Commit Graph

1457 Commits

Author SHA1 Message Date
tls
4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
mouse
2609539fc5 Per PR 36185, OKed by martin@ 2007-04-22 02:09:02 +00:00
hubertf
b1eaefe397 Xref shuffle(1) from random(6), and vice versa 2007-03-20 16:12:40 +00:00
ad
1458eba0f6 NetBSD JIHBED 2007-02-26 06:49:00 +00:00
ad
7545be4439 NetBSD: Dead on Target
-- Gimpy
2007-02-26 06:30:45 +00:00
hubertf
be5e286e64 - Don't call basename $0 at many places. Use variable $PROGNAME
- Better check when neither $ACRONYMDB is define nor files in
   /usr/share/misc/ are found
 - Replace cat | fgrep to using fgrep only
 - Replace sort | uniq to using sort -u

By Slava Semushin <slava.semushin@gmail.com> in private email.
2007-01-24 13:17:42 +00:00
chuck
f90603d08a Update my previous commit to better match the original code, including
the check for 'bs'...   my previous commit should have included the
following text:
  fixes problem introduced in 1.13 where the setting of "BC" (backspace char)
  was left to libterm rather than being done by hack itself.  the problem
  with this was that hack was directly setting BC to \b if there was no
  "bc" in the termcap entry, but libterm does not do this.   this resulted in
  the xputs(BC) calls in nocmov() and backsp() incorrectly doing nothing, thus
  messing up the display.  added new var BC_BS to provide the old behavior
  for nocmov() and backsp().
2007-01-17 02:35:28 +00:00
chuck
bfec35be7a mrg's changes in 1.13 broke hack's display code. 2007-01-17 02:12:19 +00:00
hubertf
61daec5724 Replve duplicate #includes
From Slava Semushin <slava.semushin@gmail.com>, via private mail
2007-01-17 00:30:23 +00:00
hubertf
b4df40b17b - ANSIfy
- Use return instead of exit() in main()
 - Use EXIT_{SUCCESS,FAILURE} constants instead of 0/1

No functional changes. Patch submitted in private mail by
Slava Semushin <slava.semushin@gmail.com>
2007-01-12 22:43:05 +00:00
wiz
2957444796 Fix some typos in ENIAC quote. From Zafer Aydogan and myself. 2006-12-25 18:46:48 +00:00
wiz
9b8796fcbe Spell "tomorrow" correctly. From Zafer Aydogan. 2006-12-25 18:43:03 +00:00
wiz
88306df899 Bump date for previous. Use mdoc macros. 2006-12-23 09:47:30 +00:00
reed
9fdd8e989b Add example of using -w. 2006-12-14 02:29:59 +00:00
wiz
09cb1d6f1c s/existance/existence/, from Zafer. 2006-11-24 22:52:16 +00:00
wiz
6919c6578c s/independant/independent/, from Zafer. 2006-11-24 22:04:21 +00:00
wiz
40d5f88af4 s/exceded/exceeded/, from Zafer. 2006-11-24 21:14:55 +00:00
christos
1665d5e960 fix spelling of accommodate; from Zapher. 2006-11-24 19:46:58 +00:00
christos
3d98aa3f4b fix spelling of accidentally; from Zapher 2006-11-24 19:37:02 +00:00
reed
57c4a8a6b0 Check that -w width is not above maximum. (It already checks for zero or
negative.) Using width above DWIDTH may cause overflow as noted by Gruzicki
Wlodek on bugtraq.

While here replace one use of 132 with DWIDTH.
2006-11-22 16:15:42 +00:00
mrg
fd5635ed7a don't discard const. GCC 4.1-20061021 doesn't like that... 2006-10-22 08:09:24 +00:00
elad
ac3f498792 Typo, from David A. Holland on #NetBSD-code, thanks! 2006-10-08 20:12:27 +00:00
elad
444bc3c8be Input validation, from David A. Holland on #NetBSD-code 2006-10-07 18:29:02 +00:00
elad
1232ea27c4 PR/18906: roskens at elfin dot net: misc. select() to poll() updates.
Adapted to -current by myself, thanks for the patch!
2006-10-07 17:27:57 +00:00
jmcneill
a6a54c10d8 PR# 4305: [dM] boggle uses very incomplete wordlist. 2006-09-24 01:38:57 +00:00
christos
5e676b6bff PR/34175: Zafer Aydogan: touch the window to cause a refresh after help
Also use CTRL instead of \xxx
2006-08-09 14:29:40 +00:00
hubertf
33a2a79b24 Attribute ``A language that doesn't affect the way you think about
programming is not worth knowing.'' to Alan Perlis, per Diomidis Spinellis'
blog at http://www.spinellis.gr/blog/20060424/
2006-06-24 13:32:45 +00:00
reed
5fe28dc7e5 Fix typo or mispelling. 2006-06-17 04:58:14 +00:00
jnemeth
4ce238c9c6 Increase username length to match modern systems, and create #defines for a
couple of lengths.
2006-06-07 09:36:39 +00:00
jnemeth
ca1e1e9c7c Actually accept "?" argument as documented in the manpage.
Don't attempt to ignore an untrappable signal.
Fix 6 possible buffer overflows.
2006-06-07 09:35:03 +00:00
jnemeth
c8e9ec4ee2 Don't follow symlinks on systems that have O_NOFOLLOW.
Don't bother looping with lockf() since first iteration would return.
Prevent two buffer overflows.
2006-06-07 09:30:35 +00:00
jnemeth
c7bfb55e4e prevent "stack" overflow 2006-06-07 09:24:26 +00:00
jnemeth
29088d6b12 bracket else block 2006-06-07 09:22:52 +00:00
jnemeth
f05caa1c39 WARNS=4 2006-06-07 09:21:06 +00:00
drochner
3f13a4cf7b Better check data read from tetris.scores before use as array indices etc.
This is CVE-2006-1539, files against Gentoo Linux, the patch is from
Gentoo.
A standard NetBSD installation is not as much risk because tetris is
sgid "games", and users shouldn't be in that group.
2006-06-01 16:12:27 +00:00
dan
f96b430610 read config more strictly, from Maximillian Dornseif 2006-05-25 07:11:54 +00:00
mrg
06b50ed8b9 don't try to switch a char and have a case of EOF - use an int. 2006-05-18 18:42:59 +00:00
christos
2854829efb Remove dup Hitler fortune. One of the two fortunes I moved yesterday, was
already in the offensive set. From a NetBSD fan who prefers to be anonymous.
2006-05-17 14:47:58 +00:00
christos
4440541abb PR/33495: Daniel Weiss: Offensive quote in netbsd fortune package
- Move 2 offensive to women Adolf Hitler quotes to fortune2-o
- s/Adolph/Adolf/
2006-05-16 20:13:50 +00:00
christos
bd02d883c4 Add a virtual destructor to avoid "future ABI issues". I love c++. 2006-05-14 06:38:04 +00:00
christos
ef47ce8264 add virtual destructors so that g++ shuts up. 2006-05-14 03:21:52 +00:00
christos
939d9a18de Don't use iostream just for the usage message. Use stdio instead. 2006-05-14 03:21:23 +00:00
christos
47169552b3 XXX: GCC uninitialized 2006-05-14 03:15:50 +00:00
christos
a108a3f479 Coverity CID 3382: Fix memory leak. 2006-05-13 22:45:11 +00:00
christos
4b679b2a7f Coverity CID 3383: Fix memory leak. 2006-05-13 22:43:02 +00:00
christos
dad51bf4f0 Coverity CID 3508: Fix file leak. 2006-05-13 22:29:53 +00:00
christos
2576ae5fca Coverity CID 3269: Fix memory leak. 2006-05-13 22:28:04 +00:00
mrg
aadd7d4847 sprinkle some -fno-strict-aliasing and -Wno-pointer-sign with GCC4. 2006-05-11 23:16:28 +00:00
mrg
524d5f27c4 lrint() -> larn_lrint(). 2006-05-11 10:23:24 +00:00
mrg
4bc6feceb6 end the argument list to exec*(3) with a NULL instead of a bare '0', as
the latter isn't a pointer context in these varargs functions.
2006-05-11 00:22:52 +00:00
mrg
8e969ac070 UC, PC and BC are provided my libtermcap, don't duplicate them. 2006-05-11 00:18:31 +00:00
mrg
bb1dac937d avoid a pointer sign difference. 2006-05-11 00:17:07 +00:00
mrg
0c37c63edc change (mostly) int to socklen_t. GCC 4 doesn't like that int and
socklen_t are different signness.
2006-05-09 20:18:05 +00:00
groo
cdb6398a72 Credit Alan Perlis for ``give him a lollipop'' programming language quote.
Hat tip: Jerry Leichter.
2006-04-26 00:52:21 +00:00
christos
1ce9f4326d Coverity CID 3032: Prevent double free: Next to the call of page_more()
there is a comment saying /* does fclose */, but the next line calls
fclose(fp);. Go figure.
2006-04-24 20:08:54 +00:00
snj
a640fe8c43 It's "its." 2006-04-24 19:00:29 +00:00
snj
bf5ceaae16 It's "its." 2006-04-24 18:00:53 +00:00
drochner
d8da09bdaf fix buffer overflow (CVE-2006-1744), from Debian 2006-04-20 10:57:26 +00:00
groo
bfdee53d40 Grammar nit. Never mind that it's still not true. 2006-04-06 19:47:23 +00:00
christos
a7a74df4fa Coverity CID 2788: If no room gets returned, don't try to place a monster. 2006-04-02 00:13:29 +00:00
christos
8710461ab4 Coverity CID 2791: Fix file pointer leak. 2006-04-02 00:08:12 +00:00
jnemeth
e61c7de467 Coverity CID 2452: possible negative array index; CID 1518 and CID 1517: possible overrun of static array 2006-03-30 05:04:22 +00:00
jnemeth
1c3223f073 Coverity CID 1288: possible negative array index 2006-03-30 04:41:15 +00:00
jnemeth
67f465476e Coverity CID 993: dereference of NULL pointer 2006-03-30 04:27:24 +00:00
jnemeth
cc2349eefc Coverity CID 1293: not checking for an error return 2006-03-30 04:19:38 +00:00
jnemeth
fa4599a211 Coverity CID 1287: not checking for error return 2006-03-30 04:10:04 +00:00
jnemeth
995d4b331f Coverity CID 1327: check for error return 2006-03-30 01:32:27 +00:00
jnemeth
a3fb5aa745 Bah! Compare, don't assign! 2006-03-30 01:31:13 +00:00
jnemeth
dce307414d Coverity CID 1328: check for error return 2006-03-30 01:28:46 +00:00
jnemeth
f413c2ba58 Coverity CID 1326: check for error return 2006-03-30 01:25:52 +00:00
jnemeth
db7b70f433 Fix Coverity issue 891 -- FORWARD_NULL.
Approved by christos@.
2006-03-29 01:21:07 +00:00
jnemeth
83f277c49a Fix Coverity issues 2366 and 2365 -- REVERSE_INULL.
Approved by Christos@.
2006-03-29 01:19:51 +00:00
jnemeth
2ad8d2c6cd Fix Coverity issue 2584 -- USE_AFTER_FREE and issue 889 -- FORWARD_NULL.
Approved by christos@.
2006-03-29 01:18:39 +00:00
christos
93eceea780 Add missing parens. 2006-03-22 15:24:52 +00:00
christos
549b5ed9d1 Simplify (Masao Uebayashi) 2006-03-22 05:03:10 +00:00
christos
8b7bfd1f64 Coverity CID 692: Another && that should be ||. Boy... 2006-03-22 04:24:14 +00:00
christos
1990635dbb Coverity CID 558: && should be obviously || 2006-03-22 04:22:05 +00:00
christos
df3594a46a Coverity CID 2735: Remove dead code. 2006-03-21 20:25:55 +00:00
christos
dd3fe9b2dc Coverity CID 2737: Handle linked-lists properly. Use calloc instead of malloc
so that we don't end up storing garbage accidentally and the next pointer is
initialized. If there is an inconsistency in the file abort instead
of dereferencing NULL.
2006-03-21 17:14:15 +00:00
rtr
90b0b10c77 remove duplicate #include <stdlib.h> 2006-03-20 12:32:21 +00:00
he
3ac2299da5 Now that we use exit(2), we need to include <stdlib.h> for its definition. 2006-03-19 12:09:39 +00:00
christos
c08f926ecb include <stdlib.h> to get a prototype for exit 2006-03-19 06:02:50 +00:00
christos
e92d4ac1fa Coverity CID 1197: Don't pass -1 to close. 2006-03-19 01:00:35 +00:00
christos
4140928aa1 Coverity CID 1467: Elide static buffer overflow. 2006-03-19 00:56:12 +00:00
christos
989c7cd825 Coverity CID 868: Fix possible NULL deref (after INFTIM passes :-) 2006-03-19 00:50:28 +00:00
christos
2197ff9156 Coverity CID 980: Prevent an impossible NULL point deref. 2006-03-19 00:41:46 +00:00
christos
0e8c6c24b2 Coverity CID 2073: Fix memory leak. 2006-03-19 00:37:15 +00:00
christos
0255deb434 Coverity CID 999: Prevent NULL deref. 2006-03-19 00:32:18 +00:00
christos
d7b2adb029 Coverity CID 695: Remove impossible condition. This changes the scoring as
it was probably intended originally.
2006-03-19 00:29:27 +00:00
christos
c29d845a03 Coverity CID 998: Possible NULL pointer deref. Actually this was a bug
where a house to be sold would be skipped. Change the sell loop to be like
the buy side loop.
2006-03-19 00:19:31 +00:00
christos
ad05902b98 fix typo 2006-03-19 00:18:47 +00:00
christos
a195251302 Coverity CID 1004: Fix NULL deref. 2006-03-19 00:05:05 +00:00
christos
db0d71974c Coverity CID 1005: Fix NULL deref and incorrect variable use. 2006-03-19 00:03:18 +00:00
christos
abe5f75745 Coverity CID 1443: Prevent static overrun. 2006-03-19 00:00:19 +00:00
christos
f25329586b Coverity CID 827: Prevent NULL pointer deref. 2006-03-18 23:54:17 +00:00
christos
02549e79e2 Coverity CID 1699: Fix memory leaks. 2006-03-18 23:51:51 +00:00
christos
ffe2beb426 Coverity CID 2544: Fix memory leak. 2006-03-18 23:44:05 +00:00
christos
f09b76be8d Coverity CID 1786: Close file. 2006-03-18 23:38:12 +00:00
christos
f80221a1cd Coverity CID 570: Remove impossible check. 2006-03-18 23:35:51 +00:00
christos
44fa0e017a Coverity CID 1195: Check for possible negative index. 2006-03-18 23:33:38 +00:00
christos
8319a6a7da Coverity CID 777: Fix NULL pointer deref and de-obfuscate code. 2006-03-18 23:31:19 +00:00
christos
c873d1eb57 Coverity CID 1230: Remove spurious close(). 2006-03-18 23:25:30 +00:00
christos
e0b976a0ae Coverity CID 1294: Avoid negative variable used as index. 2006-03-18 23:23:33 +00:00
christos
2a67d42737 Coverity CID 1295: Don't allow cchose to return a negative number. It is
used as an index.
2006-03-18 23:14:45 +00:00
rtr
969e2244d4 fclose() open FILE * even though we are returning to fail anyway.
silences coverity, CID 1590 / run 5
2006-03-18 09:40:46 +00:00
rtr
0c0f6ae5dc don't access out of bounds element of static alloc array.
found by Coverity, CID 1519 / Run 5

XXX possible that intention was to start with i = 0.
2006-03-18 05:16:46 +00:00
abs
a3edf3e145 If none of the boarding parties are set do not fall off the end of the
list. Addresses Coverity CID 1507. Also put pointers before shorts in
a struct rather than mixing them up
2006-03-18 01:43:52 +00:00
abs
e0d5463807 add more "ifdef notdef" around unused sections - addresses Coverity CID 564 2006-03-17 23:36:38 +00:00
abs
b4f3ebd201 Add a missing bp->b_score not null check - addresses Coverity CID 1003 2006-03-17 23:34:37 +00:00
abs
2c2c60a0ef if getpwuid() returns null, print out the uid rather than dereferencing
Addresses Coverity CID 930
2006-03-17 23:22:59 +00:00
abs
f0ff12503e Fix overrun in players[] array. Addresses Coverty CID 1457 2006-03-17 23:15:02 +00:00
abs
b317f83344 If getpwuid() returns null, its not usually a good idea to dereference
that to try to assign a default value. Just copy the default value into
the final destination.
Addresses Coverty CID 925
2006-03-17 23:11:47 +00:00
abs
f4f2f41178 Call fclose() appropriately if there is a problem with the save file.
Coverty CID 2063
2006-03-17 23:04:01 +00:00
simonb
5cfbf7bf76 Use MKPRIVATELIB instead of NOLINKLIB/NOMAN/NOPIC/NOLINT. 2006-02-25 12:04:23 +00:00
simonb
feaaa5ed4c Change DPADD from LIBTERM (which doesn't exist) and LIBCOMPAT (which it
doesn't use) to LIBTERMCAP (which it does use).
2006-02-25 11:56:51 +00:00
wiz
f19f5c87cc Fix typo in the instructions. 2006-02-25 02:06:08 +00:00
wiz
5fcd22e873 Remove duplicate and uncredited "Plan for the Improvement of English
Spelling", which is also in the file "fortunes".
2006-02-25 01:40:22 +00:00
jnemeth
df4822d1f0 Correct The Hitchhiker's Guide to the Galaxy entry about dolphins as per
page 119 of the book.
2006-02-20 03:00:27 +00:00
elad
c53cd0c067 moduli utils moved from games to usr.bin. 2006-01-24 19:01:45 +00:00
elad
c1ef323e1a Remove qsiefe/qsafe from games. Will be put back in usr.bin. 2006-01-24 18:51:20 +00:00
wiz
cfebedec7e Bump date for previous. 2006-01-22 21:22:30 +00:00
wiz
5e86832ad4 Drop trailing whitespace. Remove superfluous .br. 2006-01-22 00:32:54 +00:00
elad
271a419065 better handle ^d in getinp(), so we dont loop endlessly.
i have no idea why i wanted to play this game.
2006-01-20 21:40:08 +00:00
elad
202106feb9 oops, make this install to /usr/games and not /...
noted by hannken@, thanks.
2006-01-20 14:19:31 +00:00
elad
d4bdf04e28 Descend to moduli too. 2006-01-19 23:25:19 +00:00
elad
0e71d2c846 Add qsieve and qsafe, two programs used for generating the moduli file.
These were written by William Allen Simpson and submitted in PR 21983,
and are added with minor adjustments and nits from christos@ and myself.

Approved by christos@ and groo@.
2006-01-19 23:23:58 +00:00
garbled
19fe295582 Fix some minor buglets in wump:
1) Don't put two pits in the same room.
2) Don't put bats and pits in the same room.  (you will never hit the bat)
3) Don't start the player in a room with a pit or bad, if possible.  Some
caves are so crowded the loop may go on forever, so we give up after 100
tries to put them in a safe location (as long as it's not with the wumpus).
4) Make the manpage reflect reality WRT the default number of rooms.

Bug #3 pointed out by salo.
2006-01-19 21:20:35 +00:00
garbled
b2fc76e5cb Apply patch from PR bin/26501 to fix hang in wump if you play too many
games in a row.  Also modify change made in rev 1.18 to work correctly.
take_action() returns 1 if the player dies, causing the game to allways
exit after any death, now the game correctly asks if the player would
like to play again.
2006-01-19 20:15:31 +00:00
christos
1e463fb58d Simplify error checking. 2005-11-19 18:01:42 +00:00
rillig
c64619d462 Replaced one instance of err() with errx(), as the value of errno might not
be correct at that time.
2005-11-19 14:22:21 +00:00
mjl
7c7f1fe0ab Typos, duplicate words, consistent formatting. 2005-10-29 22:49:36 +00:00
mjl
4866f93355 Remove trailing spaces, double spaces between words, fix some typos. 2005-10-29 22:35:41 +00:00
mjl
6b25b3147c Correct typos. 2005-10-29 17:04:10 +00:00
rillig
40245fbcfd Removed the unnecessary #include <ctype.h>. 2005-10-18 20:13:04 +00:00
rpaulo
4b939f034f Fix two lines which were broken by previous commit. Noticed by Thomas
Klausner.
2005-10-12 15:33:41 +00:00
rpaulo
099795b92c misc/31566: Jaap Boender: update African and Asian capitals to the
current situation.
2005-10-12 15:14:27 +00:00
rillig
1e30fb707b Added an empty line to conform to KNF. 2005-10-08 18:18:18 +00:00
wiz
0c305c1a7e Drop trailing whitespace. 2005-09-15 02:10:37 +00:00
wiz
d9f5a9df01 Use standard AUTHORS section header. From YOMURA Masanori in private mail
Sort sections if necessary. Use more/better markup.
2005-09-15 02:09:41 +00:00
perry
995abc5571 Sulfur|Sulphur -> Sul[f|ph]ur 2005-08-14 21:19:35 +00:00
perry
2b5ff6359d Sulfur -> Sulfur | Sulphur 2005-08-14 21:17:37 +00:00
perry
5b7baeda3b er, forgot the C{a}esium change in the last 2005-08-14 20:31:34 +00:00
perry
0874287eda 1) Update atomic weights.
The weights here are taken from
     http://www.iupac.org/publications/pac/2003/7508/7508x1107.html
   and have been rounded to four significant figures in all cases.
   In the case of elements that have no isotopes stable enough for
   reasonable measurement, numbers have been updated from Zumdahl,
   "Chemistry", Fifth edition and are presented (as before) in parentheses.
2) Cesium is now C{a}esium
3) A number of new elements have been added at the end of the periodic
   table.
2005-08-14 20:28:25 +00:00
perry
a2a84a1ed5 Aluminum -> Alumin{i}um
Aluminium is really the official name, but doing it this way allows
entry of either answer.
2005-08-14 19:34:50 +00:00
perry
4156b28f30 Sulphur -> Sulfur
Although the traditional spelling in commonwealth countries is
"Sulphur", the official IUPAC name of the element is "Sulfur", and
even the Royal Society of Chemistry now spells it "Sulfur".
2005-08-14 17:45:17 +00:00
rpaulo
07b524b43f Added a missing '-' in score list output. 2005-08-10 19:21:21 +00:00
rpaulo
b0282a1ea0 Pass lint(1). 2005-08-10 17:53:28 +00:00
rpaulo
16a8e8c2e7 Enable WARNS=3. 2005-08-10 17:52:56 +00:00
rpaulo
279b6fba65 Fixed an output bug where a new-line was added due the usage of puts(3). 2005-08-10 16:10:51 +00:00
rpaulo
e58060915c Pass lint(1). 2005-08-10 14:02:26 +00:00