Commit Graph

84 Commits

Author SHA1 Message Date
tls
4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
hubertf
889da1779b * Don't include headers twice
* Remove a few trailing whitespaces
 * Rearrange and join to one #if for some headers

Patch contributed by Slava Semushin <slava.semushin@gmail.com>
in private mail.
2007-01-16 17:32:04 +00:00
elad
1232ea27c4 PR/18906: roskens at elfin dot net: misc. select() to poll() updates.
Adapted to -current by myself, thanks for the patch!
2006-10-07 17:27:57 +00:00
tron
dc71fd7600 Make sure the buffer used to retrieve routing message from the kernel
is properly aligned. This should fix PR bin/34124.
2006-08-02 13:44:53 +00:00
mrg
9aae0c27f9 u_char -> char for several things:
- inet_ntop()
- if_indextoname()
- variable assignment matching
char -> u_char in one place for variable assignment matching
2006-05-11 08:35:47 +00:00
mrg
5b2e2e784b use -fno-strict-aliasing for dump.c with GCC4 2006-05-11 07:20:19 +00:00
rpaulo
12d9aaea8c PR 33462: default maxinterval was not being initialized properly.
From Matthias Scheller.

From KAME sources.
2006-05-10 22:30:33 +00:00
itojun
d9a428ea1c avoid heap overrun. thanks goes to Susan Lan of zyxel. 2006-03-22 09:22:28 +00:00
dan
bcff75cc37 actually toggle the value of dquote when seeing a '"', as I intuit the
author must have intended.  Found via coverity CID 579.
2006-03-18 22:07:15 +00:00
rpaulo
8c2379fd97 NDP-related improvements:
RFC4191
	- supports host-side router-preference

	RFC3542
	- if DAD fails on a interface, disables IPv6 operation on the
          interface
	- don't advertise MLD report before DAD finishes

	Others
	- fixes integer overflow for valid and preferred lifetimes
	- improves timer granularity for MLD, using callout-timer.
	- reflects rtadvd's IPv6 host variable information into kernel
	  (router only)
	- adds a sysctl option to enable/disable pMTUd for multicast
          packets
	- performs NUD on PPP/GRE interface by default
	- Redirect works regardless of ip6_accept_rtadv
	- removes RFC1885-related code

From the KAME project via SUZUKI Shinsuke.
Reviewed by core.
2006-03-05 23:47:08 +00:00
simonb
bee087d4cc libcompat isn't needed any more here. 2006-02-25 12:00:24 +00:00
wiz
8ab58d4943 Sync usage with man page. 2005-10-31 15:29:23 +00:00
wiz
14a2986cc2 Small improvements. Sort options. From jmc@openbsd. 2005-10-31 15:28:53 +00:00
dsl
c4670c4ec7 Add (unsigned char) cast to ctype functions 2004-10-30 15:28:45 +00:00
fvdl
0526a13bc6 Don't compare an int to NULL. 2003-10-21 03:01:44 +00:00
itojun
8c185a2af9 no need for "sdl = NULL" initialization on decl. cedric@openbsd 2003-09-23 18:15:50 +00:00
itojun
ed45a3ba48 simplify by using getifaddrs 2003-09-23 17:57:21 +00:00
itojun
1ce85c4e12 plug memory leak. from kame 2003-09-20 13:04:07 +00:00
wiz
47190e80b8 Consistently use 'RFC 1234' instead of 'RFC1234' or 'RFC-1234'.
From jmc@openbsd.
2003-09-07 16:22:20 +00:00
agc
326b2259b7 Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22366, verified by myself.
2003-08-07 11:25:11 +00:00
wiz
f9cc3a858b Bump date for recent changes. 2003-07-04 12:33:11 +00:00
itojun
daf8a4ad8e "addrs" is not needed any more 2003-06-25 03:45:02 +00:00
itojun
c0ee9a3789 need "a". from jmc@openbsd 2003-06-18 05:06:15 +00:00
itojun
81e3f9cb3f sync manpage with previous change (addrs# deprecdated) 2003-06-18 02:08:10 +00:00
itojun
8412a300dc relax addrs#x config parameter. should address PR 21872 2003-06-17 08:08:48 +00:00
itojun
f35cce81c8 strncpy -> strlcpy 2003-05-17 18:51:13 +00:00
perry
e1b82b39a9 ipng->IPng, from Igor Sobrado in PR misc/20755 (though its a nit, ipng is fine. 2003-03-30 23:53:22 +00:00
itojun
626b1896ed correct use of sizeof 2003-03-14 18:43:52 +00:00
itojun
b34ce1c186 add missing ND option length validation. from kame 2003-03-14 18:32:42 +00:00
wiz
8ea866f1ab between with three es, and positive with two is. 2002-10-02 15:30:11 +00:00
mycroft
aae6c28cf9 null commit 2002-09-23 12:44:34 +00:00
itojun
f46e921837 poll.h, not sys/poll.h 2002-09-23 03:36:03 +00:00
mycroft
a5f0bfc173 Set fd of unused pollfd entries to -1. 2002-09-20 19:51:33 +00:00
mycroft
648377324d select() -> poll() 2002-09-20 13:08:21 +00:00
itojun
bdbbb53d75 signal handler must take "int" arg. from deraadt, sync w/kame 2002-09-08 01:42:55 +00:00
itojun
9e876c9803 test malloc failure. From: Chad Loder <cloder@acm.org>. sync w/kame 2002-07-10 21:13:35 +00:00
itojun
5e4b1fc3b1 byebye __FUNCTIION__. sync w/kame 2002-07-10 21:11:43 +00:00
matt
b8282a1148 Remove extra/redundant argument to syslog. 2002-06-15 01:28:39 +00:00
itojun
db47036241 use strchr 2002-06-09 02:47:03 +00:00
itojun
b7330b38e8 do not use deprecated ioctls 2002-06-08 18:11:46 +00:00
itojun
d6bd155256 use arc4random 2002-06-07 00:45:46 +00:00
itojun
6cebe67965 avoid fd_set overrun. sync w/kame 2002-06-07 00:45:15 +00:00
wiz
0e143d0a98 Grammar improvements. 2002-05-29 14:48:49 +00:00
itojun
cde8ec7d66 KNF, strlcpy, memory leak fix, random other cleanups. sync w/kame 2002-05-29 14:40:31 +00:00
itojun
861f132ad1 use pidfile(3). sync w/kame 2002-05-21 23:35:18 +00:00
itojun
1b614e8939 minor sync w/kame (prototype location) 2002-05-21 23:16:39 +00:00
itojun
313e584cb8 correct bitmask computation. more KNF. sync w/kame 2002-05-21 14:29:52 +00:00
itojun
33413b2866 KNF. a memory leak fix. sync w/kame 2002-05-21 14:22:05 +00:00
ross
2a76afae02 Generate <>& symbolically. I'm avoiding .../dist/... directories for now. 2002-02-08 01:36:18 +00:00
wiz
9a047ef78b Drop a .Pp. 2002-02-02 01:44:59 +00:00