getcwd() has two off-by-one bugs in FreeBSD-2.0:
1. getcwd(buf, size) fails when the size is just large enough.
2. getcwd(buf + 1, 1) incorrectly succeeds when the current directory
is "/". buf[0] and buf[2] are clobbered.
(I modified Bruce's original patch to return the proper error code
[ERANGE] in the case of #2, but otherwise... -DG)
This program demonstrates the bug:
---
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <unistd.h>
int main(void)
{
char buf[5];
int errors;
errors = 0;
if (chdir("/tmp") != 0) {
perror("chdir");
abort();
}
if (getcwd(buf, 5) == NULL) {
perror("oops, getcwd failed for buffer size = size required");
++errors;
}
if (chdir("/") != 0) {
perror("chdir");
abort();
}
buf[0] = 0;
buf[2] = 1;
if (getcwd(buf + 1, 1) != NULL) {
fprintf(stderr,
"oops, getcwd succeeded for buffer size = one too small\n");
++errors;
}
if (buf[0] != 0) {
fprintf(stderr,
"oops, getcwd scribbled on memory before start of buffer\n");
++errors;
}
if (buf[2] != 1) {
fprintf(stderr,
"oops, getcwd scribbled on memory after end of buffer\n");
++errors;
}
exit(errors == 0 ? 0 : 1);
}
pointer returned by realloc(). All callers free the pointer if the
execve fails. Nuke the caching. This essentially restores buildargv()
to the 1.1.5 version. Also fix a memory leak if realloc() fails. Also
nuke similar but non-broken caching in execvp(). malloc() should be
efficient enough.
command available yet.
Changed an entry in getprcent.3 from rpcinfo(8C) to rpcinfo(8).
Changed an entry in getrpcport.3 from 3R to 3.
Changed two entries in rpc.3 from 3N to 3.
incredibly obnoxious, but also makes inverse mappings work when the local
resolver is in a cache-only configuration. (Maybe this is actually
a bug in BIND?)
pointer if len is 0. I should have looked at the revision history - I would
have found that Bruce already fixed the bug with len=0 over a month ago.
Whoever said that the bug was in 2.0 was wrong.
Change the reference for the libtermcap libtermlib link from SHLIBDIR
to LIBDIR. SHLIBDIR is undefined in the standard case.
termcap.c:
Initialize a local variable to zero. Otherwise an erroneous free call
can happen and clobber the calling program.
Seen with vi and gdb. If you have TERMCAP set with a terminal entry and
set TERM with something like huhu, vi and gdb core dumps.
for Wine support. The current snapshot of wine works fine with this.
This should go into the beta as the code which it calls in the kernel is
already there, and works fine.
$(DESTDIR)/$(LIBDIR) (I need SHLIBDIR. The / was a bug and the
$(...) style was inconsistent.)
Install ordinary libraries in ${DESTDIR}${LIBDIR} instead of in
$(DESTDIR)/$(LIBDIR).
Change remaining $(...) to ${...}.
later be applied to a number of programs (inetd for instance) to clean
out the bogus code doing the same thing, modulus all the bugs.
If you need to read a '#'-is-a-comment-file, please use these routines.
I realize that the shlib# should be bumped (for the non-US world:
increased by something), but will defer this until something significant
happens.
input fields. It reads a template file passed to init_forms(char *)
and creates a curses based form editor. See the examples directory
for a basic demo.
This effectively changes the non-DES password algoritm.
If you have the "securedist" installed you will have no problems with this.
(Though you might want to consider using this password-encryption instead
of the DES-based if your system is likely to be hacked)
If you are running a -current system without the "securedist" installed:
YOU WILL NEED TO CHANGE ALL PASSWORDS !! There is no backwards mode.
Suggested procedure is:
Update your sources
cd /usr/src/lib/libcrypt
make clean
make all
make install
passwd root
<set roots new password>
change password for any other users on the system.
This algorithm is expected to be much better than the traditional DES-
based algorithm. It uses the MD5 algorithm at what it is best at, as
opposed to the DES algorithm at something it isn't good at at all. The
algorithm is designed such that it should very hard to shortcut the
calculations needed to build a dictionary, and to make partial knowledge
(Hmm, his password starts with a 'P'...) useless. Of course if somebody
breaks the MD5 algorithm this looses too.
The salt is 48 bits (8 char @ base64).
The encrypted password is 128 bits.
And I am positively delighted to say that it takes 34 msec to crypt() a
password on a Pentium/60Mhz, so building a dictionary is not really an
option for hackers at the moment.
Given the right circumstances, a call to kvm_open can result in a core
dump.
The diff belows fixes this (note that this change is already in the
NetBSD code). Could somebody apply this?
Gary J.
Submitted by: gj
From: Chris Torek <torek@bsdi.com>
Here is a semi-official patch (apply to /usr/src/lib/libc/stdio/fseek.c,
rebuild libc, install). The current code fails when the seek:
- is optimized, and
- is to just past the end of the block currently in the buffer, and
- is followed by another seek with no intervening read operation, and
- the destination of subsequent seek is within the block left in the
buffer (seeking to the beginning of a block does not force a read,
so the buffer still contains the previous block)
so it is indeed rather obscure.
I may have a different `final' fix, as this one `loses' the buffer
contents on a seek that goes just past the end of the current block.
[Footnote: seeks are optimized only on read-only opens of regular
files that are buffered by the file's optimal I/O size. This is
what you get with fopen(path, "r") and no call to setvbuf().]
Obtained from: [ BSDI mailing list ]
I know that many of these entries are bogus and need to be revisited,
but let's get the tree working again for now and then do a pass through
looking at all the __FreeBSD__ entries, shall we?
While trying to figure out why rlogind wasn't working right for root,
I noticed that man wouldn't come back with a man page for iruserok, but
it would for ruserok. Checking the lib/net directory's Makefile.inc
file shows that the link to the rcmd man page just isn't getting
created.
>How-To-Repeat:
Do a 'man iruserok' and notihing will come back, where a 'man ruserok'
will.
Submitted by: Brian Moore <ziff@houdini.eecs.umich.edu>
Obtained from: NetBSD-bugs mailing list
on terminals with no pad char (cons25) and quote from tputs.c says so too:
! * Too bad there are no user program accessible programmed delays.
! * Transmitting pad characters slows many
! * terminals down and also loads the system.
and don't return error, if non-terminals. This fix allows curses
to work into full duplex pipes under control of main program,
like good old curses does.
getnet* configuration. (It's highly unlikely that you'd want to do
something different, and network lookups aren't common enough to justify
their own configuration file.)
DANGER WILL ROBINSON!
_PATH_UNIX is currently defined as the literal string "don't use this".
I am of two minds about this myself, but wanted to get something into the
tree as quickly as possible.