bits of hash. Unfortunately due to an implementation bu and the fact that
the return type is unsigned long which is 64 bits in LP64, this can fail
in some cases: "\xff\x0f\x0f\x0f\x0f\x0f\x12". See:
https://maskray.me/blog/2023-04-12-elf-hash-function
From Ed Maste @ FreeBSD:
https://cgit.freebsd.org/src/commit/\
?id=29e3a06510823edbb91667d21f530d3ec778116d
Need to write Unit Tests for this.
This ldscript is not needed and actually makes things worse by putting
everything in one LOAD section, which then needs to have rwx permission.
Remove it so that we get two LOAD sections with better permissions.
Fixes PR 57323.
We only need to ensure that there are no concurrent modifications to
the rtld data structures in flight, since the threads that began
those modifications will not exist in the child and will therefore be
unable to complete them in the child.
A shared lock suffices to ensure there are no such concurrent
modifications in flight; an exclusive lock is not necessary, and can
cause deadlock if fork is executed from a signal handler, which is
explicitly allowed by POSIX (and our own sigaction(2) man page) which
marks fork as async-signal-safe.
PR lib/56979
Usefull when running multiple instances and some for (high traffic)
APIs e.g. to receive log data from appliences - it makes not sense
to duplicate the whole log in the xferlog file (but we can't configure
that at the syslog level due to other httpd instances using that).
(Move initialization of the slc table earlier so it doesn't get
accessed before that happens.)
Calling the crash a DoS or security problem is a bit overwrought; it's
just a bug.
allow conditionally disabling the building of certain user space
programs in the 'base' set.
There is not enough consensus that this is the right way and a few
people had strong objections, see source-changes-d@.
right value if they're called before _start. This is true of bash where
it provides its own getenv.
Part of port-hppa/56118: sporadic app crashes in HPPA -current
NetBSD-SA2016-006 included an incomplete fix for CVE-2016-6253,
a local privilege escalation vulnerability in mail.local(8).
mail.local(8) attempts to open(2) a user's existing mailbox file
to append to it. If that call fails, mail.local(8) will then issue
a second open(2) call to create the file (O_CREAT).
An attacker had the opportunity to create the file in question (as
a symlink, or link to some other file) in between these two open(2) calls.
Fix this by using O_EXCL in the 2nd open call, if the file exists when
that one happens, something is going wrong, so just abort. Also, only
attempt that 2nd open if the reason the first failed was that the file
did not exist (this doesn't fix the issue, but it potentially saves
some cycles).
Thanks to Jan Schaumann for bringing this to our attention.
These are basic CAS-based locking primitives needing release and
acquire semantics, nothing fancy here -- except the membar_sync parts
which are questionable but not relevant to the present audit.
support for indirect functions was added. This fixes {init,fini}_array support
on hppa where each member of the array is (already) a plabel.
Discussed with joerg.
4 files changed, 29 insertions(+), 39 deletions(-)
: ----------------------------------------------------------------------
This (apparently very old!) workaround to ensure that DTR stays down long
enough to be detected is now handled by serial drivers themselves. For
console devices (framebuffer, serial console, etc) this was an unnecessary
2 second penalty that we have all been paying since the beginning of time.
mostly from sunil@nimmagadda.net in PR#55830, though i moved the
member into the main http structure, so that it doesn't trigger
sslinfo being allocated via command line without the rest of the
ssl being setup (which then leads to crashes.)
The use of membar_enter is to separate atomic r/m/w on a lock from
the body of the critical section so two different critical sections
happen in order:
body of previous critical section;
exit critical section:
membar_exit();
atomic_r/m/w(lock stuff);
enter critical section:
atomic_r/m/w(lock stuff);
membar_enter();
body of next critical section;
_rtld_shared_enter does this, but it _also_ issued an extraneous
membar_enter before the atomic_r/m/w part, which doesn't impose any
semantically important order but may cost some performance.
The additional ':' after 'main.c' had no effect on the compilation since
the suffix is removed when computing the list of object files. The ':'
excluded main.c from the dependency computation and from lint.
By defining CPPFLAGS instead of CFLAGS, the default "-O2" steps in
again, and the proper flags are passed to lint, which did not work
before at all because it could not find an included file.
The second of the '$$?' was spelled only '$?'. At the time where this
shell expression was evaluated, it had already been overwritten by the
preceding command '['.
o new support for content types: .tar.bz2, .tar.xz, .tar.lz,
.tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma,
.lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar. should fix
netbsd PR#56026:
MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid
leaks that only apply to the library version.)
XXX: the handling of hr_file and its variants is more crappy
again - the prior clean up is slightly less clean now, but at
least it does not leak memory.
XXX2: cgi-bin test hangs with address sanitizer. don't know
why yet..
bozohttpd.8:
o Added -d flag to the man page
o Moved -E flag in man page to keep alphabetic order
o Grammar fix for description of -E flag in man page
o Moved a word in the man description for the -f flag
o Made -f imply -b as a backwards-compatible shortcut
o Updated man description of -n to mention Lua scripts
o Moved -z below -Z to keep the uppercase options first
bozohttpd.c:
o Removed obsolete comment about ~user missing cgi-bin support
o Removed "/* ARGSUSED */" lines; was that a macro or a reminder?
o Added USE_ARG macro call for sig, which was otherwise not used
o Added USE_ARG macro call for msg (only used if debug is enabled)
bozohttpd.h:
o Fixed typo in the include guard (BOZOHTTOPD_H_ -> BOZOHTTPD_H_)
o Renamed have_all to have_core; it didn't mean "all" options
content-bozo.c:
o Added USE_ARG macro call for signo, which was otherwise not used
o Made -f imply -b as a backwards-compatible shortcut
main.c:
o Simplified -b text to be symmetric with that for the -f option
o Updated -C text to make "suffix" explicit; it's better than "arg"
o Changed to only show the -E description if have_user is true
o Always show the -e option, which incorrectly used the -E logic
o Renamed have_all to have_core; it didn't mean "all" options
o Added three missing tabs for the description of the -G option
o Updated -L text to make "prefix" explicit; it's better than "arg"
o Updated -M text to make "suffix" explicit; it's slightly better
o Added a previously missing description for the -n option
o Documented the otherwise obscure valid types for the -T option
o Shortened "username" to "user" to match the actual help text
o Moved handling of -c below that for -C to standardize the order
o Broke the enabling test for -C into two lines for consistency
o Inverted the enabling test for -E; this is what was meant, right?
o Removed the enabling test for -e, which should always be enabled
ssl-bozo.c:
o Added USE_ARG for httpd, which is not used if SSL has been excluded
Changes:
- Add a new field r_ldbase in the r_debug struct.
- Set r_version to 1.
This harmonizes the support with OpenBSD and Linux.
FreeBSD uses version 0 (or no version).
Solaris uses version 2 that is not implemented elsewhere and relies on
SVR4 specific design and interfaces.
Update the code comments as r_debug and link_map is used by other software
than GDB, namely: sanitizers, rump, LLDB.
right now. new address-of-packed-member and format-overflow
warnings have new GCC_NO_ADDR_OF_PACKED_MEMBER amd
GCC_NO_FORMAT_OVERFLOW variables to remove these warnings.
apply to a bunch of the tree. mostly, these are real bugs that
should be fixed, but in many cases, only by removing the 'packed'
attribute from some structure that doesn't really need it. (i
looked at many different ones, and while perhaps 60-80% were
already properly aligned, it wasn't clear to me that the uses
were always coming from sane data vs network alignment, so it
doesn't seem safe to remove packed without careful research for
each affect struct.) clang already warned (and was not erroring)
for many of these cases, but gcc picked up dozens more.
riastradh