some functions use mbuf as stack variable instead of allocating by m_get().
They should use this function(s) to prevent access to uninitialized fields.
Currently, the mbuf stack allocating functions are the following.
+ sys/dev/ic/bwi.c
- bwi_rxeof()
- bwi_encap()
+ sys/dev/ic/dp8390.c
- dp8390_ipkdb_send()
+ sys/dev/pci/if_txp.c
- txp_download_fw_section()
+ sys/dev/ppbus/if_plip.c
- lptap()
+ sys/net/bpf.c
- _pf_mtap2()
- _pf_mtap_af()
- _pf_mtap_sl_out()
+ sys/netisdn/i4b_ipr.c
- ipr_rx_data_rdy()
- ipr_tx_queue_empty()
Reviewed by kre@n.o and christos@n.o, thanks.
- Put the data type el_rfunc_t into the public header <histedit.h>.
- Make el_read in struct editline an opaque pointer rather
than an embedded struct.
- Do not include "read.h" everywhere, but only in the two files
needing access to el_read, read.c and el.c.
- To functions that don't need more, pass the struct el_read_t *
rather than the full EditLine *.
- Of course, that means that read_init() can now fail from
memory exhaustion, but it's easy to clean up after that.
Note that there is an issue that ioctls for an interface and a destruction
of the interface can run in parallel and it causes race conditions on
bridge as well (it rarely happens). The issue will be addressed in the
interface common code (if.c).
We need to enable it by default because bridge_input now runs
in softint, but bridge_input w/o BRIDGE_MPSAFE was designed as
it runs in hardware interrupt.
Note that there remains a racy code in bridge_output; it will be
solved in the upcoming change (applying psref(9)).
and possible will get them directly elsewhere soon.
(if i hack my nouveau to ignore fireware failure, it end up having
a vaguely working console and slowly working X, which is better than
the current situation.)
* Replace fcns.c by a shorter and simpler func.h
and include it only in the one file needing it, map.c.
* Combine help.h and help.c into a simplified help.h
and include it only in the one file needing it, map.c.
* Check the very simple, static files editline.c, historyn.c, and
tokenizern.c into CVS rather than needlessly generating them.
* So we no longer autogenerate any C files. :-)
* Shorten and simplify makelist by deleting the options -n, -e, -bc,
and -m; the latter was unused and useless in the first place.
* Move the declaration of el_func_t from fcns.h to the header
actually needing it, map.h. Since that header is already
included by el.h for unrelated reasons, that makes el_func_t
just as globally available as before.
* No longer include the simplified fcns.h into el.h,
include it directly into the *.c files needing it.
The check is meaningless because
- An obtained rtentry is ensured that it's always RTF_UP by rtcache,
rtalloc1 and rtlookup. If the rtentry isn't changed (i.e., RTF_UP gets
dropped) during processing, the check should be unnecessary
- Even if not, i.e., an obtained rtentry can be changed during processing,
checking only at the point doesn't help; the rtentry can be changed after
the check
Instead we have to ensure that RTF_UP isn't dropped if someone is using it
somehow. Note that we already ensure that a rtentry being used isn't freed
by rt_refcnt.
Proposed on tech-kern and tech-net.
o add search-word support for CGI
o fix a security issue in CGI suffix handler support which would
allow remote code execution, from shm@netbsd.org
o -C option supports now CGI scripts only
and UseLogin=yes in sshd_config, then a hostile local user may
attack /bin/login via LD_PRELOAD or similar environment variables
set via PAM.
CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
https://anongit.mindrot.org/openssh.git/commit/?\
id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755
XXX: pullup-7
christos