Commit Graph

123 Commits

Author SHA1 Message Date
tls 4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
martin 6bcac52d39 Apply fix from PR bin/35526 from Xin LI: fix typo in message 2007-01-31 08:23:22 +00:00
mrg bb915868b8 properly detect when the output fails (eg, full filesystem) and do not
delete the input file.  patch from PR#35048.
2006-11-13 21:57:59 +00:00
mrg 712a3f3aae wrap a long line 2006-10-25 04:44:39 +00:00
mlelstv 0ce7ae1e3c End a decompression when trailing garbage is found. It emits a warning
message and causes a non-zero exit status (similar to GNU gzip).
Fixes PR bin/33045.
2006-10-13 20:17:46 +00:00
mlelstv a3ee681f33 Abort decompression with an error when EOF is reached on input. The
test output will then be 'NOT OK'. Fixes PR bin/32933.
2006-10-13 20:16:32 +00:00
simonb bca6df8e18 Add standard TNF copyright boilerplate. 2006-10-03 08:20:03 +00:00
mrg 33c0ea44b6 redo the previous, based on a comment from and reviewed by christos. 2006-09-27 22:20:31 +00:00
mrg b1906bf12d redo previous: move the EOF check back into non-dead code so that it
will be used again.
2006-09-27 21:02:38 +00:00
christos 0bcef42677 Coverity CID 4073: Delete impossible code. 2006-09-27 19:09:14 +00:00
mrg 70e8425daf properly check the return value of read() & pread(). PR#26688. 2006-07-13 11:51:39 +00:00
mrg 5063b7a180 apply -Wno-pointer-sign with GCC4. 2006-05-12 02:01:15 +00:00
yamt 2553980909 - fix --.
- fix -e.
- fix patterns starting with -.
- fix "missing argument" message.
2006-05-03 16:48:29 +00:00
wiz 2f70583592 Remove unhandled H option from getopt() argument.
Describe -l in usage. Both from Igor Sobrado in private mail.

While here, sort options.
2005-12-13 10:02:04 +00:00
he b5d827cee2 Use of ``vflag'' should be protected by #ifndef SMALL. 2005-11-23 18:34:51 +00:00
mrg 426bb686c4 due to popular demand, don't warn about >4GB files not having their
size correctly stored.  PR#32105 among other requests.
2005-11-22 09:07:03 +00:00
mrg e3969e9f13 apply a patch from onno van der linden in PR#32070 that fixes
these problems:
	1) gzip -vt just prints the contents of a .Z file
	2) gzip -vt will print OK even if the .gz file is corrupt
	3) gzip -vt prints nothing with a .bz2 file
	4) gzip can loop endlessly with a corrupt .bz2 file
2005-11-22 09:05:29 +00:00
wiz 179b01d905 Fix typo reported by David A. Holland in PR 31422. 2005-09-30 13:46:56 +00:00
mrg 1a05f328bc apply a patch from christian biere:
- if we have an open fd, use it instead and, eg, fstat(2), of the file name
and stat(2).
- signed/unsigned variable fixes
- misc. cleanup
2005-09-20 05:12:15 +00:00
mrg 84cb5f3013 oops. fix previous by keeping the stat() inside #ifndef SMALL. pointed
out by dsl.
2005-09-15 18:51:33 +00:00
mrg bdc7967496 in file_compress() always stat() the input file. this patch avoids
reading from uninitialised space as provided by John Hein in PR#28995.
2005-09-15 09:30:21 +00:00
mrg 5c0ab9e0af fix signed/unsigned mismatch reported by Christian Biere in PR#31180
using his provided patch.
2005-09-15 09:11:30 +00:00
wiz aa81fc094a Use better section header. From YOMURA Masanori in private mail. 2005-09-11 23:30:20 +00:00
mrg cde2923d5b avoid an infinite loop while decompressing invalid gzip files.
some minor CSE.  compare stat return value consistently.

thanks to tron for testing the first change.
2005-08-28 10:17:50 +00:00
lukem 6b5252b15f Fix numerous uninitalized variables.
Detected with gcc -Wuninitialized.
2005-06-02 01:51:58 +00:00
yamt 751e975bfc handle partial reads. PR/29484. 2005-02-22 21:45:44 +00:00
enami 4cc9b2f8f4 Fix parsing of $GZIP so that not to overrun the end of string.
Addesses PR#28779.  Fix is slightly different that suggested in the PR
since it fails if $GZIP contains whitespace.
2005-01-31 09:11:49 +00:00
jmc 40c0737463 Fixed for PR#28581. If stdin is the input stream, fstat it and check if it's
file. If so, use it's mtime for the mtime in the header. Otherwise use
time(2)'s result instead. Lines up with GNU gzip and RFC 1952 now as well.
2004-12-08 06:38:40 +00:00
dsl 2c25900b60 Don't abort decompression if there are no bytes in the output buffer
when the end of compressed block (ie the crc) is reached.
(ie when decompressing concatenated zipped files).
Fixes PR bin/27153
2004-10-08 12:46:24 +00:00
dsl abc7a82e52 Count the output file size modulo 2^32 so that the check against the size
in the compressed file works for files greater than 4GB.
Fixes the fixable part of bin/26907
2004-09-11 11:07:44 +00:00
dsl 754b92f9b9 The last commit slightly increased the size of gzip - I had thought that
all the install media used the 'SMALL' variant, but this is not the case.
Redo the percentage print code to reduce the size to less than the old version.
Fix another fd leakage (didn't call fclose() if ferror() returned non-zero.
Change some maybe_warn() to maybe_warnx() in places I'm sure errno is undefined.
Call mayber_warn() earlier in other paths so that errno might still be valid.
Make the SMALL and NO_BZIP/COMPRESS_SUPPORT options all compile with WARNS=3.
2004-09-05 21:32:30 +00:00
dsl 434117bcce Set the XFL field of the gzip header to indicate maximum compression or
fast compression.  Fixes PR bin/26812
Add references the the 3 relevant RFCs
2004-09-04 10:48:57 +00:00
he d6cee1d93b Cast field width computed from pointer diff and ssize_t to int.
Fixes build for amd64 and presumably for our other lp64 ports.
2004-08-31 10:14:30 +00:00
dsl d55b8a2190 Redo suffix handling so that gunzip xxx.tgx => xxx.tar
Rework logic of gz_{un}compress to make it much less likely to leak fds
    (at least 2 non-error paths leaked them!)
Make -S ".xyz" and -S "" both do something sensible.
Make in-situ compression work - only lose the file on error.
Pass an open fd to zopen (renamed zdopen) to avoid fd leakage (was badly borked)
Write header into first 64k output block to writes are aligned.
    (more efficient and might avoid some problem with code that doesn't
    like receiving partial buffers)
Check file size on compression - double checks against fs full.
Remove some pointless casts, and otherwise simplify some logic.
2004-08-30 14:36:51 +00:00
he 7ae4fdd283 Instead of placing largish buffers on the stack, use malloc/free.
Fixes compile problem for sun2.
2004-07-16 22:44:01 +00:00
yamt 5e6cd45b9d fix "gzip -lv a.gz" after gzip.c 1.46. 2004-07-12 10:21:11 +00:00
yamt 284b1b2ac6 another warn -> warnx. 2004-07-12 09:58:10 +00:00
mrg 2644272f85 in check_outfile() if the outfile exists and -f was given just delete it.
fixes PR#26251.
2004-07-12 02:50:38 +00:00
yamt bd416872f6 fix descriptor leaks on error. 2004-07-11 22:49:42 +00:00
mrg 668894b1c5 - in gz_uncompress() be sure to do the crc/len recalculation insigned.
fixes PR#26246.
- if crc/len are wrong, be sure to noticed it failed
- in check_suffixes(), be sure not to underrun an array (from yamt)
- don't fail so badly on short header, from and fixes R#26242 (also
  from yamt)
- more underrun avoidance in file_uncompress().  fixes PR#26241.
2004-07-11 14:39:39 +00:00
mrg d44ac40080 check the suffix of the input file ala GNU gzip, and error about it
unless -f is given.  fixes PR#26240
2004-07-11 09:40:51 +00:00
mrg e46324f383 move the crc/len code into their own state's to properly allow the buffer
to be refreshed.  re-fixes regress/usr.bin/gzip/concatenated.
2004-07-11 07:01:03 +00:00
mrg 469c821e42 - check for trunated input.
- check each gzip-part's length against the original and warn if it's
  wrong.  fixes part of PR#26233.
- check the input crc32.  fixes the rest of PR#26233.
2004-07-11 06:20:29 +00:00
mrg 7ed5da7ba5 don't assume Z_STREAM_END means end-of-file. fixes PR#26234. 2004-07-11 05:40:51 +00:00
yamt b6ec63a3cc tailing \n is not needed for vwarn(). 2004-07-10 17:35:59 +00:00
mrg 13e5b34e5b fix "zcat -f" on normal files. fixes PR#26145 2004-07-03 09:39:30 +00:00
mrg 3c372acd10 if there are zero bytes to output, this isn't an error. it's probably
a zero length file.  don't return an error.  this should fix PR#25994.
2004-06-22 12:01:29 +00:00
mrg c6c68fa810 handle_pathname: if it's stdin, return after handling it, rather than
trying to then process "-" as a file afterwards.  fixes PR#25843.
2004-06-07 03:24:01 +00:00
mrg 11153dbc8d - maybe restore the timestamp
- don't create the output file with "-l"

both from geoff wing with a few mods by me.
2004-06-06 12:28:52 +00:00
mrg 9e9fa78434 explicitly lseek() to offset 10 to read the original name. fixes a
latent bug awoken by rev 1.37 (prior versions always left the fd at
this offset purely by chance.)  fixes PR#25824.
2004-06-05 15:47:10 +00:00