Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
163,436 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

48 Commits

Author SHA1 Message Date
tls 4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the 
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
 2007-05-28 12:06:17 +00:00
elad e35f123530 PR/19069: Jun-ichiro itojun Hagino: traceroute(8) and traceroute6(8) can 
send packet to udp port 0, which is illegal
 2006-10-07 10:23:33 +00:00
rpaulo de8db47547 Add support for RFC 3542 Adv. Socket API for IPv6 (which obsoletes 2292). 
* RFC 3542 isn't binary compatible with RFC 2292.
* RFC 2292 support is on by default but can be disabled.
* update ping6, telnet and traceroute6 to the new API.

From the KAME project (www.kame.net).
Reviewed by core.
 2006-05-05 00:03:21 +00:00
ginsbach 85dd62aa2a Add description for -r option. Description taken from traceroute man page. 2005-09-17 15:16:11 +00:00
wiz 18b59e97b5 Fix -m description position. From YOMURA Masanori in private mail. 2005-09-11 23:46:39 +00:00
itojun 2a4c071a4f do not disclose endian/pid. henning@openbsd 2004-04-22 01:41:22 +00:00
itojun c0819ecd5d do not disclose endian/alignment by probe packet. from dreaadt@openbsd 
via kame
 2004-01-25 03:26:30 +00:00
agc 326b2259b7 Move UCB-licensed code from 4-clause to 3-clause licence. 
Patches provided by Joel Baker in PR 22366, verified by myself.
 2003-08-07 11:25:11 +00:00
itojun 9c298b2da2 sysctl/setsockopt takes int, not u_long. 2003-01-21 09:15:54 +00:00
itojun 8a8d344fd5 fix arg size to IPV6_UNICAST_HOPS socket option. Hiroki Sato 2003-01-21 07:55:17 +00:00
itojun 22a4160612 be more picky about argument parsing (check ERANGE from strtoul). sync w/kame 2002-10-24 12:54:14 +00:00
itojun f062d0205a make args u_long not to lose accuracy due to conversion/overflow. 
from mark@openbsd
 2002-10-23 03:48:07 +00:00
itojun 52c469ffaa socklen_t audit. from deraadt, sync w/kame 2002-09-08 01:41:12 +00:00
onoe b719e19a2f Fixed trivial bugs in previous commit: 
unnecessary socket is opened, and non-root user failed to execute...
 2002-08-30 04:02:44 +00:00
onoe 4a58d16e34 Add -I (use icmp) option as traceroute. 
sync w/kame
 2002-08-30 03:57:20 +00:00
itojun dcbc05cef8 warn if multiple addresses are returned from DNS, like traceroute(8) does. 
sync w/kame
 2002-08-27 00:34:52 +00:00
itojun d36c8b47de no need for struct timezone. From: Kevin Steves <kevin@atomicgears.com> 2002-08-09 02:57:09 +00:00
itojun 304d46f942 check port number range. sync w/kame, pointed out by deraadt 2002-06-29 07:49:25 +00:00
itojun ba39243377 use strchr not index 2002-06-09 02:45:26 +00:00
itojun c264025d4e grab max hlim/ttl from kernel via sysctl. sync w/openbsd 2002-05-26 14:45:43 +00:00
itojun 00c1d95307 typo in port number setting 2002-05-26 13:14:03 +00:00
itojun ef38c9fcf1 KNF and other cleanups. from openbsd via kame 2002-05-26 05:32:13 +00:00
itojun c38970800e sizeof pedant 2002-02-19 02:29:58 +00:00
ross 2a76afae02 Generate <>& symbolically. I'm avoiding .../dist/... directories for now. 2002-02-08 01:36:18 +00:00
kleink a0649bd297 getopt(3): EOF -> -1. 2001-05-07 14:00:22 +00:00
itojun 48110adac6 correct fd_set allocation. from deraadt 2001-01-12 18:53:20 +00:00
itojun 8537da23ad use strlcpy/at throughout the code. more strct argument validation. 
revoke setuid privilege earlier.

sync with kame.
 2000-12-22 15:12:04 +00:00
itojun 50ac5d898b move rcsid to the top 2000-11-24 07:42:07 +00:00
itojun ffa892c2d7 use poll(2). 2000-10-08 06:40:42 +00:00
itojun 829f1b8451 avoid fd_set size overflow. from deraadt@openbsd, sync with kame. 2000-10-07 06:41:37 +00:00
kleink 4918722a89 For commands and utilities, use EXIT STATUS rather than RETURN VALUES or 
DIAGNOSTICS as appropriate (and documented in mdoc(7)).
 2000-09-04 07:35:15 +00:00
itojun fed1a1bf38 warnx?/errx? audit (don't pass variable alone). from openbsd. 2000-07-07 12:22:32 +00:00
itojun a847ca3ad6 be more careful about arg to errx?/warnx? (do not pass variable directly, 
it may contain "%").  from openbsd, via kame.
 2000-06-30 18:58:42 +00:00
itojun 5a2c8d59e9 print source address of query. support -f (skip first N hops). 
do not choke on unexpected ND messages.
 2000-06-12 16:31:52 +00:00
itojun 1e22bb586e correct use of perror(). 2000-03-12 02:42:43 +00:00
itojun 9c971f7c4d typo fix (s/Ridirect/Redirect/) 2000-03-02 07:43:32 +00:00
itojun 970a04ff88 do not assume CMSG_xx are constant. (sync with latest kame) 2000-02-28 07:03:58 +00:00
mycroft fdf456b5f0 Nuke gratuitous setting of BINOWN and BINGRP. 2000-02-25 08:52:03 +00:00
itojun 7414be8dd0 add missing command line arguments (target and datalen) 2000-02-16 06:10:15 +00:00
itojun e00a204ac4 use getnameinfo(), not inet_ntop(), as much as possible. 
(sync with recent kame)
 2000-02-16 00:38:14 +00:00
itojun a58fc4d3b8 sync with latest libipsec/kernel. 2000-01-31 14:25:42 +00:00
enami 82d7115cf2 Don't pass so many args to .Nd macro. It just overflows. 1999-11-19 01:12:39 +00:00
itojun 1c73836310 do not bark even if IPsec is turned off in kernel. 1999-09-03 01:49:16 +00:00
itojun 656cf2dd52 allow "traceroute6 -q1 foo". 
KAME PR: 135
 1999-07-30 01:19:58 +00:00
itojun b7ee9c3863 add NetBSD RCS ID. 1999-07-04 02:43:39 +00:00
itojun 9a6abc8c5d s/CFLAGS/CPPFLAGS/ for -D and -I. 1999-07-03 06:26:25 +00:00
thorpej 8cc65d3aa6 Squash some NULL printf format warnings, providing better error messages 
to the user in the process.
 1999-07-02 18:13:45 +00:00
itojun 2447462b5e traceroute6: traceroute for IPv6. 
TODO: better to be separate, or merged?
 1999-07-01 20:55:03 +00:00