Commit Graph

139 Commits

Author SHA1 Message Date
xtraeme ed504658f5 tyop: guaranty -> guarantee. 2007-08-30 19:12:32 +00:00
joerg 4deb593145 Avoid using unbound amount of stack frames in prop_object_equal
by using a dynamic stack as well. Reorder arguments for the internalizer
as the iteration is always present and should go before possibly
NULL arguments.

Reviewed by mjf@ and adrianp@
2007-08-30 12:23:53 +00:00
pavel c0f560c80e struct plistref does not reference other proplib data types, so split it
in its own header file to be included by dkio.h. Fixes breakage due to
pollution from proplib.h in programs which include ioctl.h. Tested and OK
by dogcow@.
2007-08-17 11:05:03 +00:00
joerg e835604c26 libprop is currently using a recursive parser. While this is fine for
userland, deeply nested arrays and dictionaries can easily overflow
the kernel stack and thereby force a panic.

Fix the internalizer and prop_object_release to use a separate call
stack and alter the dictionary and array handling to not recurse on
the C stack. The default stack has an inline depth of 16 elements,
which should keep the overhead reasonable.

This issue was found by Pavel Cahyna and Jachym Holecek.

Additionally add a limit for prop_object_copyin_ioctl to prevent user
programs from temporary allocating unbound amount of kernel memory.
Allow malloc to fail so that tight loops of userland processes can't
force panics by exhausting the kernel map.

Tested with the sample exploit of Jachym, his test suite and reviewed
by himself (initial patch), Christos Zoulas and Jason Thorpe.
2007-08-16 21:44:06 +00:00
thorpej 04377267cc boolean_t -> bool
TRUE -> true
FALSE -> false
2007-08-16 16:28:17 +00:00
ad 79ba10e06a lockmgr > rwlock 2007-07-29 11:25:01 +00:00
drochner de07feb28f cast to void* to avoid a fatal warning 2007-07-18 16:58:14 +00:00
joerg 17c77a58f0 Fix SIGBUS issues on strict alignment issues. Use le32dec in RMD160
as the data pointer to RMD160_Update doesn't have to be aligned.
In SHA256_Update and SHA512_Update, only operate directly on the passed
in data if no left-over in the context exists and the data is correctly
aligned. The problem was exposed by the audit-packages rewrite in C
and reported for the libnbcompat version in PR pkg/36662.
2007-07-18 13:57:54 +00:00
joerg 22549e91c8 Consider '\r' to be white space. Discussed with and also kept as local
change by freza. With this change, DOS style line endings work.
2007-07-17 20:36:38 +00:00
joerg 39dccbf2f1 prop_array_internalize and prop_dictionary_internalize are basically the
same code. Refactor it into _prop_generic_internalize, which gets passed
the second-level tag.
2007-07-16 19:20:17 +00:00
degroote be58d0f67a Fix the prototyp of prop_dictionary_set_keysym in the DESCRIPTION part 2007-07-07 19:03:52 +00:00
scw dba01be393 Apply the patch, with some minor tweaks, supplied in PR/36513.
This prevents a possible prefetch past the end of the source buffer.

Note that the semantics of the pld instruction mean that it is unlikely
that this would have caused any problems except in very specific
circumstances in some types of device drivers.
2007-06-21 21:37:04 +00:00
xtraeme 5386acb4ac Xref prop_dictionary_util(3) and prop_send_ioctl(3). 2007-06-21 12:02:31 +00:00
scw 5092a6592f Apply the patch supplied in PR/36512 to fix the buffer overlap check. 2007-06-20 22:31:21 +00:00
christos a8565cf99b handle fortify, ansify. 2007-06-04 18:19:26 +00:00
christos 1418345039 Make these work with _FORTIFY_SOURCE, by overriding the fortified definitions 2007-06-03 17:39:26 +00:00
xtraeme d4be10ac51 Typo: prop_dictionary_receive_ioctl -> prop_dictionary_recv_ioctl.
Bump date.
2007-05-10 22:15:47 +00:00
xtraeme 6af752323b It's "Copy a dictionary" not "Copy an dictionary". preempt wiz and
bump date.
2007-04-28 06:01:13 +00:00
yamt 1e244571b1 correct a section number. 2007-04-22 11:27:25 +00:00
yamt 8ad48713da correct function names. 2007-04-22 11:23:29 +00:00
scw 5764a76889 Remove support for NetBSD/{,evb}sh5. 2007-04-08 09:35:21 +00:00
matt 1c1dcb3369 Add these so kernels built -O0 will link. 2007-03-31 06:13:52 +00:00
ad 59d979c5f1 Pass an ipl argument to pool_init/POOL_INIT to be used when initializing
the pool's lock.
2007-03-12 18:18:22 +00:00
dillo 3827e4b3e7 Fix white space skipping before closing tag when padding characters
are present.

Okayed by thorpej.
2007-03-04 22:31:43 +00:00
freza d7d800dc0c Add prop_data_size() to SYNOPSIS. 2007-02-22 22:49:29 +00:00
chs d210472073 don't do the weak symbol thing in kernel context. 2007-02-19 18:33:09 +00:00
christos ace49726e7 Make SHA512_Last static since it is not part of the API. Suggested by
Matthias Scheler
2007-02-18 18:13:38 +00:00
christos 5feb51ff2c make SHA512_Last weak. 2007-02-17 17:15:43 +00:00
mjf 118bbc15f5 Fix typo. 2007-02-02 19:35:59 +00:00
christos 4361f207b8 remove bogus (void)&var; from Anon Ymous 2006-12-18 00:41:54 +00:00
cube bb54157110 Add a comment to explain how the value for uaddr is chosen. Maybe uvm_mmap
should do that instead of sys_mmap...
2006-11-28 18:36:26 +00:00
cube 00fbe2b725 In _prop_object_copyout_ioctl, uaddr was not initialised, although it is
used by uvm_mmap() as a hint for the virtual address to map memory to.  As
a consequence, it tended to fail a lot on some architectures.

We cannot use 0, so instead use the value that would have been used if we
were calling mmap(2) with 0 as the first argument.

Fixes PR#34639 by xtraeme@.
2006-11-28 18:30:47 +00:00
dyoung e3361bb265 Add strsep(3) to libkern.
To avoid code duplication, move strsep.c to the kernel/userland
common files.

Soon I will commit source-address selection (options IPSELSRC).
It will use strsep(3).
2006-11-13 03:26:43 +00:00
he 80b96f1aa4 Add include of <sys/param.h>, to allow vax kernels to build again.
For vax, this causes <machine/macros.h> to be included and the
redefine of memset() to take effect.
2006-11-01 11:29:08 +00:00
uwe 5dd5d540a6 Simplify the __attribute__ ifdef mess now that __used does the right
thing for older gccs.
2006-10-27 22:14:13 +00:00
christos d029b25938 restruct the include files to look like the other hash functions. 2006-10-27 21:25:21 +00:00
christos 77c9e41904 this is shared with the kernel now. 2006-10-27 21:23:15 +00:00
uwe 088af57adf Do the used/unused dance under #ifdef KERNEL too. Prevents mcount
from being optimized away when compiling sh3 kernels with profiling
enabled (gcc doesn't see that __mcount, which is written in asm,
refers to it).
2006-10-26 23:10:16 +00:00
thorpej 1aea07a325 Add prop_array_t support to prop_kern. 2006-10-26 18:51:21 +00:00
thorpej 26d4f90430 - Add prop_dictionary_all_keys(). Takes a snapshot of a dictionary's
keys and returns them in an array.  This effectively allows a caller
  to mutate a dictionary while iterating over it (really, you iterate
  over the array of keys instead of the dictionary itself).
- Add a slew of utility functions that make it more convenient (in some
  circumstances, anyway) to get/set values in a dictionary.
2006-10-26 05:02:12 +00:00
he 4df50368d1 sysconf() returns long, which isn't neccessarily assignment-compatible
with size_t, as evidenced by sh5, so add an explicit cast.
2006-10-19 10:10:35 +00:00
martin ab82117070 Backout size_t casts - lint has been fixed. 2006-10-18 19:15:46 +00:00
martin ec465210f2 Sprinkle a few size_t casts to avoid conversion warnings. 2006-10-18 14:49:21 +00:00
martin b6f68b3740 Add casts to apease lint. 2006-10-18 14:41:08 +00:00
thorpej d9fd2cbcd7 Add a _PROP_ARG_UNUSED that expands to __unused on NetBSD and to nothing
everywhere else.  Use it where Christos decided to use __unused in this
code.
2006-10-16 03:21:07 +00:00
christos 227b8ed7f9 delete junk I accidentally committed. 2006-10-15 19:11:58 +00:00
christos dc579d1dcf de-lint. 2006-10-15 19:08:48 +00:00
martin 637106d04b Make it compile with -Wextra on big endian machines (at lest the #if in the
definition of struct rb_ndoe on the endianess is the only explanation I have
why nobody complained about this on i386 - I don't understand why it makes a
difference for gcc though)
2006-10-15 19:04:28 +00:00
wiz 35ca329954 Put macro argument right after macro, not in next line. 2006-10-14 07:30:16 +00:00
thorpej 3b2ca36caa Appease our stupid lint. 2006-10-12 18:52:55 +00:00