Prior to this commit, fread/fwrite calls with size * nmemb > SIZE_MAX
were handled by reading or writing (size_t)(size * nmemb) bytes; for
example, on 32-bit platforms, fread(ptr, 641, 6700417, f) would read 1
byte and indicate that the requested 6700417 blocks had been read.
This commit adds a check for such integer overflows, and treats them as
if an overly large request was passed to read/write; i.e., it sets errno
to EINVAL, sets the error indicator on the file, and returns a short
object count (0, to be specific).
The overflow check involves an integer division, so as a performance
optimization we check first to see if both size and nmemb are less than
2^16; if they are, no overflow is possible and we avoid the division.
We assume here that size_t is at least 32 bits; this appears to be true
on all platforms FreeBSD supports.
Although this commit fixes an integer overflow, it is not likely to have
any security implications, since any program which would be affected by
this bug fix is quite clearly already very confused.
Reviewed by: kib
MFC after: 1 month
r195030 | gonzo | 2009-06-25 19:27:31 -0600 (Thu, 25 Jun 2009) | 4 lines
- Switch to libc softfloat from libgcc implementation. The problem
with latter is that it is not complete, fpsetXXX/fpgetXXX
functions are missing.
r197800 | gonzo | 2009-10-06 00:35:52 -0600 (Tue, 06 Oct 2009) | 3 lines
- curbrk variable for sbrk and brk should be the same
- Add correct variable names to Symbol.map
r195025 | gonzo | 2009-06-25 19:01:50 -0600 (Thu, 25 Jun 2009) | 4 lines
- Move fpgetXXX.c/fpsetXXX.c sources to hardfloat subdir/
to prevenmt them from being mixed up with lib/libc/softfloat
files with the same names
alphasort-like interface to the comparision function required by
qsort() and qsort_r().
For opendir() thunk and alphasort(), comment on why we deviated from
POSIX by using strcmp() instead of strcoll().
Requested and reviewed by: bde
MFC after: 2 weeks
now type sema_t is a structure which can be put in a shared memory area,
and multiple processes can operate it concurrently.
User can either use mmap(MAP_SHARED) + sem_init(pshared=1) or use sem_open()
to initialize a shared semaphore.
Named semaphore uses file system and is located in /tmp directory, and its
file name is prefixed with 'SEMD', so now it is chroot or jail friendly.
In simplist cases, both for named and un-named semaphore, userland code
does not have to enter kernel to reduce/increase semaphore's count.
The semaphore is designed to be crash-safe, it means even if an application
is crashed in the middle of operating semaphore, the semaphore state is
still safely recovered by later use, there is no waiter counter maintained
by userland code.
The main semaphore code is in libc and libthr only has some necessary stubs,
this makes it possible that a non-threaded application can use semaphore
without linking to thread library.
Old semaphore implementation is kept libc to maintain binary compatibility.
The kernel ksem API is no longer used in the new implemenation.
Discussed on: threads@
Std 1003.1-2008. Both Linux and Solaris conforms to the new definitions,
so we better follow too (older glibc used old BSDish alphasort prototype
and corresponding type of the comparision function for scandir). While
there, change the definitions of the functions to ANSI C and fix several
style issues nearby.
Remove requirement for "sys/types.h" include for functions from manpage.
POSIX also requires that alphasort(3) sorts as if strcoll(3) was used,
but leave the strcmp(3) call in the function for now.
Adapt in-tree callers of scandir(3) to new declaration. The fact that
select_sections() from catman(1) could modify supplied struct dirent is
a bug.
PR: standards/142255
MFC after: 2 weeks
Similar to libexec/, do the same with lib/. Make WARNS=6 the norm and
lower it when needed.
I'm setting WARNS?=0 for secure/. It seems secure/ includes the
Makefile.inc provided by lib/. I'm not going to touch that directory.
Most of the code there is contributed anyway.
r195175. Remove all definitions, documentation, and usage.
fifo_misc.c:
Remove all kqueue tests as fifo_io.c performs all those that
would have remained.
Reviewed by: rwatson
MFC after: 3 weeks
X-MFC note: don't change vlan_link_state() function signature
from googlecode:
* Support for zisofs compressed entries
* Support for relocated deep directories
* Direct calculation of link counts for accurate nlink values
even on images that lack Rockridge extensions
* Faster handling of the internal file lists.
* Better detection of ISO variants
1<<30 bytes of memory, which is required for some streams.
Also, try to make the taster more discriminating about raw lzma streams.
The detection here is still really weak, though; please use xz instead
of lzma.
* Write xattrs last instead of first (required on platforms that use
system xattrs for security attributes)
* Better handling of chdir() failures
* Don't bother trying to shorten files via seek()/write()
* Fix build on systems that lack link()/symlink()/mknod()
* Prefer futimens()/utimensat() when they're present
* Enforce option interface can only be used before the archive is opened
* Correctly handle large skips on platforms with 32-bit off_t
* Use int64_t instead of off_t
Fix some wrong usages.
Note: this does not affect generated binaries as this argument is not used.
PR: 137213
Submitted by: Eygene Ryabinkin (initial version)
MFC after: 1 month
The TTY line name should always be set for DEAD_PROCESS entries right
now. When we parse a clean utmp entry, we don't want to interpret it as
a DEAD_PROCESS entry if the TTY has never been used yet.
- Only set the fields in the ulog_utmpx structure that are valid for the
command in question. This means that strings like "shutdown" or "~"
are not visible to the user anymore.
- Rename UTXF_* to UTXI_*, indicating the indexation, instead of using
the `antique' filename. If we ever get rid of utmp, it makes little
sense calling it by its old name.
An older version of the code used a structure on the stack, instead of a
pointer to the structure. It looks like I didn't adjust the parameters
of the write(2) call, causing the first four/eight bytes of the entry to
be corrupted, instead of writing the entire entry to disk.
This brings hwpmc(4) support for 2nd and 3rd generation XScale cores.
Right now it's enabled by default to make sure we test this a bit.
When the time comes it can be disabled by default.
Tested on Gateworks boards.
A man page is coming.
Obtained from: //depot/user/rpaulo/xscalepmc/...
support to bzip2fs. This fixes problems with loading compressed amd64
kernel modules containing debug symbols.
Submitted by: David Naylor naylor.b.david (gmail)
MFC after: 1 week
The race condition is believed to be in UMTX_OP_MUTEX_WAKE. On ia64,
we simply go to the kernel to unlock.
The big question is why this is only a race condition on ia64...
MFC after: 3 days
used within FreeBSD base system only, and discourage user applications
from using it. User applications should use the expat version from the
ports/package collection.
Reviewed by: simon (earlier version)
MFC after: 2 weeks
The information used by the "Last login:"-line is obtained by using
ulog_setutxfile(3) to switch to the lastlog database. Login and logout
are performed using the utility functions ulog_login(3) and
ulog_logout(3).
This also means we must build libulog during bootstrap.
Approved by: des
1) Avoid an infinite loop in the header resync for certain malformed
archives.
2) Don't try to match hardlinks if the nlinks count is < 2. This
reduces the likelihood of a false hardlink match due to ino truncation.
MFC after: 7 days
Because several applications in /bin use libulog (or may use it in the
nearby future), it must not live inside /usr. It seems like we don't
need to add the copy from /usr/lib to ObsoleteFiles.inc, because it's
cleaned up during installation of libulog automatically.
Reported by: ume
of setenv(), putenv() and unsetenv() when dealing with corrupt entries in
environ. They now output a warning and complete their task without error.
MFC after: 1 week
instead of returning an error if a corrupt (not a "name=value" string) entry
in the environ array is detected when (re)-building the internal
environment. This should prevent applications or libraries from
experiencing issues arising from the expectation that these calls will
complete even with corrupt entries. The behavior is now as it was prior to
7.0.
Reviewed by: jilles
MFC after: 1 week
find a variable. Include a note that it must not cause the internal
environment to be generated since malloc() depends upon getenv(). To call
malloc() would create a circular dependency.
Recommended by: green
Approved by: jilles
MFC after: 1 week
The ulog_login_pseudo(3) and ulog_logout_pseudo(3) interfaces provide a
functionality identical to what libutempter has to offer. Just transform
libutempter's calls into the before mentioned functions.
libutempter doesn't work with utmpx, so instead of fixing I thought the
easiest way would be to integrate this functionality. libutempter is
used by applications like xterm and the KDE libraries, so if I ever
change the underlying file format, these applications will keep working
automatically.
Also increase __FreeBSD_version to indicate the addition (as well as the
import of libulog).
- Just like struct utmp, store strings inside struct utmpx itself. This
is needed to make things like pututxline() work.
- Add ut_id and ut_pid fields, even though they have little use in our
implementation.
- It turns out our "reboot" wtmp entries indicate a system boot, so
remove REBOOT_TIME
- Implement getutxline() and pututxline
- Add getutxuser() and setutxfile(), which allows us to crawl wtmp and
lastlog files as well.
- Add _ULOG_POSIX_NAMES, so we can already use the POSIX names if we
really want to.
The maximum length of a username has nothing to do with the size of the
username in the utmp files. Use MAXLOGNAME, which is defined as 17
(UT_USERSIZE + 1).
The entries in the argv array are not const themselves, but sometimes we
want to fill in const values. Just make the array const and use
__DECONST() to make it const for the execve()-call itself.
Also convert the only K&R prototype to ANSI.
Reviewed by: carvay,
the.infamous.paul@gmail.com,
Joan Picanyol i Puig <lists-freebsd-es@biaix.org>,
Ing . Marcos Luis Ortiz Valmaseda <mlortiz@uci.cu>,
eskanete@gmail.com,
Jose M Rodriguez <josemi@freebsd.jazztel.es>,
Guillermo Hernandez <guillermo@QuerySoft.es>,
dani.doni@gmail.com
One of the things I really want to do, is to get rid of the limitations
of our current utmp(5) mechanism:
- It only allows 8 byte TTY device names.
- The hostname only allows 16 bytes of storage.
I'm not a big fan of <utmpx.h>, but I think we should at least try to
add parts of it. Unfortunately we cannot implement <utmpx.h>, because we
miss various fields, such as ut_id, ut_pid, etc. The API provided by
libulog shares some similarities with <utmpx.h>, so it shouldn't be too
hard to port these applications eventually. In most simple cases, it
should just be a matter of removing the ulog_ prefix everywhere.
As a bonus, it also implements a function called ulog_login_pseudo(),
which allows unprivileged applications to write log entries, provided
they have a valid file descriptor to a pseudo-terminal master device.
libulog will allow a smoother transition to a new file format by adding
a library interface to deal with utmp/wtmp/lastlog files. I initially
thought about adding the functionality to libutil, but because I'm not
planning on keeping this library around forever, we'd better keep it
separated.
Next items on the todo list:
1. Port applications in the base system (and ports) to libulog, instead
of letting them use <utmp.h>.
2. Remove <utmp.h>, implement <utmpx.h> and reimplement this library on
top.
3. Port as many applications as possible back to <utmpx.h>.
long instead of an int when examining the results of select() to look for
RPC requests. Previously this routine would ignore RPC requests to sockets
whose file descriptor mod 64 was greater than 31 on a 64-bit platform.
PR: amd64/141130
Submitted by: liujb of array networks
MFC after: 3 days
Scrt1.o instead of crt1.o, since the later is built as non-PIC.
Separate i386-elf crt1.c into the pure assembler part and C code,
supplying all data extracted by assembler stub as explicit parameters [1].
Hide and localize _start1 symbol used as an interface between asm and
C code.
In collaboration with: kan
Inspired by: PR i386/127387 [1]
Prodded and tested by: rdivacky [1]
MFC after: 3 weeks
There are several reasons why it didn't work:
- It was missing <sys/cdefs.h> for __BEGIN_DECLS.
- It uses various primitive types that were not declared.
copied from NetBSD's manpage, and it also matches the behavior
described by the Open Group's online copy of setpgid.2 at
http://www.opengroup.org/onlinepubs/009695399/functions/setpgid.html
Obtained from: NetBSD
Submitted by: Petros Barbayiannis <petrosbarbayiannis@yahoo.gr>
MFC after: 1 week
**environ entries. This puts non-getenv(3) operations in line with
getenv(3) in that bad environ entries do not cause all operations to
fail. There is still some inconsistency in that getenv(3) in the
absence of any environment-modifying operation does not emit corrupt
environ entry warnings.
I also fixed another inconsistency in getenv(3) where updating the
global environ pointer would not be reflected in the return values.
It would have taken an intermediary setenv(3)/putenv(3)/unsetenv(3)
in order to see the change.
related to DNSSEC validation on a resolving name server that allows
access to untrusted users. If your system does not fall into all 3 of
these categories you do not need to update immediately.
execvPe() is called by _execvpe(), which we added to implement
posix_spawnp(). We just took execvP() and added the envp argument.
Unfortunately we forgot to change the implementation to use envp over
environ.
This fixes the following piece of code:
| char * const arg[2] = { "env", NULL };
| char * const env[2] = { "FOO=BAR", NULL };
| posix_spawnp(NULL, "/usr/bin/env", NULL, NULL, arg, env);
MFC after: 2 weeks
FTS_NOCHDIR option is used. fts_build() could strip a trailing slash
from path name in post-order visit if a path pointing to an empty
directory was given for fts_open().
PR: bin/133907, kern/134513
Reviewed by: das
Approved by: trasz (mentor)
MFC after: 1 month
from SUSv4 XSI. Note that the functions are obsoleted, and only
provided to ease porting from System V-like systems. Since sigpause
already exists in compat with different interface, XSI sigpause is
named xsi_sigpause.
Reviewed by: davidxu
MFC after: 3 weeks
and moving the default initialization of prec into the else clause.
The clang static analyzer erroneously thought that nsec can be used
uninitialized here; it was not actually possible, but better to make
the code clearer. (Clang can't know that sprintf() won't modify *pi
behind the scenes.)
uninitialized. Initialize it to a safe value so that there's no
chance of returning an error if stack garbage happens to be equal to
(size_t)-1 or (size_t)-2.
Found by: Clang static analyzer
MFC after: 7 days
a feature that libstdc++ depends on to simulate the behavior of libc's
internal '__isthreaded' variable. One benefit of this is that _libc_once()
is now private to _once_stub.c.
Requested by: kan
with the additional property that it is safe for routines in libc to use
in both single-threaded and multi-threaded processes. Multi-threaded
processes use the pthread_once() implementation from the threading library
while single-threaded processes use a simplified "stub" version internal
to libc. The libc stub-version of pthread_once() now also uses the
simplified "stub" version as well instead of being a nop.
Reviewed by: deischen, Matthew Fleming @ Isilon
Suggested by: alc
MFC after: 1 week
- fix a transfer cancelling bug/segfault [1]
- correct a return code in the transfer cancel function.
- add new API function, libusb20_tr_bulk_intr_sync().
Submitted by: HPS
Reported by: Robert Jenssen [1]
- fix a memory leak on the USB backend
- fix invalid pointer computations (in one case memory outside the allocated
area was written in LibUSB v1.0)
- make sure memory is always initialised, also in failing cases
- add missing functions from v1.0.4
PR: usb/140325
Reported by: Robert Jenssen
Submitted by: Hans Petter Selasky
MFC After: 3 days
