Re: format strings in libexpat
On Sat, Feb 18, 2023 at 08:22:56AM +, Miod Vallat wrote: > libexpat assumes the compiler might not know of the C99 format > specifiers for ptrdiff_t and size_t, and tries to guess alternative > format strings. The problem is the printf runtime. There is no good way to detect the support without running a test program and for a library that is explicitly used in many cross-compilation environments, that's a problem. > The following diff relieves it of this misery (but can't be sent > upѕtream, as it is too aggressive). I think it might be a good idea to try again. Since C++11 support made much of the runtime parts of C99 mandatory, even Microsoft had to adopt and they were the last big holdout. I don't know how ancient the systems are that expat targets, but asking seems to be a reasonable idea nowadays. Joerg
Re: rpki-client: disallow trailing garbage in signed objects
On Tue, Feb 21, 2023 at 03:07:00AM +0100, Theo Buehler wrote: > By design of d2i, it's the caller's responsibility to check a DER object > has been fully consumed. We read files from the disk, check hashes, > parse and validate the DER we encounter, but we do not make sure that > nothing follows the DER blob we parsed. > > As Job noticed, it is possible to append data to a CRL and still have > a manifest display "Validation: OK" in file mode. This is partly > possible due to the fact that filemode has a rather lax notion of > validity (since it is an inspection tool), but also due to these > missing checks. > > The diff below checks for !=. Barring bugs in ASN1_item_d2i() (unheard > of!), only the < case should be possible, but it seems better to allow > for > as well. I guess we could assert <=. OK job@ ps. If there are 'bytes trailing garbage' on an *.mft discovered in the DIR_VALID storage area, would a more pristine version of the MFT in DIR_TEMP be ignored?
rpki-client: disallow trailing garbage in signed objects
By design of d2i, it's the caller's responsibility to check a DER object
has been fully consumed. We read files from the disk, check hashes,
parse and validate the DER we encounter, but we do not make sure that
nothing follows the DER blob we parsed.
As Job noticed, it is possible to append data to a CRL and still have a
manifest display "Validation: OK" in file mode. This is partly possible
due to the fact that filemode has a rather lax notion of validity (since
it is an inspection tool), but also due to these missing checks.
The diff below checks for !=. Barring bugs in ASN1_item_d2i() (unheard
of!), only the < case should be possible, but it seems better to allow
for > as well. I guess we could assert <=.
Index: cert.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
retrieving revision 1.101
diff -u -p -r1.101 cert.c
--- cert.c 30 Nov 2022 09:12:34 - 1.101
+++ cert.c 21 Feb 2023 01:48:00 -
@@ -641,13 +641,14 @@ cert_parse_ee_cert(const char *fn, X509
struct cert *
cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
{
- int extsz;
- int sia_present = 0;
- size_t i;
- X509*x = NULL;
- X509_EXTENSION *ext = NULL;
- ASN1_OBJECT *obj;
- struct parse p;
+ const unsigned char *oder;
+ int extsz;
+ int sia_present = 0;
+ size_t i;
+ X509*x = NULL;
+ X509_EXTENSION *ext = NULL;
+ ASN1_OBJECT *obj;
+ struct parse p;
/* just fail for empty buffers, the warning was printed elsewhere */
if (der == NULL)
@@ -658,8 +659,13 @@ cert_parse_pre(const char *fn, const uns
if ((p.res = calloc(1, sizeof(struct cert))) == NULL)
err(1, NULL);
+ oder = der;
if ((x = d2i_X509(NULL, , len)) == NULL) {
cryptowarnx("%s: d2i_X509", p.fn);
+ goto out;
+ }
+ if (der != oder + len) {
+ warnx("%s: %td bytes trailing garbage", fn, oder + len - der);
goto out;
}
Index: cms.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/cms.c,v
retrieving revision 1.26
diff -u -p -r1.26 cms.c
--- cms.c 28 Dec 2022 21:30:18 - 1.26
+++ cms.c 21 Feb 2023 01:45:37 -
@@ -64,9 +64,10 @@ cms_extract_econtent(const char *fn, CMS
static int
cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char
*der,
-size_t derlen, const ASN1_OBJECT *oid, BIO *bio, unsigned char **res,
+size_t len, const ASN1_OBJECT *oid, BIO *bio, unsigned char **res,
size_t *rsz)
{
+ const unsigned char *oder;
char buf[128], obuf[128];
const ASN1_OBJECT *obj, *octype;
ASN1_OCTET_STRING *kid = NULL;
@@ -89,8 +90,13 @@ cms_parse_validate_internal(X509 **xp, c
if (der == NULL)
return 0;
- if ((cms = d2i_CMS_ContentInfo(NULL, , derlen)) == NULL) {
+ oder = der;
+ if ((cms = d2i_CMS_ContentInfo(NULL, , len)) == NULL) {
cryptowarnx("%s: RFC 6488: failed CMS parse", fn);
+ goto out;
+ }
+ if (der != oder + len) {
+ warnx("%s: %td bytes trailing garbage", fn, oder + len - der);
goto out;
}
Index: crl.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/crl.c,v
retrieving revision 1.21
diff -u -p -r1.21 crl.c
--- crl.c 30 Nov 2022 09:03:44 - 1.21
+++ crl.c 21 Feb 2023 01:47:31 -
@@ -25,9 +25,10 @@
struct crl *
crl_parse(const char *fn, const unsigned char *der, size_t len)
{
- struct crl *crl;
- const ASN1_TIME *at;
- int rc = 0;
+ const unsigned char *oder;
+ struct crl *crl;
+ const ASN1_TIME *at;
+ int rc = 0;
/* just fail for empty buffers, the warning was printed elsewhere */
if (der == NULL)
@@ -36,8 +37,13 @@ crl_parse(const char *fn, const unsigned
if ((crl = calloc(1, sizeof(*crl))) == NULL)
err(1, NULL);
+ oder = der;
if ((crl->x509_crl = d2i_X509_CRL(NULL, , len)) == NULL) {
cryptowarnx("%s: d2i_X509_CRL", fn);
+ goto out;
+ }
+ if (der != oder + len) {
+ warnx("%s: %td bytes trailing garbage", fn, oder + len - der);
goto out;
}
Nuke remnants of /dev/io
The iskmemdev function checks for minor number 14 in addition to 0 and 1 on
the following archs:
amd64, arm64, i386, and riscv64
Device 2, 14 was traditionally /dev/io, which we don't support and so opening
it will always return ENXIO from mmopen anyway.
We only use iskmemdev in one place in the tree, to return EPERM when trying
to access /dev/kmem or /dev/mem when securelevel >= 1.
This patch removes the check for minor(dev) == 14 on the four above mentioned
architectures.
--- sys/arch/amd64/amd64/conf.c.distMon Feb 20 18:17:44 2023
+++ sys/arch/amd64/amd64/conf.c Mon Feb 20 18:29:28 2023
@@ -313,7 +313,7 @@
iskmemdev(dev_t dev)
{
- return (major(dev) == mem_no && (minor(dev) < 2 || minor(dev) == 14));
+ return (major(dev) == mem_no && minor(dev) < 2);
}
/*
--- sys/arch/arm64/arm64/conf.c.distMon Feb 20 18:18:20 2023
+++ sys/arch/arm64/arm64/conf.c Mon Feb 20 18:29:14 2023
@@ -255,7 +255,7 @@
iskmemdev(dev_t dev)
{
- return (major(dev) == CMAJ_MM && (minor(dev) < 2 || minor(dev) == 14));
+ return (major(dev) == CMAJ_MM && minor(dev) < 2);
}
/*
--- sys/arch/i386/i386/conf.c.dist Mon Feb 20 18:18:35 2023
+++ sys/arch/i386/i386/conf.c Mon Feb 20 18:28:51 2023
@@ -309,7 +309,7 @@
int
iskmemdev(dev_t dev)
{
- return (major(dev) == mem_no && (minor(dev) < 2 || minor(dev) == 14));
+ return (major(dev) == mem_no && minor(dev) < 2);
}
/*
--- sys/arch/riscv64/riscv64/conf.c.distMon Feb 20 18:18:48 2023
+++ sys/arch/riscv64/riscv64/conf.c Mon Feb 20 18:28:35 2023
@@ -253,7 +253,7 @@
iskmemdev(dev_t dev)
{
- return (major(dev) == mem_no && (minor(dev) < 2 || minor(dev) == 14));
+ return (major(dev) == mem_no && minor(dev) < 2);
}
/*
Enable Apollo Lake audio
Hello tech --
I recently found a ~5 year old laptop sitting in storage. It is
an Apollo Lake machine. I think I put it in storage because it
did not have working audio. I tried a -current kernel from today
and found that it still did not have audio. The audio device
does not attach.
There is a one-line fix to enable audio. With this, the audio
device attaches and the laptop is playing audio just fine.
OK?
~Brian
Index: dev/pci/azalia.c
===
RCS file: /cvs/src/sys/dev/pci/azalia.c,v
retrieving revision 1.282
diff -u -p -r1.282 azalia.c
--- dev/pci/azalia.c5 Feb 2023 02:26:02 - 1.282
+++ dev/pci/azalia.c20 Feb 2023 20:53:35 -
@@ -492,6 +492,7 @@ const struct pci_matchid azalia_pci_devi
{ PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_500SERIES_HDA },
{ PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_500SERIES_LP_HDA },
{ PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_600SERIES_LP_HDA },
+ { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_APOLLOLAKE_HDA },
{ PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_GLK_HDA },
{ PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_JSL_HDA },
{ PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_EHL_HDA },
Re: format strings in libexpat
> Does this actually change something on any of our architectures? This gets rid of warnings such as: /usr/src/lib/libexpat/lib/xmlparse.c: In function 'accountingReportDiff': /usr/src/lib/libexpat/lib/xmlparse.c:7704: warning: format '%6d' expects type 'int', but argument 3 has type 'ptrdiff_t' but otherwise won't change anything. > If not, I would prefer to stick to upstream #ifdef hell. This > avoids possible merge errors in every expat release. Sure.
Re: format strings in libexpat
On Sat, Feb 18, 2023 at 08:22:56AM +, Miod Vallat wrote: > libexpat assumes the compiler might not know of the C99 format > specifiers for ptrdiff_t and size_t, and tries to guess alternative > format strings. > > The following diff relieves it of this misery (but can't be sent > up??tream, as it is too aggressive). This means a diff I have to merge with every libexpat update. I am quite happy that I got rid of them. Does this actually change something on any of our architectures? If not, I would prefer to stick to upstream #ifdef hell. This avoids possible merge errors in every expat release. bluhm > Index: lib/internal.h > === > RCS file: /OpenBSD/src/lib/libexpat/lib/internal.h,v > retrieving revision 1.10 > diff -u -p -r1.10 internal.h > --- lib/internal.h20 Sep 2022 23:00:53 - 1.10 > +++ lib/internal.h18 Feb 2023 08:16:19 - > @@ -105,31 +105,9 @@ > # endif > #endif > > -#include // ULONG_MAX > - > -#if defined(_WIN32) > \ > -&& (! defined(__USE_MINGW_ANSI_STDIO) > \ > -|| (1 - __USE_MINGW_ANSI_STDIO - 1 == 0)) > -# define EXPAT_FMT_ULL(midpart) "%" midpart "I64u" > -# if defined(_WIN64) // Note: modifiers "td" and "zu" do not work for MinGW > -#define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "I64d" > -#define EXPAT_FMT_SIZE_T(midpart) "%" midpart "I64u" > -# else > -#define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "d" > -#define EXPAT_FMT_SIZE_T(midpart) "%" midpart "u" > -# endif > -#else > -# define EXPAT_FMT_ULL(midpart) "%" midpart "llu" > -# if ! defined(ULONG_MAX) > -#error Compiler did not define ULONG_MAX for us > -# elif ULONG_MAX == 18446744073709551615u // 2^64-1 > -#define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "ld" > -#define EXPAT_FMT_SIZE_T(midpart) "%" midpart "lu" > -# else > -#define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "d" > -#define EXPAT_FMT_SIZE_T(midpart) "%" midpart "u" > -# endif > -#endif > +#define EXPAT_FMT_ULL(midpart) "%" midpart "llu" > +#define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "td" > +#define EXPAT_FMT_SIZE_T(midpart) "%" midpart "zu" > > #ifndef UNUSED_P > # define UNUSED_P(p) (void)p >
Re: aucat -> sndiod in intro(3) manual page
On Mon, Feb 20, 2023 at 02:36:10PM +0100, David Demelier wrote: > Hi, > > Just fix sndiod reference rather than aucat to sio_open in intro(3). > fixed, thanks. jmc > Index: share/man/man3/intro.3 > === > RCS file: /cvs/src/share/man/man3/intro.3,v > retrieving revision 1.96 > diff -u -r1.96 intro.3 > --- share/man/man3/intro.310 Jun 2021 13:13:38 - 1.96 > +++ share/man/man3/intro.320 Feb 2023 13:33:40 - > @@ -332,7 +332,7 @@ > Library for > .Xr audio 4 > hardware and the > -.Xr aucat 1 > +.Xr sndiod 8 > audio server. > See > .Xr sio_open 3 . >
aucat -> sndiod in intro(3) manual page
Hi, Just fix sndiod reference rather than aucat to sio_open in intro(3). Index: share/man/man3/intro.3 === RCS file: /cvs/src/share/man/man3/intro.3,v retrieving revision 1.96 diff -u -r1.96 intro.3 --- share/man/man3/intro.3 10 Jun 2021 13:13:38 - 1.96 +++ share/man/man3/intro.3 20 Feb 2023 13:33:40 - @@ -332,7 +332,7 @@ Library for .Xr audio 4 hardware and the -.Xr aucat 1 +.Xr sndiod 8 audio server. See .Xr sio_open 3 .
