 src/sys/compat/linux/common/linux_termios.c cvs rdiff -u -r1.21 -r1.21.40.1 src/sys/compat/linux/common/linux_termios.h cvs rdiff -u -r1.13.38.1 -r1.13.38.2 \ src/sys/compat/linux32/common/linux32_dirent.c cvs rdiff -u -r1.13 -r1.13.50.1 src/sys/compat/linux32/common/linux32_ioctl.c cvs rdiff -u -r1.23.4.1 -r1.23.4.1.6.1 \ src/sys/compat/linux32/common/linux32_misc.c cvs rdiff -u -r1.17 -r1.17.12.1 \ src/sys/compat/linux32/common/linux32_signal.c cvs rdiff -u -r1.7 -r1.7.54.1 src/sys/compat/linux32/common/linux32_sysinfo.c cvs rdiff -u -r1.14 -r1.14.54.1 \ src/sys/compat/linux32/common/linux32_termios.c cvs rdiff -u -r1.9 -r1.9.54.1 src/sys/compat/linux32/common/linux32_utsname.c cvs rdiff -u -r1.33 -r1.33.10.1 src/sys/compat/netbsd32/netbsd32_compat_20.c cvs rdiff -u -r1.53 -r1.53.44.1 src/sys/compat/netbsd32/netbsd32_compat_43.c cvs rdiff -u -r1.24.2.1 -r1.24.2.1.6.1 \ src/sys/compat/netbsd32/netbsd32_compat_50.c cvs rdiff -u -r1.68 -r1.68.10.1 src/sys/compat/ossaudio/ossaudio.c cvs rdiff -u -r1.125.10.1
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Thu Jan 2 09:57:40 UTC 2020 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1719 To generate a diff of this commit: cvs rdiff -u -r1.1.2.65 -r1.1.2.66 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.65 src/doc/CHANGES-7.1.3:1.1.2.66 --- src/doc/CHANGES-7.1.3:1.1.2.65 Tue Dec 17 16:34:54 2019 +++ src/doc/CHANGES-7.1.3 Thu Jan 2 09:57:40 2020 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.65 2019/12/17 16:34:54 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.66 2020/01/02 09:57:40 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -628,3 +628,8 @@ sys/dev/ic/ath.c1.129 Protect network ioctls from non-authorized users. [christos, ticket #1718] +sys/conf/copyright1.18 + + Welcome to 2020. + [mlelstv, ticket #1719] +
CVS commit: [netbsd-7-1] src/sys/conf
Module Name:src Committed By: martin Date: Thu Jan 2 09:57:15 UTC 2020 Modified Files: src/sys/conf [netbsd-7-1]: copyright Log Message: Pull up following revision(s) (requested by mlelstv in ticket #1719): sys/conf/copyright: revision 1.18 Welcome to 2020. To generate a diff of this commit: cvs rdiff -u -r1.12.4.2.2.2 -r1.12.4.2.2.3 src/sys/conf/copyright Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/conf/copyright diff -u src/sys/conf/copyright:1.12.4.2.2.2 src/sys/conf/copyright:1.12.4.2.2.3 --- src/sys/conf/copyright:1.12.4.2.2.2 Wed Jan 2 15:30:49 2019 +++ src/sys/conf/copyright Thu Jan 2 09:57:15 2020 @@ -1,5 +1,5 @@ Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, -2018, 2019 The NetBSD Foundation, Inc. All rights reserved. +2018, 2019, 2020 The NetBSD Foundation, Inc. All rights reserved. Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved.
CVS commit: [netbsd-7-1] src/sys/dev/ic
Module Name:src
Committed By: martin
Date: Tue Dec 17 16:34:26 UTC 2019
Modified Files:
src/sys/dev/ic [netbsd-7-1]: ath.c
Log Message:
Pull up following revision(s) (requested by christos in ticket #1718):
sys/dev/ic/ath.c: revision 1.129
Protect network ioctls from non-authorized users. (Ilja Van Sprundel)
To generate a diff of this commit:
cvs rdiff -u -r1.116 -r1.116.10.1 src/sys/dev/ic/ath.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/ic/ath.c
diff -u src/sys/dev/ic/ath.c:1.116 src/sys/dev/ic/ath.c:1.116.10.1
--- src/sys/dev/ic/ath.c:1.116 Thu Sep 12 12:17:53 2013
+++ src/sys/dev/ic/ath.c Tue Dec 17 16:34:26 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: ath.c,v 1.116 2013/09/12 12:17:53 martin Exp $ */
+/* $NetBSD: ath.c,v 1.116.10.1 2019/12/17 16:34:26 martin Exp $ */
/*-
* Copyright (c) 2002-2005 Sam Leffler, Errno Consulting
@@ -41,7 +41,7 @@
__FBSDID("$FreeBSD: src/sys/dev/ath/if_ath.c,v 1.104 2005/09/16 10:09:23 ru Exp $");
#endif
#ifdef __NetBSD__
-__KERNEL_RCSID(0, "$NetBSD: ath.c,v 1.116 2013/09/12 12:17:53 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ath.c,v 1.116.10.1 2019/12/17 16:34:26 martin Exp $");
#endif
/*
@@ -69,6 +69,7 @@ __KERNEL_RCSID(0, "$NetBSD: ath.c,v 1.11
#include
#include
#include
+#include
#include
#include
@@ -5362,6 +5363,12 @@ ath_ioctl(struct ifnet *ifp, u_long cmd,
return copyout(&sc->sc_stats,
ifr->ifr_data, sizeof (sc->sc_stats));
case SIOCGATHDIAG:
+ error = kauth_authorize_network(curlwp->l_cred,
+ KAUTH_NETWORK_INTERFACE,
+ KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd),
+ NULL);
+ if (error)
+ break;
error = ath_ioctl_diag(sc, (struct ath_diag *) ifr);
break;
default:
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Tue Dec 17 16:34:54 UTC 2019 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1718 To generate a diff of this commit: cvs rdiff -u -r1.1.2.64 -r1.1.2.65 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.64 src/doc/CHANGES-7.1.3:1.1.2.65 --- src/doc/CHANGES-7.1.3:1.1.2.64 Sun Dec 8 10:27:05 2019 +++ src/doc/CHANGES-7.1.3 Tue Dec 17 16:34:54 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.64 2019/12/08 10:27:05 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.65 2019/12/17 16:34:54 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -623,3 +623,8 @@ sys/dev/cons.c 1.76,1.77 Fix reference count leak in cons(4). [riastradh, ticket #1717] +sys/dev/ic/ath.c1.129 + + Protect network ioctls from non-authorized users. + [christos, ticket #1718] +
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Sun Dec 8 10:27:05 UTC 2019 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1717 To generate a diff of this commit: cvs rdiff -u -r1.1.2.63 -r1.1.2.64 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.63 src/doc/CHANGES-7.1.3:1.1.2.64 --- src/doc/CHANGES-7.1.3:1.1.2.63 Thu Dec 5 16:24:46 2019 +++ src/doc/CHANGES-7.1.3 Sun Dec 8 10:27:05 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.63 2019/12/05 16:24:46 bouyer Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.64 2019/12/08 10:27:05 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -618,3 +618,8 @@ share/man/man4/rnd.41.25 - 1.28 Update NIST SP800-90A reference. [riastradh, ticket #1715] +sys/dev/cons.c 1.76,1.77 + + Fix reference count leak in cons(4). + [riastradh, ticket #1717] +
CVS commit: [netbsd-7-1] src/sys/dev
Module Name:src
Committed By: martin
Date: Sun Dec 8 10:26:37 UTC 2019
Modified Files:
src/sys/dev [netbsd-7-1]: cons.c
Log Message:
Pull up following revision(s) (requested by riastradh in ticket #1717):
sys/dev/cons.c: revision 1.76
sys/dev/cons.c: revision 1.77
Fix reference count leak in cons(4).
Don't forget to vrele after you're done, folks!
Restore historical $Hdr$ tag after git cvsexportcommit nixed it.
To generate a diff of this commit:
cvs rdiff -u -r1.72.2.1 -r1.72.2.1.6.1 src/sys/dev/cons.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/cons.c
diff -u src/sys/dev/cons.c:1.72.2.1 src/sys/dev/cons.c:1.72.2.1.6.1
--- src/sys/dev/cons.c:1.72.2.1 Mon Mar 9 08:00:46 2015
+++ src/sys/dev/cons.c Sun Dec 8 10:26:36 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: cons.c,v 1.72.2.1 2015/03/09 08:00:46 snj Exp $ */
+/* $NetBSD: cons.c,v 1.72.2.1.6.1 2019/12/08 10:26:36 martin Exp $ */
/*
* Copyright (c) 1988 University of Utah.
@@ -39,7 +39,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: cons.c,v 1.72.2.1 2015/03/09 08:00:46 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: cons.c,v 1.72.2.1.6.1 2019/12/08 10:26:36 martin Exp $");
#include
#include
@@ -150,6 +150,7 @@ cnclose(dev_t dev, int flag, int mode, s
if (error == 0) {
error = VOP_CLOSE(vp, flag, kauth_cred_get());
VOP_UNLOCK(vp);
+ vrele(vp);
}
return error;
}
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: bouyer Date: Thu Dec 5 16:24:46 UTC 2019 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: ticket 1715 To generate a diff of this commit: cvs rdiff -u -r1.1.2.62 -r1.1.2.63 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.62 src/doc/CHANGES-7.1.3:1.1.2.63 --- src/doc/CHANGES-7.1.3:1.1.2.62 Mon Nov 25 15:48:04 2019 +++ src/doc/CHANGES-7.1.3 Thu Dec 5 16:24:46 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.62 2019/11/25 15:48:04 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.63 2019/12/05 16:24:46 bouyer Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -612,3 +612,9 @@ sys/kern/subr_cprng.c1.33 Use cprng_strong, not cprng_fast, for sysctl kern.arnd. [riastradh, ticket #1714] +share/man/man4/rnd.41.25 - 1.28 + + Update man page to reflect switch from CTR_DRBG to Hash_DRBG. + Update NIST SP800-90A reference. + [riastradh, ticket #1715] +
CVS commit: [netbsd-7-1] src/share/man/man4
Module Name:src Committed By: bouyer Date: Thu Dec 5 16:24:29 UTC 2019 Modified Files: src/share/man/man4 [netbsd-7-1]: rnd.4 Log Message: Pull up following revision(s) (requested by riastradh in ticket #1715): share/man/man4/rnd.4: revision 1.26 share/man/man4/rnd.4: revision 1.27 share/man/man4/rnd.4: revision 1.28 share/man/man4/rnd.4: revision 1.25 Update man page to reflect switch from CTR_DRBG to Hash_DRBG. Replace slightly wrong rant by shorter and slightly less long rant. (If X and Y in Z/2Z are independent, then so are X and X+Y. What was I thinking.) Update NIST SP800-90A reference. New sentence, new line. Use \(em. To generate a diff of this commit: cvs rdiff -u -r1.20.10.1 -r1.20.10.1.6.1 src/share/man/man4/rnd.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/share/man/man4/rnd.4 diff -u src/share/man/man4/rnd.4:1.20.10.1 src/share/man/man4/rnd.4:1.20.10.1.6.1 --- src/share/man/man4/rnd.4:1.20.10.1 Wed Mar 18 07:54:26 2015 +++ src/share/man/man4/rnd.4 Thu Dec 5 16:24:28 2019 @@ -1,4 +1,4 @@ -.\" $NetBSD: rnd.4,v 1.20.10.1 2015/03/18 07:54:26 snj Exp $ +.\" $NetBSD: rnd.4,v 1.20.10.1.6.1 2019/12/05 16:24:28 bouyer Exp $ .\" .\" Copyright (c) 2014 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd November 16, 2014 +.Dd September 3, 2019 .Dt RND 4 .Os .Sh NAME @@ -187,8 +187,8 @@ quantum computers. Systems with nonvolatile storage should store a secret from .Pa /dev/urandom on disk during installation or shutdown, and feed it back during boot, -so that the work the operating system has done to gather entropy -- -including the work its operator may have done to flip a coin! -- can be +so that the work the operating system has done to gather entropy \(em +including the work its operator may have done to flip a coin! \(em can be saved from one boot to the next, and so that newly installed systems are not vulnerable to generating cryptographic keys predictably. .Pp @@ -205,7 +205,7 @@ in see .Xr rc.conf 5 . .Sh LIMITATIONS -Some people worry about recovery from state compromise -- that is, +Some people worry about recovery from state compromise \(em that is, ensuring that even if an attacker sees the entire state of the operating system, then the attacker will be unable to predict any new future outputs as long as the operating system gathers fresh entropy @@ -404,9 +404,9 @@ When a user process opens or .Pa /dev/urandom and first reads from it, the kernel draws from the entropy pool to seed -a cryptographic pseudorandom number generator, the NIST CTR_DRBG -(counter-mode deterministic random bit generator) with AES-128 as the -block cipher, and uses that to generate data. +a cryptographic pseudorandom number generator, the NIST Hash_DRBG +(hash-based deterministic random bit generator) with SHA-256 as the +hash function, and uses that to generate data. .Pp To draw a seed from the entropy pool, the kernel .Bl -bullet -offset abcd -compact @@ -489,10 +489,10 @@ Never blocks. .%A Elaine Barker .%A John Kelsey .%T Recommendation for Random Number Generation Using Deterministic Random Bit Generators -.%D January 2012 +.%D June 2015 .%I National Institute of Standards and Technology -.%O NIST Special Publication 800-90A -.%U http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf +.%O NIST Special Publication 800-90A, Revision 1 +.%U https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final .Re .Rs .%A Daniel J. Bernstein @@ -551,59 +551,33 @@ Unfortunately, no amount of software eng .Sh ENTROPY ACCOUNTING The entropy accounting described here is not grounded in any cryptography theory. -It is done because it was always done, and because it gives people a -warm fuzzy feeling about information theory. +.Sq Entropy estimation +doesn't mean much: the kernel hypothesizes an extremely simple-minded +parametric model for all entropy sources which bears little relation to +any physical processes, implicitly fits parameters from data, and +accounts for the entropy of the fitted model. .Pp -The folklore is that every -.Fa n Ns -bit -output of -.Fa /dev/random -is not merely indistinguishable from uniform random to a -computationally bounded attacker, but information-theoretically is -independent and has -.Fa n -bits of entropy even to a computationally -.Em unbounded -attacker -- that is, an attacker who can recover AES keys, compute -SHA-1 preimages, etc. -This property is not provided, nor was it ever provided in any -implementation of -.Fa /dev/random -known to the author. -.Pp -This property would require that, after each read, the system discard -all measurements from hardware in the entropy pool and begin anew. -All work done to make the system unpredictable would
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Tue May 7 18:55:20 UTC 2019 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1696 To generate a diff of this commit: cvs rdiff -u -r1.1.2.49 -r1.1.2.50 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.49 src/doc/CHANGES-7.1.3:1.1.2.50 --- src/doc/CHANGES-7.1.3:1.1.2.49 Sun May 5 09:09:04 2019 +++ src/doc/CHANGES-7.1.3 Tue May 7 18:55:20 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.49 2019/05/05 09:09:04 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.50 2019/05/07 18:55:20 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -500,4 +500,9 @@ external/bsd/dhcpcd/dist/src/dhcp6.c (a DHCPv6: Fix a potential read overflow with D6_OPTION_PD_EXCLUDE. [roy, ticket #1694] +sys/netsmb/smb_conn.c1.30 + + Prevent a NULL pointer dereference when the local endpoint is not + defined. + [christos, ticket #1696]
CVS commit: [netbsd-7-1] src/sys/netsmb
Module Name:src Committed By: martin Date: Tue May 7 18:54:56 UTC 2019 Modified Files: src/sys/netsmb [netbsd-7-1]: smb_conn.c Log Message: Pull up following revision(s) (requested by christos in ticket #1696): sys/netsmb/smb_conn.c: revision 1.30 Prevent a NULL pointer dereference when the local endpoint is not defined. >From Andy Nguyen, many thanks. To generate a diff of this commit: cvs rdiff -u -r1.29 -r1.29.26.1 src/sys/netsmb/smb_conn.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netsmb/smb_conn.c diff -u src/sys/netsmb/smb_conn.c:1.29 src/sys/netsmb/smb_conn.c:1.29.26.1 --- src/sys/netsmb/smb_conn.c:1.29 Sun Apr 29 20:27:31 2012 +++ src/sys/netsmb/smb_conn.c Tue May 7 18:54:56 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: smb_conn.c,v 1.29 2012/04/29 20:27:31 dsl Exp $ */ +/* $NetBSD: smb_conn.c,v 1.29.26.1 2019/05/07 18:54:56 martin Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: smb_conn.c,v 1.29 2012/04/29 20:27:31 dsl Exp $"); +__KERNEL_RCSID(0, "$NetBSD: smb_conn.c,v 1.29.26.1 2019/05/07 18:54:56 martin Exp $"); /* * Connection engine. @@ -553,7 +553,8 @@ smb_vc_create(struct smb_vcspec *vcspec, if ((vcp->vc_paddr = dup_sockaddr(vcspec->sap, 1)) == NULL) goto fail; - if ((vcp->vc_laddr = dup_sockaddr(vcspec->lap, 1)) == NULL) + if (vcspec->lap && + (vcp->vc_laddr = dup_sockaddr(vcspec->lap, 1)) == NULL) goto fail; if ((vcp->vc_pass = smb_strdup(vcspec->pass)) == NULL)
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Sun May 5 09:09:04 UTC 2019 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Tickets #1693 and #1694 To generate a diff of this commit: cvs rdiff -u -r1.1.2.48 -r1.1.2.49 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.48 src/doc/CHANGES-7.1.3:1.1.2.49 --- src/doc/CHANGES-7.1.3:1.1.2.48 Wed May 1 09:43:22 2019 +++ src/doc/CHANGES-7.1.3 Sun May 5 09:09:04 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.48 2019/05/01 09:43:22 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.49 2019/05/05 09:09:04 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -489,4 +489,15 @@ external/bsd/dhcpcd/dist/src/dhcpcd.h Use consttime_memequal(3) to compare hashes. [roy, ticket #1690] +sys/arch/amd64/amd64/copy.S 1.33 +sys/arch/i386/i386/copy.S 1.31 + + Don't forget to clear the direction flag if kcopy fails. + [maxv, ticket #1693] + +external/bsd/dhcpcd/dist/src/dhcp6.c (apply patch) + + DHCPv6: Fix a potential read overflow with D6_OPTION_PD_EXCLUDE. + [roy, ticket #1694] +
CVS commit: [netbsd-7-1] src/external/bsd/dhcpcd/dist
Module Name:src
Committed By: martin
Date: Sun May 5 09:07:17 UTC 2019
Modified Files:
src/external/bsd/dhcpcd/dist [netbsd-7-1]: dhcp6.c
Log Message:
Apply patch, requested by roy in ticket #1695:
external/bsd/dhcpcd/dist/src/dhcp6.c
DHCPv6: Fix a potential read overflow with D6_OPTION_PD_EXCLUDE
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.13.2.2 -r1.1.1.13.2.2.6.1 \
src/external/bsd/dhcpcd/dist/dhcp6.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/dhcpcd/dist/dhcp6.c
diff -u src/external/bsd/dhcpcd/dist/dhcp6.c:1.1.1.13.2.2 src/external/bsd/dhcpcd/dist/dhcp6.c:1.1.1.13.2.2.6.1
--- src/external/bsd/dhcpcd/dist/dhcp6.c:1.1.1.13.2.2 Thu Feb 5 15:13:12 2015
+++ src/external/bsd/dhcpcd/dist/dhcp6.c Sun May 5 09:07:17 2019
@@ -1,5 +1,5 @@
#include
- __RCSID("$NetBSD: dhcp6.c,v 1.1.1.13.2.2 2015/02/05 15:13:12 martin Exp $");
+ __RCSID("$NetBSD: dhcp6.c,v 1.1.1.13.2.2.6.1 2019/05/05 09:07:17 martin Exp $");
/*
* dhcpcd - DHCP client daemon
@@ -1856,38 +1856,39 @@ dhcp6_findpd(struct interface *ifp, cons
ex = dhcp6_findoption(D6_OPTION_PD_EXCLUDE, p, ol);
a->prefix_exclude_len = 0;
memset(&a->prefix_exclude, 0, sizeof(a->prefix_exclude));
-#if 0
- if (ex == NULL) {
- struct dhcp6_option *w;
- uint8_t *wp;
-
- w = calloc(1, 128);
- w->len = htons(2);
- wp = D6_OPTION_DATA(w);
- *wp++ = 64;
- *wp++ = 0x78;
- ex = w;
- }
-#endif
if (ex == NULL)
continue;
+
ol = ntohs(ex->len);
- if (ol < 2) {
- syslog(LOG_ERR, "%s: truncated PD Exclude",
- ifp->name);
+
+ /* RFC 6603 4.2 says option length MUST be between 2 and 17.
+ * This allows 1 octet for prefix length and 16 for the
+ * subnet ID. */
+ if (ol < 2 || ol > 17) {
+ syslog(LOG_ERR,
+ "%s: invalid PD Exclude option", ifp->name);
continue;
}
+
op = D6_COPTION_DATA(ex);
- a->prefix_exclude_len = *op++;
+ /* RFC 6603 4.2 says prefix length MUST be between the
+ * length of the IAPREFIX prefix length + 1 and 128. */
+ if (*op < a->prefix_len + 1 || *op > 128) {
+ syslog(LOG_ERR,
+ "%s: invalid PD Exclude length", ifp->name);
+ continue;
+ }
+
+ /* Check option length matches prefix length. */
ol--;
- if (((a->prefix_exclude_len - a->prefix_len - 1) / NBBY) + 1
- != ol)
- {
- syslog(LOG_ERR, "%s: PD Exclude length mismatch",
- ifp->name);
+ if (((*op - a->prefix_len - 1) / NBBY) + 1 != ol) {
+ syslog(LOG_ERR,
+ "%s: PD Exclude length mismatch", ifp->name);
a->prefix_exclude_len = 0;
continue;
}
+ a->prefix_exclude_len = *op++;
+
u8 = a->prefix_len % NBBY;
memcpy(&a->prefix_exclude, &a->prefix,
sizeof(a->prefix_exclude));
CVS commit: [netbsd-7-1] src/sys/arch
Module Name:src Committed By: martin Date: Sun May 5 08:48:40 UTC 2019 Modified Files: src/sys/arch/amd64/amd64 [netbsd-7-1]: copy.S src/sys/arch/i386/i386 [netbsd-7-1]: copy.S Log Message: Pull up following revision(s) (requested by maxv in ticket #1693): sys/arch/amd64/amd64/copy.S: revision 1.33 sys/arch/i386/i386/copy.S: revision 1.31 Hum. Fix a potentially catastrophic bug: kcopy() sets DF=1 if the areas overlap, but doesn't clear it if the copy faults. If this happens, we return to the caller with DF=1, and each future memory copy will be backwards. I wonder if there really are places where kcopy() is called with overlapping areas. To generate a diff of this commit: cvs rdiff -u -r1.18.34.1 -r1.18.34.1.2.1 src/sys/arch/amd64/amd64/copy.S cvs rdiff -u -r1.23 -r1.23.12.1 src/sys/arch/i386/i386/copy.S Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/amd64/copy.S diff -u src/sys/arch/amd64/amd64/copy.S:1.18.34.1 src/sys/arch/amd64/amd64/copy.S:1.18.34.1.2.1 --- src/sys/arch/amd64/amd64/copy.S:1.18.34.1 Sat Dec 24 04:07:25 2016 +++ src/sys/arch/amd64/amd64/copy.S Sun May 5 08:48:40 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: copy.S,v 1.18.34.1 2016/12/24 04:07:25 snj Exp $ */ +/* $NetBSD: copy.S,v 1.18.34.1.2.1 2019/05/05 08:48:40 martin Exp $ */ /* * Copyright (c) 2001 Wasabi Systems, Inc. @@ -233,6 +233,7 @@ NENTRY(copy_efault) */ NENTRY(kcopy_fault) + cld ret NENTRY(copy_fault) Index: src/sys/arch/i386/i386/copy.S diff -u src/sys/arch/i386/i386/copy.S:1.23 src/sys/arch/i386/i386/copy.S:1.23.12.1 --- src/sys/arch/i386/i386/copy.S:1.23 Fri Jan 10 16:47:07 2014 +++ src/sys/arch/i386/i386/copy.S Sun May 5 08:48:40 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: copy.S,v 1.23 2014/01/10 16:47:07 pedro Exp $ */ +/* $NetBSD: copy.S,v 1.23.12.1 2019/05/05 08:48:40 martin Exp $ */ /* NetBSD: locore.S,v 1.34 2005/04/01 11:59:31 yamt Exp $ */ /*- @@ -65,7 +65,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: copy.S,v 1.23 2014/01/10 16:47:07 pedro Exp $"); +__KERNEL_RCSID(0, "$NetBSD: copy.S,v 1.23.12.1 2019/05/05 08:48:40 martin Exp $"); #include "assym.h" @@ -308,6 +308,7 @@ NENTRY(copy_efault) */ /* LINTSTUB: Ignore */ NENTRY(kcopy_fault) + cld popl %edi popl %esi ret
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Wed May 1 09:43:22 UTC 2019 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1690 To generate a diff of this commit: cvs rdiff -u -r1.1.2.47 -r1.1.2.48 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.47 src/doc/CHANGES-7.1.3:1.1.2.48 --- src/doc/CHANGES-7.1.3:1.1.2.47 Fri Apr 19 16:02:50 2019 +++ src/doc/CHANGES-7.1.3 Wed May 1 09:43:22 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.47 2019/04/19 16:02:50 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.48 2019/05/01 09:43:22 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -480,3 +480,13 @@ sys/net/if.c 1.449 (patch) of stack disclosure. [christos, ticket #1689] +external/bsd/dhcpcd/dist/src/auth.c (apply patch) +external/bsd/dhcpcd/dist/src/dhcp.c (apply patch) +external/bsd/dhcpcd/dist/src/dhcpcd.h (apply patch) + + Security fixes for dhcpcd: + Fix a potential 1 byte read overflow with DHO_OPTSOVERLOADED. + Use consttime_memequal(3) to compare hashes. + [roy, ticket #1690] + +
CVS commit: [netbsd-7-1] src/external/bsd/dhcpcd/dist
Module Name:src
Committed By: martin
Date: Wed May 1 09:25:16 UTC 2019
Modified Files:
src/external/bsd/dhcpcd/dist [netbsd-7-1]: auth.c dhcp.c dhcpcd.h
Log Message:
Apply patch, requested by roy in ticket #1690:
external/bsd/dhcpcd/dist/configure
external/bsd/dhcpcd/dist/src/auth.c
external/bsd/dhcpcd/dist/src/dhcp.c
external/bsd/dhcpcd/dist/src/dhcp6.c
external/bsd/dhcpcd/dist/compat/consttime_memequal.h
Security fixes for dhcpcd:
Fix a potential 1 byte read overflow with DHO_OPTSOVERLOADED.
Use consttime_memequal(3) to compare hashes.
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.4.2.2 -r1.1.1.4.2.2.6.1 \
src/external/bsd/dhcpcd/dist/auth.c
cvs rdiff -u -r1.15.2.2 -r1.15.2.2.6.1 src/external/bsd/dhcpcd/dist/dhcp.c
cvs rdiff -u -r1.1.1.19.2.2 -r1.1.1.19.2.2.6.1 \
src/external/bsd/dhcpcd/dist/dhcpcd.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/dhcpcd/dist/auth.c
diff -u src/external/bsd/dhcpcd/dist/auth.c:1.1.1.4.2.2 src/external/bsd/dhcpcd/dist/auth.c:1.1.1.4.2.2.6.1
--- src/external/bsd/dhcpcd/dist/auth.c:1.1.1.4.2.2 Thu Feb 5 15:13:12 2015
+++ src/external/bsd/dhcpcd/dist/auth.c Wed May 1 09:25:16 2019
@@ -1,5 +1,5 @@
#include
- __RCSID("$NetBSD: auth.c,v 1.1.1.4.2.2 2015/02/05 15:13:12 martin Exp $");
+ __RCSID("$NetBSD: auth.c,v 1.1.1.4.2.2.6.1 2019/05/01 09:25:16 martin Exp $");
/*
* dhcpcd - DHCP client daemon
@@ -340,7 +340,7 @@ gottoken:
}
free(mm);
- if (memcmp(d, &hmac, dlen)) {
+ if (!consttime_memequal(d, &hmac, dlen)) {
errno = EPERM;
return NULL;
}
Index: src/external/bsd/dhcpcd/dist/dhcp.c
diff -u src/external/bsd/dhcpcd/dist/dhcp.c:1.15.2.2 src/external/bsd/dhcpcd/dist/dhcp.c:1.15.2.2.6.1
--- src/external/bsd/dhcpcd/dist/dhcp.c:1.15.2.2 Thu Feb 5 15:13:12 2015
+++ src/external/bsd/dhcpcd/dist/dhcp.c Wed May 1 09:25:16 2019
@@ -1,5 +1,5 @@
#include
- __RCSID("$NetBSD: dhcp.c,v 1.15.2.2 2015/02/05 15:13:12 martin Exp $");
+ __RCSID("$NetBSD: dhcp.c,v 1.15.2.2.6.1 2019/05/01 09:25:16 martin Exp $");
/*
* dhcpcd - DHCP client daemon
@@ -166,28 +166,6 @@ get_option(struct dhcpcd_ctx *ctx,
while (p < e) {
o = *p++;
- if (o == opt) {
- if (op) {
-if (!ctx->opt_buffer) {
- ctx->opt_buffer =
- malloc(DHCP_OPTION_LEN +
- BOOTFILE_LEN + SERVERNAME_LEN);
- if (ctx->opt_buffer == NULL)
- return NULL;
-}
-if (!bp)
- bp = ctx->opt_buffer;
-memcpy(bp, op, ol);
-bp += ol;
- }
- ol = *p;
- if (p + ol > e) {
-errno = EINVAL;
-return NULL;
- }
- op = p + 1;
- bl += ol;
- }
switch (o) {
case DHO_PAD:
continue;
@@ -205,16 +183,58 @@ get_option(struct dhcpcd_ctx *ctx,
} else
goto exit;
break;
- case DHO_OPTIONSOVERLOADED:
+ }
+
+ /* Check we can read the length */
+ if (p == e) {
+ errno = EINVAL;
+ return NULL;
+ }
+ l = *p++;
+
+ /* Check we can read the option data, if present */
+ if (p + l > e) {
+ errno = EINVAL;
+ return NULL;
+ }
+
+ if (o == DHO_OPTIONSOVERLOADED) {
/* Ensure we only get this option once by setting
* the last bit as well as the value.
* This is valid because only the first two bits
* actually mean anything in RFC2132 Section 9.3 */
- if (!overl)
-overl = 0x80 | p[1];
- break;
+ if (l == 1 && !overl)
+overl = 0x80 | p[0];
+ }
+
+ if (o == opt) {
+ if (op) {
+/* We must concatonate the options. */
+if (bl + l > ctx->opt_buffer_len) {
+ size_t pos;
+ uint8_t *nb;
+
+ if (bp)
+ pos = (size_t)
+ (bp - ctx->opt_buffer);
+ else
+ pos = 0;
+ nb = realloc(ctx->opt_buffer, bl + l);
+ if (nb == NULL)
+ return NULL;
+ ctx->opt_buffer = nb;
+ ctx->opt_buffer_len = bl + l;
+ bp = ctx->opt_buffer + pos;
+}
+if (bp == NULL)
+ bp = ctx->opt_buffer;
+memcpy(bp, op, ol);
+bp += ol;
+ }
+ ol = l;
+ op = p;
+ bl += ol;
}
- l = *p++;
p += l;
}
Index: src/external/bsd/dhcpcd/dist/dhcpcd.h
diff -u src/external/bsd/dhcpcd/dist/dhcpcd.h:1.1.1.19.2.2 src/external/bsd/dhcpcd/dist/dhcpcd.h:1.1.1.19.2.2.6.1
--- src/external/bsd/dhcpcd/dist/dhcpcd.h:1.1.1.19.2.2 Thu Feb 5 15:13:12 2015
+++ src/external/bsd/dhcpcd/dist/dhcpcd.h Wed May 1 09:25:16 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: dhcpcd.h,v 1.1.1.19.2.2 2015/02/05 15:13:12 martin Exp $ */
+/* $NetBSD: dhcpcd.h,v 1.1.1.19.2.2.6.1 2019/05/01 09:25:16 martin Exp $ */
/*
* dhcpcd - DHCP client daemon
@@ -131,6 +131,7 @@ struct dhcpcd_ctx {
* We ONLY use this when options are split, which for most purposes is
* practically never. See RFC3396 for details. */
uint8_t *opt_buffer;
+ size_t opt_buffer_len;
#endif
#ifdef INET6
unsigned char secret[SECRET_LEN];
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Fri Apr 19 16:02:50 UTC 2019 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1689 To generate a diff of this commit: cvs rdiff -u -r1.1.2.46 -r1.1.2.47 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.46 src/doc/CHANGES-7.1.3:1.1.2.47 --- src/doc/CHANGES-7.1.3:1.1.2.46 Tue Apr 16 03:57:33 2019 +++ src/doc/CHANGES-7.1.3 Fri Apr 19 16:02:50 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.46 2019/04/16 03:57:33 msaitoh Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.47 2019/04/19 16:02:50 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -470,3 +470,13 @@ sys/kern/sys_mqueue.c1.44 mq_send1: fix argument validation and reject too large lengths early. Discovered by Andy Nguyen. [martin, ticket #1688] + +sys/compat/common/uipc_syscalls_40.c 1.19 (patch) +sys/compat/linux/common/linux_socket.c 1.145 (patch) +sys/compat/linux32/common/linux32_socket.c 1.30 (patch) +sys/net/if.c 1.449 (patch) + + Zero out the ifreq struct for SIOCGIFCONF to avoid up to 127 bytes + of stack disclosure. + [christos, ticket #1689] +
CVS commit: [netbsd-7-1] src/sys
Module Name:src Committed By: martin Date: Fri Apr 19 16:02:24 UTC 2019 Modified Files: src/sys/compat/common [netbsd-7-1]: uipc_syscalls_40.c src/sys/compat/linux/common [netbsd-7-1]: linux_socket.c src/sys/compat/linux32/common [netbsd-7-1]: linux32_socket.c src/sys/net [netbsd-7-1]: if.c Log Message: Pull up following revision(s) via patch (requested by christos in ticket #1689): sys/compat/linux/common/linux_socket.c: revision 1.145 sys/net/if.c: revision 1.449 sys/compat/linux32/common/linux32_socket.c: revision 1.30 sys/compat/common/uipc_syscalls_40.c: revision 1.19 Zero out the ifreq struct for SIOCGIFCONF to avoid up to 127 bytes of stack disclosure. From Andy Nguyen, many thanks! - Zero out the ifreq struct for SIOCGIFCONF to avoid up to 127 bytes of stack disclosure. From Andy Nguyen, many thanks! This is the compat code part pointed out by ozaki-r@ To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.7.38.1 src/sys/compat/common/uipc_syscalls_40.c cvs rdiff -u -r1.119.2.1 -r1.119.2.1.6.1 \ src/sys/compat/linux/common/linux_socket.c cvs rdiff -u -r1.18 -r1.18.8.1 src/sys/compat/linux32/common/linux32_socket.c cvs rdiff -u -r1.290.2.1 -r1.290.2.1.6.1 src/sys/net/if.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/compat/common/uipc_syscalls_40.c diff -u src/sys/compat/common/uipc_syscalls_40.c:1.7 src/sys/compat/common/uipc_syscalls_40.c:1.7.38.1 --- src/sys/compat/common/uipc_syscalls_40.c:1.7 Wed Jan 19 10:21:16 2011 +++ src/sys/compat/common/uipc_syscalls_40.c Fri Apr 19 16:02:24 2019 @@ -1,9 +1,9 @@ -/* $NetBSD: uipc_syscalls_40.c,v 1.7 2011/01/19 10:21:16 tsutsui Exp $ */ +/* $NetBSD: uipc_syscalls_40.c,v 1.7.38.1 2019/04/19 16:02:24 martin Exp $ */ /* written by Pavel Cahyna, 2006. Public domain. */ #include -__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls_40.c,v 1.7 2011/01/19 10:21:16 tsutsui Exp $"); +__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls_40.c,v 1.7.38.1 2019/04/19 16:02:24 martin Exp $"); /* * System call interface to the socket abstraction. @@ -39,6 +39,7 @@ compat_ifconf(u_long cmd, void *data) int space, error = 0; const int sz = (int)sizeof(ifr); + memset(&ifr, 0, sizeof(ifr)); if ((ifrp = ifc->ifc_req) == NULL) space = 0; else Index: src/sys/compat/linux/common/linux_socket.c diff -u src/sys/compat/linux/common/linux_socket.c:1.119.2.1 src/sys/compat/linux/common/linux_socket.c:1.119.2.1.6.1 --- src/sys/compat/linux/common/linux_socket.c:1.119.2.1 Sat Jan 17 12:10:54 2015 +++ src/sys/compat/linux/common/linux_socket.c Fri Apr 19 16:02:24 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: linux_socket.c,v 1.119.2.1 2015/01/17 12:10:54 martin Exp $ */ +/* $NetBSD: linux_socket.c,v 1.119.2.1.6.1 2019/04/19 16:02:24 martin Exp $ */ /*- * Copyright (c) 1995, 1998, 2008 The NetBSD Foundation, Inc. @@ -35,7 +35,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: linux_socket.c,v 1.119.2.1 2015/01/17 12:10:54 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: linux_socket.c,v 1.119.2.1.6.1 2019/04/19 16:02:24 martin Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -1124,6 +1124,7 @@ linux_getifconf(struct lwp *l, register_ if (error) return error; + memset(&ifr, 0, sizeof(ifr)); ifrp = ifc.ifc_req; if (ifrp == NULL) space = 0; Index: src/sys/compat/linux32/common/linux32_socket.c diff -u src/sys/compat/linux32/common/linux32_socket.c:1.18 src/sys/compat/linux32/common/linux32_socket.c:1.18.8.1 --- src/sys/compat/linux32/common/linux32_socket.c:1.18 Sat May 17 21:26:20 2014 +++ src/sys/compat/linux32/common/linux32_socket.c Fri Apr 19 16:02:24 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: linux32_socket.c,v 1.18 2014/05/17 21:26:20 rmind Exp $ */ +/* $NetBSD: linux32_socket.c,v 1.18.8.1 2019/04/19 16:02:24 martin Exp $ */ /*- * Copyright (c) 2006 Emmanuel Dreyfus, all rights reserved. @@ -33,7 +33,7 @@ #include -__KERNEL_RCSID(0, "$NetBSD: linux32_socket.c,v 1.18 2014/05/17 21:26:20 rmind Exp $"); +__KERNEL_RCSID(0, "$NetBSD: linux32_socket.c,v 1.18.8.1 2019/04/19 16:02:24 martin Exp $"); #include #include @@ -423,6 +423,7 @@ linux32_getifconf(struct lwp *l, registe if (error) return error; + memset(&ifr, 0, sizeof(ifr)); ifrp = NETBSD32PTR64(ifc.ifc_req); if (ifrp == NULL) space = 0; Index: src/sys/net/if.c diff -u src/sys/net/if.c:1.290.2.1 src/sys/net/if.c:1.290.2.1.6.1 --- src/sys/net/if.c:1.290.2.1 Tue Nov 11 12:20:28 2014 +++ src/sys/net/if.c Fri Apr 19 16:02:24 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: if.c,v 1.290.2.1 2014/11/11 12:20:28 martin Exp $ */ +/* $NetBSD: if.c,v 1.290.2.1.6.1 2019/04/19 16:02:24 martin Exp $ */ /*- * Copyright (c) 1999, 2000, 2001, 2008 The NetBSD Foundation, Inc. @@ -90,7 +90,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.290.2.1 2014/11/11 12:20:28 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if.
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: msaitoh Date: Tue Apr 16 03:57:33 UTC 2019 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1688. To generate a diff of this commit: cvs rdiff -u -r1.1.2.45 -r1.1.2.46 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.45 src/doc/CHANGES-7.1.3:1.1.2.46 --- src/doc/CHANGES-7.1.3:1.1.2.45 Wed Mar 13 12:35:45 2019 +++ src/doc/CHANGES-7.1.3 Tue Apr 16 03:57:33 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.45 2019/03/13 12:35:45 msaitoh Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.46 2019/04/16 03:57:33 msaitoh Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -464,3 +464,9 @@ external/bsd/bzip2/dist/bzip2recover.c Apply fix for CVE-2016-3189 bzip2: heap use after free in bzip2recover [martin, ticket #1684] + +sys/kern/sys_mqueue.c1.44 + + mq_send1: fix argument validation and reject too large lengths early. + Discovered by Andy Nguyen. + [martin, ticket #1688]
CVS commit: [netbsd-7-1] src/sys/kern
Module Name:src Committed By: msaitoh Date: Tue Apr 16 03:53:46 UTC 2019 Modified Files: src/sys/kern [netbsd-7-1]: sys_mqueue.c Log Message: Pull up following revision(s) (requested by martin in ticket #1688): sys/kern/sys_mqueue.c: revision 1.44 mq_send1: fix argument validation and reject too large lengths early. Discovered by Andy Nguyen. To generate a diff of this commit: cvs rdiff -u -r1.36 -r1.36.10.1 src/sys/kern/sys_mqueue.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/sys_mqueue.c diff -u src/sys/kern/sys_mqueue.c:1.36 src/sys/kern/sys_mqueue.c:1.36.10.1 --- src/sys/kern/sys_mqueue.c:1.36 Tue Feb 25 18:30:11 2014 +++ src/sys/kern/sys_mqueue.c Tue Apr 16 03:53:46 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: sys_mqueue.c,v 1.36 2014/02/25 18:30:11 pooka Exp $ */ +/* $NetBSD: sys_mqueue.c,v 1.36.10.1 2019/04/16 03:53:46 msaitoh Exp $ */ /* * Copyright (c) 2007-2011 Mindaugas Rasiukevicius @@ -43,7 +43,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: sys_mqueue.c,v 1.36 2014/02/25 18:30:11 pooka Exp $"); +__KERNEL_RCSID(0, "$NetBSD: sys_mqueue.c,v 1.36.10.1 2019/04/16 03:53:46 msaitoh Exp $"); #include #include @@ -794,6 +794,8 @@ mq_send1(mqd_t mqdes, const char *msg_pt return EINVAL; /* Allocate a new message */ + if (msg_len > mq_max_msgsize) + return EMSGSIZE; size = sizeof(struct mq_msg) + msg_len; if (size > mq_max_msgsize) return EMSGSIZE;
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: msaitoh Date: Wed Mar 13 12:35:45 UTC 2019 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1684. To generate a diff of this commit: cvs rdiff -u -r1.1.2.44 -r1.1.2.45 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.44 src/doc/CHANGES-7.1.3:1.1.2.45 --- src/doc/CHANGES-7.1.3:1.1.2.44 Thu Mar 7 16:51:23 2019 +++ src/doc/CHANGES-7.1.3 Wed Mar 13 12:35:45 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.44 2019/03/07 16:51:23 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.45 2019/03/13 12:35:45 msaitoh Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -460,3 +460,7 @@ sys/dev/scsipi/st.c1.236 (patch), 1. st(4): Fix (but disable by default) SUN compatibility mode. [kardel, ticket #1682] +external/bsd/bzip2/dist/bzip2recover.c 1.4 + + Apply fix for CVE-2016-3189 bzip2: heap use after free in bzip2recover + [martin, ticket #1684]
CVS commit: [netbsd-7-1] src/external/bsd/bzip2/dist
Module Name:src Committed By: msaitoh Date: Wed Mar 13 11:29:57 UTC 2019 Modified Files: src/external/bsd/bzip2/dist [netbsd-7-1]: bzip2recover.c Log Message: Pull up following revision(s) (requested by martin in ticket #1684): external/bsd/bzip2/dist/bzip2recover.c: revision 1.4 Apply fix for CVE-2016-3189 bzip2: heap use after free in bzip2recover To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.3.24.1 src/external/bsd/bzip2/dist/bzip2recover.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/bzip2/dist/bzip2recover.c diff -u src/external/bsd/bzip2/dist/bzip2recover.c:1.3 src/external/bsd/bzip2/dist/bzip2recover.c:1.3.24.1 --- src/external/bsd/bzip2/dist/bzip2recover.c:1.3 Mon May 7 00:45:47 2012 +++ src/external/bsd/bzip2/dist/bzip2recover.c Wed Mar 13 11:29:57 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: bzip2recover.c,v 1.3 2012/05/07 00:45:47 wiz Exp $ */ +/* $NetBSD: bzip2recover.c,v 1.3.24.1 2019/03/13 11:29:57 msaitoh Exp $ */ /*---*/ /*--- Block recoverer program for bzip2 ---*/ @@ -472,6 +472,7 @@ Int32 main ( Int32 argc, Char** argv ) bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 ); bsPutUInt32 ( bsWr, blockCRC ); bsClose ( bsWr ); +outFile = NULL; } if (wrBlock >= rbCtr) break; wrBlock++;
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Thu Mar 7 16:51:23 UTC 2019 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1682 To generate a diff of this commit: cvs rdiff -u -r1.1.2.43 -r1.1.2.44 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.43 src/doc/CHANGES-7.1.3:1.1.2.44 --- src/doc/CHANGES-7.1.3:1.1.2.43 Sun Feb 24 10:54:59 2019 +++ src/doc/CHANGES-7.1.3 Thu Mar 7 16:51:23 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.43 2019/02/24 10:54:59 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.44 2019/03/07 16:51:23 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -453,4 +453,10 @@ sys/kern/kern_time.c1.196 Avoid panic from setitimer(2) for CLOCK_MONOTONIC. [mlelstv, ticket #1196] +sys/dev/scsipi/files.scsipi 1.42 +sys/dev/scsipi/st.c1.236 (patch), 1.237 + + PR kern/53949: fix file mark handling. + st(4): Fix (but disable by default) SUN compatibility mode. + [kardel, ticket #1682]
CVS commit: [netbsd-7-1] src/sys/dev/scsipi
Module Name:src
Committed By: martin
Date: Thu Mar 7 16:50:58 UTC 2019
Modified Files:
src/sys/dev/scsipi [netbsd-7-1]: files.scsipi st.c
Log Message:
Pull up following revision(s) (requested by kardel in ticket #1682):
sys/dev/scsipi/st.c: revision 1.236 (patch)
sys/dev/scsipi/st.c: revision 1.237
sys/dev/scsipi/files.scsipi: revision 1.42
Fix PR kern/53949:
Fix inconsistent/incomplete file mark handling to conform again
to mtio(4) at close(2) time. This was necessary as the PREVENT/ALLOW
bracket was reduced from a whole mount session to cover only the
open(2)/close(2) time on ~2002-03-22. The rationale was to allow
robots and humans to change the media during a mount session.
Unfortunately this lead to file marks being written to potentially other
media at the beginning on drives that used the two file marks as EOM
pattern. In order for that to happen the media had to be removed after
data and at most one file mark had been written before removal.
The mount error message has been clarified and a warning about
potential data/file mark lossage on UNIT ATTENTION
during an active mount session with unfinished file marks has been
added.
While there, fix, but disable the commented SUN compatibility to write
final file marks by opening and immediately closing the device
in O_WRONLY mode. That code has not been working since around 1998.
It can now be enabled with options ST_SUNCOMPAT.
Additionally debug output coverage has been extended.
Correct printing type of b_blkno (int64_t) in st.c
Fixes build with kUBSan on NetBSD/i386.
Fix, but disable the commented SUN compatibility in st.c to write
final file marks by opening and immediately closing the device
in O_WRONLY mode. That code has not been working since around 1998.
It can now be enabled with options ST_SUNCOMPAT.
To generate a diff of this commit:
cvs rdiff -u -r1.41 -r1.41.150.1 src/sys/dev/scsipi/files.scsipi
cvs rdiff -u -r1.226 -r1.226.10.1 src/sys/dev/scsipi/st.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/scsipi/files.scsipi
diff -u src/sys/dev/scsipi/files.scsipi:1.41 src/sys/dev/scsipi/files.scsipi:1.41.150.1
--- src/sys/dev/scsipi/files.scsipi:1.41 Sun Dec 11 12:23:50 2005
+++ src/sys/dev/scsipi/files.scsipi Thu Mar 7 16:50:58 2019
@@ -1,11 +1,12 @@
-# $NetBSD: files.scsipi,v 1.41 2005/12/11 12:23:50 christos Exp $
+# $NetBSD: files.scsipi,v 1.41.150.1 2019/03/07 16:50:58 martin Exp $
#
# Config file and device description for machine-independent SCSI code.
# Included by ports that need it. Ports that use it must provide
# their own "major" declarations for the appropriate devices.
defflag opt_scsi.h SCSIVERBOSE ST_ENABLE_EARLYWARN
-SES_ENABLE_PASSTHROUGH SCSI_OLD_NOINQUIRY
+ST_SUNCOMPAT SES_ENABLE_PASSTHROUGH
+SCSI_OLD_NOINQUIRY
defparam opt_scsi.h ST_MOUNT_DELAY SDRETRIES SD_IO_TIMEOUT
defflag opt_scsipi_debug.h SCSIPI_DEBUG
Index: src/sys/dev/scsipi/st.c
diff -u src/sys/dev/scsipi/st.c:1.226 src/sys/dev/scsipi/st.c:1.226.10.1
--- src/sys/dev/scsipi/st.c:1.226 Sun Aug 10 16:44:36 2014
+++ src/sys/dev/scsipi/st.c Thu Mar 7 16:50:58 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: st.c,v 1.226 2014/08/10 16:44:36 tls Exp $ */
+/* $NetBSD: st.c,v 1.226.10.1 2019/03/07 16:50:58 martin Exp $ */
/*-
* Copyright (c) 1998, 2004 The NetBSD Foundation, Inc.
@@ -50,7 +50,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: st.c,v 1.226 2014/08/10 16:44:36 tls Exp $");
+__KERNEL_RCSID(0, "$NetBSD: st.c,v 1.226.10.1 2019/03/07 16:50:58 martin Exp $");
#include "opt_scsi.h"
@@ -605,6 +605,30 @@ stopen(dev_t dev, int flags, int mode, s
*/
if ((st->flags & ST_MOUNTED) || ST_MOUNT_DELAY == 0 ||
(st->mt_key != SKEY_NOT_READY)) {
+ device_printf(st->sc_dev,
+ "mount error (sense key=%d) - "
+ "terminating mount session\n",
+ st->mt_key);
+ /*
+ * the following should not trigger unless
+ * something serious happened while the device
+ * was open (PREVENT MEDIUM REMOVAL in effect)
+ */
+ if (st->flags & ST_WRITTEN &&
+ st->mt_key == SKEY_UNIT_ATTENTION) {
+/*
+ * device / media state may have changed
+ * refrain from writing missing file marks
+ * onto potentially newly inserted/formatted
+ * media (e. g. emergency EJECT/RESET/etc.)
+ */
+st->flags &= ~(ST_WRITTEN|ST_FM_WRITTEN);
+
+device_printf(st->sc_dev,
+"CAUTION: file marks/data may be missing"
+" - ASC = 0x%02x, ASCQ = 0x%02x\n",
+ st->asc, st->ascq);
+ }
goto bad;
}
@@ -713,15 +737,30 @@ stclose(dev_t dev, int flags, int mode,
*/
stxx = st->flags & (ST_WRITTEN | ST_FM_WRITTEN);
- if (((flags & FWRITE) && stxx == ST_WRITTEN) ||
- ((flags & O_ACCMODE) == FWRITE && stxx == 0)) {
- int nm;
+ if ((flags & FWRITE) != 0) {
+ i
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Sun Feb 24 10:54:59 UTC 2019 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1196 To generate a diff of this commit: cvs rdiff -u -r1.1.2.42 -r1.1.2.43 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.42 src/doc/CHANGES-7.1.3:1.1.2.43 --- src/doc/CHANGES-7.1.3:1.1.2.42 Sat Feb 23 07:17:03 2019 +++ src/doc/CHANGES-7.1.3 Sun Feb 24 10:54:59 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.42 2019/02/23 07:17:03 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.43 2019/02/24 10:54:59 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -448,4 +448,9 @@ sys/net/rtsock.c (patch) Fix locking for sysctl_rtable. [sborrill, ticket #1680] +sys/kern/kern_time.c1.196 + + Avoid panic from setitimer(2) for CLOCK_MONOTONIC. + [mlelstv, ticket #1196] +
CVS commit: [netbsd-7-1] src/sys/kern
Module Name:src Committed By: martin Date: Sun Feb 24 10:54:36 UTC 2019 Modified Files: src/sys/kern [netbsd-7-1]: kern_time.c Log Message: Pull up following revision(s) (requested by mlelstv in ticket #1196): sys/kern/kern_time.c: revision 1.196 The callout is used by any nonvirtual timer including CLOCK_MONOTONIC and needs to be initialized. Detected by [syzkaller]. To generate a diff of this commit: cvs rdiff -u -r1.179.8.1.4.4 -r1.179.8.1.4.5 src/sys/kern/kern_time.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_time.c diff -u src/sys/kern/kern_time.c:1.179.8.1.4.4 src/sys/kern/kern_time.c:1.179.8.1.4.5 --- src/sys/kern/kern_time.c:1.179.8.1.4.4 Fri Feb 1 11:08:56 2019 +++ src/sys/kern/kern_time.c Sun Feb 24 10:54:36 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_time.c,v 1.179.8.1.4.4 2019/02/01 11:08:56 martin Exp $ */ +/* $NetBSD: kern_time.c,v 1.179.8.1.4.5 2019/02/24 10:54:36 martin Exp $ */ /*- * Copyright (c) 2000, 2004, 2005, 2007, 2008, 2009 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_time.c,v 1.179.8.1.4.4 2019/02/01 11:08:56 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_time.c,v 1.179.8.1.4.5 2019/02/24 10:54:36 martin Exp $"); #include #include @@ -1141,7 +1141,7 @@ dosetitimer(struct proc *p, int which, s pt->pt_type = which; pt->pt_entry = which; pt->pt_queued = false; - if (pt->pt_type == CLOCK_REALTIME) + if (!CLOCK_VIRTUAL_P(which)) callout_init(&pt->pt_ch, CALLOUT_MPSAFE); else pt->pt_active = 0;
CVS commit: [netbsd-7-1] src/sys/net
Module Name:src
Committed By: martin
Date: Sat Feb 23 07:16:38 UTC 2019
Modified Files:
src/sys/net [netbsd-7-1]: rtsock.c
Log Message:
Apply patch, requested by sborrill in ticket #1680:
sys/net/rtsock.c(apply patch)
Fix locking for sysctl_rtable (fix in HEAD will be different).
To generate a diff of this commit:
cvs rdiff -u -r1.163.8.1 -r1.163.8.2 src/sys/net/rtsock.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/rtsock.c
diff -u src/sys/net/rtsock.c:1.163.8.1 src/sys/net/rtsock.c:1.163.8.2
--- src/sys/net/rtsock.c:1.163.8.1 Wed Nov 28 16:30:57 2018
+++ src/sys/net/rtsock.c Sat Feb 23 07:16:37 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: rtsock.c,v 1.163.8.1 2018/11/28 16:30:57 martin Exp $ */
+/* $NetBSD: rtsock.c,v 1.163.8.2 2019/02/23 07:16:37 martin Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.163.8.1 2018/11/28 16:30:57 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.163.8.2 2019/02/23 07:16:37 martin Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -1408,6 +1408,8 @@ again:
w.w_needed = 0 - w.w_given;
w.w_where = where;
+ mutex_enter(softnet_lock);
+ KERNEL_LOCK(1, NULL);
s = splsoftnet();
switch (w.w_op) {
@@ -1434,6 +1436,8 @@ again:
break;
}
splx(s);
+ KERNEL_UNLOCK_ONE(NULL);
+ mutex_exit(softnet_lock);
/* check to see if we couldn't allocate memory with NOWAIT */
if (error == ENOBUFS && w.w_tmem == 0 && w.w_tmemneeded)
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Sat Feb 23 07:17:03 UTC 2019 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Tickets #1679 and #1680 To generate a diff of this commit: cvs rdiff -u -r1.1.2.41 -r1.1.2.42 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.41 src/doc/CHANGES-7.1.3:1.1.2.42 --- src/doc/CHANGES-7.1.3:1.1.2.41 Fri Feb 1 11:10:21 2019 +++ src/doc/CHANGES-7.1.3 Sat Feb 23 07:17:03 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.41 2019/02/01 11:10:21 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.42 2019/02/23 07:17:03 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -424,3 +424,28 @@ sys/kern/kern_time.c1.190,1.194 Fix kernel info leaks. [maxv, ticket #1678] +sys/compat/linux/common/linux_ipc.c 1.56 +sys/compat/linux32/common/linux32_ipccall.c 1.12 +sys/compat/netbsd32/netbsd32_compat_14.c 1.28 +sys/compat/netbsd32/netbsd32_compat_14.c 1.29 +sys/compat/netbsd32/netbsd32_conv.h 1.38 +sys/compat/sys/ipc.h1.6 +sys/compat/sys/ipc.h1.7 +sys/compat/sys/msg.h1.6 +sys/compat/sys/sem.h1.7 +sys/compat/sys/shm.h1.8 +sys/kern/sysv_msg.c1.73 +sys/kern/sysv_sem.c1.96 +sys/kern/sysv_shm.c1.133 + + Fix kernel stack and kernel adddress leaks in msgctl, semctl, and + shmctl system calls, for native as well as for the netbsd32, linux, + and linux32 compatibility calls. + [mrg, ticket #1679] + +sys/net/rtsock.c (patch) + + Fix locking for sysctl_rtable. + [sborrill, ticket #1680] + +
CVS commit: [netbsd-7-1] src/sys
Module Name:src
Committed By: martin
Date: Sat Feb 23 07:04:12 UTC 2019
Modified Files:
src/sys/compat/linux/common [netbsd-7-1]: linux_ipc.c
src/sys/compat/linux32/common [netbsd-7-1]: linux32_ipccall.c
src/sys/compat/netbsd32 [netbsd-7-1]: netbsd32_compat_14.c
netbsd32_conv.h
src/sys/compat/sys [netbsd-7-1]: ipc.h msg.h sem.h shm.h
src/sys/kern [netbsd-7-1]: sysv_msg.c sysv_sem.c sysv_shm.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1679):
sys/compat/sys/ipc.h: revision 1.6
sys/compat/sys/ipc.h: revision 1.7
sys/compat/sys/shm.h: revision 1.8
sys/kern/sysv_shm.c: revision 1.133
sys/compat/sys/sem.h: revision 1.7
sys/compat/linux/common/linux_ipc.c: revision 1.56
sys/compat/netbsd32/netbsd32_conv.h: revision 1.38
sys/kern/sysv_sem.c: revision 1.96
sys/compat/netbsd32/netbsd32_compat_14.c: revision 1.28
sys/compat/netbsd32/netbsd32_compat_14.c: revision 1.29
sys/compat/linux32/common/linux32_ipccall.c: revision 1.12
sys/kern/sysv_msg.c: revision 1.73
sys/compat/sys/msg.h: revision 1.6
for sysv ipc stat operations, explicitly copy the exported parts
instead of the whole ds structure.
besides triggering a recently added assert in netbsd32, this stops
exposing kernel addresses.
copy the mode clamping to 0777 from sem to shm and msg.
while here, make sure that the compat callers to sysv_ipc clear
the contents of the compat structure before setting the result
members to ensure padding bytes are cleared.
don't set/copy _sem_base, _msg_first, _msg_last or _shm_internal.
even if used, which seems very dodgy, they leak KVAs as well.
possibly this may affect linux binaries, in particular, the
comments around _shm_internal ("XXX Oh well.") may mean apps
rely upon these but hopefully not -- the comments date back to
rev 1.1 in 1995.
the _key, _seq and _msg_cbytes members are exported as before as
i found multiple consumers of these (no less than ipcs(1), and
they appear to be useful for debugging and more.
XXX: the naming of compat functions have too many styles. there
are at least 3 different ones changed here.
fix naming errors in previous. (this file is no longer compiled, but
this fix makes the pull up more obvious, before deleting this file.)
include libkern.h or strings.h. should fix i386 build issues.
To generate a diff of this commit:
cvs rdiff -u -r1.55 -r1.55.42.1 src/sys/compat/linux/common/linux_ipc.c
cvs rdiff -u -r1.11 -r1.11.46.1 \
src/sys/compat/linux32/common/linux32_ipccall.c
cvs rdiff -u -r1.21.82.1 -r1.21.82.2 \
src/sys/compat/netbsd32/netbsd32_compat_14.c
cvs rdiff -u -r1.28.4.1.4.1 -r1.28.4.1.4.2 \
src/sys/compat/netbsd32/netbsd32_conv.h
cvs rdiff -u -r1.4 -r1.4.42.1 src/sys/compat/sys/ipc.h
cvs rdiff -u -r1.4.52.1 -r1.4.52.2 src/sys/compat/sys/msg.h
cvs rdiff -u -r1.6 -r1.6.52.1 src/sys/compat/sys/sem.h
cvs rdiff -u -r1.7 -r1.7.50.1 src/sys/compat/sys/shm.h
cvs rdiff -u -r1.66 -r1.66.12.1 src/sys/kern/sysv_msg.c
cvs rdiff -u -r1.90 -r1.90.10.1 src/sys/kern/sysv_sem.c
cvs rdiff -u -r1.125 -r1.125.10.1 src/sys/kern/sysv_shm.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/compat/linux/common/linux_ipc.c
diff -u src/sys/compat/linux/common/linux_ipc.c:1.55 src/sys/compat/linux/common/linux_ipc.c:1.55.42.1
--- src/sys/compat/linux/common/linux_ipc.c:1.55 Sat May 28 23:24:58 2011
+++ src/sys/compat/linux/common/linux_ipc.c Sat Feb 23 07:04:12 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_ipc.c,v 1.55 2011/05/28 23:24:58 alnsn Exp $ */
+/* $NetBSD: linux_ipc.c,v 1.55.42.1 2019/02/23 07:04:12 martin Exp $ */
/*-
* Copyright (c) 1995, 1998 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: linux_ipc.c,v 1.55 2011/05/28 23:24:58 alnsn Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_ipc.c,v 1.55.42.1 2019/02/23 07:04:12 martin Exp $");
#if defined(_KERNEL_OPT)
#include "opt_sysv.h"
@@ -117,6 +117,7 @@ void
bsd_to_linux_ipc_perm(struct ipc_perm *bpp, struct linux_ipc_perm *lpp)
{
+ memset(lpp, 0, sizeof *lpp);
lpp->l_key = bpp->_key;
lpp->l_uid = bpp->uid;
lpp->l_gid = bpp->gid;
@@ -129,6 +130,8 @@ bsd_to_linux_ipc_perm(struct ipc_perm *b
void
bsd_to_linux_ipc64_perm(struct ipc_perm *bpp, struct linux_ipc64_perm *lpp)
{
+
+ memset(lpp, 0, sizeof *lpp);
lpp->l_key = bpp->_key;
lpp->l_uid = bpp->uid;
lpp->l_gid = bpp->gid;
@@ -152,16 +155,19 @@ bsd_to_linux_ipc64_perm(struct ipc_perm
void
bsd_to_linux_semid_ds(struct semid_ds *bs, struct linux_semid_ds *ls)
{
+
+ memset(ls, 0, sizeof *ls);
bsd_to_linux_ipc_perm(&bs->sem_perm, &ls->l_sem_perm);
ls->l_sem_otime = bs->sem_otime;
ls->l_sem_ctime = bs->sem_ctime;
ls->l_sem_nsems = bs->sem_nsems;
- ls->l_sem_base = bs->_sem_base;
}
void
bsd_to_linux_semid64_ds(str
CVS commit: [netbsd-7-1] src/sys/kern
Module Name:src
Committed By: martin
Date: Fri Feb 1 11:08:56 UTC 2019
Modified Files:
src/sys/kern [netbsd-7-1]: kern_time.c
Log Message:
Pull up following revision(s) (requested by maxv in ticket #1678):
sys/kern/kern_time.c: revision 1.190
sys/kern/kern_time.c: revision 1.194
Fix stack info leak. There are 4 bytes of padding in struct timeval. Looks
like there are other leaks related to timeval in this file.
[ 133.414352] kleak: Possible leak in copyout: [len=16, leaked=4]
[ 133.414352] #0 0x80224d0a in kleak_note
[ 133.424360] #1 0x80224d8a in kleak_copyout
[ 133.434361] #2 0x80b5fd79 in sys___gettimeofday50
[ 133.434361] #3 0x8025a89c in sy_call
[ 133.444351] #4 0x8025aace in sy_invoke
[ 133.454365] #5 0x8025ab54 in syscall
-
Fix kernel info leaks.
To generate a diff of this commit:
cvs rdiff -u -r1.179.8.1.4.3 -r1.179.8.1.4.4 src/sys/kern/kern_time.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_time.c
diff -u src/sys/kern/kern_time.c:1.179.8.1.4.3 src/sys/kern/kern_time.c:1.179.8.1.4.4
--- src/sys/kern/kern_time.c:1.179.8.1.4.3 Thu Dec 27 12:01:06 2018
+++ src/sys/kern/kern_time.c Fri Feb 1 11:08:56 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_time.c,v 1.179.8.1.4.3 2018/12/27 12:01:06 martin Exp $ */
+/* $NetBSD: kern_time.c,v 1.179.8.1.4.4 2019/02/01 11:08:56 martin Exp $ */
/*-
* Copyright (c) 2000, 2004, 2005, 2007, 2008, 2009 The NetBSD Foundation, Inc.
@@ -61,7 +61,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: kern_time.c,v 1.179.8.1.4.3 2018/12/27 12:01:06 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_time.c,v 1.179.8.1.4.4 2019/02/01 11:08:56 martin Exp $");
#include
#include
@@ -388,6 +388,7 @@ sys___gettimeofday50(struct lwp *l, cons
struct timezone tzfake;
if (SCARG(uap, tp)) {
+ memset(&atv, 0, sizeof(atv));
microtime(&atv);
error = copyout(&atv, SCARG(uap, tp), sizeof(atv));
if (error)
@@ -487,6 +488,7 @@ adjtime1(const struct timeval *delta, st
extern int64_t time_adjtime; /* in kern_ntptime.c */
if (olddelta) {
+ memset(olddelta, 0, sizeof(*olddelta));
mutex_spin_enter(&timecounter_lock);
olddelta->tv_sec = time_adjtime / 100;
olddelta->tv_usec = time_adjtime % 100;
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Fri Feb 1 11:10:21 UTC 2019 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1678 To generate a diff of this commit: cvs rdiff -u -r1.1.2.40 -r1.1.2.41 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.40 src/doc/CHANGES-7.1.3:1.1.2.41 --- src/doc/CHANGES-7.1.3:1.1.2.40 Wed Jan 30 13:30:16 2019 +++ src/doc/CHANGES-7.1.3 Fri Feb 1 11:10:21 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.40 2019/01/30 13:30:16 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.41 2019/02/01 11:10:21 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -419,3 +419,8 @@ sys/arch/vax/vax/sig_machdep.c 1.23 Fix widespread leak in the sendsig_siginfo() functions. [maxv, ticket #1677] +sys/kern/kern_time.c1.190,1.194 + + Fix kernel info leaks. + [maxv, ticket #1678] +
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Wed Jan 30 13:30:16 UTC 2019 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1677 To generate a diff of this commit: cvs rdiff -u -r1.1.2.39 -r1.1.2.40 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.39 src/doc/CHANGES-7.1.3:1.1.2.40 --- src/doc/CHANGES-7.1.3:1.1.2.39 Tue Jan 29 08:32:01 2019 +++ src/doc/CHANGES-7.1.3 Wed Jan 30 13:30:16 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.39 2019/01/29 08:32:01 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.40 2019/01/30 13:30:16 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -399,3 +399,23 @@ sys/netnatm/natm.cpatch sendoob() functions are expected to free both passed mbuf chains. [martin, ticket #1676] + +sys/arch/alpha/alpha/machdep.c 1.352 +sys/arch/amd64/amd64/netbsd32_machdep.c 1.117 +sys/arch/arm/arm/sig_machdep.c 1.51 +sys/arch/hppa/hppa/sig_machdep.c 1.26 +sys/arch/i386/i386/machdep.c 1.813 +sys/arch/m68k/m68k/sig_machdep.c 1.50 +sys/arch/mips/mips/netbsd32_machdep.c 1.16 +sys/arch/mips/mips/sig_machdep.c 1.24 +sys/arch/powerpc/powerpc/sig_machdep.c 1.46 +sys/arch/sh3/sh3/sh3_machdep.c 1.106 +sys/arch/sparc64/sparc64/machdep.c 1.289 +sys/arch/sparc64/sparc64/netbsd32_machdep.c 1.111 +sys/arch/usermode/target/i386/cpu_i386.c 1.8 +sys/arch/usermode/target/x86_64/cpu_x86_64.c 1.7 +sys/arch/vax/vax/sig_machdep.c 1.23 + + Fix widespread leak in the sendsig_siginfo() functions. + [maxv, ticket #1677] +
CVS commit: [netbsd-7-1] src/sys/arch
Module Name:src Committed By: martin Date: Wed Jan 30 13:29:52 UTC 2019 Modified Files: src/sys/arch/alpha/alpha [netbsd-7-1]: machdep.c src/sys/arch/amd64/amd64 [netbsd-7-1]: netbsd32_machdep.c src/sys/arch/arm/arm [netbsd-7-1]: sig_machdep.c src/sys/arch/hppa/hppa [netbsd-7-1]: sig_machdep.c src/sys/arch/i386/i386 [netbsd-7-1]: machdep.c src/sys/arch/m68k/m68k [netbsd-7-1]: sig_machdep.c src/sys/arch/mips/mips [netbsd-7-1]: netbsd32_machdep.c sig_machdep.c src/sys/arch/powerpc/powerpc [netbsd-7-1]: sig_machdep.c src/sys/arch/sh3/sh3 [netbsd-7-1]: sh3_machdep.c src/sys/arch/sparc64/sparc64 [netbsd-7-1]: machdep.c netbsd32_machdep.c src/sys/arch/usermode/target/i386 [netbsd-7-1]: cpu_i386.c src/sys/arch/usermode/target/x86_64 [netbsd-7-1]: cpu_x86_64.c src/sys/arch/vax/vax [netbsd-7-1]: sig_machdep.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1677): sys/arch/hppa/hppa/sig_machdep.c: revision 1.26 sys/arch/arm/arm/sig_machdep.c: revision 1.51 sys/arch/i386/i386/machdep.c: revision 1.813 sys/arch/alpha/alpha/machdep.c: revision 1.352 sys/arch/m68k/m68k/sig_machdep.c: revision 1.50 sys/arch/usermode/target/i386/cpu_i386.c: revision 1.8 sys/arch/sparc64/sparc64/machdep.c: revision 1.289 sys/arch/sparc64/sparc64/netbsd32_machdep.c: revision 1.111 sys/arch/powerpc/powerpc/sig_machdep.c: revision 1.46 sys/arch/amd64/amd64/netbsd32_machdep.c: revision 1.117 sys/arch/sh3/sh3/sh3_machdep.c: revision 1.106 sys/arch/mips/mips/netbsd32_machdep.c: revision 1.16 sys/arch/mips/mips/sig_machdep.c: revision 1.24 sys/arch/usermode/target/x86_64/cpu_x86_64.c: revision 1.7 sys/arch/vax/vax/sig_machdep.c: revision 1.23 Fix widespread leak in the sendsig_siginfo() functions. sigframe_siginfo has padding, so zero it out properly. While here I'm also zeroing out some other things in several ports, for safety. Same problem in netbsd32, so fix that too. I can't compile-test on each architecture, but there should be no breakage (tm). Overall this fixes at least 14 info leaks. Prompted by the discovery by KLEAK of a leak in amd64's sendsig_siginfo. To generate a diff of this commit: cvs rdiff -u -r1.345.2.1 -r1.345.2.1.2.1 src/sys/arch/alpha/alpha/machdep.c cvs rdiff -u -r1.92 -r1.92.12.1 src/sys/arch/amd64/amd64/netbsd32_machdep.c cvs rdiff -u -r1.47 -r1.47.10.1 src/sys/arch/arm/arm/sig_machdep.c cvs rdiff -u -r1.25 -r1.25.42.1 src/sys/arch/hppa/hppa/sig_machdep.c cvs rdiff -u -r1.752.12.2 -r1.752.12.3 src/sys/arch/i386/i386/machdep.c cvs rdiff -u -r1.49 -r1.49.26.1 src/sys/arch/m68k/m68k/sig_machdep.c cvs rdiff -u -r1.11 -r1.11.12.1 src/sys/arch/mips/mips/netbsd32_machdep.c cvs rdiff -u -r1.23 -r1.23.40.1 src/sys/arch/mips/mips/sig_machdep.c cvs rdiff -u -r1.43.14.1 -r1.43.14.1.6.1 \ src/sys/arch/powerpc/powerpc/sig_machdep.c cvs rdiff -u -r1.102.4.1 -r1.102.4.1.4.1 src/sys/arch/sh3/sh3/sh3_machdep.c cvs rdiff -u -r1.278.2.3 -r1.278.2.3.6.1 \ src/sys/arch/sparc64/sparc64/machdep.c cvs rdiff -u -r1.103.4.1 -r1.103.4.1.4.1 \ src/sys/arch/sparc64/sparc64/netbsd32_machdep.c cvs rdiff -u -r1.4 -r1.4.28.1 src/sys/arch/usermode/target/i386/cpu_i386.c cvs rdiff -u -r1.2 -r1.2.36.1 \ src/sys/arch/usermode/target/x86_64/cpu_x86_64.c cvs rdiff -u -r1.21 -r1.21.40.1 src/sys/arch/vax/vax/sig_machdep.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/alpha/alpha/machdep.c diff -u src/sys/arch/alpha/alpha/machdep.c:1.345.2.1 src/sys/arch/alpha/alpha/machdep.c:1.345.2.1.2.1 --- src/sys/arch/alpha/alpha/machdep.c:1.345.2.1 Tue Nov 1 20:28:32 2016 +++ src/sys/arch/alpha/alpha/machdep.c Wed Jan 30 13:29:51 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: machdep.c,v 1.345.2.1 2016/11/01 20:28:32 snj Exp $ */ +/* $NetBSD: machdep.c,v 1.345.2.1.2.1 2019/01/30 13:29:51 martin Exp $ */ /*- * Copyright (c) 1998, 1999, 2000 The NetBSD Foundation, Inc. @@ -68,7 +68,7 @@ #include /* RCS ID & Copyright macro defns */ -__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.345.2.1 2016/11/01 20:28:32 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.345.2.1.2.1 2019/01/30 13:29:51 martin Exp $"); #include #include @@ -1465,12 +1465,11 @@ sendsig_siginfo(const ksiginfo_t *ksi, c #endif /* Build stack frame for signal trampoline. */ - + memset(&frame, 0, sizeof(frame)); frame.sf_si._info = ksi->ksi_info; frame.sf_uc.uc_flags = _UC_SIGMASK; frame.sf_uc.uc_sigmask = *mask; frame.sf_uc.uc_link = l->l_ctxlink; - memset(&frame.sf_uc.uc_stack, 0, sizeof(frame.sf_uc.uc_stack)); sendsig_reset(l, sig); mutex_exit(p->p_lock); cpu_getmcontext(l, &frame.sf_uc.uc_mcontext, &frame.sf_uc.uc_flags); Index: src/sys/arch/amd64/amd64/netbsd32_machdep.c diff -u src/sys/arch/amd
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Tue Jan 29 08:32:01 UTC 2019 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Fix typo To generate a diff of this commit: cvs rdiff -u -r1.1.2.38 -r1.1.2.39 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.38 src/doc/CHANGES-7.1.3:1.1.2.39 --- src/doc/CHANGES-7.1.3:1.1.2.38 Tue Jan 29 08:13:06 2019 +++ src/doc/CHANGES-7.1.3 Tue Jan 29 08:32:01 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.38 2019/01/29 08:13:06 msaitoh Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.39 2019/01/29 08:32:01 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -396,6 +396,6 @@ sys/netmpls/mpls_proto.c 1.32 sys/netnatm/natm.cpatch Fix memory leaks pointed out by Ilja Van Sprundel: all - sendoob() functions are expted to free both passed + sendoob() functions are expected to free both passed mbuf chains. [martin, ticket #1676]
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: msaitoh Date: Tue Jan 29 08:13:06 UTC 2019 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: ticket #1676. To generate a diff of this commit: cvs rdiff -u -r1.1.2.37 -r1.1.2.38 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.37 src/doc/CHANGES-7.1.3:1.1.2.38 --- src/doc/CHANGES-7.1.3:1.1.2.37 Thu Jan 24 14:13:46 2019 +++ src/doc/CHANGES-7.1.3 Tue Jan 29 08:13:06 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.37 2019/01/24 14:13:46 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.38 2019/01/29 08:13:06 msaitoh Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -383,3 +383,19 @@ sys/kern/kern_ntptime.c1.60 disclosure. [maxv, ticket #1675] +sys/net/link_proto.c1.37 +sys/netatalk/ddp_usrreq.c 1.72 +sys/netbt/hci_socket.c1.46 +sys/netbt/l2cap_socket.c 1.36 +sys/netbt/rfcomm_socket.c 1.38 +sys/netbt/sco_socket.c1.38 +sys/netinet/tcp_usrreq.c 1.223 via patch +sys/netinet6/raw_ip6.c1.173 +sys/netinet6/udp6_usrreq.c 1.146 +sys/netmpls/mpls_proto.c 1.32 +sys/netnatm/natm.cpatch + + Fix memory leaks pointed out by Ilja Van Sprundel: all + sendoob() functions are expted to free both passed + mbuf chains. + [martin, ticket #1676]
CVS commit: [netbsd-7-1] src/sys
Module Name:src
Committed By: msaitoh
Date: Tue Jan 29 08:12:18 UTC 2019
Modified Files:
src/sys/net [netbsd-7-1]: link_proto.c
src/sys/netatalk [netbsd-7-1]: ddp_usrreq.c
src/sys/netbt [netbsd-7-1]: hci_socket.c l2cap_socket.c rfcomm_socket.c
sco_socket.c
src/sys/netinet [netbsd-7-1]: tcp_usrreq.c
src/sys/netinet6 [netbsd-7-1]: raw_ip6.c udp6_usrreq.c
src/sys/netmpls [netbsd-7-1]: mpls_proto.c
src/sys/netnatm [netbsd-7-1]: natm.c
Log Message:
Pull up following revision(s) (requested by martin in ticket #1676):
sys/net/link_proto.c1.37
sys/netatalk/ddp_usrreq.c 1.72
sys/netbt/hci_socket.c 1.46
sys/netbt/l2cap_socket.c1.36
sys/netbt/rfcomm_socket.c 1.38
sys/netbt/sco_socket.c 1.38
sys/netinet/tcp_usrreq.c1.223 via patch
sys/netinet6/raw_ip6.c 1.173
sys/netinet6/udp6_usrreq.c 1.146
sys/netmpls/mpls_proto.c1.32
sys/netnatm/natm.c patch
Fix memory leaks pointed out by Ilja Van Sprundel: all
sendoob() functions are expted to free both passed
mbuf chains.
To generate a diff of this commit:
cvs rdiff -u -r1.24 -r1.24.10.1 src/sys/net/link_proto.c
cvs rdiff -u -r1.63 -r1.63.10.1 src/sys/netatalk/ddp_usrreq.c
cvs rdiff -u -r1.40 -r1.40.10.1 src/sys/netbt/hci_socket.c
cvs rdiff -u -r1.31 -r1.31.10.1 src/sys/netbt/l2cap_socket.c
cvs rdiff -u -r1.33 -r1.33.10.1 src/sys/netbt/rfcomm_socket.c \
src/sys/netbt/sco_socket.c
cvs rdiff -u -r1.200.2.2 -r1.200.2.2.6.1 src/sys/netinet/tcp_usrreq.c
cvs rdiff -u -r1.136.2.1.2.2 -r1.136.2.1.2.3 src/sys/netinet6/raw_ip6.c
cvs rdiff -u -r1.115 -r1.115.10.1 src/sys/netinet6/udp6_usrreq.c
cvs rdiff -u -r1.24 -r1.24.10.1 src/sys/netmpls/mpls_proto.c
cvs rdiff -u -r1.45 -r1.45.10.1 src/sys/netnatm/natm.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/link_proto.c
diff -u src/sys/net/link_proto.c:1.24 src/sys/net/link_proto.c:1.24.10.1
--- src/sys/net/link_proto.c:1.24 Sat Aug 9 05:33:01 2014
+++ src/sys/net/link_proto.c Tue Jan 29 08:12:17 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: link_proto.c,v 1.24 2014/08/09 05:33:01 rtr Exp $ */
+/* $NetBSD: link_proto.c,v 1.24.10.1 2019/01/29 08:12:17 msaitoh Exp $ */
/*-
* Copyright (c) 1982, 1986, 1993
@@ -32,7 +32,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: link_proto.c,v 1.24 2014/08/09 05:33:01 rtr Exp $");
+__KERNEL_RCSID(0, "$NetBSD: link_proto.c,v 1.24.10.1 2019/01/29 08:12:17 msaitoh Exp $");
#include
#include
@@ -389,6 +389,9 @@ link_sendoob(struct socket *so, struct m
{
KASSERT(solocked(so));
+ m_freem(m);
+ m_freem(control);
+
return EOPNOTSUPP;
}
Index: src/sys/netatalk/ddp_usrreq.c
diff -u src/sys/netatalk/ddp_usrreq.c:1.63 src/sys/netatalk/ddp_usrreq.c:1.63.10.1
--- src/sys/netatalk/ddp_usrreq.c:1.63 Sat Aug 9 05:33:01 2014
+++ src/sys/netatalk/ddp_usrreq.c Tue Jan 29 08:12:17 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: ddp_usrreq.c,v 1.63 2014/08/09 05:33:01 rtr Exp $ */
+/* $NetBSD: ddp_usrreq.c,v 1.63.10.1 2019/01/29 08:12:17 msaitoh Exp $ */
/*
* Copyright (c) 1990,1991 Regents of The University of Michigan.
@@ -27,7 +27,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: ddp_usrreq.c,v 1.63 2014/08/09 05:33:01 rtr Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ddp_usrreq.c,v 1.63.10.1 2019/01/29 08:12:17 msaitoh Exp $");
#include "opt_mbuftrace.h"
@@ -581,8 +581,8 @@ ddp_sendoob(struct socket *so, struct mb
{
KASSERT(solocked(so));
- if (m)
- m_freem(m);
+ m_freem(m);
+ m_freem(control);
return EOPNOTSUPP;
}
Index: src/sys/netbt/hci_socket.c
diff -u src/sys/netbt/hci_socket.c:1.40 src/sys/netbt/hci_socket.c:1.40.10.1
--- src/sys/netbt/hci_socket.c:1.40 Sat Aug 9 05:33:01 2014
+++ src/sys/netbt/hci_socket.c Tue Jan 29 08:12:17 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: hci_socket.c,v 1.40 2014/08/09 05:33:01 rtr Exp $ */
+/* $NetBSD: hci_socket.c,v 1.40.10.1 2019/01/29 08:12:17 msaitoh Exp $ */
/*-
* Copyright (c) 2005 Iain Hibbert.
@@ -31,7 +31,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: hci_socket.c,v 1.40 2014/08/09 05:33:01 rtr Exp $");
+__KERNEL_RCSID(0, "$NetBSD: hci_socket.c,v 1.40.10.1 2019/01/29 08:12:17 msaitoh Exp $");
/* load symbolic names */
#ifdef BLUETOOTH_DEBUG
@@ -712,10 +712,8 @@ hci_sendoob(struct socket *so, struct mb
{
KASSERT(solocked(so));
- if (m)
- m_freem(m);
- if (control)
- m_freem(control);
+ m_freem(m);
+ m_freem(control);
return EOPNOTSUPP;
}
Index: src/sys/netbt/l2cap_socket.c
diff -u src/sys/netbt/l2cap_socket.c:1.31 src/sys/netbt/l2cap_socket.c:1.31.10.1
--- src/sys/netbt/l2cap_socket.c:1.31 Sat Aug 9 05:33:01 2014
+++ src/sys/netbt/l2cap_socket.c Tue Jan 29 08:12:1
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Thu Jan 24 14:13:46 UTC 2019 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Tickets #1674 and #1675 To generate a diff of this commit: cvs rdiff -u -r1.1.2.36 -r1.1.2.37 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.36 src/doc/CHANGES-7.1.3:1.1.2.37 --- src/doc/CHANGES-7.1.3:1.1.2.36 Tue Jan 15 18:44:58 2019 +++ src/doc/CHANGES-7.1.3 Thu Jan 24 14:13:46 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.36 2019/01/15 18:44:58 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.37 2019/01/24 14:13:46 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -372,3 +372,14 @@ sys/arch/sparc/sparc/pmap.c 1.366 Fix deadlocks on machines with more than two cpus. [mrg, ticket #1672] +regress/sys/arch/m68k/060sp/Makefile 1.15 + + Replace manual realdepend dependency with DPSRCS. + [msaitoh, ticket #1674] + +sys/kern/kern_ntptime.c1.60 + + Zero out the ntptimeval structure to prevent a 4 byte kernel stack + disclosure. + [maxv, ticket #1675] +
CVS commit: [netbsd-7-1] src/sys/kern
Module Name:src
Committed By: martin
Date: Thu Jan 24 14:13:26 UTC 2019
Modified Files:
src/sys/kern [netbsd-7-1]: kern_ntptime.c
Log Message:
Pull up following revision(s) (requested by maxv in ticket #1675):
sys/kern/kern_ntptime.c: revision 1.60
Zero out the ntptimeval structure to prevent a 4 byte kernel stack disclosure.
Reported by Thomas Barabosch.
To generate a diff of this commit:
cvs rdiff -u -r1.55 -r1.55.12.1 src/sys/kern/kern_ntptime.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_ntptime.c
diff -u src/sys/kern/kern_ntptime.c:1.55 src/sys/kern/kern_ntptime.c:1.55.12.1
--- src/sys/kern/kern_ntptime.c:1.55 Tue Feb 25 18:30:11 2014
+++ src/sys/kern/kern_ntptime.c Thu Jan 24 14:13:26 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_ntptime.c,v 1.55 2014/02/25 18:30:11 pooka Exp $ */
+/* $NetBSD: kern_ntptime.c,v 1.55.12.1 2019/01/24 14:13:26 martin Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -60,7 +60,7 @@
#include
/* __FBSDID("$FreeBSD: src/sys/kern/kern_ntptime.c,v 1.59 2005/05/28 14:34:41 rwatson Exp $"); */
-__KERNEL_RCSID(0, "$NetBSD: kern_ntptime.c,v 1.55 2014/02/25 18:30:11 pooka Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_ntptime.c,v 1.55.12.1 2019/01/24 14:13:26 martin Exp $");
#ifdef _KERNEL_OPT
#include "opt_ntp.h"
@@ -239,6 +239,7 @@ static void hardupdate(long offset);
void
ntp_gettime(struct ntptimeval *ntv)
{
+ memset(ntv, 0, sizeof(*ntv));
mutex_spin_enter(&timecounter_lock);
nanotime(&ntv->time);
CVS commit: [netbsd-7-1] src/regress/sys/arch/m68k/060sp
Module Name:src
Committed By: martin
Date: Thu Jan 24 14:08:46 UTC 2019
Modified Files:
src/regress/sys/arch/m68k/060sp [netbsd-7-1]: Makefile
Log Message:
Pull up following revision(s) (requested by msaitoh in ticket #1674):
regress/sys/arch/m68k/060sp/Makefile: revision 1.15
Replace manual realdepend dependency with DPSRCS.
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.14.48.1 src/regress/sys/arch/m68k/060sp/Makefile
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/regress/sys/arch/m68k/060sp/Makefile
diff -u src/regress/sys/arch/m68k/060sp/Makefile:1.14 src/regress/sys/arch/m68k/060sp/Makefile:1.14.48.1
--- src/regress/sys/arch/m68k/060sp/Makefile:1.14 Fri Mar 28 22:29:16 2008
+++ src/regress/sys/arch/m68k/060sp/Makefile Thu Jan 24 14:08:46 2019
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.14 2008/03/28 22:29:16 apb Exp $
+# $NetBSD: Makefile,v 1.14.48.1 2019/01/24 14:08:46 martin Exp $
NOMAN= # defined
@@ -9,6 +9,7 @@ SRCS= dotest.c dotestsubs.S
AFLAGS+= -I.
CPPFLAGS+= -I.
SPDIR= ${NETBSDSRCDIR}/sys/arch/m68k/060sp
+DPSRCS+= itest.S ftest.S
CLEANFILES+= itest.S ftest.S
.SUFFIXES: .S .sa
@@ -19,7 +20,7 @@ CLEANFILES+= itest.S ftest.S
.PATH: ${SPDIR}/dist
-realdepend dotestsubs.o: itest.S ftest.S
+dotestsubs.o: itest.S ftest.S
regress: ${PROG}
@/sbin/sysctl hw.model | grep -v -q 68060 || \
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Tue Jan 15 18:44:58 UTC 2019 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1672 To generate a diff of this commit: cvs rdiff -u -r1.1.2.35 -r1.1.2.36 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.35 src/doc/CHANGES-7.1.3:1.1.2.36 --- src/doc/CHANGES-7.1.3:1.1.2.35 Mon Jan 7 14:04:04 2019 +++ src/doc/CHANGES-7.1.3 Tue Jan 15 18:44:58 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.35 2019/01/07 14:04:04 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.36 2019/01/15 18:44:58 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -367,3 +367,8 @@ doc/3RDPARTY (patch) Updated tzdata to 2018i. [kre, ticket #1670] +sys/arch/sparc/sparc/pmap.c 1.366 + + Fix deadlocks on machines with more than two cpus. + [mrg, ticket #1672] +
CVS commit: [netbsd-7-1] src/sys/arch/sparc/sparc
Module Name:src
Committed By: martin
Date: Tue Jan 15 18:44:28 UTC 2019
Modified Files:
src/sys/arch/sparc/sparc [netbsd-7-1]: pmap.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1672):
sys/arch/sparc/sparc/pmap.c: revision 1.366
switch sparc pmap lock to the scheme sparc64 uses:
- - local IPL_NONE mutex for general pmap locking operations, not
kernel lock.
- - for pmap_activate()/pmap_deactivate(), switch to using the
existing ctx_lock, and push handling of it into ctx_alloc() the
ctx_free() callers.
fixes easy to trigger deadlocks on systems with >2 cpus. without
this patch i usually hang during boot. with it, i was able to
push the machine hard for over 12 hours.
XXX: pullup-8, and maybe -7.
To generate a diff of this commit:
cvs rdiff -u -r1.358 -r1.358.10.1 src/sys/arch/sparc/sparc/pmap.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/sparc/sparc/pmap.c
diff -u src/sys/arch/sparc/sparc/pmap.c:1.358 src/sys/arch/sparc/sparc/pmap.c:1.358.10.1
--- src/sys/arch/sparc/sparc/pmap.c:1.358 Sat May 3 11:17:06 2014
+++ src/sys/arch/sparc/sparc/pmap.c Tue Jan 15 18:44:28 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: pmap.c,v 1.358 2014/05/03 11:17:06 nakayama Exp $ */
+/* $NetBSD: pmap.c,v 1.358.10.1 2019/01/15 18:44:28 martin Exp $ */
/*
* Copyright (c) 1996
@@ -56,7 +56,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: pmap.c,v 1.358 2014/05/03 11:17:06 nakayama Exp $");
+__KERNEL_RCSID(0, "$NetBSD: pmap.c,v 1.358.10.1 2019/01/15 18:44:28 martin Exp $");
#include "opt_ddb.h"
#include "opt_kgdb.h"
@@ -176,8 +176,8 @@ paddr_t vm_first_phys = (paddr_t)-1;
paddr_t vm_last_phys = 0;
psize_t vm_num_phys;
-#define PMAP_LOCK() KERNEL_LOCK(1, NULL)
-#define PMAP_UNLOCK() KERNEL_UNLOCK_ONE(NULL)
+#define PMAP_LOCK() mutex_enter(&pmap_lock)
+#define PMAP_UNLOCK() mutex_exit(&pmap_lock)
/*
* Flags in pvlist.pv_flags. Note that PV_MOD must be 1 and PV_REF must be 2
@@ -347,6 +347,7 @@ mmuq_insert_tail(struct mmuentry *head,
int seginval; /* [4/4c] the invalid segment number */
int reginval; /* [4/3mmu] the invalid region number */
+static kmutex_t pmap_lock;
static kmutex_t demap_lock;
static bool lock_available = false; /* demap_lock has been initialized */
@@ -372,15 +373,15 @@ union ctxinfo {
struct pmap *c_pmap; /* pmap (if busy) */
};
-static kmutex_t ctx_lock; /* lock for below */
+static kmutex_t ctx_lock; /* lock for below, and {,de}activate */
union ctxinfo *ctxinfo; /* allocated at in pmap_bootstrap */
union ctxinfo *ctx_freelist; /* context free list */
int ctx_kick; /* allocation rover when none free */
int ctx_kickdir; /* ctx_kick roves both directions */
int ncontext; /* sizeof ctx_freelist */
-void ctx_alloc(struct pmap *);
-void ctx_free(struct pmap *);
+static void ctx_alloc(struct pmap *);
+static void ctx_free(struct pmap *);
/*void * vdumppages; -* 32KB worth of reserved dump pages */
@@ -2121,7 +2122,7 @@ mmu_pagein(struct pmap *pm, vaddr_t va,
* This routine is only ever called from locore.s just after it has
* saved away the previous process, so there are no active user windows.
*/
-void
+static void
ctx_alloc(struct pmap *pm)
{
union ctxinfo *c;
@@ -2133,6 +2134,8 @@ ctx_alloc(struct pmap *pm)
struct cpu_info *cpi;
#endif
+ KASSERT(mutex_owned(&ctx_lock));
+
/*XXX-GCC!*/gap_start=gap_end=0;
#ifdef DEBUG
if (pm->pm_ctx)
@@ -2145,7 +2148,6 @@ ctx_alloc(struct pmap *pm)
gap_end = pm->pm_gap_end;
}
- mutex_spin_enter(&ctx_lock);
if ((c = ctx_freelist) != NULL) {
ctx_freelist = c->c_nextfree;
cnum = c - ctxinfo;
@@ -2288,13 +2290,12 @@ ctx_alloc(struct pmap *pm)
setcontext4m(cnum);
#endif /* SUN4M || SUN4D */
}
- mutex_spin_exit(&ctx_lock);
}
/*
* Give away a context.
*/
-void
+static void
ctx_free(struct pmap *pm)
{
union ctxinfo *c;
@@ -2303,6 +2304,8 @@ ctx_free(struct pmap *pm)
struct cpu_info *cpi;
#endif
+ KASSERT(mutex_owned(&ctx_lock));
+
c = pm->pm_ctx;
ctx = pm->pm_ctxnum;
pm->pm_ctx = NULL;
@@ -2316,8 +2319,6 @@ ctx_free(struct pmap *pm)
}
#endif /* SUN4 || SUN4C */
- mutex_spin_enter(&ctx_lock);
-
#if defined(SUN4M) || defined(SUN4D)
if (CPU_HAS_SRMMU) {
CPU_INFO_ITERATOR i;
@@ -2334,7 +2335,6 @@ ctx_free(struct pmap *pm)
c->c_nextfree = ctx_freelist;
ctx_freelist = c;
- mutex_spin_exit(&ctx_lock);
}
@@ -3070,6 +3070,7 @@ pmap_bootstrap(int nctx, int nregion, in
}
pmap_page_upload();
+ mutex_init(&pmap_lock, MUTEX_DEFAULT, IPL_NONE);
mutex_init(&demap_lock, MUTEX_DEFAULT, IPL_VM);
mutex_init(&ctx_lock, MUTEX_DEFAULT, IPL_SCHED);
lock_available = true;
@@ -4386,7 +4387,9 @@ pmap_pmap_pool_dtor(void *arg, void *obj
#endif
if ((c = pm->pm_ctx) != NULL) {
+ mutex_spin_enter(&ctx_lock);
ctx_free(pm);
+ mutex_spin_exit(&ctx_lock);
}
#if defined(SUN4M) || defined(SU
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Mon Jan 7 14:04:04 UTC 2019 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1670 To generate a diff of this commit: cvs rdiff -u -r1.1.2.34 -r1.1.2.35 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.34 src/doc/CHANGES-7.1.3:1.1.2.35 --- src/doc/CHANGES-7.1.3:1.1.2.34 Thu Jan 3 11:15:32 2019 +++ src/doc/CHANGES-7.1.3 Mon Jan 7 14:04:04 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.34 2019/01/03 11:15:32 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.35 2019/01/07 14:04:04 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -347,3 +347,23 @@ sys/conf/copyright1.17 Welcome to 2019! [jnemeth, ticket #1669] +external/public-domain/tz/dist/Makefile up to 1.1.1.23 +external/public-domain/tz/dist/NEWS up to 1.1.1.26 +external/public-domain/tz/dist/TZDATA_VERSION up to 1.16 +external/public-domain/tz/dist/africa up to 1.1.1.19 +external/public-domain/tz/dist/asia up to 1.1.1.22 +external/public-domain/tz/dist/australasia up to 1.1.1.17 +external/public-domain/tz/dist/leapseconds up to 1.1.1.12 +external/public-domain/tz/dist/leapseconds.awk up to 1.1.1.8 +external/public-domain/tz/dist/northamerica up to 1.1.1.22 +external/public-domain/tz/dist/theory.html up to 1.1.1.7 +external/public-domain/tz/dist/version up to 1.1.1.13 +external/public-domain/tz/dist/ziguard.awk up to 1.1.1.4 +external/public-domain/tz/dist/zone.tab up to 1.1.1.16 +external/public-domain/tz/dist/zone1970.tab up to 1.1.1.18 +distrib/sets/lists/base/mi (patch) +doc/3RDPARTY (patch) + + Updated tzdata to 2018i. + [kre, ticket #1670] +
CVS commit: [netbsd-7-1] src
Module Name:src Committed By: martin Date: Mon Jan 7 14:03:22 UTC 2019 Modified Files: src/distrib/sets/lists/base [netbsd-7-1]: mi src/doc [netbsd-7-1]: 3RDPARTY src/external/public-domain/tz/dist [netbsd-7-1]: Makefile NEWS TZDATA_VERSION africa asia australasia leapseconds leapseconds.awk northamerica theory.html version ziguard.awk zone.tab zone1970.tab Log Message: Pull up the following, requested by kre in ticket #1670: external/public-domain/tz/dist/Makefile up to 1.1.1.23 external/public-domain/tz/dist/NEWS up to 1.1.1.26 external/public-domain/tz/dist/TZDATA_VERSION up to 1.16 external/public-domain/tz/dist/africa up to 1.1.1.19 external/public-domain/tz/dist/asia up to 1.1.1.22 external/public-domain/tz/dist/australasia up to 1.1.1.17 external/public-domain/tz/dist/leapseconds up to 1.1.1.12 external/public-domain/tz/dist/leapseconds.awk up to 1.1.1.8 external/public-domain/tz/dist/northamerica up to 1.1.1.22 external/public-domain/tz/dist/theory.html up to 1.1.1.7 external/public-domain/tz/dist/version up to 1.1.1.13 external/public-domain/tz/dist/ziguard.awk up to 1.1.1.4 external/public-domain/tz/dist/zone.tab up to 1.1.1.16 external/public-domain/tz/dist/zone1970.tab up to 1.1.1.18 distrib/sets/lists/base/mi (patch) doc/3RDPARTY(patch) Import tzdata2018h from ftp://ftp.iana.org/tz/releases/tzdata2018h.tar.gz Summary of changes in tzdata2018h (2018-12-23 17:59:32 -0800): Qyzylorda (aka Kyzylorda) oblast in Kazakhstan moved from +06 to +05 on 2018-12-21. This is a zone split as Qostanay (aka Kostanay) did not switch, so create a zone Asia/Qostanay. Metlakatla, Alaska observes PST this winter only. Add predictions for Iran from 2038 through 2090. Changes to some old timestamps for Nauru (1979) Guam (1959-77), Hong Kong (1904, 1941, 1945, 1952) (others in Pacific during WWII) --- Merge tzdata2018h --- Update to tzdata2018h (new zone Asia/Qostanay) --- Import tzdata2018i from ftp://ftp.iana.org/tz/releases/tzdata2018i.tar.gz Summary of changes in tzdata2018i (2018-12-30 11:05:43 -0800): Due to a change in government, Sao Tome and Principe switches back from +01 to +00 on 2019-01-01 at 02:00. --- Merge tzdata2018i --- Update to tzdata2018i To generate a diff of this commit: cvs rdiff -u -r1.1087.2.10.2.1 -r1.1087.2.10.2.2 \ src/distrib/sets/lists/base/mi cvs rdiff -u -r1.1145.2.37.2.10 -r1.1145.2.37.2.11 src/doc/3RDPARTY cvs rdiff -u -r1.1.1.1.4.7.2.3 -r1.1.1.1.4.7.2.4 \ src/external/public-domain/tz/dist/Makefile \ src/external/public-domain/tz/dist/asia \ src/external/public-domain/tz/dist/leapseconds \ src/external/public-domain/tz/dist/zone.tab \ src/external/public-domain/tz/dist/zone1970.tab cvs rdiff -u -r1.1.1.1.4.7.2.4 -r1.1.1.1.4.7.2.5 \ src/external/public-domain/tz/dist/NEWS \ src/external/public-domain/tz/dist/northamerica cvs rdiff -u -r1.6.4.3.2.4 -r1.6.4.3.2.5 \ src/external/public-domain/tz/dist/TZDATA_VERSION cvs rdiff -u -r1.1.1.1.4.5.2.4 -r1.1.1.1.4.5.2.5 \ src/external/public-domain/tz/dist/africa cvs rdiff -u -r1.1.1.1.4.6.2.3 -r1.1.1.1.4.6.2.4 \ src/external/public-domain/tz/dist/australasia cvs rdiff -u -r1.1.1.1.4.4.4.2 -r1.1.1.1.4.4.4.3 \ src/external/public-domain/tz/dist/leapseconds.awk cvs rdiff -u -r1.1.1.1.6.4 -r1.1.1.1.6.5 \ src/external/public-domain/tz/dist/theory.html cvs rdiff -u -r1.1.1.3.4.3.2.4 -r1.1.1.3.4.3.2.5 \ src/external/public-domain/tz/dist/version cvs rdiff -u -r1.1.1.1.6.3 -r1.1.1.1.6.4 \ src/external/public-domain/tz/dist/ziguard.awk Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/distrib/sets/lists/base/mi diff -u src/distrib/sets/lists/base/mi:1.1087.2.10.2.1 src/distrib/sets/lists/base/mi:1.1087.2.10.2.2 --- src/distrib/sets/lists/base/mi:1.1087.2.10.2.1 Sun Nov 5 20:43:37 2017 +++ src/distrib/sets/lists/base/mi Mon Jan 7 14:03:21 2019 @@ -1,4 +1,4 @@ -# $NetBSD: mi,v 1.1087.2.10.2.1 2017/11/05 20:43:37 snj Exp $ +# $NetBSD: mi,v 1.1087.2.10.2.2 2019/01/07 14:03:21 martin Exp $ # # Note: Don't delete entries from here - mark them as "obsolete" instead, # unless otherwise stated below. @@ -5467,6 +5467,7 @@ ./usr/share/zoneinfo/Asia/Pontianak base-sys-share share ./usr/share/zoneinfo/Asia/Pyongyang base-sys-share share ./usr/share/zoneinfo/Asia/Qatar base-sys-share share +./usr/share/zoneinfo/Asia/Qostanay base-sys-share share ./usr/share/zoneinfo/Asia/Qyzylorda base-sys-share share ./usr/share/zoneinfo/Asia/Rangoon base-sys-share share ./usr/share/zoneinfo/Asia/Riyadh base-s
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Thu Jan 3 11:15:32 UTC 2019 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ammend ticket #1668 for additional pullups To generate a diff of this commit: cvs rdiff -u -r1.1.2.33 -r1.1.2.34 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.33 src/doc/CHANGES-7.1.3:1.1.2.34 --- src/doc/CHANGES-7.1.3:1.1.2.33 Wed Jan 2 15:31:18 2019 +++ src/doc/CHANGES-7.1.3 Thu Jan 3 11:15:32 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.33 2019/01/02 15:31:18 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.34 2019/01/03 11:15:32 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -337,6 +337,7 @@ sys/kern/kern_time.c1.191 sys/compat/netbsd32/netbsd32_compat_14.c 1.27 sys/compat/netbsd32/netbsd32_conv.h 1.37 sys/compat/sys/msg.h1.5 +sys/compat/sys/time_types.h 1.3 Fix kernel info leaks. [maxv, ticket #1668]
CVS commit: [netbsd-7-1] src/sys/compat/sys
Module Name:src Committed By: martin Date: Thu Jan 3 11:15:01 UTC 2019 Modified Files: src/sys/compat/sys [netbsd-7-1]: time_types.h Log Message: Additionally pull up the following for ticket #1668: sys/compat/sys/time_types.h 1.3 include libkern.h or string.h & stddef.h, to get the offsetof() and memset() definitions. To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.1.52.1 src/sys/compat/sys/time_types.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/compat/sys/time_types.h diff -u src/sys/compat/sys/time_types.h:1.1 src/sys/compat/sys/time_types.h:1.1.52.1 --- src/sys/compat/sys/time_types.h:1.1 Thu Nov 5 16:59:01 2009 +++ src/sys/compat/sys/time_types.h Thu Jan 3 11:15:01 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: time_types.h,v 1.1 2009/11/05 16:59:01 pooka Exp $ */ +/* $NetBSD: time_types.h,v 1.1.52.1 2019/01/03 11:15:01 martin Exp $ */ /* * Copyright (c) 1982, 1986, 1993 @@ -34,6 +34,13 @@ #ifndef _COMPAT_SYS_TIME_TYPES_H_ #define _COMPAT_SYS_TIME_TYPES_H_ +#ifdef _KERNEL +#include +#else +#include +#include +#endif + /* * Structure returned by gettimeofday(2) system call, * and used in other calls.
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Wed Jan 2 15:31:18 UTC 2019 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Tickets #1668 and #1669 To generate a diff of this commit: cvs rdiff -u -r1.1.2.32 -r1.1.2.33 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.32 src/doc/CHANGES-7.1.3:1.1.2.33 --- src/doc/CHANGES-7.1.3:1.1.2.32 Thu Dec 27 12:01:28 2018 +++ src/doc/CHANGES-7.1.3 Wed Jan 2 15:31:18 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.32 2018/12/27 12:01:28 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.33 2019/01/02 15:31:18 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -334,3 +334,15 @@ sys/kern/kern_time.c1.191 Fix kernel info leak. [maxv, ticket #1667] +sys/compat/netbsd32/netbsd32_compat_14.c 1.27 +sys/compat/netbsd32/netbsd32_conv.h 1.37 +sys/compat/sys/msg.h1.5 + + Fix kernel info leaks. + [maxv, ticket #1668] + +sys/conf/copyright1.17 + + Welcome to 2019! + [jnemeth, ticket #1669] +
CVS commit: [netbsd-7-1] src/sys/conf
Module Name:src Committed By: martin Date: Wed Jan 2 15:30:49 UTC 2019 Modified Files: src/sys/conf [netbsd-7-1]: copyright Log Message: Pull up following revision(s) (requested by jnemeth in ticket #1669): sys/conf/copyright: revision 1.17 Welcome to 2019! To generate a diff of this commit: cvs rdiff -u -r1.12.4.2.2.1 -r1.12.4.2.2.2 src/sys/conf/copyright Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/conf/copyright diff -u src/sys/conf/copyright:1.12.4.2.2.1 src/sys/conf/copyright:1.12.4.2.2.2 --- src/sys/conf/copyright:1.12.4.2.2.1 Fri Mar 9 19:50:15 2018 +++ src/sys/conf/copyright Wed Jan 2 15:30:49 2019 @@ -1,5 +1,5 @@ Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, -2018 The NetBSD Foundation, Inc. All rights reserved. +2018, 2019 The NetBSD Foundation, Inc. All rights reserved. Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved.
CVS commit: [netbsd-7-1] src/sys/compat
Module Name:src
Committed By: martin
Date: Wed Jan 2 15:26:38 UTC 2019
Modified Files:
src/sys/compat/netbsd32 [netbsd-7-1]: netbsd32_compat_14.c
netbsd32_conv.h
src/sys/compat/sys [netbsd-7-1]: msg.h
Log Message:
Pull up following revision(s) (requested by maxv in ticket #1668):
sys/compat/netbsd32/netbsd32_conv.h: revision 1.37
sys/compat/netbsd32/netbsd32_compat_14.c: revision 1.27
sys/compat/sys/msg.h: revision 1.5
Fix kernel info leaks.
+ Possible info leak: [len=80, leaked=10]
| #0 0x80bad7a7 in kleak_copyout
| #1 0x8048e71b in netbsd32___msgctl50
| #2 0x8022fb5b in netbsd32_syscall
| #3 0x802096dd in handle_syscall
To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.21.82.1 src/sys/compat/netbsd32/netbsd32_compat_14.c
cvs rdiff -u -r1.28.4.1 -r1.28.4.1.4.1 \
src/sys/compat/netbsd32/netbsd32_conv.h
cvs rdiff -u -r1.4 -r1.4.52.1 src/sys/compat/sys/msg.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/compat/netbsd32/netbsd32_compat_14.c
diff -u src/sys/compat/netbsd32/netbsd32_compat_14.c:1.21 src/sys/compat/netbsd32/netbsd32_compat_14.c:1.21.82.1
--- src/sys/compat/netbsd32/netbsd32_compat_14.c:1.21 Thu Dec 20 23:03:01 2007
+++ src/sys/compat/netbsd32/netbsd32_compat_14.c Wed Jan 2 15:26:38 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: netbsd32_compat_14.c,v 1.21 2007/12/20 23:03:01 dsl Exp $ */
+/* $NetBSD: netbsd32_compat_14.c,v 1.21.82.1 2019/01/02 15:26:38 martin Exp $ */
/*
* Copyright (c) 1999 Eduardo E. Horvath
@@ -29,7 +29,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: netbsd32_compat_14.c,v 1.21 2007/12/20 23:03:01 dsl Exp $");
+__KERNEL_RCSID(0, "$NetBSD: netbsd32_compat_14.c,v 1.21.82.1 2019/01/02 15:26:38 martin Exp $");
#include
#include
@@ -126,6 +126,7 @@ static inline void
native_to_netbsd32_msqid_ds14(struct msqid_ds *msqbuf, struct netbsd32_msqid_ds14 *omsqbuf)
{
+ memset(omsqbuf, 0, sizeof(*omsqbuf));
native_to_netbsd32_ipc_perm14(&msqbuf->msg_perm, &omsqbuf->msg_perm);
#define CVT(x) omsqbuf->x = msqbuf->x
Index: src/sys/compat/netbsd32/netbsd32_conv.h
diff -u src/sys/compat/netbsd32/netbsd32_conv.h:1.28.4.1 src/sys/compat/netbsd32/netbsd32_conv.h:1.28.4.1.4.1
--- src/sys/compat/netbsd32/netbsd32_conv.h:1.28.4.1 Wed Nov 4 17:46:21 2015
+++ src/sys/compat/netbsd32/netbsd32_conv.h Wed Jan 2 15:26:38 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: netbsd32_conv.h,v 1.28.4.1 2015/11/04 17:46:21 riz Exp $ */
+/* $NetBSD: netbsd32_conv.h,v 1.28.4.1.4.1 2019/01/02 15:26:38 martin Exp $ */
/*
* Copyright (c) 1998, 2001 Matthew R. Green
@@ -544,6 +544,7 @@ netbsd32_from_msqid_ds50(const struct ms
struct netbsd32_msqid_ds50 *ds32p)
{
+ memset(ds32p, 0, sizeof(*ds32p));
netbsd32_from_ipc_perm(&dsp->msg_perm, &ds32p->msg_perm);
ds32p->_msg_cbytes = (netbsd32_u_long)dsp->_msg_cbytes;
ds32p->msg_qnum = (netbsd32_u_long)dsp->msg_qnum;
@@ -560,6 +561,7 @@ netbsd32_from_msqid_ds(const struct msqi
struct netbsd32_msqid_ds *ds32p)
{
+ memset(ds32p, 0, sizeof(*ds32p));
netbsd32_from_ipc_perm(&dsp->msg_perm, &ds32p->msg_perm);
ds32p->_msg_cbytes = (netbsd32_u_long)dsp->_msg_cbytes;
ds32p->msg_qnum = (netbsd32_u_long)dsp->msg_qnum;
Index: src/sys/compat/sys/msg.h
diff -u src/sys/compat/sys/msg.h:1.4 src/sys/compat/sys/msg.h:1.4.52.1
--- src/sys/compat/sys/msg.h:1.4 Mon Jan 19 19:39:41 2009
+++ src/sys/compat/sys/msg.h Wed Jan 2 15:26:38 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: msg.h,v 1.4 2009/01/19 19:39:41 christos Exp $ */
+/* $NetBSD: msg.h,v 1.4.52.1 2019/01/02 15:26:38 martin Exp $ */
/*
* SVID compatible msg.h file
@@ -108,6 +108,7 @@ static __inline void
__native_to_msqid_ds13(const struct msqid_ds *msqbuf, struct msqid_ds13 *omsqbuf)
{
+ memset(omsqbuf, 0, sizeof(*omsqbuf));
omsqbuf->msg_perm = msqbuf->msg_perm;
#define CVT(x) omsqbuf->x = msqbuf->x
@@ -149,6 +150,7 @@ static __inline void
__native_to_msqid_ds14(const struct msqid_ds *msqbuf, struct msqid_ds14 *omsqbuf)
{
+ memset(omsqbuf, 0, sizeof(*omsqbuf));
__native_to_ipc_perm14(&msqbuf->msg_perm, &omsqbuf->msg_perm);
#define CVT(x) omsqbuf->x = msqbuf->x
CVS commit: [netbsd-7-1] src/sys/kern
Module Name:src Committed By: martin Date: Thu Dec 27 12:01:06 UTC 2018 Modified Files: src/sys/kern [netbsd-7-1]: kern_time.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1667): sys/kern/kern_time.c: revision 1.191 Fix kernel info leak. There are 2x4 bytes of padding in struct itimerval. [ 738.451860] kleak: Possible leak in copyout: [len=32, leaked=8] [ 738.481840] #0 0x80b7c42a in kleak_note [ 738.491821] #1 0x80b7c4aa in kleak_copyout [ 738.501806] #2 0x80b6154e in sys___getitimer50 [ 738.511778] #3 0x80b61e39 in sys___setitimer50 [ 738.521781] #4 0x8025ab3c in sy_call [ 738.521781] #5 0x8025ad6e in sy_invoke [ 738.531808] #6 0x8025adf4 in syscall To generate a diff of this commit: cvs rdiff -u -r1.179.8.1.4.2 -r1.179.8.1.4.3 src/sys/kern/kern_time.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_time.c diff -u src/sys/kern/kern_time.c:1.179.8.1.4.2 src/sys/kern/kern_time.c:1.179.8.1.4.3 --- src/sys/kern/kern_time.c:1.179.8.1.4.2 Fri Dec 14 12:06:43 2018 +++ src/sys/kern/kern_time.c Thu Dec 27 12:01:06 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_time.c,v 1.179.8.1.4.2 2018/12/14 12:06:43 martin Exp $ */ +/* $NetBSD: kern_time.c,v 1.179.8.1.4.3 2018/12/27 12:01:06 martin Exp $ */ /*- * Copyright (c) 2000, 2004, 2005, 2007, 2008, 2009 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_time.c,v 1.179.8.1.4.2 2018/12/14 12:06:43 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_time.c,v 1.179.8.1.4.3 2018/12/27 12:01:06 martin Exp $"); #include #include @@ -1030,6 +1030,7 @@ sys___getitimer50(struct lwp *l, const s struct itimerval aitv; int error; + memset(&aitv, 0, sizeof(aitv)); error = dogetitimer(p, SCARG(uap, which), &aitv); if (error) return error;
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Thu Dec 27 12:01:28 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1667 To generate a diff of this commit: cvs rdiff -u -r1.1.2.31 -r1.1.2.32 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.31 src/doc/CHANGES-7.1.3:1.1.2.32 --- src/doc/CHANGES-7.1.3:1.1.2.31 Tue Dec 25 11:33:54 2018 +++ src/doc/CHANGES-7.1.3 Thu Dec 27 12:01:28 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.31 2018/12/25 11:33:54 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.32 2018/12/27 12:01:28 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -329,3 +329,8 @@ sys/compat/netbsd32/netbsd32_netbsd.c ( Fix kernel info leak in swapctl(2). [maxv, ticket #1666] +sys/kern/kern_time.c1.191 + + Fix kernel info leak. + [maxv, ticket #1667] +
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Tue Dec 25 11:33:54 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1666 To generate a diff of this commit: cvs rdiff -u -r1.1.2.30 -r1.1.2.31 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.30 src/doc/CHANGES-7.1.3:1.1.2.31 --- src/doc/CHANGES-7.1.3:1.1.2.30 Tue Dec 18 18:36:53 2018 +++ src/doc/CHANGES-7.1.3 Tue Dec 25 11:33:54 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.30 2018/12/18 18:36:53 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.31 2018/12/25 11:33:54 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -323,4 +323,9 @@ usr.bin/telnet/utilities.c 1.24 Switch some sprintf to snprintf. [maya, ticket #1665] +sys/uvm/uvm_swap.c1.178 (patch, adapted) +sys/compat/netbsd32/netbsd32_netbsd.c (patch) + + Fix kernel info leak in swapctl(2). + [maxv, ticket #1666]
CVS commit: [netbsd-7-1] src/sys
Module Name:src Committed By: martin Date: Tue Dec 25 11:33:27 UTC 2018 Modified Files: src/sys/compat/netbsd32 [netbsd-7-1]: netbsd32_netbsd.c src/sys/uvm [netbsd-7-1]: uvm_swap.c Log Message: Apply patch, requested by maxv in ticket #1666: Fix similar to: sys/uvm/uvm_swap.c: revision 1.178 Woah man, fix enormous leak. Possible info leak: [len=1056, leaked=931] #0 0x80bad351 in kleak_copyout #1 0x80b2cf64 in uvm_swap_stats.part.1 #2 0x80b2d38d in uvm_swap_stats #3 0x80b2d43c in sys_swapctl #4 0x80259b82 in syscall To generate a diff of this commit: cvs rdiff -u -r1.193 -r1.193.10.1 src/sys/compat/netbsd32/netbsd32_netbsd.c cvs rdiff -u -r1.172 -r1.172.10.1 src/sys/uvm/uvm_swap.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/compat/netbsd32/netbsd32_netbsd.c diff -u src/sys/compat/netbsd32/netbsd32_netbsd.c:1.193 src/sys/compat/netbsd32/netbsd32_netbsd.c:1.193.10.1 --- src/sys/compat/netbsd32/netbsd32_netbsd.c:1.193 Thu Jul 31 12:35:33 2014 +++ src/sys/compat/netbsd32/netbsd32_netbsd.c Tue Dec 25 11:33:27 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: netbsd32_netbsd.c,v 1.193 2014/07/31 12:35:33 maxv Exp $ */ +/* $NetBSD: netbsd32_netbsd.c,v 1.193.10.1 2018/12/25 11:33:27 martin Exp $ */ /* * Copyright (c) 1998, 2001, 2008 Matthew R. Green @@ -27,7 +27,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: netbsd32_netbsd.c,v 1.193 2014/07/31 12:35:33 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: netbsd32_netbsd.c,v 1.193.10.1 2018/12/25 11:33:27 martin Exp $"); #if defined(_KERNEL_OPT) #include "opt_ddb.h" @@ -1754,7 +1754,7 @@ netbsd32_swapctl_stats(struct lwp *l, st count = uvmexp.nswapdev; ksep_len = sizeof(*ksep) * count; - ksep = kmem_alloc(ksep_len, KM_SLEEP); + ksep = kmem_zalloc(ksep_len, KM_SLEEP); usep32 = (struct netbsd32_swapent *)SCARG(uap, arg); uvm_swap_stats(SWAP_STATS, ksep, count, retval); Index: src/sys/uvm/uvm_swap.c diff -u src/sys/uvm/uvm_swap.c:1.172 src/sys/uvm/uvm_swap.c:1.172.10.1 --- src/sys/uvm/uvm_swap.c:1.172 Fri Jul 25 08:10:40 2014 +++ src/sys/uvm/uvm_swap.c Tue Dec 25 11:33:27 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: uvm_swap.c,v 1.172 2014/07/25 08:10:40 dholland Exp $ */ +/* $NetBSD: uvm_swap.c,v 1.172.10.1 2018/12/25 11:33:27 martin Exp $ */ /* * Copyright (c) 1995, 1996, 1997, 2009 Matthew R. Green @@ -30,7 +30,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: uvm_swap.c,v 1.172 2014/07/25 08:10:40 dholland Exp $"); +__KERNEL_RCSID(0, "$NetBSD: uvm_swap.c,v 1.172.10.1 2018/12/25 11:33:27 martin Exp $"); #include "opt_uvmhist.h" #include "opt_compat_netbsd.h" @@ -515,7 +515,7 @@ sys_swapctl(struct lwp *l, const struct else #endif len = sizeof(struct swapent) * misc; - sep = (struct swapent *)kmem_alloc(len, KM_SLEEP); + sep = (struct swapent *)kmem_zalloc(len, KM_SLEEP); uvm_swap_stats(SCARG(uap, cmd), sep, misc, retval); error = copyout(sep, SCARG(uap, arg), len);
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Tue Dec 18 18:36:53 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1665 To generate a diff of this commit: cvs rdiff -u -r1.1.2.29 -r1.1.2.30 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.29 src/doc/CHANGES-7.1.3:1.1.2.30 --- src/doc/CHANGES-7.1.3:1.1.2.29 Fri Dec 14 12:07:22 2018 +++ src/doc/CHANGES-7.1.3 Tue Dec 18 18:36:53 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.29 2018/12/14 12:07:22 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.30 2018/12/18 18:36:53 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -317,3 +317,10 @@ sys/kern/sys_sig.c1.47 Fix kernel info leak, 4 bytes of padding in struct _ksiginfo. [maxv, ticket #1664] +usr.bin/telnet/telnet.c1.37 +usr.bin/telnet/utilities.c 1.24 + + Switch some sprintf to snprintf. + [maya, ticket #1665] + +
CVS commit: [netbsd-7-1] src/usr.bin/telnet
Module Name:src
Committed By: martin
Date: Tue Dec 18 18:36:22 UTC 2018
Modified Files:
src/usr.bin/telnet [netbsd-7-1]: telnet.c utilities.c
Log Message:
Pull up following revision(s) (requested by maya in ticket #1665):
usr.bin/telnet/utilities.c: revision 1.24
usr.bin/telnet/telnet.c: revision 1.37
switch sprintf to snprintf in places.
Reported by hacker fantastic, thanks!
ok xtos.
To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.36.28.1 src/usr.bin/telnet/telnet.c
cvs rdiff -u -r1.23 -r1.23.28.1 src/usr.bin/telnet/utilities.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/telnet/telnet.c
diff -u src/usr.bin/telnet/telnet.c:1.36 src/usr.bin/telnet/telnet.c:1.36.28.1
--- src/usr.bin/telnet/telnet.c:1.36 Tue Jan 10 13:49:32 2012
+++ src/usr.bin/telnet/telnet.c Tue Dec 18 18:36:22 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: telnet.c,v 1.36 2012/01/10 13:49:32 christos Exp $ */
+/* $NetBSD: telnet.c,v 1.36.28.1 2018/12/18 18:36:22 martin Exp $ */
/*
* Copyright (c) 1988, 1990, 1993
@@ -34,7 +34,7 @@
#if 0
static char sccsid[] = "@(#)telnet.c 8.4 (Berkeley) 5/30/95";
#else
-__RCSID("$NetBSD: telnet.c,v 1.36 2012/01/10 13:49:32 christos Exp $");
+__RCSID("$NetBSD: telnet.c,v 1.36.28.1 2018/12/18 18:36:22 martin Exp $");
#endif
#endif /* not lint */
@@ -856,8 +856,8 @@ suboption(void)
name = gettermname();
len = strlen(name) + 4 + 2;
if (len < NETROOM()) {
- sprintf((char *)temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE,
-TELQUAL_IS, name, IAC, SE);
+ snprintf((char *)temp, sizeof(temp), "%c%c%c%c%s%c%c", IAC, SB,
+TELOPT_TTYPE, TELQUAL_IS, name, IAC, SE);
ring_supply_data(&netoring, temp, len);
printsub('>', &temp[2], len-2);
} else {
@@ -878,8 +878,8 @@ suboption(void)
TerminalSpeeds(&isp, &osp);
- sprintf((char *)temp, "%c%c%c%c%ld,%ld%c%c", IAC, SB, TELOPT_TSPEED,
- TELQUAL_IS, osp, isp, IAC, SE);
+ snprintf((char *)temp, sizeof(temp), "%c%c%c%c%ld,%ld%c%c", IAC, SB,
+ TELOPT_TSPEED, TELQUAL_IS, osp, isp, IAC, SE);
len = strlen((char *)temp+4) + 4; /* temp[3] is 0 ... */
if (len < NETROOM()) {
@@ -983,8 +983,8 @@ suboption(void)
send_wont(TELOPT_XDISPLOC, 1);
break;
}
- sprintf((char *)temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC,
- TELQUAL_IS, dp, IAC, SE);
+ snprintf((char *)temp, sizeof(temp), "%c%c%c%c%s%c%c", IAC, SB,
+ TELOPT_XDISPLOC, TELQUAL_IS, dp, IAC, SE);
len = strlen((char *)temp+4) + 4; /* temp[3] is 0 ... */
if (len < NETROOM()) {
Index: src/usr.bin/telnet/utilities.c
diff -u src/usr.bin/telnet/utilities.c:1.23 src/usr.bin/telnet/utilities.c:1.23.28.1
--- src/usr.bin/telnet/utilities.c:1.23 Mon Jan 9 16:08:55 2012
+++ src/usr.bin/telnet/utilities.c Tue Dec 18 18:36:22 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: utilities.c,v 1.23 2012/01/09 16:08:55 christos Exp $ */
+/* $NetBSD: utilities.c,v 1.23.28.1 2018/12/18 18:36:22 martin Exp $ */
/*
* Copyright (c) 1988, 1993
@@ -34,7 +34,7 @@
#if 0
static char sccsid[] = "@(#)utilities.c 8.3 (Berkeley) 5/30/95";
#else
-__RCSID("$NetBSD: utilities.c,v 1.23 2012/01/09 16:08:55 christos Exp $");
+__RCSID("$NetBSD: utilities.c,v 1.23.28.1 2018/12/18 18:36:22 martin Exp $");
#endif
#endif /* not lint */
@@ -633,7 +633,7 @@ printsub(
}
{
char tbuf[64];
- sprintf(tbuf, "%s%s%s%s%s",
+ snprintf(tbuf, sizeof(tbuf), "%s%s%s%s%s",
pointer[2]&MODE_EDIT ? "|EDIT" : "",
pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "",
pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Fri Dec 14 12:07:22 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Annotate ticket #1660 for additional pullups To generate a diff of this commit: cvs rdiff -u -r1.1.2.28 -r1.1.2.29 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.28 src/doc/CHANGES-7.1.3:1.1.2.29 --- src/doc/CHANGES-7.1.3:1.1.2.28 Wed Dec 12 11:37:15 2018 +++ src/doc/CHANGES-7.1.3 Fri Dec 14 12:07:22 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.28 2018/12/12 11:37:15 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.29 2018/12/14 12:07:22 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -296,7 +296,8 @@ libexec/httpd/main.c1.22 Fix -X option parsing and miscelaneous cleanup. [mrg, ticket #1659] -sys/kern/kern_time.c1.192 +sys/compat/linux/common/linux_misc_notalpha.c 1.110 +sys/kern/kern_time.c1.192,1.193 Fix kernel info leak. [maxv, ticket #1660]
CVS commit: [netbsd-7-1] src/sys
Module Name:src
Committed By: martin
Date: Fri Dec 14 12:06:43 UTC 2018
Modified Files:
src/sys/compat/linux/common [netbsd-7-1]: linux_misc_notalpha.c
src/sys/kern [netbsd-7-1]: kern_time.c
Log Message:
Additionally pull up following revision(s) (requested by maxv in ticket #1660):
sys/compat/linux/common/linux_misc_notalpha.c: revision 1.110
sys/kern/kern_time.c: revision 1.193
Improve my kern_time.c::rev1.192, systematically clear the buffers we get
from 'ptimer_pool' to prevent more leaks.
To generate a diff of this commit:
cvs rdiff -u -r1.108.34.1 -r1.108.34.1.6.1 \
src/sys/compat/linux/common/linux_misc_notalpha.c
cvs rdiff -u -r1.179.8.1.4.1 -r1.179.8.1.4.2 src/sys/kern/kern_time.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/compat/linux/common/linux_misc_notalpha.c
diff -u src/sys/compat/linux/common/linux_misc_notalpha.c:1.108.34.1 src/sys/compat/linux/common/linux_misc_notalpha.c:1.108.34.1.6.1
--- src/sys/compat/linux/common/linux_misc_notalpha.c:1.108.34.1 Sat Jan 17 12:10:54 2015
+++ src/sys/compat/linux/common/linux_misc_notalpha.c Fri Dec 14 12:06:43 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_misc_notalpha.c,v 1.108.34.1 2015/01/17 12:10:54 martin Exp $ */
+/* $NetBSD: linux_misc_notalpha.c,v 1.108.34.1.6.1 2018/12/14 12:06:43 martin Exp $ */
/*-
* Copyright (c) 1995, 1998, 2008 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: linux_misc_notalpha.c,v 1.108.34.1 2015/01/17 12:10:54 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_misc_notalpha.c,v 1.108.34.1.6.1 2018/12/14 12:06:43 martin Exp $");
/*
* Note that we must NOT include "opt_compat_linux32.h" here,
@@ -161,6 +161,7 @@ linux_sys_alarm(struct lwp *l, const str
if (spare == NULL) {
mutex_spin_exit(&timer_lock);
spare = pool_get(&ptimer_pool, PR_WAITOK);
+ memset(spare, 0, sizeof(*spare));
goto retry;
}
ptp = spare;
Index: src/sys/kern/kern_time.c
diff -u src/sys/kern/kern_time.c:1.179.8.1.4.1 src/sys/kern/kern_time.c:1.179.8.1.4.2
--- src/sys/kern/kern_time.c:1.179.8.1.4.1 Thu Nov 29 08:59:26 2018
+++ src/sys/kern/kern_time.c Fri Dec 14 12:06:43 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_time.c,v 1.179.8.1.4.1 2018/11/29 08:59:26 martin Exp $ */
+/* $NetBSD: kern_time.c,v 1.179.8.1.4.2 2018/12/14 12:06:43 martin Exp $ */
/*-
* Copyright (c) 2000, 2004, 2005, 2007, 2008, 2009 The NetBSD Foundation, Inc.
@@ -61,7 +61,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: kern_time.c,v 1.179.8.1.4.1 2018/11/29 08:59:26 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_time.c,v 1.179.8.1.4.2 2018/12/14 12:06:43 martin Exp $");
#include
#include
@@ -1126,6 +1126,7 @@ dosetitimer(struct proc *p, int which, s
if (spare == NULL) {
mutex_spin_exit(&timer_lock);
spare = pool_get(&ptimer_pool, PR_WAITOK);
+ memset(spare, 0, sizeof(*spare));
goto retry;
}
pt = spare;
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Wed Dec 12 11:37:15 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1664 To generate a diff of this commit: cvs rdiff -u -r1.1.2.27 -r1.1.2.28 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.27 src/doc/CHANGES-7.1.3:1.1.2.28 --- src/doc/CHANGES-7.1.3:1.1.2.27 Tue Dec 4 19:17:46 2018 +++ src/doc/CHANGES-7.1.3 Wed Dec 12 11:37:15 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.27 2018/12/04 19:17:46 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.28 2018/12/12 11:37:15 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -311,3 +311,8 @@ sys/arch/amd64/amd64/machdep.c 1.321 Fix stack info leak. [maxv, ticket #1662] +sys/kern/sys_sig.c1.47 + + Fix kernel info leak, 4 bytes of padding in struct _ksiginfo. + [maxv, ticket #1664] +
CVS commit: [netbsd-7-1] src/sys/kern
Module Name:src Committed By: martin Date: Wed Dec 12 11:36:47 UTC 2018 Modified Files: src/sys/kern [netbsd-7-1]: sys_sig.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1664): sys/kern/sys_sig.c: revision 1.47 Fix kernel info leak, 4 bytes of padding in struct _ksiginfo. Maybe we should just set _pad to zero on LP64? + Possible info leak: [len=40, leaked=4] | #0 0x80baf397 in kleak_copyout | #1 0x80bda817 in sigtimedwait1 | #2 0x80bdab95 in sys_sigtimedwait50 | #3 0x80259c42 in syscall To generate a diff of this commit: cvs rdiff -u -r1.42 -r1.42.10.1 src/sys/kern/sys_sig.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/sys_sig.c diff -u src/sys/kern/sys_sig.c:1.42 src/sys/kern/sys_sig.c:1.42.10.1 --- src/sys/kern/sys_sig.c:1.42 Fri Feb 14 16:35:11 2014 +++ src/sys/kern/sys_sig.c Wed Dec 12 11:36:46 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: sys_sig.c,v 1.42 2014/02/14 16:35:11 christos Exp $ */ +/* $NetBSD: sys_sig.c,v 1.42.10.1 2018/12/12 11:36:46 martin Exp $ */ /*- * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -66,7 +66,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: sys_sig.c,v 1.42 2014/02/14 16:35:11 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: sys_sig.c,v 1.42.10.1 2018/12/12 11:36:46 martin Exp $"); #include #include @@ -759,6 +759,8 @@ sigtimedwait1(struct lwp *l, const struc */ sigminusset(&sigcantmask, &l->l_sigwaitset); + memset(&ksi.ksi_info, 0, sizeof(ksi.ksi_info)); + mutex_enter(p->p_lock); /* Check for pending signals in the process, if no - then in LWP. */
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Tue Dec 4 19:17:46 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1662 To generate a diff of this commit: cvs rdiff -u -r1.1.2.26 -r1.1.2.27 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.26 src/doc/CHANGES-7.1.3:1.1.2.27 --- src/doc/CHANGES-7.1.3:1.1.2.26 Fri Nov 30 10:39:48 2018 +++ src/doc/CHANGES-7.1.3 Tue Dec 4 19:17:46 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.26 2018/11/30 10:39:48 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.27 2018/12/04 19:17:46 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -306,3 +306,8 @@ sys/kern/kern_sig.c1.350 Fix kernel info leak. [maxv, ticket #1661] +sys/arch/amd64/amd64/machdep.c 1.321 + + Fix stack info leak. + [maxv, ticket #1662] +
CVS commit: [netbsd-7-1] src/sys/arch/amd64/amd64
Module Name:src Committed By: martin Date: Tue Dec 4 19:17:24 UTC 2018 Modified Files: src/sys/arch/amd64/amd64 [netbsd-7-1]: machdep.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1662): sys/arch/amd64/amd64/machdep.c: revision 1.321 Fix stack info leak. There is a big padding in struct sigframe_siginfo. [ 224.006287] kleak: Possible leak in copyout: [len=920, leaked=92] [ 224.016977] #0 0x80224d0a in kleak_note [ 224.026268] #1 0x80224d8a in kleak_copyout [ 224.026268] #2 0x802224b5 in sendsig_siginfo [ 224.036261] #3 0x80b51564 in sendsig [ 224.046475] #4 0x80b51282 in postsig [ 224.046475] #5 0x80b2fc5d in lwp_userret [ 224.056273] #6 0x8025a951 in mi_userret [ 224.066277] #7 0x8025ab89 in syscall To generate a diff of this commit: cvs rdiff -u -r1.211.10.2 -r1.211.10.3 src/sys/arch/amd64/amd64/machdep.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/amd64/machdep.c diff -u src/sys/arch/amd64/amd64/machdep.c:1.211.10.2 src/sys/arch/amd64/amd64/machdep.c:1.211.10.3 --- src/sys/arch/amd64/amd64/machdep.c:1.211.10.2 Mon Jan 22 19:40:58 2018 +++ src/sys/arch/amd64/amd64/machdep.c Tue Dec 4 19:17:24 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: machdep.c,v 1.211.10.2 2018/01/22 19:40:58 snj Exp $ */ +/* $NetBSD: machdep.c,v 1.211.10.3 2018/12/04 19:17:24 martin Exp $ */ /*- * Copyright (c) 1996, 1997, 1998, 2000, 2006, 2007, 2008, 2011 @@ -111,7 +111,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.211.10.2 2018/01/22 19:40:58 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.211.10.3 2018/12/04 19:17:24 martin Exp $"); /* #define XENDEBUG_LOW */ @@ -570,6 +570,7 @@ sendsig_siginfo(const ksiginfo_t *ksi, c /* Round down the stackpointer to a multiple of 16 for the ABI. */ fp = (struct sigframe_siginfo *)(((unsigned long)sp & ~15) - 8); + memset(&frame, 0, sizeof(frame)); frame.sf_ra = (uint64_t)ps->sa_sigdesc[sig].sd_tramp; frame.sf_si._info = ksi->ksi_info; frame.sf_uc.uc_flags = _UC_SIGMASK; @@ -577,7 +578,6 @@ sendsig_siginfo(const ksiginfo_t *ksi, c frame.sf_uc.uc_link = l->l_ctxlink; frame.sf_uc.uc_flags |= (l->l_sigstk.ss_flags & SS_ONSTACK) ? _UC_SETSTACK : _UC_CLRSTACK; - memset(&frame.sf_uc.uc_stack, 0, sizeof(frame.sf_uc.uc_stack)); sendsig_reset(l, sig); mutex_exit(p->p_lock);
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Fri Nov 30 10:39:48 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1661 To generate a diff of this commit: cvs rdiff -u -r1.1.2.25 -r1.1.2.26 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.25 src/doc/CHANGES-7.1.3:1.1.2.26 --- src/doc/CHANGES-7.1.3:1.1.2.25 Thu Nov 29 08:59:49 2018 +++ src/doc/CHANGES-7.1.3 Fri Nov 30 10:39:48 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.25 2018/11/29 08:59:49 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.26 2018/11/30 10:39:48 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -301,3 +301,8 @@ sys/kern/kern_time.c1.192 Fix kernel info leak. [maxv, ticket #1660] +sys/kern/kern_sig.c1.350 + + Fix kernel info leak. + [maxv, ticket #1661] +
CVS commit: [netbsd-7-1] src/sys/kern
Module Name:src
Committed By: martin
Date: Fri Nov 30 10:39:14 UTC 2018
Modified Files:
src/sys/kern [netbsd-7-1]: kern_sig.c
Log Message:
Pull up following revision(s) (requested by maxv in ticket #1661):
sys/kern/kern_sig.c: revision 1.350
Fix kernel info leak, 4 bytes of padding at the end of struct sigaction.
+ Possible info leak: [len=32, leaked=4]
| #0 0x80baf327 in kleak_copyout
| #1 0x80bd9ca8 in sys___sigaction_sigtramp
| #2 0x80259c42 in syscall
To generate a diff of this commit:
cvs rdiff -u -r1.319.4.1 -r1.319.4.1.4.1 src/sys/kern/kern_sig.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_sig.c
diff -u src/sys/kern/kern_sig.c:1.319.4.1 src/sys/kern/kern_sig.c:1.319.4.1.4.1
--- src/sys/kern/kern_sig.c:1.319.4.1 Thu Nov 5 09:21:30 2015
+++ src/sys/kern/kern_sig.c Fri Nov 30 10:39:14 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_sig.c,v 1.319.4.1 2015/11/05 09:21:30 snj Exp $ */
+/* $NetBSD: kern_sig.c,v 1.319.4.1.4.1 2018/11/30 10:39:14 martin Exp $ */
/*-
* Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -70,7 +70,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: kern_sig.c,v 1.319.4.1 2015/11/05 09:21:30 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_sig.c,v 1.319.4.1.4.1 2018/11/30 10:39:14 martin Exp $");
#include "opt_ptrace.h"
#include "opt_compat_sunos.h"
@@ -191,6 +191,13 @@ signal_listener_cb(kauth_cred_t cred, ka
return result;
}
+static int
+sigacts_ctor(void *arg __unused, void *obj, int flags __unused)
+{
+ memset(obj, 0, sizeof(struct sigacts));
+ return 0;
+}
+
/*
* signal_init:
*
@@ -204,7 +211,7 @@ signal_init(void)
sigacts_cache = pool_cache_init(sizeof(struct sigacts), 0, 0, 0,
"sigacts", sizeof(struct sigacts) > PAGE_SIZE ?
- &sigactspool_allocator : NULL, IPL_NONE, NULL, NULL, NULL);
+ &sigactspool_allocator : NULL, IPL_NONE, sigacts_ctor, NULL, NULL);
ksiginfo_cache = pool_cache_init(sizeof(ksiginfo_t), 0, 0, 0,
"ksiginfo", NULL, IPL_VM, NULL, NULL, NULL);
CVS commit: [netbsd-7-1] src/sys/kern
Module Name:src
Committed By: martin
Date: Thu Nov 29 08:59:26 UTC 2018
Modified Files:
src/sys/kern [netbsd-7-1]: kern_time.c
Log Message:
Pull up following revision(s) (requested by maxv in ticket #1660):
sys/kern/kern_time.c: revision 1.192
Fix kernel info leak.
+ Possible info leak: [len=32, leaked=16]
| #0 0x80baf3a7 in kleak_copyout
| #1 0x80b940f8 in sys___timer_settime50
| #2 0x80259c42 in syscall
To generate a diff of this commit:
cvs rdiff -u -r1.179.8.1 -r1.179.8.1.4.1 src/sys/kern/kern_time.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_time.c
diff -u src/sys/kern/kern_time.c:1.179.8.1 src/sys/kern/kern_time.c:1.179.8.1.4.1
--- src/sys/kern/kern_time.c:1.179.8.1 Thu Mar 3 15:42:26 2016
+++ src/sys/kern/kern_time.c Thu Nov 29 08:59:26 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_time.c,v 1.179.8.1 2016/03/03 15:42:26 martin Exp $ */
+/* $NetBSD: kern_time.c,v 1.179.8.1.4.1 2018/11/29 08:59:26 martin Exp $ */
/*-
* Copyright (c) 2000, 2004, 2005, 2007, 2008, 2009 The NetBSD Foundation, Inc.
@@ -61,7 +61,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: kern_time.c,v 1.179.8.1 2016/03/03 15:42:26 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_time.c,v 1.179.8.1.4.1 2018/11/29 08:59:26 martin Exp $");
#include
#include
@@ -566,6 +566,7 @@ timer_create1(timer_t *tid, clockid_t id
pts = timers_alloc(p);
pt = pool_get(&ptimer_pool, PR_WAITOK);
+ memset(pt, 0, sizeof(*pt));
if (evp != NULL) {
if (((error =
(*fetch_event)(evp, &pt->pt_ev, sizeof(pt->pt_ev))) != 0) ||
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Thu Nov 29 08:59:49 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1660 To generate a diff of this commit: cvs rdiff -u -r1.1.2.24 -r1.1.2.25 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.24 src/doc/CHANGES-7.1.3:1.1.2.25 --- src/doc/CHANGES-7.1.3:1.1.2.24 Wed Nov 28 19:56:34 2018 +++ src/doc/CHANGES-7.1.3 Thu Nov 29 08:59:49 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.24 2018/11/28 19:56:34 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.25 2018/11/29 08:59:49 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -296,3 +296,8 @@ libexec/httpd/main.c1.22 Fix -X option parsing and miscelaneous cleanup. [mrg, ticket #1659] +sys/kern/kern_time.c1.192 + + Fix kernel info leak. + [maxv, ticket #1660] +
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Wed Nov 28 19:56:34 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1659 To generate a diff of this commit: cvs rdiff -u -r1.1.2.23 -r1.1.2.24 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.23 src/doc/CHANGES-7.1.3:1.1.2.24 --- src/doc/CHANGES-7.1.3:1.1.2.23 Wed Nov 28 19:39:31 2018 +++ src/doc/CHANGES-7.1.3 Wed Nov 28 19:56:34 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.23 2018/11/28 19:39:31 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.24 2018/11/28 19:56:34 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -287,3 +287,12 @@ sys/kern/kern_exec.c1.462 Fix stack info leak. [maxv, ticket #1658] +libexec/httpd/CHANGES1.29,1.30 +libexec/httpd/bozohttpd.c 1.97-1.99 +libexec/httpd/bozohttpd.h 1.57 +libexec/httpd/cgi-bozo.c 1.45 +libexec/httpd/main.c1.22 + + Fix -X option parsing and miscelaneous cleanup. + [mrg, ticket #1659] +
CVS commit: [netbsd-7-1] src/libexec/httpd
Module Name:src
Committed By: martin
Date: Wed Nov 28 19:56:09 UTC 2018
Modified Files:
src/libexec/httpd [netbsd-7-1]: CHANGES bozohttpd.c bozohttpd.h
cgi-bozo.c main.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1659):
libexec/httpd/main.c: revision 1.22
libexec/httpd/CHANGES: revision 1.29
libexec/httpd/cgi-bozo.c: revision 1.45
libexec/httpd/bozohttpd.h: revision 1.57
libexec/httpd/CHANGES: revision 1.30
libexec/httpd/bozohttpd.c: revision 1.97
libexec/httpd/bozohttpd.c: revision 1.98
libexec/httpd/bozohttpd.c: revision 1.99
one semicolon is usually enough.
-
appease lint
- add FALLTHROUGH comment
- one return is usually enough.
-
avoid c99ism.
-
fix -X option parsing. noted by Rajeev V. Pillai.
-
add option fixes here.
-
normalise some messages.
To generate a diff of this commit:
cvs rdiff -u -r1.19.2.5.2.1 -r1.19.2.5.2.2 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.56.2.8.2.1 -r1.56.2.8.2.2 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.33.2.6.2.1 -r1.33.2.6.2.2 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.25.2.7.2.2 -r1.25.2.7.2.3 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.8.2.2.2.1 -r1.8.2.2.2.2 src/libexec/httpd/main.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.19.2.5.2.1 src/libexec/httpd/CHANGES:1.19.2.5.2.2
--- src/libexec/httpd/CHANGES:1.19.2.5.2.1 Sat Nov 24 17:23:20 2018
+++ src/libexec/httpd/CHANGES Wed Nov 28 19:56:09 2018
@@ -1,4 +1,7 @@
-$NetBSD: CHANGES,v 1.19.2.5.2.1 2018/11/24 17:23:20 martin Exp $
+$NetBSD: CHANGES,v 1.19.2.5.2.2 2018/11/28 19:56:09 martin Exp $
+
+changes in bozohttpd 20181125:
+ o fixes for option parsing introduced in bozohttpd 20181123
changes in bozohttpd 20181121:
o add url remap support via .bzremap file, from mar...@netbsd.org
@@ -9,7 +12,7 @@ changes in bozohttpd 20181121:
initial line, each header, and the total time spent
o add -T option to expose new timeout settings
o minor RFC fixes related to timeout handling
- o fix special file (.htpasswd, .bz*) bypass. reported by JP.
+ o fix special file (.htpasswd, .bz*) bypass. reported by JP
changes in bozohttpd 20170201:
o fix an infinite loop in cgi processing
@@ -94,7 +97,7 @@ changes in bozohttpd 20100617:
changes in bozohttpd 20100509:
o major rework and clean up of internal interfaces. move the main
- program into main.c, the remaining parts are useable as library.
+ program into main.c, the remaining parts are useable as library
add bindings for lua. by Alistair G. Crooks
o fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566325
Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.56.2.8.2.1 src/libexec/httpd/bozohttpd.c:1.56.2.8.2.2
--- src/libexec/httpd/bozohttpd.c:1.56.2.8.2.1 Sat Nov 24 17:23:20 2018
+++ src/libexec/httpd/bozohttpd.c Wed Nov 28 19:56:09 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: bozohttpd.c,v 1.56.2.8.2.1 2018/11/24 17:23:20 martin Exp $ */
+/* $NetBSD: bozohttpd.c,v 1.56.2.8.2.2 2018/11/28 19:56:09 martin Exp $ */
/* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */
@@ -109,7 +109,7 @@
#define INDEX_HTML "index.html"
#endif
#ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE "bozohttpd/20181124"
+#define SERVER_SOFTWARE "bozohttpd/20181125"
#endif
#ifndef PUBLIC_HTML
#define PUBLIC_HTML "public_html"
@@ -1018,6 +1018,7 @@ bozo_escape_rfc3986(bozohttpd_t *httpd,
case '"':
if (absolute)
goto leave_it;
+ /*FALLTHROUGH*/
case '\n':
case '\r':
case ' ':
@@ -1026,8 +1027,8 @@ bozo_escape_rfc3986(bozohttpd_t *httpd,
d += 3;
len += 3;
break;
- leave_it:
default:
+ leave_it:
*d++ = *s++;
len++;
break;
@@ -1477,7 +1478,6 @@ check_bzredirect(bozo_httpreq_t *request
REDIRECT_FILE) >= sizeof(redir)) {
return bozo_http_error(httpd, 404, request,
"redirectfile path too long");
- return -1;
}
if (lstat(redir, &sb) == 0) {
if (!S_ISLNK(sb.st_mode))
@@ -1924,8 +1924,9 @@ int
bozo_check_special_files(bozo_httpreq_t *request, const char *name)
{
bozohttpd_t *httpd = request->hr_httpd;
+ size_t i;
- for (size_t i = 0; specials[i].file; i++)
+ for (i = 0; specials[i].file; i++)
if (strcmp(name, specials[i].file) == 0)
return bozo_http_error(httpd, 403, request,
specials[i].name);
Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.33.2.6.2.1 src/libexec/httpd/bozohttpd.h:1.33.2.6.2.2
--- src/libexec/httpd/bozohttpd.h:1.33.2.6.2.1 Sat Nov 24 17:23:20 2018
+++ src/libexec/httpd/bozohttpd.h Wed Nov 28 19:56:09 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: bozohttpd.h,v 1.33.2.6.2.1 2018/11/24 17:23:20 martin Exp $ */
+/* $NetBSD: bozohttpd.h,v 1.33.2.6.2.2 2018/11/28 19:56:09 martin Exp $ *
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Wed Nov 28 19:39:31 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1658 To generate a diff of this commit: cvs rdiff -u -r1.1.2.22 -r1.1.2.23 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.22 src/doc/CHANGES-7.1.3:1.1.2.23 --- src/doc/CHANGES-7.1.3:1.1.2.22 Wed Nov 28 16:31:54 2018 +++ src/doc/CHANGES-7.1.3 Wed Nov 28 19:39:31 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.22 2018/11/28 16:31:54 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.23 2018/11/28 19:39:31 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -282,3 +282,8 @@ sys/net/rtsock.c1.244 (adapted) Fix kernel info leak (2 bytes of padding in struct if_msghdr) [maxv, ticket #1657] +sys/kern/kern_exec.c1.462 + + Fix stack info leak. + [maxv, ticket #1658] +
CVS commit: [netbsd-7-1] src/sys/kern
Module Name:src Committed By: martin Date: Wed Nov 28 19:38:48 UTC 2018 Modified Files: src/sys/kern [netbsd-7-1]: kern_exec.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1658): sys/kern/kern_exec.c: revision 1.462 Fix stack info leak. There are 2x4 bytes of padding in struct ps_strings. [ 223.896199] kleak: Possible leak in copyout: [len=32, leaked=8] [ 223.906430] #0 0x80224d0a in kleak_note [ 223.906430] #1 0x80224d8a in kleak_copyout [ 223.918363] #2 0x80b1e26c in copyoutpsstrs [ 223.926560] #3 0x80b1e331 in copyoutargs [ 223.936216] #4 0x80b21768 in execve_runproc [ 223.946225] #5 0x80b21cc9 in execve1 [ 223.946225] #6 0x8025a89c in sy_call [ 223.956225] #7 0x8025aace in sy_invoke [ 223.966232] #8 0x8025ab54 in syscall To generate a diff of this commit: cvs rdiff -u -r1.408.2.4.4.1 -r1.408.2.4.4.2 src/sys/kern/kern_exec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_exec.c diff -u src/sys/kern/kern_exec.c:1.408.2.4.4.1 src/sys/kern/kern_exec.c:1.408.2.4.4.2 --- src/sys/kern/kern_exec.c:1.408.2.4.4.1 Sun Feb 25 21:15:39 2018 +++ src/sys/kern/kern_exec.c Wed Nov 28 19:38:48 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_exec.c,v 1.408.2.4.4.1 2018/02/25 21:15:39 snj Exp $ */ +/* $NetBSD: kern_exec.c,v 1.408.2.4.4.2 2018/11/28 19:38:48 martin Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. @@ -59,7 +59,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.408.2.4.4.1 2018/02/25 21:15:39 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.408.2.4.4.2 2018/11/28 19:38:48 martin Exp $"); #include "opt_exec.h" #include "opt_execfmt.h" @@ -1391,6 +1391,8 @@ copyoutargs(struct execve_data * restric struct proc *p = l->l_proc; int error; + memset(&data->ed_arginfo, 0, sizeof(data->ed_arginfo)); + /* remember information about the process */ data->ed_arginfo.ps_nargvstr = data->ed_argc; data->ed_arginfo.ps_nenvstr = data->ed_envc;
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Wed Nov 28 16:31:54 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1657 To generate a diff of this commit: cvs rdiff -u -r1.1.2.21 -r1.1.2.22 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.21 src/doc/CHANGES-7.1.3:1.1.2.22 --- src/doc/CHANGES-7.1.3:1.1.2.21 Sat Nov 24 17:25:01 2018 +++ src/doc/CHANGES-7.1.3 Wed Nov 28 16:31:54 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.21 2018/11/24 17:25:01 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.22 2018/11/28 16:31:54 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -277,3 +277,8 @@ libexec/httpd/testsuite/test-simple Fix access checks for special files. [mrg, ticket #1655] +sys/net/rtsock.c1.244 (adapted) + + Fix kernel info leak (2 bytes of padding in struct if_msghdr) + [maxv, ticket #1657] +
CVS commit: [netbsd-7-1] src/sys/net
Module Name:src
Committed By: martin
Date: Wed Nov 28 16:30:57 UTC 2018
Modified Files:
src/sys/net [netbsd-7-1]: rtsock.c
Log Message:
Pull up following revision(s) (requested by maxv in ticket #1657):
sys/net/rtsock.c: revision 1.244 (adapted)
Fix kernel info leak. There are 2 bytes of padding in struct if_msghdr.
[ 944.607323] kleak: Possible leak in copyout: [len=176, leaked=2]
[ 944.617335] #0 0x80b7c44a in kleak_note
[ 944.627332] #1 0x80b7c4ca in kleak_copyout
[ 944.627332] #2 0x80c91698 in sysctl_iflist_if
[ 944.637336] #3 0x80c91d3c in sysctl_iflist
[ 944.647343] #4 0x80c93855 in sysctl_rtable
[ 944.647343] #5 0x80b5b328 in sysctl_dispatch
[ 944.657346] #6 0x80b5b62e in sys___sysctl
[ 944.667354] #7 0x8025ab3c in sy_call
[ 944.667354] #8 0x8025ad6e in sy_invoke
[ 944.677365] #9 0x8025adf4 in syscall
To generate a diff of this commit:
cvs rdiff -u -r1.163 -r1.163.8.1 src/sys/net/rtsock.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/rtsock.c
diff -u src/sys/net/rtsock.c:1.163 src/sys/net/rtsock.c:1.163.8.1
--- src/sys/net/rtsock.c:1.163 Sat Aug 9 05:33:01 2014
+++ src/sys/net/rtsock.c Wed Nov 28 16:30:57 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: rtsock.c,v 1.163 2014/08/09 05:33:01 rtr Exp $ */
+/* $NetBSD: rtsock.c,v 1.163.8.1 2018/11/28 16:30:57 martin Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.163 2014/08/09 05:33:01 rtr Exp $");
+__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.163.8.1 2018/11/28 16:30:57 martin Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -968,7 +968,7 @@ again:
if (rw->w_tmemsize < len) {
if (rw->w_tmem)
free(rw->w_tmem, M_RTABLE);
-rw->w_tmem = malloc(len, M_RTABLE, M_NOWAIT);
+rw->w_tmem = malloc(len, M_RTABLE, M_NOWAIT|M_ZERO);
if (rw->w_tmem)
rw->w_tmemsize = len;
else
@@ -1398,7 +1398,7 @@ sysctl_rtable(SYSCTLFN_ARGS)
again:
/* we may return here if a later [re]alloc of the t_mem buffer fails */
if (w.w_tmemneeded) {
- w.w_tmem = malloc(w.w_tmemneeded, M_RTABLE, M_WAITOK);
+ w.w_tmem = malloc(w.w_tmemneeded, M_RTABLE, M_WAITOK|M_ZERO);
w.w_tmemsize = w.w_tmemneeded;
w.w_tmemneeded = 0;
}
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Sat Nov 24 17:25:01 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1655 To generate a diff of this commit: cvs rdiff -u -r1.1.2.20 -r1.1.2.21 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.20 src/doc/CHANGES-7.1.3:1.1.2.21 --- src/doc/CHANGES-7.1.3:1.1.2.20 Wed Nov 21 12:13:46 2018 +++ src/doc/CHANGES-7.1.3 Sat Nov 24 17:25:01 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.20 2018/11/21 12:13:46 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.21 2018/11/24 17:25:01 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -232,3 +232,48 @@ sys/kern/kern_event.c1.104 Fix kernel info leak. [maxv, ticket #1653] +libexec/httpd/testsuite/data/.bzremap up to 1.1 +libexec/httpd/testsuite/t12.out up to 1.1 +libexec/httpd/testsuite/t12.in up to 1.1 +libexec/httpd/testsuite/t13.out up to 1.1 +libexec/httpd/testsuite/t13.in up to 1.1 +libexec/httpd/testsuite/t14.out up to 1.1 +libexec/httpd/testsuite/t14.in up to 1.1 +libexec/httpd/testsuite/t15.out up to 1.1 +libexec/httpd/testsuite/t15.in up to 1.1 +libexec/httpd/CHANGES up to 1.28 +libexec/httpd/Makefile up to 1.27 +libexec/httpd/auth-bozo.c up to 1.22 +libexec/httpd/bozohttpd.8 up to 1.74 +libexec/httpd/bozohttpd.c up to 1.96 +libexec/httpd/bozohttpd.h up to 1.56 +libexec/httpd/cgi-bozo.cup to 1.44 +libexec/httpd/content-bozo.cup to 1.16 +libexec/httpd/daemon-bozo.c up to 1.19 +libexec/httpd/dir-index-bozo.c up to 1.28 +libexec/httpd/lua-bozo.cup to 1.15 +libexec/httpd/main.cup to 1.21 +libexec/httpd/ssl-bozo.cup to 1.25 +libexec/httpd/tilde-luzah-bozo.cup to 1.16 +libexec/httpd/libbozohttpd/Makefile up to 1.3 +libexec/httpd/lua/bozo.lua up to 1.3 +libexec/httpd/lua/glue.cup to 1.5 +libexec/httpd/lua/optparse.lua up to 1.2 +libexec/httpd/testsuite/Makefileup to 1.11 +libexec/httpd/testsuite/html_cmpup to 1.6 +libexec/httpd/testsuite/t3.out up to 1.4 +libexec/httpd/testsuite/t5.out up to 1.4 +libexec/httpd/testsuite/t6.out up to 1.4 +libexec/httpd/testsuite/test-bigfileup to 1.5 +libexec/httpd/testsuite/test-simple up to 1.5 + + Sync with HEAD as of 2018-11-24. Includes various changes: + Cosmetic changes to Lua binding in bozohttpd. + Fix -C scripts execution and document restrictions. + Add support for remapping requested paths via a .bzredirect file. + Handle redirections for any protocol, not just http:. + Fix a denial of service attack against header contents, which + is now bounded at 16KiB. + Fix access checks for special files. + [mrg, ticket #1655] +
CVS commit: [netbsd-7-1] src/libexec/httpd
Module Name:src Committed By: martin Date: Sat Nov 24 17:23:21 UTC 2018 Modified Files: src/libexec/httpd [netbsd-7-1]: CHANGES Makefile auth-bozo.c bozohttpd.8 bozohttpd.c bozohttpd.h cgi-bozo.c content-bozo.c daemon-bozo.c dir-index-bozo.c lua-bozo.c main.c ssl-bozo.c tilde-luzah-bozo.c src/libexec/httpd/libbozohttpd [netbsd-7-1]: Makefile src/libexec/httpd/lua [netbsd-7-1]: bozo.lua glue.c optparse.lua src/libexec/httpd/testsuite [netbsd-7-1]: Makefile html_cmp t3.out t5.out t6.out test-bigfile test-simple Added Files: src/libexec/httpd/testsuite [netbsd-7-1]: t12.in t12.out t13.in t13.out t14.in t14.out t15.in t15.out src/libexec/httpd/testsuite/data [netbsd-7-1]: .bzremap Log Message: Sync to HEAD (requested by mrg in ticket #1655): libexec/httpd/testsuite/data/.bzremap up to 1.1 libexec/httpd/testsuite/t12.out up to 1.1 libexec/httpd/testsuite/t12.in up to 1.1 libexec/httpd/testsuite/t13.out up to 1.1 libexec/httpd/testsuite/t13.in up to 1.1 libexec/httpd/testsuite/t14.out up to 1.1 libexec/httpd/testsuite/t14.in up to 1.1 libexec/httpd/testsuite/t15.out up to 1.1 libexec/httpd/testsuite/t15.in up to 1.1 libexec/httpd/CHANGES up to 1.28 libexec/httpd/Makefile up to 1.27 libexec/httpd/auth-bozo.c up to 1.22 libexec/httpd/bozohttpd.8 up to 1.74 libexec/httpd/bozohttpd.c up to 1.96 libexec/httpd/bozohttpd.h up to 1.56 libexec/httpd/cgi-bozo.cup to 1.44 libexec/httpd/content-bozo.cup to 1.16 libexec/httpd/daemon-bozo.c up to 1.19 libexec/httpd/dir-index-bozo.c up to 1.28 libexec/httpd/lua-bozo.cup to 1.15 libexec/httpd/main.cup to 1.21 libexec/httpd/ssl-bozo.cup to 1.25 libexec/httpd/tilde-luzah-bozo.cup to 1.16 libexec/httpd/libbozohttpd/Makefile up to 1.3 libexec/httpd/lua/bozo.lua up to 1.3 libexec/httpd/lua/glue.cup to 1.5 libexec/httpd/lua/optparse.lua up to 1.2 libexec/httpd/testsuite/Makefileup to 1.11 libexec/httpd/testsuite/html_cmpup to 1.6 libexec/httpd/testsuite/t3.out up to 1.4 libexec/httpd/testsuite/t5.out up to 1.4 libexec/httpd/testsuite/t6.out up to 1.4 libexec/httpd/testsuite/test-bigfileup to 1.5 libexec/httpd/testsuite/test-simple up to 1.5 Cosmetic changes to Lua binding in bozohttpd. - Don't use negative indicies to read arguments of Lua functions. - On error, return nil, "error string". - Use ssize_t for return values from bozo_read() and bozo_write(). - Prefer lstring especially when if saves you from appending NUL and doing len + 1 which can potentially wraparound. - Don't mix C allocations with Lua functions marked with "m" in the Lua manual. Those functions may throw (longjump) and leak data allocated by C function. In one case, I use luaL_Buffer, in the other case, I rearranged calls a bit. fix ordering of a couple of words. from Edgar Pettijohn in PR#52375. thanks! s/u_int/unsigned/. from Jan Danielsson. increases/fixes portability. PR bin/52194: bozohttpd fails to exec scripts via the -C mechanism sometimes with EFAULT due to not NULL terminated environment. Document script handler issues with httpd(8). >From martin@, addressing PR 52194. While here, use American spelling consistently and upper-case some abbreviations. Bump date. fix output since protocol agnostic change went in. XXX: i thought someone hooked this into atf already, please do :) Add support for remapping requested paths via a .bzredirect file. Fixes PR 52772. Ok: mrg@ Bump date Remove trailing whitespace. use __func__ in debug(). fix a denial of service attack against header contents, which is now bounded at 16KiB. reported by JP. avoid memory leak in sending multiple auth headers. mostly mitigated by previous patch to limit total header size, but still a real problem here. note the changes present in bozohttpd 20181118: o add url remap support via .bzremap file, from martin%netbsd.org@localhost o handle redirections for any protocol, not just http: o fix a denial of service attack against header contents, which is now bounded at 16KiB. reported by JP. from
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Wed Nov 21 12:13:46 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Tickets #1652 and #1653 To generate a diff of this commit: cvs rdiff -u -r1.1.2.19 -r1.1.2.20 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.19 src/doc/CHANGES-7.1.3:1.1.2.20 --- src/doc/CHANGES-7.1.3:1.1.2.19 Tue Oct 30 19:32:07 2018 +++ src/doc/CHANGES-7.1.3 Wed Nov 21 12:13:46 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.19 2018/10/30 19:32:07 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.20 2018/11/21 12:13:46 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -222,3 +222,13 @@ doc/3RDPARTY (apply patch) Updated tzdata to 2018g. [kre, ticket #1644] +sys/compat/netbsd32/netbsd32_socket.c 1.48 (patch) + + Fix a buffer overflow. + [maxv, ticket #1652] + +sys/kern/kern_event.c1.104 + + Fix kernel info leak. + [maxv, ticket #1653] +
CVS commit: [netbsd-7-1] src/sys/kern
Module Name:src Committed By: martin Date: Wed Nov 21 12:13:08 UTC 2018 Modified Files: src/sys/kern [netbsd-7-1]: kern_event.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1653): sys/kern/kern_event.c: revision 1.104 Fix kernel info leak. There are 4 bytes of padding in struct kevent. [ 287.537676] kleak: Possible leak in copyout: [len=40, leaked=4] [ 287.537676] #0 0x80b7c41a in kleak_note [ 287.547673] #1 0x80b7c49a in kleak_copyout [ 287.557677] #2 0x80b1d32d in kqueue_scan.isra.1.constprop.2 [ 287.557677] #3 0x80b1dc6a in kevent1 [ 287.567683] #4 0x80b1dcb0 in sys___kevent50 [ 287.567683] #5 0x8025ab3c in sy_call [ 287.577688] #6 0x8025ad6e in sy_invoke [ 287.587693] #7 0x8025adf4 in syscall To generate a diff of this commit: cvs rdiff -u -r1.80.2.1.6.1 -r1.80.2.1.6.2 src/sys/kern/kern_event.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_event.c diff -u src/sys/kern/kern_event.c:1.80.2.1.6.1 src/sys/kern/kern_event.c:1.80.2.1.6.2 --- src/sys/kern/kern_event.c:1.80.2.1.6.1 Sat Jul 8 16:52:27 2017 +++ src/sys/kern/kern_event.c Wed Nov 21 12:13:08 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_event.c,v 1.80.2.1.6.1 2017/07/08 16:52:27 snj Exp $ */ +/* $NetBSD: kern_event.c,v 1.80.2.1.6.2 2018/11/21 12:13:08 martin Exp $ */ /*- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. @@ -58,7 +58,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_event.c,v 1.80.2.1.6.1 2017/07/08 16:52:27 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_event.c,v 1.80.2.1.6.2 2018/11/21 12:13:08 martin Exp $"); #include #include @@ -584,6 +584,7 @@ filt_proc(struct knote *kn, long hint) * event with the parent's pid. Register knote with new * process. */ + memset(&kev, 0, sizeof(kev)); kev.ident = hint & NOTE_PDATAMASK; /* pid */ kev.filter = kn->kn_filter; kev.flags = kn->kn_flags | EV_ADD | EV_ENABLE | EV_FLAG1;
CVS commit: [netbsd-7-1] src/sys/compat/netbsd32
Module Name:src
Committed By: martin
Date: Wed Nov 21 12:09:54 UTC 2018
Modified Files:
src/sys/compat/netbsd32 [netbsd-7-1]: netbsd32_socket.c
Log Message:
Pull up following revision(s) (requested by maxv in ticket #1652):
sys/compat/netbsd32/netbsd32_socket.c: revision 1.48 (via patch)
Fix inverted logic, which leads to buffer overflow. Detected by kASan.
To generate a diff of this commit:
cvs rdiff -u -r1.41.14.1 -r1.41.14.1.6.1 \
src/sys/compat/netbsd32/netbsd32_socket.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/compat/netbsd32/netbsd32_socket.c
diff -u src/sys/compat/netbsd32/netbsd32_socket.c:1.41.14.1 src/sys/compat/netbsd32/netbsd32_socket.c:1.41.14.1.6.1
--- src/sys/compat/netbsd32/netbsd32_socket.c:1.41.14.1 Sat Aug 8 15:41:54 2015
+++ src/sys/compat/netbsd32/netbsd32_socket.c Wed Nov 21 12:09:54 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: netbsd32_socket.c,v 1.41.14.1 2015/08/08 15:41:54 martin Exp $ */
+/* $NetBSD: netbsd32_socket.c,v 1.41.14.1.6.1 2018/11/21 12:09:54 martin Exp $ */
/*
* Copyright (c) 1998, 2001 Matthew R. Green
@@ -27,7 +27,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: netbsd32_socket.c,v 1.41.14.1 2015/08/08 15:41:54 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: netbsd32_socket.c,v 1.41.14.1.6.1 2018/11/21 12:09:54 martin Exp $");
#include
#include
@@ -99,7 +99,7 @@ copyout32_msg_control_mbuf(struct lwp *l
}
ktrkuser("msgcontrol", cmsg, cmsg->cmsg_len);
- error = copyout(&cmsg32, *q, MAX(i, sizeof(cmsg32)));
+ error = copyout(&cmsg32, *q, MIN(i, sizeof(cmsg32)));
if (error)
return (error);
if (i > CMSG32_LEN(0)) {
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Tue Oct 30 19:32:07 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1644 To generate a diff of this commit: cvs rdiff -u -r1.1.2.18 -r1.1.2.19 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.18 src/doc/CHANGES-7.1.3:1.1.2.19 --- src/doc/CHANGES-7.1.3:1.1.2.18 Wed Aug 29 07:57:13 2018 +++ src/doc/CHANGES-7.1.3 Tue Oct 30 19:32:07 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.18 2018/08/29 07:57:13 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.19 2018/10/30 19:32:07 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -188,3 +188,37 @@ xsrc/external/mit/libX11/dist/src/ListEx Fixed crash on invalid reply (CVE-2018-14598) [mrg, ticket #1635] +external/public-domain/tz/dist/CONTRIBUTING up to 1.1.1.6 +external/public-domain/tz/dist/Makefile up to 1.1.1.22 +external/public-domain/tz/dist/NEWS up to 1.1.1.24 +external/public-domain/tz/dist/README up to 1.1.1.7 +external/public-domain/tz/dist/TZDATA_VERSION up to 1.14 +external/public-domain/tz/dist/africa up to 1.1.1.17 +external/public-domain/tz/dist/antarctica up to 1.1.1.11 +external/public-domain/tz/dist/asia up to 1.1.1.21 +external/public-domain/tz/dist/australasia up to 1.1.1.16 +external/public-domain/tz/dist/backward up to 1.1.1.9 +external/public-domain/tz/dist/backzone up to 1.1.1.15 +external/public-domain/tz/dist/etcetera up to 1.1.1.3 +external/public-domain/tz/dist/europe up to 1.1.1.23 +external/public-domain/tz/dist/factory up to 1.1.1.3 +external/public-domain/tz/dist/leap-seconds.list up to 1.1.1.10 +external/public-domain/tz/dist/leapseconds up to 1.1.1.11 +external/public-domain/tz/dist/leapseconds.awk up to 1.1.1.7 +external/public-domain/tz/dist/northamerica up to 1.1.1.21 +external/public-domain/tz/dist/pacificnew up to 1.1.1.2 +external/public-domain/tz/dist/southamerica up to 1.1.1.15 +external/public-domain/tz/dist/systemv up to 1.1.1.2 +external/public-domain/tz/dist/theory.html up to 1.1.1.6 +external/public-domain/tz/dist/version up to 1.1.1.11 +external/public-domain/tz/dist/yearistype.shup to 1.1.1.2 +external/public-domain/tz/dist/ziguard.awk up to 1.1.1.3 +external/public-domain/tz/dist/zishrink.awk up to 1.1.1.5 +external/public-domain/tz/dist/zone.tab up to 1.1.1.15 +external/public-domain/tz/dist/zone1970.tab up to 1.1.1.17 +external/public-domain/tz/dist/zoneinfo2tdf.pl up to 1.1.1.2 +doc/3RDPARTY (apply patch) + + Updated tzdata to 2018g. + [kre, ticket #1644] +
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Wed Aug 29 07:57:14 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1635 To generate a diff of this commit: cvs rdiff -u -r1.1.2.17 -r1.1.2.18 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.17 src/doc/CHANGES-7.1.3:1.1.2.18 --- src/doc/CHANGES-7.1.3:1.1.2.17 Tue Aug 14 14:36:09 2018 +++ src/doc/CHANGES-7.1.3 Wed Aug 29 07:57:13 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.17 2018/08/14 14:36:09 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.18 2018/08/29 07:57:13 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -176,3 +176,15 @@ sys/netinet6/frag6.c1.64 Ignore zero-sized fragments. [maxv, ticket #1630] +xsrc/external/mit/libX11/dist/src/FontNames. (patch) +xsrc/external/mit/libX11/dist/src/GetFPath.c (patch) +xsrc/external/mit/libX11/dist/src/LiHosts.c (patch) +xsrc/external/mit/libX11/dist/src/ListExt.c (patch) + + Apply fixes from libX11 1.6.5 for the following vulnerabilities: + Fixed off-by-one writes (CVE-2018-14599) + Validation of server response in XListHosts + Fixed out of boundary write (CVE-2018-14600) + Fixed crash on invalid reply (CVE-2018-14598) + [mrg, ticket #1635] +
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Tue Aug 14 14:36:09 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1630 To generate a diff of this commit: cvs rdiff -u -r1.1.2.16 -r1.1.2.17 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.16 src/doc/CHANGES-7.1.3:1.1.2.17 --- src/doc/CHANGES-7.1.3:1.1.2.16 Thu Jul 12 14:59:03 2018 +++ src/doc/CHANGES-7.1.3 Tue Aug 14 14:36:09 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.16 2018/07/12 14:59:03 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.17 2018/08/14 14:36:09 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -171,3 +171,8 @@ usr.bin/printf/printf.c1.37-1.39 conversion. [kre, ticket #1619] +sys/netinet6/frag6.c1.64 + + Ignore zero-sized fragments. + [maxv, ticket #1630] +
CVS commit: [netbsd-7-1] src/sys/netinet6
Module Name:src
Committed By: martin
Date: Tue Aug 14 14:35:44 UTC 2018
Modified Files:
src/sys/netinet6 [netbsd-7-1]: frag6.c
Log Message:
Pull up following revision(s) (requested by maxv in ticket #1630):
sys/netinet6/frag6.c: revision 1.64
Kick zero-sized fragments. We can't allow them to enter; two fragments
could be put at the same offset.
To generate a diff of this commit:
cvs rdiff -u -r1.55.10.2 -r1.55.10.3 src/sys/netinet6/frag6.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet6/frag6.c
diff -u src/sys/netinet6/frag6.c:1.55.10.2 src/sys/netinet6/frag6.c:1.55.10.3
--- src/sys/netinet6/frag6.c:1.55.10.2 Thu Apr 5 11:50:17 2018
+++ src/sys/netinet6/frag6.c Tue Aug 14 14:35:44 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: frag6.c,v 1.55.10.2 2018/04/05 11:50:17 martin Exp $ */
+/* $NetBSD: frag6.c,v 1.55.10.3 2018/08/14 14:35:44 martin Exp $ */
/* $KAME: frag6.c,v 1.40 2002/05/27 21:40:31 itojun Exp $ */
/*
@@ -31,7 +31,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: frag6.c,v 1.55.10.2 2018/04/05 11:50:17 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: frag6.c,v 1.55.10.3 2018/08/14 14:35:44 martin Exp $");
#include
#include
@@ -152,13 +152,14 @@ frag6_input(struct mbuf **mp, int *offp,
}
/*
- * check whether fragment packet's fragment length is
+ * Check whether fragment packet's fragment length is non-zero and
* multiple of 8 octets.
* sizeof(struct ip6_frag) == 8
* sizeof(struct ip6_hdr) = 40
*/
if ((ip6f->ip6f_offlg & IP6F_MORE_FRAG) &&
- (((ntohs(ip6->ip6_plen) - offset) & 0x7) != 0)) {
+ (((ntohs(ip6->ip6_plen) - offset) == 0) ||
+ ((ntohs(ip6->ip6_plen) - offset) & 0x7) != 0)) {
icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_HEADER,
offsetof(struct ip6_hdr, ip6_plen));
in6_ifstat_inc(dstifp, ifs6_reass_fail);
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Thu Jul 12 14:59:03 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1619 To generate a diff of this commit: cvs rdiff -u -r1.1.2.15 -r1.1.2.16 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.15 src/doc/CHANGES-7.1.3:1.1.2.16 --- src/doc/CHANGES-7.1.3:1.1.2.15 Sat Jun 30 11:36:29 2018 +++ src/doc/CHANGES-7.1.3 Thu Jul 12 14:59:03 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.15 2018/06/30 11:36:29 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.16 2018/07/12 14:59:03 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -161,3 +161,13 @@ xsrc/xfree/xc/programs/mkfontscale/ident Pass gzFile, not gzFile * to gzio functions. [mrg, ticket #1618] +usr.bin/printf/printf.c1.37-1.39 + + Fix some error handling. + Avoid running off into oblivion when a format string, + or arg to a %b conversion ends in an unescaped backslash. + Avoid printing error messages twice when an invalid + escape sequence (\ sequence) is present in an arg to a %b + conversion. + [kre, ticket #1619] +
CVS commit: [netbsd-7-1] src/usr.bin/printf
Module Name:src
Committed By: martin
Date: Thu Jul 12 14:58:23 UTC 2018
Modified Files:
src/usr.bin/printf [netbsd-7-1]: printf.c
Log Message:
Pull up following revision(s) (requested by kre in ticket #1619):
usr.bin/printf/printf.c: revision 1.37-1.39
fix some error handling.
>From leot@ on tech-userlevel:
Avoid running off into oblivion when a format string,
or arg to a %b conversion ends in an unescaped backslash.
Patch from Leo slightly modified by me.
Avoid printing error messages twice when an invalid
escape sequence (\ sequence) is present in an arg to a %b
conversion.
To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.36.12.1 src/usr.bin/printf/printf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/printf/printf.c
diff -u src/usr.bin/printf/printf.c:1.36 src/usr.bin/printf/printf.c:1.36.12.1
--- src/usr.bin/printf/printf.c:1.36 Tue Jul 16 17:48:22 2013
+++ src/usr.bin/printf/printf.c Thu Jul 12 14:58:23 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: printf.c,v 1.36 2013/07/16 17:48:22 christos Exp $ */
+/* $NetBSD: printf.c,v 1.36.12.1 2018/07/12 14:58:23 martin Exp $ */
/*
* Copyright (c) 1989, 1993
@@ -41,7 +41,7 @@ __COPYRIGHT("@(#) Copyright (c) 1989, 19
#if 0
static char sccsid[] = "@(#)printf.c 8.2 (Berkeley) 3/22/95";
#else
-__RCSID("$NetBSD: printf.c,v 1.36 2013/07/16 17:48:22 christos Exp $");
+__RCSID("$NetBSD: printf.c,v 1.36.12.1 2018/07/12 14:58:23 martin Exp $");
#endif
#endif /* not lint */
@@ -65,8 +65,8 @@ __RCSID("$NetBSD: printf.c,v 1.36 2013/0
#define ESCAPE 033
#endif
-static void conv_escape_str(char *, void (*)(int));
-static char *conv_escape(char *, char *);
+static void conv_escape_str(char *, void (*)(int), int);
+static char *conv_escape(char *, char *, int);
static char *conv_expand(const char *);
static char getchr(void);
static double getdouble(void);
@@ -170,7 +170,7 @@ int main(int argc, char *argv[])
for (fmt = format; (ch = *fmt++) != '\0';) {
if (ch == '\\') {
char c_ch;
-fmt = conv_escape(fmt, &c_ch);
+fmt = conv_escape(fmt, &c_ch, 0);
putchar(c_ch);
continue;
}
@@ -241,7 +241,7 @@ int main(int argc, char *argv[])
t = NULL;
/* Count number of bytes we want to output */
b_length = 0;
-conv_escape_str(cp, b_count);
+conv_escape_str(cp, b_count, 0);
t = malloc(b_length + 1);
if (t == NULL)
goto out;
@@ -254,7 +254,7 @@ int main(int argc, char *argv[])
goto out;
b_fmt = a;
/* Output leading spaces and data bytes */
-conv_escape_str(cp, b_output);
+conv_escape_str(cp, b_output, 1);
/* Add any trailing spaces */
printf("%s", b_fmt);
break;
@@ -357,7 +357,7 @@ b_output(int ch)
* Halts processing string if a \c escape is encountered.
*/
static void
-conv_escape_str(char *str, void (*do_putchar)(int))
+conv_escape_str(char *str, void (*do_putchar)(int), int quiet)
{
int value;
int ch;
@@ -415,7 +415,7 @@ conv_escape_str(char *str, void (*do_put
}
/* Finally test for sequences valid in the format string */
- str = conv_escape(str - 1, &c);
+ str = conv_escape(str - 1, &c, quiet);
do_putchar(c);
}
}
@@ -424,7 +424,7 @@ conv_escape_str(char *str, void (*do_put
* Print "standard" escape characters
*/
static char *
-conv_escape(char *str, char *conv_ch)
+conv_escape(char *str, char *conv_ch, int quiet)
{
char value;
char ch;
@@ -433,6 +433,14 @@ conv_escape(char *str, char *conv_ch)
ch = *str++;
switch (ch) {
+ case '\0':
+ if (!quiet)
+ warnx("incomplete escape sequence");
+ rval = 1;
+ value = '\\';
+ --str;
+ break;
+
case '0': case '1': case '2': case '3':
case '4': case '5': case '6': case '7':
num_buf[0] = ch;
@@ -470,7 +478,8 @@ conv_escape(char *str, char *conv_ch)
case 'v': value = '\v'; break; /* vertical-tab */
default:
- warnx("unknown escape sequence `\\%c'", ch);
+ if (!quiet)
+ warnx("unknown escape sequence `\\%c'", ch);
rval = 1;
value = ch;
break;
@@ -553,7 +562,7 @@ mklong(const char *str, char ch)
len = strlen(str) + 2;
if (len > sizeof copy) {
- warnx("format %s too complex\n", str);
+ warnx("format %s too complex", str);
len = 4;
}
(void)memmove(copy, str, len - 3);
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Sat Jun 30 11:36:29 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1618 To generate a diff of this commit: cvs rdiff -u -r1.1.2.14 -r1.1.2.15 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.14 src/doc/CHANGES-7.1.3:1.1.2.15 --- src/doc/CHANGES-7.1.3:1.1.2.14 Thu Jun 14 19:48:06 2018 +++ src/doc/CHANGES-7.1.3 Sat Jun 30 11:36:29 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.14 2018/06/14 19:48:06 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.15 2018/06/30 11:36:29 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -156,3 +156,8 @@ share/i18n/esdb/ISO-8859/ISO-8859.alias Add more aliases for Hebrew and Arabic ISO-8859-... encodings. [maya, ticket #1616] +xsrc/xfree/xc/programs/mkfontscale/ident.c (apply patch) + + Pass gzFile, not gzFile * to gzio functions. + [mrg, ticket #1618] +
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Thu Jun 14 19:48:06 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Tickets #1612, #1615 and #1616 To generate a diff of this commit: cvs rdiff -u -r1.1.2.13 -r1.1.2.14 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.13 src/doc/CHANGES-7.1.3:1.1.2.14 --- src/doc/CHANGES-7.1.3:1.1.2.13 Wed Jun 6 14:50:21 2018 +++ src/doc/CHANGES-7.1.3 Thu Jun 14 19:48:06 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.13 2018/06/06 14:50:21 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.14 2018/06/14 19:48:06 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -140,3 +140,19 @@ sys/netinet/udp_usrreq.c 1.237 (patch) issues in NAT-T. [maxv, ticket #1607] +sbin/fsck_lfs/bufcache.c 1.20 +sbin/fsck_lfs/bufcache.h 1.14 + + Fix incore(), use a 64bit logical block number. + [maya, ticket #1612] + +usr.sbin/makefs/ffs.c1.70 + + Fix makefs UFS2 lazy inode initialization. + [maya, ticket #1615] + +share/i18n/esdb/ISO-8859/ISO-8859.alias 1.4 + + Add more aliases for Hebrew and Arabic ISO-8859-... encodings. + [maya, ticket #1616] +
CVS commit: [netbsd-7-1] src/share/i18n/esdb/ISO-8859
Module Name:src Committed By: martin Date: Thu Jun 14 19:45:23 UTC 2018 Modified Files: src/share/i18n/esdb/ISO-8859 [netbsd-7-1]: ISO-8859.alias Log Message: Pull up following revision(s) (requested by maya in ticket #1616): share/i18n/esdb/ISO-8859/ISO-8859.alias: revision 1.4 Add more aliases for Hebrew and Arabic ISO-8859-... encodings. ISO-8859-8 is supposed to be visual order (i.e. legible if displayed ltr) ISO-8859-8-i is supposed to be implicit logic order ISO-8859-8-e is supposed to be explicit about order In practice, ISO-8859-8 implying visual order is rare, and logic order is used. ISO-8859-8-e is rarely used. Same for Arabic, which uses ISO-8859-6-... Mentioned in RFC 1555, RFC 1556. To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.3.64.1 src/share/i18n/esdb/ISO-8859/ISO-8859.alias Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/share/i18n/esdb/ISO-8859/ISO-8859.alias diff -u src/share/i18n/esdb/ISO-8859/ISO-8859.alias:1.3 src/share/i18n/esdb/ISO-8859/ISO-8859.alias:1.3.64.1 --- src/share/i18n/esdb/ISO-8859/ISO-8859.alias:1.3 Wed Dec 13 15:46:34 2006 +++ src/share/i18n/esdb/ISO-8859/ISO-8859.alias Thu Jun 14 19:45:23 2018 @@ -1,13 +1,13 @@ -# $NetBSD: ISO-8859.alias,v 1.3 2006/12/13 15:46:34 tnozaki Exp $ +# $NetBSD: ISO-8859.alias,v 1.3.64.1 2018/06/14 19:45:23 martin Exp $ 1 iso-8859-1 iso8859-1 iso_8859-1:1987 iso-ir-100 iso_8859-1 latin1 l1 ibm819 cp819 2 iso-8859-2 iso8859-2 iso_8859-2:1987 iso-ir-101 iso_8859-2 latin2 l2 ibm912 cp912 3 iso-8859-3 iso8859-3 iso_8859-3:1988 iso-ir-109 iso_8859-3 latin3 l3 ibm913 cp913 4 iso-8859-4 iso8859-4 iso_8859-4:1988 iso-ir-110 iso_8859-4 latin4 l4 ibm914 cp914 5 iso-8859-5 iso8859-5 iso_8859-5:1988 iso-ir-144 iso_8859-5 cyrillic ibm915 cp915 -6 iso-8859-6 iso8859-6 iso_8859-6:1987 iso-ir-127 iso_8859-6 ecma-114 asmo-708 arabic ibm1089 cp1089 +6 iso-8859-6 iso-8859-6-i iso-8859-6-e iso8859-6 iso_8859-6:1987 iso-ir-127 iso_8859-6 ecma-114 asmo-708 arabic ibm1089 cp1089 7 iso-8859-7 iso8859-7 iso_8859-7:1987 iso-ir-126 iso_8859-7 elot_928 ecma-118 greek greek8 ibm813 cp813 -8 iso-8859-8 iso8859-8 iso_8859-8:1988 iso-ir-138 iso_8859-8 hebrew ibm916 cp916 +8 iso-8859-8 iso-8859-8-i iso-8859-8-e iso8859-8 iso_8859-8:1988 iso-ir-138 iso_8859-8 hebrew ibm916 cp916 9 iso-8859-9 iso8859-9 iso_8859-9:1989 iso-ir-148 iso_8859-9 latin5 l5 ibm920 cp920 10 iso-8859-10 iso8859-10 iso_8859-10:1992 iso-ir-157 iso_8859-10 latin6 l6 11 iso-8859-11 iso8859-11 iso_8859-11 iso-ir-166 tis620 tis620-0
CVS commit: [netbsd-7-1] src/usr.sbin/makefs
Module Name:src
Committed By: martin
Date: Thu Jun 14 19:40:07 UTC 2018
Modified Files:
src/usr.sbin/makefs [netbsd-7-1]: ffs.c
Log Message:
Pull up following revision(s) (requested by maya in ticket #1615):
usr.sbin/makefs/ffs.c: revision 1.70
PR/52828: Mark Johnston: makefs UFS2 lazy inode initialization is buggy
makefs(8) emulates UFS2 in performing lazy initialization of inode
blocks when allocating and writing inodes. However, it only ever
initializes one inode block at a time, which may be insufficient.
If so, a later initialization may clobber an inode, resulting in
an inconsistent filesystem.
I committed a minimal fix for the problem to FreeBSD:
https://svnweb.freebsd.org/changeset/base/326912
To generate a diff of this commit:
cvs rdiff -u -r1.63.6.1 -r1.63.6.1.6.1 src/usr.sbin/makefs/ffs.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.sbin/makefs/ffs.c
diff -u src/usr.sbin/makefs/ffs.c:1.63.6.1 src/usr.sbin/makefs/ffs.c:1.63.6.1.6.1
--- src/usr.sbin/makefs/ffs.c:1.63.6.1 Tue Apr 14 05:08:09 2015
+++ src/usr.sbin/makefs/ffs.c Thu Jun 14 19:40:07 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: ffs.c,v 1.63.6.1 2015/04/14 05:08:09 snj Exp $ */
+/* $NetBSD: ffs.c,v 1.63.6.1.6.1 2018/06/14 19:40:07 martin Exp $ */
/*
* Copyright (c) 2001 Wasabi Systems, Inc.
@@ -71,7 +71,7 @@
#include
#if defined(__RCSID) && !defined(__lint)
-__RCSID("$NetBSD: ffs.c,v 1.63.6.1 2015/04/14 05:08:09 snj Exp $");
+__RCSID("$NetBSD: ffs.c,v 1.63.6.1.6.1 2018/06/14 19:40:07 martin Exp $");
#endif /* !__lint */
#include
@@ -1102,7 +1102,7 @@ ffs_write_inode(union dinode *dp, uint32
* Initialize inode blocks on the fly for UFS2.
*/
initediblk = ufs_rw32(cgp->cg_initediblk, fsopts->needswap);
- if (ffs_opts->version == 2 &&
+ while (ffs_opts->version == 2 &&
(uint32_t)(cgino + FFS_INOPB(fs)) > initediblk &&
initediblk < ufs_rw32(cgp->cg_niblk, fsopts->needswap)) {
memset(buf, 0, fs->fs_bsize);
CVS commit: [netbsd-7-1] src/sbin/fsck_lfs
Module Name:src
Committed By: martin
Date: Thu Jun 14 19:36:53 UTC 2018
Modified Files:
src/sbin/fsck_lfs [netbsd-7-1]: bufcache.c bufcache.h
Log Message:
Pull up following revision(s) (requested by maya in ticket #1612):
sbin/fsck_lfs/bufcache.h: revision 1.14
sbin/fsck_lfs/bufcache.c: revision 1.20
PR/51418: Jose Luis Rodriguez Garcia: Fix incore src/sbin/fsck_lfs/bufcache.c
XXX: pullup-8, pullup-7
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.14.10.1 src/sbin/fsck_lfs/bufcache.c
cvs rdiff -u -r1.11 -r1.11.44.1 src/sbin/fsck_lfs/bufcache.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/fsck_lfs/bufcache.c
diff -u src/sbin/fsck_lfs/bufcache.c:1.14 src/sbin/fsck_lfs/bufcache.c:1.14.10.1
--- src/sbin/fsck_lfs/bufcache.c:1.14 Sat Oct 19 01:09:58 2013
+++ src/sbin/fsck_lfs/bufcache.c Thu Jun 14 19:36:53 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: bufcache.c,v 1.14 2013/10/19 01:09:58 christos Exp $ */
+/* $NetBSD: bufcache.c,v 1.14.10.1 2018/06/14 19:36:53 martin Exp $ */
/*-
* Copyright (c) 2003 The NetBSD Foundation, Inc.
* All rights reserved.
@@ -193,7 +193,7 @@ bremfree(struct ubuf * bp)
/* Return a buffer if it is in the cache, otherwise return NULL. */
struct ubuf *
-incore(struct uvnode * vp, int lbn)
+incore(struct uvnode * vp, daddr_t lbn)
{
struct ubuf *bp;
int hash, depth;
Index: src/sbin/fsck_lfs/bufcache.h
diff -u src/sbin/fsck_lfs/bufcache.h:1.11 src/sbin/fsck_lfs/bufcache.h:1.11.44.1
--- src/sbin/fsck_lfs/bufcache.h:1.11 Fri May 16 09:21:59 2008
+++ src/sbin/fsck_lfs/bufcache.h Thu Jun 14 19:36:53 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: bufcache.h,v 1.11 2008/05/16 09:21:59 hannken Exp $ */
+/* $NetBSD: bufcache.h,v 1.11.44.1 2018/06/14 19:36:53 martin Exp $ */
/*-
* Copyright (c) 1999, 2000 The NetBSD Foundation, Inc.
@@ -116,7 +116,7 @@ void bufrehash(int);
void bufstats(void);
void buf_destroy(struct ubuf *);
void bremfree(struct ubuf *);
-struct ubuf *incore(struct uvnode *, int);
+struct ubuf *incore(struct uvnode *, daddr_t);
struct ubuf *getblk(struct uvnode *, daddr_t, int);
void bwrite(struct ubuf *);
void brelse(struct ubuf *, int);
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Wed Jun 6 14:50:21 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1607 To generate a diff of this commit: cvs rdiff -u -r1.1.2.12 -r1.1.2.13 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.12 src/doc/CHANGES-7.1.3:1.1.2.13 --- src/doc/CHANGES-7.1.3:1.1.2.12 Tue May 22 17:37:15 2018 +++ src/doc/CHANGES-7.1.3 Wed Jun 6 14:50:21 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.12 2018/05/22 17:37:15 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.13 2018/06/06 14:50:21 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -134,3 +134,9 @@ sys/kern/uipc_mbuf.c1.214 remove the M_READONLY check. The initial code was correct. [maxv, ticket #1606] +sys/netinet/udp_usrreq.c 1.237 (patch) + + Fix bad/wrong memory deallocations and dangling pointer + issues in NAT-T. + [maxv, ticket #1607] +
CVS commit: [netbsd-7-1] src/sys/netinet
Module Name:src
Committed By: martin
Date: Wed Jun 6 14:49:42 UTC 2018
Modified Files:
src/sys/netinet [netbsd-7-1]: udp_usrreq.c
Log Message:
Pull up following revision(s) (requested by maxv in ticket #1607):
sys/netinet/udp_usrreq.c: revision 1.237 (via patch)
Fix three pretty bad mistakes in NAT-T:
* If we got a keepalive packet, we need to call m_freem, not m_free.
Here the next mbufs in the chain are not freed. Seems easy to remotely
DoS the system by sending fragmented keepalives in a loop.
* If !ipsec_used, free the mbuf.
* In udp_input, we need to update 'uh', because udp4_realinput may have
modified the chain. Perhaps we also need to re-enforce alignment, so
add an XXX.
To generate a diff of this commit:
cvs rdiff -u -r1.217 -r1.217.10.1 src/sys/netinet/udp_usrreq.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet/udp_usrreq.c
diff -u src/sys/netinet/udp_usrreq.c:1.217 src/sys/netinet/udp_usrreq.c:1.217.10.1
--- src/sys/netinet/udp_usrreq.c:1.217 Sat Aug 9 05:33:01 2014
+++ src/sys/netinet/udp_usrreq.c Wed Jun 6 14:49:41 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: udp_usrreq.c,v 1.217 2014/08/09 05:33:01 rtr Exp $ */
+/* $NetBSD: udp_usrreq.c,v 1.217.10.1 2018/06/06 14:49:41 martin Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -66,7 +66,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.217 2014/08/09 05:33:01 rtr Exp $");
+__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.217.10.1 2018/06/06 14:49:41 martin Exp $");
#include "opt_inet.h"
#include "opt_compat_netbsd.h"
@@ -395,7 +395,15 @@ udp_input(struct mbuf *m, ...)
*/
return;
}
+
ip = mtod(m, struct ip *);
+ IP6_EXTHDR_GET(uh, struct udphdr *, m, iphlen, sizeof(struct udphdr));
+ if (uh == NULL) {
+ UDP_STATINC(UDP_STAT_HDROPS);
+ return;
+ }
+ /* XXX Re-enforce alignment? */
+
#ifdef INET6
if (IN_MULTICAST(ip->ip_dst.s_addr) || n == 0) {
struct sockaddr_in6 src6, dst6;
@@ -1301,7 +1309,7 @@ udp4_espinudp(struct mbuf **mp, int off,
/* Ignore keepalive packets */
if ((len == 1) && (*(unsigned char *)data == 0xff)) {
- m_free(m);
+ m_freem(m);
*mp = NULL; /* avoid any further processiong by caller ... */
return 1;
}
@@ -1383,7 +1391,8 @@ udp4_espinudp(struct mbuf **mp, int off,
#ifdef IPSEC
if (ipsec_used)
ipsec4_common_input(m, iphdrlen, IPPROTO_ESP);
- /* XXX: else */
+ else
+ m_freem(m);
#else
esp4_input(m, iphdrlen);
#endif
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Tue May 22 17:37:15 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1606 To generate a diff of this commit: cvs rdiff -u -r1.1.2.11 -r1.1.2.12 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.11 src/doc/CHANGES-7.1.3:1.1.2.12 --- src/doc/CHANGES-7.1.3:1.1.2.11 Mon May 14 16:21:13 2018 +++ src/doc/CHANGES-7.1.3 Tue May 22 17:37:15 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.11 2018/05/14 16:21:13 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.12 2018/05/22 17:37:15 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -128,3 +128,9 @@ sys/net/npf/npf_inet.c1.45 Fix use-after-free. [maxv, ticket #1605] +sys/kern/uipc_mbuf.c1.214 + + Revert ticket #1598: + remove the M_READONLY check. The initial code was correct. + [maxv, ticket #1606] +
CVS commit: [netbsd-7-1] src/sys/kern
Module Name:src
Committed By: martin
Date: Tue May 22 17:36:45 UTC 2018
Modified Files:
src/sys/kern [netbsd-7-1]: uipc_mbuf.c
Log Message:
Pull up following revision(s) (requested by maxv in ticket #1606):
sys/kern/uipc_mbuf.c: revision 1.214
Revert my rev1.190, remove the M_READONLY check. The initial code was
correct: what is read-only is the mbuf storage, not the mbuf itself. The
storage contains the packet payload, and never has anything related to
mbufs. So it is fine to remove M_PKTHDR on mbufs that have a read-only
storage.
In fact it was kind of obvious, since several places already manually
remove M_PKTHDR without taking care of the external storage.
To generate a diff of this commit:
cvs rdiff -u -r1.158.4.1.6.3 -r1.158.4.1.6.4 src/sys/kern/uipc_mbuf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/uipc_mbuf.c
diff -u src/sys/kern/uipc_mbuf.c:1.158.4.1.6.3 src/sys/kern/uipc_mbuf.c:1.158.4.1.6.4
--- src/sys/kern/uipc_mbuf.c:1.158.4.1.6.3 Thu May 3 15:14:48 2018
+++ src/sys/kern/uipc_mbuf.c Tue May 22 17:36:45 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: uipc_mbuf.c,v 1.158.4.1.6.3 2018/05/03 15:14:48 martin Exp $ */
+/* $NetBSD: uipc_mbuf.c,v 1.158.4.1.6.4 2018/05/22 17:36:45 martin Exp $ */
/*-
* Copyright (c) 1999, 2001 The NetBSD Foundation, Inc.
@@ -62,7 +62,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.158.4.1.6.3 2018/05/03 15:14:48 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.158.4.1.6.4 2018/05/22 17:36:45 martin Exp $");
#include "opt_mbuftrace.h"
#include "opt_nmbclusters.h"
@@ -458,11 +458,6 @@ m_pkthdr_remove(struct mbuf *m)
{
KASSERT(m->m_flags & M_PKTHDR);
- if (M_READONLY(m)) {
- /* Nothing we can do. */
- return;
- }
-
m_tag_delete_chain(m, NULL);
m->m_flags &= ~M_PKTHDR;
memset(&m->m_pkthdr, 0, sizeof(m->m_pkthdr));
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Mon May 14 16:21:13 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1605 To generate a diff of this commit: cvs rdiff -u -r1.1.2.10 -r1.1.2.11 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.10 src/doc/CHANGES-7.1.3:1.1.2.11 --- src/doc/CHANGES-7.1.3:1.1.2.10 Thu May 3 15:15:17 2018 +++ src/doc/CHANGES-7.1.3 Mon May 14 16:21:13 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.10 2018/05/03 15:15:17 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.11 2018/05/14 16:21:13 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -122,3 +122,9 @@ sys/kern/uipc_mbuf.c1.211 (patch) the chain. [maxv, ticket #1602] +sys/net/npf/npf_alg_icmp.c 1.27-1.29 +sys/net/npf/npf_inet.c1.45 + + Fix use-after-free. + [maxv, ticket #1605] +
