on <security@freebsd.org>, and subsequently in FreeBSD's cvs repository
as libexec/ftpd/ftpd.c rev 1.133:
The FTP daemon was vulnerable to a DoS where an attacker could bind()
up port 20 for an extended period of time and thus lock out all other
users from establishing PORT data connections. Don't hold on to the
bind() while we loop around waiting to see if we can make our
connection.
Bump version to 20030122.
PLT entries are 12 bytes. Add a #define for that and replace the
explicit values with the PLT_ENTRY_SIZE. This bug can cause random
SIGILL signals to happen.
without search permission. This confused some ftp clients.
We fix this problem by maitaining a cached path when getcwd() does not work.
The symbolic links and ../ are resolved in the cached path, and it is finnally
checked for accuracy by comparing ./ and the cached path with stat (device
and inode comparison). If the comparison fails, pwd fails as it did before,
and if the comparison succeeds, the cached path is displayed.
If paths are too long, we should just compare ./ with a truncated path and
fail, thus making pwd displaying an error as it did before.
strcmp() by performing path name length comparison first. In the test
with Mozilla, the number was reduced to 1068 from 7182 (yes, we saved
6114 strcmp()!).
- use LLT (aka 'long long type') for all numeric class parameters
- improve description of various ftpd.conf(5) options
- statcmd(): print out: mmapsize readsize writesize sendbufsize sendlowat
than -0x20000000, not -0x1f000000. Quells the endless stream
of
ld: Double word displacement -535682276, out of range
style warnings that have annoyed my once too often.
This version is now RFC 959 compliant, using a patch adapted from one
sent in by david.leonard@eecs.uq.edu.au
openbsd libexec/ftpd/ftpd.c revision 1.69.
(see RFC959 page 36)
with logwtmp(3)/logwtmpx(3)), and call correctly.
Resolves [bin/18498] by Geoff Wing, who identified that the previous
version was being called incorrectly, albiet in a different manner.
page of the object double-mapped. Not that it matters much, but someone was
whinging about it.
While I'm at it, nuke obj->phdr and obj->phsize; they're unused.
There are several optimizations here:
1) Objects on _rtld_list_main do not participate in the DAG structures
at all. This is okay because all symbols must be resolvable at
link/load time, and _rtld_list_main is always searched first, so
any references from those objects must necessarily be resolved to
other objects on _rtld_list_main.
(Making this work completely required setting obj->main a bit
earlier; hence the RTLD_MAIN hack.)
2) Objects on _rtld_list_main are not put on _rtld_list_global,
preventing an extra search.
3) A bit is used to keep track of whether an object is on
_rtld_list_global, so we don't have to do a silly linear search.
4) A small attempt is made to prevent objects being put on the DAG
lists multiple times (using a silly linear search).
The sum of this appears to be a ~10% (.3s) reduction in Mozilla's
startup time on my 800MHz box.
Also, make sure _rtld_objmain->path is always set, just to make the
debug output nicer.
and utilize it. This greatly reduces the number of calls to open(2) and
malloc(3) for programs like mozilla that depend on many shared objects
while it doesn't affect performance of small programs.
-dynamic-linker=/libexec/ld.elf_so) if the BINDIR of the program being
built is /bin or /sbin.
The reason we do this is because now all programs *except* those in
/bin and /sbin (i.e. the "special cases") match the default the compiler
uses, which is what is used for things in e.g. xsrc, pkgsrc, and other
random 3rd party programs.
This is done by decoupling where a shlib is installed from how it
is located. Two new variables, SHLIBINSTALLDIR and SHLINKINSTALLDIR,
contain the former information, and key off MKDYNAMICROOT only. SHLIBDIR
and SHLINKDIR contain the latter, and key off MKDYNAMICROOT and BINDIR.
The SHLIBINSTALLDIR, SHLIBDIR, _LIBSODIR, SHLINKINSTALLDIR, and
SHLINKDIR parameters are moved to a new <bsd.shlib.mk>; see bsd.README
for usage details.
instructions. Function calls use GOT indirection, and we only patch the
GOT.
2) The mask-comparison optimization always fails, because the saved mask
always has 0x2000 set, and the PLT stub mask never does. So, remove it.
Remove the call to _rtld_relocate_objects() completely -- except on VAX, where
we TEMPORARILY call _rtld_relocate_nonplt_objects() directly.
Also add more assertions -- ld.elf_so should never have PLT relocations.