Commit Graph

90 Commits

Author SHA1 Message Date
christos
1417657ee3 change static to volatile. 2016-03-16 22:32:32 +00:00
christos
9dca99590e Avoid setjmp clobbering. 2016-03-16 21:38:22 +00:00
christos
be8ee66399 PR/50823: David Binderman: Limit scanf width 2016-02-17 19:52:20 +00:00
christos
1616498e3d these are syslog-like 2015-10-14 15:54:21 +00:00
joerg
4cd46b4ac8 Add some more __dead as exposed by the recent WARN bumps. 2012-03-22 22:59:43 +00:00
joerg
5df6c2ea3b Format the diagnostic with vasprintf once and use plain syslog instead
of messing with format strings.
2012-03-22 22:58:15 +00:00
matt
e1a2f47f12 Use C89 function definition 2012-03-21 10:10:36 +00:00
christos
46edb91e9f bump shared libraries. 2009-01-11 03:07:47 +00:00
christos
4c237aa750 Wietse Wenema's tcpd-blacklist-patch:
ftp://ftp.porcupine.org/pub/security/tcpd-blacklist-patch

- If a host starts with a / treat it as a filename containing a list of hosts.
2008-12-18 20:16:52 +00:00
mrg
c2b95373bf remove clause #3 from my license where there are no other
copyright holders involved.
2008-05-29 14:51:25 +00:00
tls
4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
mrg
0c37c63edc change (mostly) int to socklen_t. GCC 4 doesn't like that int and
socklen_t are different signness.
2006-05-09 20:18:05 +00:00
jdc
b342fc607a Use ntohl(host_address) so that RBL lookups work on little-endian hosts.
Tested on alpha, i386 and sparc64.
Fixes PR lib/30402.
2006-01-08 17:20:28 +00:00
christos
67c3cbddeb Use get*_r re-entrant functions and get rid of end*ent(). From John Nemeth. 2005-09-24 14:26:12 +00:00
lukem
a767f5ec9c getpw*_r() may return 0 and set pwd==NULL 2005-04-19 03:38:08 +00:00
christos
c4402ab05e Use getpwnam_r; from John Nemeth 2005-04-10 08:05:40 +00:00
lukem
7157011597 Only compile in IPv6 support if ${USE_INET6} != "no"
MKINET6 is for providing IPv6 infrastructure.
USE_INET6 is for compiling IPv6 support into the programs (needs MKINET6).
2005-01-10 02:58:58 +00:00
jrf
190b2e4c51 Replaced strncpy with strlcpy. Thanks to Peter Postma who
pointed them our in PR #25762. Approved by christos@NetBSD.org.
2004-09-07 13:20:39 +00:00
agc
b2b49933f4 Move Matt Green's code from a 4-clause to a 3-clause licence by removing
the advertising clause. Diffs provided in PR 22396 by Joel Baker, the changes
were confirmed to the board by Matt Green.
2003-10-13 14:22:20 +00:00
wiz
47190e80b8 Consistently use 'RFC 1234' instead of 'RFC1234' or 'RFC-1234'.
From jmc@openbsd.
2003-09-07 16:22:20 +00:00
itojun
74a8711692 protect from nasty PTR records which could be abused to workaround access
control:
	1.1.1.10.in-addr.arpa.	IN PTR	2.3.4.5
2003-05-26 10:05:07 +00:00
thorpej
40e1466e08 Only fill in the server and client sockaddr in the request if
the fields are NULL.
2003-03-30 00:32:52 +00:00
lukem
0beaa38406 If we're going to replace strtok() with strtok_r(), and the caller of the
latter is invoked recursively, use static (instead of automatic) storage
for the "last" pointer so that we remember where we're up to ...

Fixes bug with hosts.deny rules such as "rpcbind: ALL EXCEPT some.domain".
2002-12-26 12:53:59 +00:00
jdolecek
66f1feaba3 avoid endless loop in xgets() when line in host access conf file is longer
than BUFSIZ
fixes PR lib/15025 by Trevin Beattie
2002-12-02 22:08:44 +00:00
wiz
4f92a4853d New sentence, new line. From Robert Elz. 2002-10-01 19:38:46 +00:00
mjl
c455730141 Correct #ifdef'ed out usage of memset 2002-07-20 14:18:45 +00:00
itojun
211e500c75 use strtok_r, as strtok can interfere with other callers. from openbsd 2002-06-22 11:52:40 +00:00
itojun
d2503f643b type mismatch 2002-06-07 01:39:07 +00:00
itojun
44772e4b2f there are people using #ifdef APPEND_DOT. recover it. 2002-06-07 01:36:09 +00:00
itojun
8288fc93ab s/STRN_CPY/strlcpy/ 2002-06-06 21:45:19 +00:00
itojun
3ba1803eb3 correct misuse of strncpy (use strlcpy). from openbsd 2002-06-06 21:42:42 +00:00
itojun
2f7d82e63d support scoped IPv6 address properly. PR 16810. 2002-06-06 21:28:49 +00:00
itojun
5ab78ccf04 be more picky about IP option. len >= 2 for normal options. 2002-05-24 06:05:31 +00:00
itojun
2ef04ff634 cleanup some of portability #ifdefs, which are not needed for netbsd. 2002-05-24 05:38:19 +00:00
itojun
5faa38589c be more picky about malformed IP options. 2002-05-24 05:30:54 +00:00
atatat
43fa832908 Clean out "dirty" to avoid spurious log entries. 2002-04-24 16:37:08 +00:00
atatat
ae10ef9a4b Log a warning if the address (n) has more significant bits than the
netmask (m) in a entry of the form "n.n.n.n/m.m.m.m".
2002-04-04 19:50:27 +00:00
thorpej
9c33b55e7c Split the notion of building Hesiod, Kerberos, S/key, and YP
infrastructure and using that infrastructure in programs.

	* MKHESIOD, MKKERBEROS, MKSKEY, and MKYP control building
	  of the infratsructure (libraries, support programs, etc.)

	* USE_HESIOD, USE_KERBEROS, USE_SKEY, and USE_YP control
	  building of support for using the corresponding API
	  in various libraries/programs that can use it.

As discussed on tech-toolchain.
2002-03-22 18:10:19 +00:00
wiz
d70fe2e86c Fix error message, as reported in lib/15711 by Onno van der Linden. 2002-02-23 23:28:31 +00:00
wiz
d5bbc54aba Use correct comment macro. 2002-02-20 11:33:25 +00:00
ross
dc5571b22e Generate <>& symbolically. I'm avoiding .../dist/... directories for now. 2002-02-08 01:21:55 +00:00
wiz
bed5b7e260 Whitespace nit. 2002-01-15 02:53:28 +00:00
lukem
2e5ff91d16 WARNS=2 fixes 2001-11-05 15:05:18 +00:00
atatat
349f0e356b Rearrange the way syslog() is used. Some messages include %m which
syslog understands, but vsnprintf() does not.
2001-09-24 17:55:47 +00:00
itojun
999357cb7d new tcp_wrapper license, as deraadt@openbsd negotiated with wietse
and presented in ftp://ftp.porcupine.org/pub/security/tcp_wrappers_license.
(details: see openbsd changelog for libexec/tcpd/DISCLAIMER).
2001-06-02 05:20:56 +00:00
kleink
530e81b761 Wrap external declarations inside __{BEGIN,END}_DECLS; fixes PR lib/12458
by Dan McMahill.
2001-03-27 22:46:55 +00:00
itojun
d65f44a1a5 correct typecast mistake.
http://www.openbsd.org/errata.html#libwrap
2001-02-27 04:13:13 +00:00
sommerfeld
8aefd97377 Format string audit cleanup (increase format checking) 2000-10-04 16:24:49 +00:00
itojun
dbc196be0d fatal typo. From: Izumi Tsutsui <tsutsui@ceres.dti.ne.jp> 2000-07-26 14:59:06 +00:00
itohy
9bdf22f648 Correct ctype(3) usage, just in case.... 2000-07-14 05:26:04 +00:00