Commit Graph

84 Commits

Author SHA1 Message Date
tls 4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
hubertf 889da1779b * Don't include headers twice
* Remove a few trailing whitespaces
 * Rearrange and join to one #if for some headers

Patch contributed by Slava Semushin <slava.semushin@gmail.com>
in private mail.
2007-01-16 17:32:04 +00:00
elad 1232ea27c4 PR/18906: roskens at elfin dot net: misc. select() to poll() updates.
Adapted to -current by myself, thanks for the patch!
2006-10-07 17:27:57 +00:00
tron dc71fd7600 Make sure the buffer used to retrieve routing message from the kernel
is properly aligned. This should fix PR bin/34124.
2006-08-02 13:44:53 +00:00
mrg 9aae0c27f9 u_char -> char for several things:
- inet_ntop()
- if_indextoname()
- variable assignment matching
char -> u_char in one place for variable assignment matching
2006-05-11 08:35:47 +00:00
mrg 5b2e2e784b use -fno-strict-aliasing for dump.c with GCC4 2006-05-11 07:20:19 +00:00
rpaulo 12d9aaea8c PR 33462: default maxinterval was not being initialized properly.
From Matthias Scheller.

From KAME sources.
2006-05-10 22:30:33 +00:00
itojun d9a428ea1c avoid heap overrun. thanks goes to Susan Lan of zyxel. 2006-03-22 09:22:28 +00:00
dan bcff75cc37 actually toggle the value of dquote when seeing a '"', as I intuit the
author must have intended.  Found via coverity CID 579.
2006-03-18 22:07:15 +00:00
rpaulo 8c2379fd97 NDP-related improvements:
RFC4191
	- supports host-side router-preference

	RFC3542
	- if DAD fails on a interface, disables IPv6 operation on the
          interface
	- don't advertise MLD report before DAD finishes

	Others
	- fixes integer overflow for valid and preferred lifetimes
	- improves timer granularity for MLD, using callout-timer.
	- reflects rtadvd's IPv6 host variable information into kernel
	  (router only)
	- adds a sysctl option to enable/disable pMTUd for multicast
          packets
	- performs NUD on PPP/GRE interface by default
	- Redirect works regardless of ip6_accept_rtadv
	- removes RFC1885-related code

From the KAME project via SUZUKI Shinsuke.
Reviewed by core.
2006-03-05 23:47:08 +00:00
simonb bee087d4cc libcompat isn't needed any more here. 2006-02-25 12:00:24 +00:00
wiz 8ab58d4943 Sync usage with man page. 2005-10-31 15:29:23 +00:00
wiz 14a2986cc2 Small improvements. Sort options. From jmc@openbsd. 2005-10-31 15:28:53 +00:00
dsl c4670c4ec7 Add (unsigned char) cast to ctype functions 2004-10-30 15:28:45 +00:00
fvdl 0526a13bc6 Don't compare an int to NULL. 2003-10-21 03:01:44 +00:00
itojun 8c185a2af9 no need for "sdl = NULL" initialization on decl. cedric@openbsd 2003-09-23 18:15:50 +00:00
itojun ed45a3ba48 simplify by using getifaddrs 2003-09-23 17:57:21 +00:00
itojun 1ce85c4e12 plug memory leak. from kame 2003-09-20 13:04:07 +00:00
wiz 47190e80b8 Consistently use 'RFC 1234' instead of 'RFC1234' or 'RFC-1234'.
From jmc@openbsd.
2003-09-07 16:22:20 +00:00
agc 326b2259b7 Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22366, verified by myself.
2003-08-07 11:25:11 +00:00
wiz f9cc3a858b Bump date for recent changes. 2003-07-04 12:33:11 +00:00
itojun daf8a4ad8e "addrs" is not needed any more 2003-06-25 03:45:02 +00:00
itojun c0ee9a3789 need "a". from jmc@openbsd 2003-06-18 05:06:15 +00:00
itojun 81e3f9cb3f sync manpage with previous change (addrs# deprecdated) 2003-06-18 02:08:10 +00:00
itojun 8412a300dc relax addrs#x config parameter. should address PR 21872 2003-06-17 08:08:48 +00:00
itojun f35cce81c8 strncpy -> strlcpy 2003-05-17 18:51:13 +00:00
perry e1b82b39a9 ipng->IPng, from Igor Sobrado in PR misc/20755 (though its a nit, ipng is fine. 2003-03-30 23:53:22 +00:00
itojun 626b1896ed correct use of sizeof 2003-03-14 18:43:52 +00:00
itojun b34ce1c186 add missing ND option length validation. from kame 2003-03-14 18:32:42 +00:00
wiz 8ea866f1ab between with three es, and positive with two is. 2002-10-02 15:30:11 +00:00
mycroft aae6c28cf9 null commit 2002-09-23 12:44:34 +00:00
itojun f46e921837 poll.h, not sys/poll.h 2002-09-23 03:36:03 +00:00
mycroft a5f0bfc173 Set fd of unused pollfd entries to -1. 2002-09-20 19:51:33 +00:00
mycroft 648377324d select() -> poll() 2002-09-20 13:08:21 +00:00
itojun bdbbb53d75 signal handler must take "int" arg. from deraadt, sync w/kame 2002-09-08 01:42:55 +00:00
itojun 9e876c9803 test malloc failure. From: Chad Loder <cloder@acm.org>. sync w/kame 2002-07-10 21:13:35 +00:00
itojun 5e4b1fc3b1 byebye __FUNCTIION__. sync w/kame 2002-07-10 21:11:43 +00:00
matt b8282a1148 Remove extra/redundant argument to syslog. 2002-06-15 01:28:39 +00:00
itojun db47036241 use strchr 2002-06-09 02:47:03 +00:00
itojun b7330b38e8 do not use deprecated ioctls 2002-06-08 18:11:46 +00:00
itojun d6bd155256 use arc4random 2002-06-07 00:45:46 +00:00
itojun 6cebe67965 avoid fd_set overrun. sync w/kame 2002-06-07 00:45:15 +00:00
wiz 0e143d0a98 Grammar improvements. 2002-05-29 14:48:49 +00:00
itojun cde8ec7d66 KNF, strlcpy, memory leak fix, random other cleanups. sync w/kame 2002-05-29 14:40:31 +00:00
itojun 861f132ad1 use pidfile(3). sync w/kame 2002-05-21 23:35:18 +00:00
itojun 1b614e8939 minor sync w/kame (prototype location) 2002-05-21 23:16:39 +00:00
itojun 313e584cb8 correct bitmask computation. more KNF. sync w/kame 2002-05-21 14:29:52 +00:00
itojun 33413b2866 KNF. a memory leak fix. sync w/kame 2002-05-21 14:22:05 +00:00
ross 2a76afae02 Generate <>& symbolically. I'm avoiding .../dist/... directories for now. 2002-02-08 01:36:18 +00:00
wiz 9a047ef78b Drop a .Pp. 2002-02-02 01:44:59 +00:00