Commit Graph

107 Commits

Author SHA1 Message Date
mrg 6339cfba17 remove the new check for tlen >= PTRDIFF_MAX. the prior
checks assure the condition is met and GCC7 is happy.

suggested by kre.
2019-01-24 22:07:14 +00:00
kre bcc54a5c42 And as long as we're attempting to achieve perfection in code
that is never going to be executed, let's also check for possible
overflow in a sum that will never be computed...
2019-01-23 02:48:48 +00:00
kre 1f29642da2 There's no point setting errno, it is just overwritten by err
in the exit path ... this function never fails, it simply sometimes
doesn't actually expand the %m and just leaves the format string
intact.

And declare variables at the head of their scope, not at some random
place in the middle of the code, whatever C allows, that is just ugly.
2019-01-23 02:32:06 +00:00
christos 223b7e5915 limit allocation to PTRDIFF_T to appease gcc-7, from mrg@ 2019-01-23 02:00:00 +00:00
kre 4426ee8da1 Whitespace (indent with tabs, rather than spaces), and rearrange one
line that needed wrapping so it no longer does, and is (IMO) clearer.
WHile here, note that this was created in 2019, not 2018, for the
copyright notice...

NFCI.
2019-01-14 03:30:25 +00:00
kre 7b39a1eecc Always return from expandm() with errno unaltered, so on the
off chance it failed, there's still the possibility that whatever
processes the result will be able to deal with the %m that would
(presumably) be left in the format string.

And as a frill, don't call strerror() until we know we are
going to use its result (still call it only once, no matter
how many %m's are in the format string).
2019-01-13 06:10:34 +00:00
christos 3359bf52a4 check for *. integer overflow over ptrdiff. Pointed out by kre@ 2019-01-13 01:32:51 +00:00
kre c323915498 Make expandm() return a const char * so we can do away with __UNCONST()
and more importantly, so that we don't accidentally return a value
that is a const char * in reality (pointer to read only string) as a
char *.
2019-01-12 22:14:08 +00:00
christos a55f258316 Don't do %%m -> %%%m escaping, requested by gson@. 2019-01-12 21:50:29 +00:00
kre 63c2be2dac Return the buffer that has not been freed, so it can be later,
rather than the one that already was.
2019-01-12 21:05:37 +00:00
christos 94a22d4c76 Provide an extra argument to store the returned pointer so we can use
the function directly as the return format (before assigning it to a
variable) to appease clang.
2019-01-12 19:08:24 +00:00
christos feb39a8c47 Use a utility function to expand %m correctly... 2019-01-11 20:37:30 +00:00
christos f326096470 let's try one more time: prepare the format to pass to syslog instead
of trying to escape %m.
2019-01-11 16:15:20 +00:00
christos 87cda185f0 instead of handling %m inline, escape it. 2019-01-11 13:05:57 +00:00
christos 0b298669b8 delete unused variable 2019-01-10 13:53:58 +00:00
christos 77ae40ee4d PR/53851: Andreas Gustafsson: libwrap prints "m" instead of errno
Handle %m inline if needed, otherwise vasprintf strips the %m and...
2019-01-10 13:53:26 +00:00
wiz 01869ca4d2 Remove workaround for ancient HTML generation code. 2017-07-03 21:28:48 +00:00
christos 1417657ee3 change static to volatile. 2016-03-16 22:32:32 +00:00
christos 9dca99590e Avoid setjmp clobbering. 2016-03-16 21:38:22 +00:00
christos be8ee66399 PR/50823: David Binderman: Limit scanf width 2016-02-17 19:52:20 +00:00
christos 1616498e3d these are syslog-like 2015-10-14 15:54:21 +00:00
joerg 4cd46b4ac8 Add some more __dead as exposed by the recent WARN bumps. 2012-03-22 22:59:43 +00:00
joerg 5df6c2ea3b Format the diagnostic with vasprintf once and use plain syslog instead
of messing with format strings.
2012-03-22 22:58:15 +00:00
matt e1a2f47f12 Use C89 function definition 2012-03-21 10:10:36 +00:00
christos 46edb91e9f bump shared libraries. 2009-01-11 03:07:47 +00:00
christos 4c237aa750 Wietse Wenema's tcpd-blacklist-patch:
ftp://ftp.porcupine.org/pub/security/tcpd-blacklist-patch

- If a host starts with a / treat it as a filename containing a list of hosts.
2008-12-18 20:16:52 +00:00
mrg c2b95373bf remove clause #3 from my license where there are no other
copyright holders involved.
2008-05-29 14:51:25 +00:00
tls 4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
mrg 0c37c63edc change (mostly) int to socklen_t. GCC 4 doesn't like that int and
socklen_t are different signness.
2006-05-09 20:18:05 +00:00
jdc b342fc607a Use ntohl(host_address) so that RBL lookups work on little-endian hosts.
Tested on alpha, i386 and sparc64.
Fixes PR lib/30402.
2006-01-08 17:20:28 +00:00
christos 67c3cbddeb Use get*_r re-entrant functions and get rid of end*ent(). From John Nemeth. 2005-09-24 14:26:12 +00:00
lukem a767f5ec9c getpw*_r() may return 0 and set pwd==NULL 2005-04-19 03:38:08 +00:00
christos c4402ab05e Use getpwnam_r; from John Nemeth 2005-04-10 08:05:40 +00:00
lukem 7157011597 Only compile in IPv6 support if ${USE_INET6} != "no"
MKINET6 is for providing IPv6 infrastructure.
USE_INET6 is for compiling IPv6 support into the programs (needs MKINET6).
2005-01-10 02:58:58 +00:00
jrf 190b2e4c51 Replaced strncpy with strlcpy. Thanks to Peter Postma who
pointed them our in PR #25762. Approved by christos@NetBSD.org.
2004-09-07 13:20:39 +00:00
agc b2b49933f4 Move Matt Green's code from a 4-clause to a 3-clause licence by removing
the advertising clause. Diffs provided in PR 22396 by Joel Baker, the changes
were confirmed to the board by Matt Green.
2003-10-13 14:22:20 +00:00
wiz 47190e80b8 Consistently use 'RFC 1234' instead of 'RFC1234' or 'RFC-1234'.
From jmc@openbsd.
2003-09-07 16:22:20 +00:00
itojun 74a8711692 protect from nasty PTR records which could be abused to workaround access
control:
	1.1.1.10.in-addr.arpa.	IN PTR	2.3.4.5
2003-05-26 10:05:07 +00:00
thorpej 40e1466e08 Only fill in the server and client sockaddr in the request if
the fields are NULL.
2003-03-30 00:32:52 +00:00
lukem 0beaa38406 If we're going to replace strtok() with strtok_r(), and the caller of the
latter is invoked recursively, use static (instead of automatic) storage
for the "last" pointer so that we remember where we're up to ...

Fixes bug with hosts.deny rules such as "rpcbind: ALL EXCEPT some.domain".
2002-12-26 12:53:59 +00:00
jdolecek 66f1feaba3 avoid endless loop in xgets() when line in host access conf file is longer
than BUFSIZ
fixes PR lib/15025 by Trevin Beattie
2002-12-02 22:08:44 +00:00
wiz 4f92a4853d New sentence, new line. From Robert Elz. 2002-10-01 19:38:46 +00:00
mjl c455730141 Correct #ifdef'ed out usage of memset 2002-07-20 14:18:45 +00:00
itojun 211e500c75 use strtok_r, as strtok can interfere with other callers. from openbsd 2002-06-22 11:52:40 +00:00
itojun d2503f643b type mismatch 2002-06-07 01:39:07 +00:00
itojun 44772e4b2f there are people using #ifdef APPEND_DOT. recover it. 2002-06-07 01:36:09 +00:00
itojun 8288fc93ab s/STRN_CPY/strlcpy/ 2002-06-06 21:45:19 +00:00
itojun 3ba1803eb3 correct misuse of strncpy (use strlcpy). from openbsd 2002-06-06 21:42:42 +00:00
itojun 2f7d82e63d support scoped IPv6 address properly. PR 16810. 2002-06-06 21:28:49 +00:00
itojun 5ab78ccf04 be more picky about IP option. len >= 2 for normal options. 2002-05-24 06:05:31 +00:00