Commit Graph

1695 Commits

Author SHA1 Message Date
Jilles Tjoelker
7b22b8da2f dup3(3): Replace copyright notice.
Although I copied dup(2) to create dup3(3), I removed almost all the
non-boilerplate, so dup3(3) is copyright me.

Reported by:	bjk
2013-08-18 13:25:18 +00:00
Jilles Tjoelker
0f3a4d8051 libc: Access _logname_valid more efficiently.
The variable _logname_valid is not exported via the version script;
therefore, change C and i386/amd64 assembler code to remove indirection
(which allowed interposition). This makes the code slightly smaller and
faster.

Also, remove #define PIC_GOT from i386/amd64 in !PIC mode. Without PIC,
there is no place containing the address of each variable, so there is no
possible definition for PIC_GOT.
2013-08-17 19:24:58 +00:00
Jilles Tjoelker
5219e2caba Add man page dup3(3). 2013-08-16 13:16:27 +00:00
Jilles Tjoelker
67560dcfb5 Add dup3(), based on F_DUP2FD and F_DUP2FD_CLOEXEC fcntls.
I removed functionality not proposed for POSIX in Austin group issue #411.
A man page (my own) and test cases will follow in later commits.

PR:		176233
Submitted by:	Jukka Ukkonen
2013-08-16 13:10:30 +00:00
Andrey A. Chernov
c08f11b07c According to POSIX \ in the fnmatch(3) pattern should escape
any character including '\0', but our version replace escaped '\0'
with '\\'.
I.e. fnmatch("\\", "\\", 0) should not match while fnmatch("\\", "", 0)
should (Linux and NetBSD does the same). Was vice versa.

PR:     181129
MFC after:      1 week
2013-08-08 09:04:02 +00:00
Andrey Zonov
20dd2f38dc Remove define and documentation for vm_pageout_algorithm missed in r253587 2013-07-26 02:00:06 +00:00
Jilles Tjoelker
8d0f6b5fc2 wordexp(): Fix syntax validation for backslashes in single-quotes. 2013-07-23 21:09:26 +00:00
Hiroki Sato
0c919b730c Fix mdoc syntax.
Pointed out by:	joeld
2013-07-13 08:17:55 +00:00
Hiroki Sato
4825b1e098 Add a leaf node CTL_NET.PF_ROUTE.0.AF.NET_RT_DUMP.0.FIB. This returns
routing table with the specified FIB number, not td->td_proc->p_fibnum.
2013-07-12 12:36:12 +00:00
Jilles Tjoelker
61c2a6184e libc: Access _sigintr more efficiently.
The variable _sigintr is not exported via the version script; therefore,
tell the compiler that no indirection (to allow interposition) is needed.
2013-06-30 20:51:15 +00:00
Joel Dahl
580dbd6574 mdoc: convert .Fd to .In, which is much nicer. 2013-06-04 07:37:06 +00:00
Ed Maste
e2e9c35fa4 Remove the advertising clause from the Regents of the University of
California's license, per the letter dated July 22, 1999.
2013-05-28 21:05:06 +00:00
Konstantin Belousov
55a1911ef2 The getcontext() from the __fillcontextx() call in the
check_deferred_signal() returns twice, since handle_signal() emulates
the return from the normal signal handler by sigreturn(2)ing the
passed context.  Second return is performed on the destroyed stack
frame, because __fillcontextx() has already returned.  This causes
undefined and bad behaviour, usually the victim thread gets SIGSEGV.

Avoid nested frame and the need to return from it by doing direct call
to getcontext() in the check_deferred_signal() and using a new private
libc helper __fillcontextx2() to complement the context with the
extended CPU state if the deferred signal is still present.

The __fillcontextx() is now unused, but is kept to allow older
libthr.so to be used with the new libc.

Mark __fillcontextx() as returning twice [1].

Reported by:	pgj
Pointy hat to:	kib
Discussed with:	dim
Tested by:	pgj, dim
Suggested by:	jilles [1]
MFC after:	1 week
2013-05-28 04:54:16 +00:00
Ed Schouten
8ed7462feb Update manpages for r250887.
Remove the lists of unneeded header files.

Requested by:	eadler
2013-05-21 21:39:18 +00:00
Jilles Tjoelker
e9dec7758d popen(): Add 'e' mode character to set close-on-exec on the new fd.
If 'e' is used, the kernel must support the recently added pipe2() system
call.

The use of pipe2() with O_CLOEXEC also fixes race conditions between
concurrent popen() calls from different threads, even if the close-on-exec
flag on the fd of the returned FILE is later cleared (because popen() closes
all file descriptors from earlier popen() calls in the child process).
Therefore, this approach should be used in all cases when pipe2() can be
assumed present.

The old version of popen() rejects "re" and "we" but treats "r+e" like "r+".
2013-05-20 17:31:18 +00:00
Sergey Kandaurov
b6dd17329c Typo. 2013-05-12 05:54:58 +00:00
Jilles Tjoelker
38cf77de66 posix_spawn_file_actions_adddup2(3): Document difference with dup2().
The ability to clear a file descriptor's close-on-exec flag via
posix_spawn_file_actions_adddup2() is in fact proposed in Austin Group issue
#411.

MFC after:	1 week
2013-05-09 21:29:13 +00:00
Jilles Tjoelker
39e499a8d2 posix_spawn_file_actions_addopen(3): Correct error for bad file descriptor.
As per POSIX.1-2008, posix_spawn_file_actions_add* return [EBADF] if a file
descriptor is negative, not [EINVAL]. The bug was only in the manual page;
the code is correct.

MFC after:	1 week
2013-05-09 16:42:01 +00:00
Jilles Tjoelker
ae4c676c55 wordexp(): Simplify code by deferring work to sh. 2013-05-09 11:43:45 +00:00
Sergey Kandaurov
e0906c9a0d POSIX 1003.1-2008: add ENOTRECOVERABLE, EOWNERDEAD errnos. 2013-05-04 19:07:22 +00:00
Jilles Tjoelker
34d0fed913 sysconf(3): Correct the description of _SC_OPEN_MAX.
Reported by:	bde
MFC after:	1 week
2013-04-26 21:43:42 +00:00
Eitan Adler
d001beb260 - sl_find does not modify 'name'
- make the prototype of sl_find match NetBSD

Reviewed by:	jilles
Approved by:	cperciva (mentor)
MFC After:	3 days
2013-04-23 13:03:03 +00:00
Eitan Adler
240f872cb8 Switch from K&R prototypes to modern C
Reviewed by:	jilles
Approved by:	cperciva (mentor)
MFC After:	3 days
2013-04-23 13:03:01 +00:00
Jilles Tjoelker
00e080be77 pututxline: Don't set errno=0 in subfunctions.
The functions utx_active_add(), utx_active_remove(), utx_lastlogin_add() and
utx_log_add() set errno to 0 if they are successful. This not only violates
POSIX if pututxline() is successful, but may also overwrite a valid error
with 0 if, for example, utx_lastlogin_add() fails while utx_log_add()
succeeds.

Reviewed by:	ed
2013-04-17 21:08:15 +00:00
Joel Dahl
9adbae037d mdoc: remove superfluous paragraph macro. 2013-04-16 20:31:15 +00:00
John Baldwin
8916af883c - Document that sem_wait() can fail with EINTR if it is interrupted by a
signal.
- Fix the old ksem implementation for POSIX semaphores to not restart
  sem_wait() or sem_timedwait() if interrupted by a signal.

MFC after:	1 week
2013-04-16 20:26:31 +00:00
Ed Maste
b4c19408e9 Spelling correction 2013-04-11 20:15:37 +00:00
Jilles Tjoelker
70d41b5846 wordexp(): Remove wrong IFS usage.
Words in shell script are separated by spaces or tabs independent of the
value of IFS. The value of IFS is only relevant for the result of
substitutions. Therefore, there should be a space between 'wordexp' and the
words to be expanded, not an IFS character.

Paranoia might dictate that the shell ignore IFS from the environment (even
though our sh currently uses it), so do not depend on it in the new test
case.
2013-04-01 20:50:07 +00:00
Brooks Davis
778c12a624 Update to the latest (un)vis(3) sources from NetBSD. This adds
multibyte support[0] and the new functions strenvisx and strsenvisx.

Add MLINKS for vis(3) functions add by this and the initial import from
NetBSD[1].

PR:		bin/166364, bin/175418
Submitted by:	"J.R. Oldroyd" <fbsd@opal.com>[0]
		stefanf[1]
Obtained from:	NetBSD
MFC after:	2 weeks
2013-03-14 23:51:47 +00:00
Sergey Kandaurov
5fc3f0cad0 Link getcontextx(3) to getcontext(3).
Reviewed by:	kib
MFC after:	1 week
2013-03-13 18:19:33 +00:00
Sergey Kandaurov
be63e70370 Add the getcontextx prototype to SYNOPSIS.
Reviewed by:	kib
MFC after:	1 week
2013-03-13 18:18:16 +00:00
Pawel Jakub Dawidek
d6f122f4fb Provide cap_sandboxed(3) function, which is a wrapper around cap_getmode(2)
system call, which has a nice property - it never fails, so it is a bit
easier to use. If there is no support for capability mode in the kernel
the function will return false (not in a sandbox). If the kernel is compiled
with the support for capability mode, the function will return true or false
depending if the calling process is in the capability mode sandbox or not
respectively.

Sponsored by:	The FreeBSD Foundation
2013-03-02 00:11:27 +00:00
Jilles Tjoelker
c6344d08bb libc/opendir: Improve behaviour of union uniquifier:
* Reopen the directory using openat(fd, ".", ...) instead of opening the
  pathname again. This fixes a race condition where the meaning of the
  pathname changes and allows a reopen with fdopendir().
* Always reopen the directory for union stacks, not only when DTF_REWIND
  is passed. Applications should be able to fchdir(dirfd(dir)) and
  *at(dirfd(dir), ...). DTF_REWIND now does nothing.
2013-02-24 20:53:32 +00:00
David Xu
17001e0b94 Make more code be protected by internal mutex, and now it is fork-safe, in
error case, the file exclusive lock is now released as soon as possible,
in previous code, child process can still hold the exclusive lock.
2013-02-17 02:52:42 +00:00
Pawel Jakub Dawidek
1f2ce2a086 Put one file per line so it is easier to read diffs against those files. 2013-02-16 22:21:46 +00:00
David Xu
a9c09aee21 Simplify code by using flag O_EXLOCK.
PR: kern/175674
2013-02-16 06:07:07 +00:00
Jilles Tjoelker
ad7d20c921 fts: Use O_DIRECTORY when opening name that might be changed by attacker.
There are uncommon cases where fts_safe_changedir() may be called with a
non-NULL name that is not "..". Do not block or worse if an attacker put (a
(symlink to) a fifo or device where a directory used to be.

MFC after:	1 week
2013-02-10 23:09:15 +00:00
Brooks Davis
62557825cc Add contrib/libc-vis to the include path so we reliably pick up the right
version of vis.h.

Reported by:	dim
2013-01-11 17:51:03 +00:00
Brooks Davis
30bd63bc4a In r244401 I accidently moved strunvis and strunvisx from version 1.0 to
1.3 breaking the libc ABI. Revert that change (breaking the ABI again
for users who updated after December 18th).
2013-01-11 15:50:01 +00:00
Xin LI
53e075c0b9 - Reduce buffer size from LINE_MAX to PATH_MAX, there is no point to store
path longer than this.
 - Fix an unreached case of check against sizeof buf, which in turn leads
   to an off-by-one nul byte write on the stack.  The original condition
   can never be satisfied because the passed boundary is the maximum value
   that can be returned, so code was harmless.

MFC after:	1 month
2012-12-21 22:20:59 +00:00
Brooks Davis
8ccca1222d Replace our implementation of the vis(3) and unvis(3) APIs with
NetBSD's.  This output size limited versions of vis and unvis functions
as well as a set of vis variants that allow arbitrary characters to be
specified for encoding.

Finally, MIME Quoted-Printable encoding as described in RFC 2045 is
supported.
2012-12-18 16:37:24 +00:00
Pawel Jakub Dawidek
997b5d9426 Eliminate redundant variable. 2012-12-12 15:27:33 +00:00
Jilles Tjoelker
1084b38bea libc: Make various internal file descriptors close-on-exec.
These are obtained via fopen().
2012-12-10 17:56:51 +00:00
Jilles Tjoelker
273e3bbfe6 libc: Use the new 'e' fopen() mode option to simplify fstab.c.
No functional change is intended.
2012-12-04 16:54:43 +00:00
Marcel Moolenaar
daab0b01ed Protect against DoS attacks, such as being described in CVE-2010-2632.
The changes were derived from what has been committed to NetBSD, with
modifications. These are:
1.  Preserve the existsing GLOB_LIMIT behaviour by including the number
    of matches to the set of parameters to limit.
2.  Change some of the limits to avoid impacting normal use cases:
    GLOB_LIMIT_STRING - change from 65536 to ARG_MAX so that glob(3)
	can still provide a full command line of expanded names.
    GLOB_LIMIT_STAT - change from 128 to 1024 for no other reason than
	that 128 feels too low (it's not a limit that impacts the
	behaviour of the test program listed in CVE-2010-2632).
    GLOB_LIMIT_PATH - change from 1024 to 65536 so that glob(3) can
	still provide a fill command line of expanded names.
3.  Protect against buffer overruns when we hit the GLOB_LIMIT_STAT or
    GLOB_LIMIT_READDIR limits. We append SEP and EOS to pathend in
    those cases. Return GLOB_ABORTED instead of GLOB_NOSPACE when we
    would otherwise overrun the buffer.

This change also modifies the existing behaviour of glob(3) in case
GLOB_LIMIT is specifies by limiting the *new* matches and not all
matches. This is an important distinction when GLOB_APPEND is set or
when the caller uses a non-zero gl_offs. Previously pre-existing
matches or the value of gl_offs would be counted in the number of
matches even though the man page states that glob(3) would return
GLOB_NOSPACE when gl_matchc or more matches were found.

The limits that cannot be circumvented are GLOB_LIMIT_STRING and
GLOB_LIMIT_PATH all others can be crossed by simply calling glob(3)
again and with GLOB_APPEND set.

The entire description above applies only when GLOB_LIMIT has been
specified of course. No limits apply when this flag isn't set!

Obtained from: Juniper Networks, Inc
2012-12-01 21:26:46 +00:00
Marcel Moolenaar
43cc14e088 In globextend(), take advantage of the fact that realloc(NULL, size) is
equivalent to malloc(size). This eliminates the conditional expression
used for calling either realloc() or malloc() when realloc() will do
all the time.
2012-12-01 17:50:39 +00:00
Marcel Moolenaar
b628fac5ea In globextend() when the pathv vector cannot be (re-)allocated, don't
free and clear the gl_pathv pointer in the glob_t structure. Such
breaks the invariant of the glob_t structure, as stated in the comment
right in front of the globextend() function. If gl_pathv was non-NULL,
then gl_pathc was > 0. Making gl_pathv a NULL pointer without also
setting gl_pathc to 0 is wrong.

Since we otherwise don't free the memory associated with a glob_t in
error cases, it's unlikely that this change will cause a memory leak
that wasn't already there to begin with. Callers of glob(3) must
call globfree(3) irrespective of whether glob(3) returned an error
or not.
2012-12-01 17:44:06 +00:00
Joel Dahl
90c819e0a0 mdoc: Use the Ev macro for environmental variables. 2012-11-16 12:03:50 +00:00
Greg Lehey
c90e931745 Complete man page.
MFC after:	2 weeks
2012-11-16 01:41:42 +00:00
Konstantin Belousov
eb3d4e1fbd Implement the waitid() SUSv4 function using wait6() system call.
PR:	standards/170346
Submitted by:	"Jukka A. Ukkonen" <jau@iki.fi>
MFC after:	1 month
2012-11-13 12:55:52 +00:00