* use correct error detection of realloc failure
* strtol negative return check
* use strtol to validate string instead of rolling our own
validation code
* terminate the command sequence correctly
for the sorts of errors we run into[1]. This also gives us room to put in a
vaguely appropriate casts to silence warnings since our compiler doesn't like
when we compare ssize_t to size_t[2]. Add a cast in sblock.c[3] to silence
a warning because of signed vs. size_t hell (again). Clean up nearby
excessive parenthemutilation[4].
Reviewed by: bde [2] [3]
Suggested by: bde, many [1]
Submitted by: bde [4]
An aside about [4], bde notes that we do not check for a negative value for
the fs bsize. I'm nto going to do that in every situation we use it, one must
expect a reasonable program to pass down reasonable values. Some foot shooting
protection I will tolerate, some I will not. Also he suggests some possible
conditional improvements there, which I may take to heart.
PS: For me at least, this is now WARNS=5 clean...
seed->first value correlation. It breaks rand_r()... Other possible methods
like shuffling inside aray will breaks rand_r() too, because it assumes
only one word state, i.e. nothing extra can be added after seed assignment
in srand().
BTW, for old formulae seed->first value correlation is not so monotonically
increased as with other Linear Congruential Generators of this type only
becase arithmetic overflow happens. But overflow affects distribution
and lower bits very badly, as many articles says, such type of overflow
not improves PRNG.
So, monotonically increased seed->first value correlation problem remains...
Only warnings that could be fixed without changing the generated object
code and without restructuring the source code have been handled.
Reviewed by: /sbin/md5
Introdice RTLD_SELF special handle and properly process it within
dlsym() and dlinfo() functions.
The intention is to improve our compatibility with Solaris and
to make a Java port easier.
Partially submitted by: phantom
isnormal(). The current isinf() and isnan() are perserved for
binary compatibility with 5.0, but new programs will use the macros.
o Implement C99 comparison macros isgreater(), isgreaterequal(),
isless(), islessequal(), islessgreater(), isunordered().
Submitted by: David Schultz <dschultz@uclink.Berkeley.EDU>
to maintain, and had security issues which would have required a major
rewrite to address anyway.
This implementation currently starts a separate agent for each session
instead of connecting each new session to the agent started by the first
one. While this would be a Good Thing (and the old pam_ssh(8) tried to
do it), it's hard to get right. I'll revisit this issue when I've had a
chance to test some modifications to ssh-agent(1).
o Add a MD header private to libc called _fpmath.h; this header
contains bitfield layouts of MD floating-point types.
o Add a MI header private to libc called fpmath.h; this header
contains bitfield layouts of MI floating-point types.
o Add private libc variables to lib/libc/$arch/gen/infinity.c for
storing NaN values.
o Add __double_t and __float_t to <machine/_types.h>, and provide
double_t and float_t typedefs in <math.h>.
o Add some C99 manifest constants (FP_ILOGB0, FP_ILOGBNAN, HUGE_VALF,
HUGE_VALL, INFINITY, NAN, and return values for fpclassify()) to
<math.h> and others (FLT_EVAL_METHOD, DECIMAL_DIG) to <float.h> via
<machine/float.h>.
o Add C99 macro fpclassify() which calls __fpclassify{d,f,l}() based
on the size of its argument. __fpclassifyl() is never called on
alpha because (sizeof(long double) == sizeof(double)), which is good
since __fpclassifyl() can't deal with such a small `long double'.
This was developed by David Schultz and myself with input from bde and
fenner.
PR: 23103
Submitted by: David Schultz <dschultz@uclink.Berkeley.EDU>
(significant portions)
Reviewed by: bde, fenner (earlier versions)
pam_wheel(8) module was written to work in spite of a broken libpam, and
has grown organically since its inception, which is reflected in both its
functionality and implementation. Rather than clean up pam_wheel(8) and
break backward compatibility, I've chosen to reimplement it under a new,
more generic name.
Sponsored by: DARPA, NAI Labs
to remove part of seed -> 1st value correlation. Correlation still remains
because of algorithm limits. Note that old algorithm have even stronger
correlation, especially in the lower bits area, but not eye-visible, as
current one.
at 0 as designed. Its BSD adaptation tries to fight it by mapping 0 to
2147483647 after calculation, but this method not works since 2147483647
seed returns to 0 again on the next interation. Instead of after calculation
mapping, map 0 to another value _before_ calculation, so it never stucks.
initialize the context. This way, a failure to initialize the context is
not fatal unless we actually have work to do - because if we don't, we
return PAM_SUCCESS without even trying to initialize the context.
checks, including the "open directory" check or a MAC check fail,
after the working directory of the process has been changed, then
the cwd of the process will be left as the target directory rather
than the original directory.
At some point, this bug might be fixable by performing the directory
change only after permission is granted for the change. In the
mean time document it (it's been there for a while).
is finished. This fixes clients doing two RPCs over the
same connection at the same time. Without this fix, we
could end with a reply to old data.
Submitted by: Frank van der Linden <fvdl@netbsd.org>
Reviewed by: rwatson
Obtained from: NetBSD
(previous variant return NULL pointer for both empty file case and error case,
so caller can't sense error properly).
It not affect existen programs because property_find() now returns NULL
for both NULL pointer and NULLified struct.
get it from the fs structure. Really libufs should have interfaces to generate
both what we export, and what we import, based on eachother, and this should
be full of redundant code to make sure everything is right... But really, we
don't even deal with checksums, so plenty of room to improve.
a NULL filename argument allows a stream's mode to be changed. At the
moment it just recycles the old file descriptor instead of storing the
filename somewhere and using that to reopen the file, as the standard
seems to require. Strictly conforming C99 applications probably can't
tell the difference but POSIX ones can.
PR: 46791
to be called on first sight of trouble.
"sensitive" is somewhat arbitrarily defined as "setuid, setgid, uid == root
or gid == wheel".
The 'A' option carries no performance penalty.
It is not possible to override this setting: fix the program instead.
Absentmindedly nodded OK to by: various