The environment variable TMPDIR was copied unchecked into a fixed-size heap
buffer. Use a length-limiting snprintf in place of ordinary sprintf to
prevent the overflow. Long TMPDIR variables can still cause odd truncated
filenames, which may be undesirable.
Reported by: Coverity (CWE-120)
CIDs: 1006706, 1006707
Sponsored by: Dell EMC Isilon
When the replay window size is large than UINT8_MAX, add to the request
the SADB_X_EXT_SA_REPLAY extension header that was added in r309144.
Also add support of SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT,
SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR,
SADB_X_EXT_SA_REPLAY, SADB_X_EXT_NEW_ADDRESS_SRC, SADB_X_EXT_NEW_ADDRESS_DST
extension headers to the key_debug that is used by `setkey -x`.
Modify kdebug_sockaddr() to use inet_ntop() for IP addresses formatting.
And modify kdebug_sadb_x_policy() to show policy scope and priority.
Reviewed by: gnn, Emeric Poupon
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D10375
- State that the units are kB.
- Be more complete/concise in terms of what is required (in this case
`minfree` must be at least `X`kB)
MFC after: 7 weeks
Sponsored by: Dell EMC Isilon
The problem is that the statfs(2) system call used to determine the relevant
mount point returns path within real root in the f_mntonname, causing
nmount(2) system call to fail with ENOENT.
Use a bit of heuristics to skip over few starting path elements when it
happens until we hit an actual mount point.
For this to work properly the whole mount should be accessible within the
chroot, it's going to still fail if chroot only has access to a part of the
mounted fs.
Reviewed by: mckusick
Approved by: mckusick
MFC after: 2 weeks
The code was calling nmount with an fstype of everything in the program
name after the last '_'. This was there to support mount_nfs being
linked to mount_oldnfs. Support for the link was removed in 2015 with
r281691.
Reviewed by: rmacklem
Obtained from: CheriBSD
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D10301
An unhandled error case would result in passing SIZE_MAX to malloc.
While I'm here, remove an unnecessary NULL check before free
Reported by: Coverity
CID: 1017793
MFC after: 3 weeks
Sponsored by: Spectra Logic Corp
was the first release of an OS to ship with it.
Heads up by Ingo Schwarze.
Approved by: bcr (mentor)
MFC after: 5 days
Differential Revision: https://reviews.freebsd.org/D10209
The module is designed for modification of a packets of any protocols.
For now it implements only TCP MSS modification. It adds the external
action handler for "tcp-setmss" action.
A rule with tcp-setmss action does additional check for protocol and
TCP flags. If SYN flag is present, it parses TCP options and modifies
MSS option if its value is greater than configured value in the rule.
Then it adjustes TCP checksum if needed. After handling the search
continues with the next rule.
Obtained from: Yandex LLC
MFC after: 2 weeks
Relnotes: yes
Sponsored by: Yandex LLC
No objection from: #network
Differential Revision: https://reviews.freebsd.org/D10150
This opcode can be used to attach some data to external action opcode.
And unlike to O_EXTERNAL_INSTANCE opcode, this opcode does not require
creating of named instance to pass configuration arguments to external
action handler. The data is coming just next to O_EXTERNAL_ACTION opcode.
The userlevel part currenly supports formatting for opcode with ipfw_insn
size, by default it expects u16 numeric value in the arg1.
Obtained from: Yandex LLC
MFC after: 2 weeks
Sponsored by: Yandex LLC
Also make sure that the renewal is never more than 1/2 * expiry and
rebind never more than 7/4 * renewal (the default values in the spec).
This should allow adjusting high values from the server as well as
making sure the values from the server make sense.
Renewal and rebind times will be adjusted down if the expiry time is set
very high in a server, not the other way around. This change just makes
sure the values keep making sense.
Describe (briefly) how to compile the filesystem into the kernel and
load as a module.
Reference cd9660(5) in mount(8) and mount_cd9660(8).
MFC after: 1 month
Sponsored by: Dell EMC Isilon
it is preceded by \.
foo="I \"like\" C++"
gives the value 'I "like" C++' to the variable 'foo'. If a character
other than " follows the \, both the \ and that character are passed
through.
Differential Revision: https://reviews.freebsd.org/D6286
Sponsored by: Netflix
Since the state name is an optional argument, it often can conflict
with other options. To avoid ambiguity now the state name must be
prefixed with a colon.
Obtained from: Yandex LLC
MFC after: 2 week
Sponsored by: Yandex LLC
With the following in /etc/fstab:
/dev/gpt/swap.eli none swap sw,late 0 0
swap will not be enabled, with `swapon -aL' complaining:
swapon: Invalid option: late
This happens because swap_on_geli_args() which parses geli arguments
out of all mount options does not expect late or noauto among them.
Fix this by explicitly allowing these arguments.
Reviewed by: jilles
Approved by: jilles
MFC after: 2 weeks
Differential Revision: D9835
that they still work. These utilities have become out of sync with the
code in the kernel and need work to bring them back into shape.
Most people test on real systems or VMs on real networks.
Suggested by: glebius
that they still work. These utilities have become out of sync with the
code in the kernel and need work to bring them back into shape.
Most people test on real systems or VMs on real networks.
Sugested by: glebius
This ensures the storage isn't leaked when non-NULL and the function
returns early, prior to the `free(vendor)` later on in the function.
MFC after: 1 week
Reported by: Coverity
CID: 1007111-1007113
Reviewed by: cem
Sponsored by: Dell EMC Isilon
Differential Revision: D9993
The memory stored by `lease` would have previously been leaked if an
unterminated lease declaration was found in an early-return code path.
MFC after: 1 week
Reported by: clang static analyzer, Coverity
CID: 1007114
Submitted by: Tom Rix <trix@juniper.net>
Sponsored by: Dell EMC Isilon; Juniper, Inc
Differential Revision: D9992
The netipsec headers are referenced via netipsec/..., not ./... .
Thus, assuming that the netipsec/... is nested under ${SRCTOP}/sys/netipsec
is wrong.
This tripped up some individuals building ^/head on systems pre-r314812.
MFC after: 1 week
Reported by: Roberto Rodriguez Jr <rob.rodz.jr9@gmail.com>
Sponsored by: Dell EMC Isilon
gpart(8) has functionality to change the label of an GPT partition.
This functionality works like it should, however, after a label change
the /dev/gpt/ entries remain unchanged. glabel(8) status output remains
unchanged. The change only takes effect after a reboot.
PR: 162690
Submitted by: sub.mesa@gmail, Ben RUBSON <ben.rubson@gmail.com>, ae
Reviewed by: allanjude, bapt, bcr
MFC after: 6 weeks.
Differential Revision: https://reviews.freebsd.org/D9935
- Note existence of -m option.
- Note that -s applies to rule keyword, only, by adding usage text
specifically for the `rule` and `ruleset` keywords.
Don't go into any further detail in usage(..) -- it's best that one
reads the manpage to get a better idea of how things work as there are
a number of different option-specific keywords and arguments, as well
as some rule grammar.
MFC after: 1 week
Sponsored by: Dell EMC Isilon
Currently are defined three scopes: global, ifnet, and pcb.
Generic security policies that IKE daemon can add via PF_KEY interface
or an administrator creates with setkey(8) utility have GLOBAL scope.
Such policies can be applied by the kernel to outgoing packets and checked
agains inbound packets after IPsec processing.
Security policies created by if_ipsec(4) interfaces have IFNET scope.
Such policies are applied to packets that are passed through if_ipsec(4)
interface.
And security policies created by application using setsockopt()
IP_IPSEC_POLICY option have PCB scope. Such policies are applied to
packets related to specific socket. Currently there is no way to list
PCB policies via setkey(8) utility.
Modify setkey(8) and libipsec(3) to be able distinguish the scope of
security policies in the `setkey -DP` listing. Add two optional flags:
'-t' to list only policies related to virtual *tunneling* interfaces,
i.e. policies with IFNET scope, and '-g' to list only policies with GLOBAL
scope. By default policies from all scopes are listed.
To implement this PF_KEY's sadb_x_policy structure was modified.
sadb_x_policy_reserved field is used to pass the policy scope from the
kernel to userland. SADB_SPDDUMP message extended to support filtering
by scope: sadb_msg_satype field is used to specify bit mask of requested
scopes.
For IFNET policies the sadb_x_policy_priority field of struct sadb_x_policy
is used to pass if_ipsec's interface if_index to the userland. For GLOBAL
policies sadb_x_policy_priority is used only to manage order of security
policies in the SPDB. For IFNET policies it is not used, so it can be used
to keep if_index.
After this change the output of `setkey -DP` now looks like:
# setkey -DPt
0.0.0.0/0[any] 0.0.0.0/0[any] any
in ipsec
esp/tunnel/87.250.242.144-87.250.242.145/unique:145
spid=7 seq=3 pid=58025 scope=ifnet ifname=ipsec0
refcnt=1
# setkey -DPg
::/0 ::/0 icmp6 135,0
out none
spid=5 seq=1 pid=872 scope=global
refcnt=1
No objection from: #network
Obtained from: Yandex LLC
MFC after: 2 weeks
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D9805
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.
Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96