fixed. Natd now waits with select(2) for buffer space
to become available if write fails.
- Packet aliasing library upgraded to 2.2.
Submitted by: Ari Suutari <suutari@iki.fi>
is _break_ dns lookups entirely, and since reading the relevant docs and
source code does not enlighten for now, I'll remove this until more
basic research has been done into controlling the resolver's timeout
values.
the MEDIA_TIMEOUT variable. Just -current for now on this one as
I'm still wanting to play with this a bit and see what the ramifications
of doing this are.
Requested by: pst
1. Detecting the split /dev/ttyv0 / /dev/console case, e.g. you've
booted with the -h flag and you have a VGA card also.
2. Adding an extra "menu" for selecting terminal type and adding ANSI
to the list of compiled-in terms.
3. Opening the proper file descriptors before disowning ourselves.
Requested by: pst
at the end of gethostanswer()/getanswer()/whatever where it used to
return TRY_AGAIN. This breaks the domain list traversal in ypserv's
async DNS lookup module: it would only retry using the domain(s) from
the 'domain' or 'search' lines in /etc/resolv.conf if __dns_getanswer()
returned TRY_AGAIN.
Changed the test so that either TRY_AGAIN or NO_RECOVERY will work.
This seemed to me the best solution in the event somebody tries to
compile this code on an older system with a different version of BIND.
(You shouldn't do that of course, but then there's a lot of things
in the world that you shouldn't do and people do them anyway.)
is not sane: if the TTL on a pending but unanswered query hits 0 and the
circular queue entry is removed and free()d, the for() loop may still try
to use the entry pointer (which now points at no longer valid memory).
usually, deleting only the last entry off the end of the queue worked, but
if more than one was deleted, the server would crash. I changed things a
bit so this shouldn't happen anymore.
Also arranged to call the prune routine a bit more often.
diffes with NetBSD/OpenBSD. These changes seem to predate the NetBSD/OpenBSD
split, so it is hard to give proper credit for them.
Obtained from: OpenBSD.
overflow patches that were "near" to where these operations are taking
place. The buffer overflows are from OpenBSD. The setuid/seteuid patches
are from NetBSD by way of OpenBSD (they changed them a little), at least from
my read of the tree.
This is the first of a series of OpenBSD lpr/et al merges. It (and them)
should be merged back into 2.2 and/or 2.1 (if requested) branches when they
have been shaken out in -current.
Obtained from: OpenBSD
we decide to do a DNS lookup, we NUL terminate the key string provided
by the client before passing it into the DNS lookup module. This is
actually wrong. Assume the key is 'foo.com'. In this case, key.keydat_val
will be "foo.com" and key.keydat_len will be 7 (seven characters; the
string is not NUL-terminated so it is not 8 as you might expect).
The string "foo.com" is actually allocated by the XDR routines when the
RPC request is decoded; exactly 7 bytes are allocated. By adding a NUL,
the string becomes "foo.com\0", but the '\0' goes into an 8th byte which
was never allocated for this string and which could be anywhere. The result
is that while the initial request may succeed, we could trash other
dynamically allocated structures (like, oh, I dunno, the circular map
cache queue?) and SEGV later. This is in fact what happens.
The fix is to copy the string into a larger local buffer and NUL-terminate
that buffer instead.
Crash first reported by: Ricky Chan <ricky@come.net.uk>
Bug finally located with: Electric Fence 2.0.5
the hostname into. In theory the bind library should do this, but
in practice the limites between system defines and bind defines make
an attack using this vector possible. These patches have been in
use on my systems for three months now, so I am fairly confident about
them. I plan on commiting this to 2.2 and 2.1 in the near future,
as well as many other patches of this nature.
