95217 Commits

Author SHA1 Message Date
Tim J. Robbins
1a7c9b7f5e Fix two buffer overflows caused by off-by-one errors: avoid writing a null
character 1 byte past the end of cmdline[] when libedit is being used for
input, and avoid writing a null pointer 1 element past the end of margv[].

Reviewed by:		gad
2003-10-13 07:24:22 +00:00
Bruce Evans
1f85f71570 Include <nlist.h> for nlist-related declarations instead of depending on
namespace pollution in <kvm.h>.
2003-10-13 05:30:20 +00:00
Sam Leffler
7d4bf9ccb1 remove dangling mtx_unlock orphaned by rev 1.21 change 2003-10-13 04:57:31 +00:00
Hajimu UMEMOTO
79203b9869 support AES XCBC MAC for AH.
Obtained from:	KAME
2003-10-13 04:56:04 +00:00
Hajimu UMEMOTO
c65ee7c758 - support AES XCBC MAC for AH
- correct SADB_X_AALG_RIPEMD160HMAC to 8

Obtained from:	KAME
2003-10-13 04:54:51 +00:00
Bruce Evans
7f75c38230 Fixed some style bugs in the removal of __P(()). Blind removal of
spaces before __P(()) outdented continuation lines to column 0.
2003-10-13 04:44:55 +00:00
Sam Leffler
91101a2af3 Reduce per-packet overhead when using WEP by using an advancing IV
seeded with arc4random rather than calling arc4random for each
packet.  Note this is the same algorithm used to select the IV when
doing WEP on the host.
2003-10-13 03:42:53 +00:00
Sam Leffler
167ecdca8c Must reset the pointer to the 802.11 header after prepending
for WEP in case the prepend addes a new mbuf.  This fixes WEP.
2003-10-13 03:41:32 +00:00
Sam Leffler
2075afba8d MFp4:
o don't grab the mutex at the top of ath_detach; it does nothing
  useful
o deal with entry to ath_ioctl during detach to disable promiscuous
  mode as a result of calling bpfdetach2: cannot call ath_init when
  the device is marked invalid as the code isn't prepared to deal
  with it (in particular by that time the hal reference may have
  been yanked)
2003-10-13 03:39:38 +00:00
Sam Leffler
310e4a4ae6 MFp4:
change ath_rate_ctl_reset to handle transition from station
mode to adhoc mode; was not resetting the initial xmit rate
causing outbound frames to be dicarded
2003-10-13 03:37:38 +00:00
Alan Cox
50ac3f9939 - Modify pmap_is_current() to return FALSE when a pmap's page table is in
use because a kernel thread is borrowing it.  The borrowed page table
   can change spontaneously, making any dependence on its continued use
   subject to a race condition.
 - _pmap_unwire_pte_hold() cannot use pmap_is_current(): If a change is
   made to a page table page mapping for a borrowed page table, the TLB
   must be updated.

In collaboration with:	tegge
2003-10-13 03:28:31 +00:00
Maksim Yevmenkin
0986ab12e4 Update Bluetooth code.
Reviewed by: M. Warner Losh <imp@bsdimp.com>; John Hay <jhay@freebsd.org>
Approved by: M. Warner Losh <imp@bsdimp.com> (mentor)
2003-10-12 22:04:24 +00:00
Murray Stokely
907d866750 Update the number of ports. 2003-10-12 21:35:50 +00:00
Jeff Roberson
736c97c7b3 - In SCHED_CURR() add holding Giant to the list of criteria that will keep
you on the current queue.  In the future, it would be nice if priority
   propagation could deterministicly pluck a thread off of the next queue
   and put it on the current queue.  Until then this hack stops us from
   holding up our entire current queue, including interrupt handlers, while
   a thread on the next queue is blocked while holding Giant.
 - Inherit our pctcpu information from our parent.
2003-10-12 21:07:31 +00:00
Hajimu UMEMOTO
8f21478b6a simplify and update rijndael code.
Obtained from:	KAME
2003-10-12 21:05:05 +00:00
Jeff Roberson
a34419fee5 - Implement a mtx_ownedby() macro which can be used to determine if a
particular thread owns a mutex.  This cannot be done without races
   unless the thread is curthread.
2003-10-12 21:02:55 +00:00
Robert Watson
d32864c331 Comment spelling fix. 2003-10-12 20:51:26 +00:00
Hiroki Sato
094a5db41b Use Japanese localized version of trademarks.ent. 2003-10-12 20:11:06 +00:00
Hajimu UMEMOTO
d5d49fe472 include opencrypto/rmd160.h 2003-10-12 18:33:30 +00:00
Alan Cox
d58e70a08d In vfs_bio_clrbuf(), ignore the state of the object lock if the page is the
"bogus" page.

Found by:	tegge
2003-10-12 18:26:48 +00:00
Hajimu UMEMOTO
3dbacd2651 use opencrypto for RMD160.
Requested by:	sam
2003-10-12 18:25:38 +00:00
Daniel Eischen
077af0a4b4 Don't forget to initialize the fake tcb when the kcb is allocated. 2003-10-12 16:50:45 +00:00
Bernd Walter
8b43efbd44 Cache dev_t values in the right structure.
Tested by:	Jay Cornwall <jay@evilrealms.net>
2003-10-12 15:51:40 +00:00
Hajimu UMEMOTO
faf228234c remove unused variable.
Obtained from:	KAME
2003-10-12 15:14:33 +00:00
Hajimu UMEMOTO
d82a80a330 drop useless define. 2003-10-12 14:47:24 +00:00
Hajimu UMEMOTO
53e67fbf8e use bswap32() for big endian arch.
Reported by:	tinderbox via kris
2003-10-12 14:32:13 +00:00
Poul-Henning Kamp
5108cd3652 Simplify vn_isdisk() a bit. 2003-10-12 14:04:39 +00:00
Søren Schmidt
ffd08d59ae Redo the code that handles eject/close. 2003-10-12 13:11:57 +00:00
Søren Schmidt
15749e8d06 Avoid potential race on ATA_R_DONE. 2003-10-12 12:38:03 +00:00
Søren Schmidt
c4c8a3e041 Put devices into sleep mode (ie spin down) on detach. 2003-10-12 12:37:11 +00:00
Søren Schmidt
f27b8b8ad4 Up timeout to 10s (from 5) in r/w commands. 2003-10-12 12:35:44 +00:00
Hajimu UMEMOTO
7128815095 - avoid hardcoded values.
- correct signedness mixups.
- log fix.
- preparation for 64bit sequence number.
  introduce SA id (unique ID for SA - SPI is useless as duplicated
  SPI is allowed)
- no need to malloc/free cksum buffer.

Obtained from:	KAME
2003-10-12 12:03:25 +00:00
Dag-Erling Smørgrav
5197cdc1aa Recognize the Avance Logic ALC655 codec found on some ICH4/5-based
motherboards, such as the Gigabyte I848P.

PR:		kern/54176
Submitted by:	Chris Keladis <chris@cmc.optus.net.au>
Forgotten by:	orion
2003-10-12 11:51:24 +00:00
Jens Schweikhardt
9301f38e84 Correct a typo (s/And/An/) 2003-10-12 11:37:15 +00:00
Poul-Henning Kamp
e83d1f3b9c Assume that bp->bio_offset is correctly initialized.
This fixes non-power-of-2 blocksize GEOM I/O.
2003-10-12 11:35:55 +00:00
Poul-Henning Kamp
b144e6ffeb Destroy providers maked with G_PF_WITHER when the last consumer has detached. 2003-10-12 11:34:35 +00:00
Dag-Erling Smørgrav
7847079929 A couple of months' worth of back-burner hacking: restructure to better
handle the minor (but significant) differences between the various
Vortex chips; add (incomplete) support for playback.
2003-10-12 11:33:39 +00:00
Hajimu UMEMOTO
83ca448c94 - always check for optlen overrun.
- panic if NULL is passed to ah_sumsiz (as we never do it,
  and callers do not properly check negative returns).

Obtained from:	KAME
2003-10-12 11:18:04 +00:00
Søren Schmidt
61dbcc0d05 Use isprint instead of isalpha in determining valid ident string. 2003-10-12 11:10:41 +00:00
Hajimu UMEMOTO
00c62ed413 - correct signedness mixups.
- avoid assuming result buffer size

Obtained from:	KAME
2003-10-12 11:08:18 +00:00
Poul-Henning Kamp
9b993f8210 Initialize CMAP3 to 0 2003-10-12 10:55:45 +00:00
Hajimu UMEMOTO
0c72771dea avoid hardcoding MD5 result length (16)
Obtained from:	KAME
2003-10-12 09:51:32 +00:00
Hajimu UMEMOTO
21669564bf RIPEMD160 support
Obtained from:	KAME
2003-10-12 09:43:48 +00:00
Hajimu UMEMOTO
492528c051 - RIPEMD160 support
- pass size arg to ah->result (avoid assuming result buffer size)

Obtained from:	KAME
2003-10-12 09:41:42 +00:00
Hideyuki KURASHINA
5e6a487b36 Fix a typo. 2003-10-12 09:08:54 +00:00
Hiroki Sato
36a6252a9b Refine translation. 2003-10-12 08:54:10 +00:00
John-Mark Gurney
9e5de980c6 fix a problem referencing free'd memory. This is only a problem for
kqueue write events on a socket and you regularly create tons of pipes
which overwrites the structure causing a panic when removing the knote
from the list.  If the peer has gone away (and it's a write knote), then
don't bother trying to remove the knote from the list.

Submitted by:	Brian Buchanan and myself
Obtained from:	nCircle
2003-10-12 07:06:02 +00:00
Hideyuki KURASHINA
a307eb3d01 Merge the following from the English version:
1.44   -> 1.55   errata/article.sgml
   1.163  -> 1.183  hardware/common/dev.sgml
2003-10-12 04:42:33 +00:00
Tim J. Robbins
a95edcba94 Fix a multitude of security bugs in the iBCS2 emulator:
- Return NULL instead of returning memory outside of the stackgap
  in stackgap_alloc() (FreeBSD-SA-00:42.linux)
- Check for stackgap_alloc() returning NULL in ibcs2_emul_find();
  other calls to stackgap_alloc() have not been changed since they
  are small fixed-size allocations.
- Replace use of strcpy() with strlcpy() in exec_coff_imgact()
  to avoid buffer overflow
- Use strlcat() instead of strcat() to avoid a one byte buffer
  overflow in ibcs2_setipdomainname()
- Use copyinstr() instead of copyin() in ibcs2_setipdomainname()
  to ensure that the string is null-terminated
- Avoid integer overflow in ibcs2_setgroups() and ibcs2_setgroups()
  by checking that gidsetsize argument is non-negative and
  no larger than NGROUPS_MAX.
- Range-check signal numbers in ibcs2_wait(), ibcs2_sigaction(),
  ibcs2_sigsys() and ibcs2_kill() to avoid accessing array past
  the end (or before the start)
2003-10-12 04:25:26 +00:00
Tim J. Robbins
7f3a5689e7 Fix BSS buffer overflow in makeargv(). 2003-10-12 00:27:55 +00:00