Before, we were using
while (*p++ && --len > 0);
to do this. However, len doesn't get decremented for the NUL byte, so when
we used len later to see if we still have CIS left for some optional fields,
we'd run off the end of an array and dump core.
Instead, replace it with
len -= strlen(p) + 1;
p += strlen(p) + 1;
which is more correct. It is a little bogus to assume that p points to
a valid C string, but only a little. The PC Card SPEC mandates that it
does, and we already depend on that with the use of strdup a few lines
earlier. Since much of the rest of the cis parsing code isn't hyper
retentive about error checking, I'll leave that level of checking for
another time and/or another committer :-).
automatically extended to prevent overflow.
* Added sbuf_vprintf(); sbuf_printf() is now just a wrapper around
sbuf_vprintf().
* Include <stdio.h> and <string.h> when building libsbuf to silence
WARNS=4 warnings.
Reviewed by: des
macro. As a result, mandatory signal delivery policies will be
applied consistently across the kernel.
- Note that this subtly changes the protection semantics, and we should
watch out for any resulting breakage. Previously, delivery of SIGIO
in this circumstance was limited to situations where the subject was
privileged, or where one of the subject's (ruid, euid) matched one
of the object's (ruid, euid). In the new scenario, subject (ruid, euid)
are matched against the object's (ruid, svuid), and the object uid's
must be a subset of the subject uid's. Likewise, jail now affects
delivery, and special handling for P_SUGID of the object is present.
This change can always be reversed or tweaked if it proves to disrupt
application behavior substantially.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
authorized based on a subject credential rather than a subject process.
This will permit the same logic to be reused in situations where only
the credential generating the signal is available, such as in the
delivery of SIGIO.
- Because of two clauses, the automatic success against curproc,
and the session semantics for SIGCONT, not all logic can be pushed
into cr_cansignal(), but those cases should not apply for most other
consumers of cr_cansignal().
- This brings the base system inter-process authorization code more
into line with the MAC implementation.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
fifesystem problems could prevent the release from completing and
this could result in init being blocked indefinitely.
This was looked over by Matt ages ago.
Approved by: dillon
the first revision of strcpy(3)'s section is included, but should be
removed as the Security Architecture document is committed and
completed.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
o Combine ufs.7 and ffs.7 into a single ffs.7 man page.
o Remove all references to `ufs' as a file system.
o Proper (lack of) capitalization for `ffs'.
Obtained from: TrustedBSD Project
Sposnored by: DARPA, NAI Labs
Hiroyuki YAMAMORI gave a patch for the EPRT command in the
PR below. Problems with the rest of the patch are my fault.
PR: 33268
Reviewed by: iedowse, sheldonh
SMTX in utils such as ps and top. The KI_CTTY flag was assigned to
kinfo_proc->ki_kiflag rather than or'd into the flag, thus clobbering
any flags set earlier, including KI_MTXBLOCK.
Prodding by: peter
mutex releases to not require flags for the cases when preemption is
not allowed:
The purpose of the MTX_NOSWITCH and SWI_NOSWITCH flags is to prevent
switching to a higher priority thread on mutex releease and swi schedule,
respectively when that switch is not safe. Now that the critical section
API maintains a per-thread nesting count, the kernel can easily check
whether or not it should switch without relying on flags from the
programmer. This fixes a few bugs in that all current callers of
swi_sched() used SWI_NOSWITCH, when in fact, only the ones called from
fast interrupt handlers and the swi_sched of softclock needed this flag.
Note that to ensure that swi_sched()'s in clock and fast interrupt
handlers do not switch, these handlers have to be explicitly wrapped
in critical_enter/exit pairs. Presently, just wrapping the handlers is
sufficient, but in the future with the fully preemptive kernel, the
interrupt must be EOI'd before critical_exit() is called. (critical_exit()
can switch due to a deferred preemption in a fully preemptive kernel.)
I've tested the changes to the interrupt code on i386 and alpha. I have
not tested ia64, but the interrupt code is almost identical to the alpha
code, so I expect it will work fine. PowerPC and ARM do not yet have
interrupt code in the tree so they shouldn't be broken. Sparc64 is
broken, but that's been ok'd by jake and tmm who will be fixing the
interrupt code for sparc64 shortly.
Reviewed by: peter
Tested on: i386, alpha
at first and try to set an accept_filter(9) on it only after that.
Also document errno value that will be set if installing the
filter on a non-listening socket.