SecBSD
/
src
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync with OpenBSD -current

This commit is contained in:
purplerain 2024-04-02 22:46:26 +00:00
parent 297ba4a59a
commit a339fc8c86
Signed by: purplerain
GPG Key ID: F42C07F07E2E35B7
29 changed files with 192 additions and 352 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
etc/rc
View File

@ -1,4 +1,4 @@
# $OpenBSD: rc,v 1.573 2024/03/30 07:35:01 deraadt Exp $
# $OpenBSD: rc,v 1.574 2024/04/02 08:21:04 deraadt Exp $
# System startup script run by init on autoboot or after single-user.
# Output and error are redirected to console by init, and the console is the
@ -241,7 +241,7 @@ reorder_libs() {
) || { _error=true; break; }
done
for _bin in $_relink/usr/sbin/sshd; do
for _bin in $_relink/usr/sbin/sshd $_relink/usr/bin/ssh-agent ; do
_tmpdir=$(mktemp -dq $_relink/_rebuild.XXXXXXXXXXXX) &&
(
set -o errexit

4
lib/libc/rpc/clnt_udp.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: clnt_udp.c,v 1.41 2024/01/22 16:18:06 deraadt Exp $ */
/* $OpenBSD: clnt_udp.c,v 1.42 2024/04/02 08:51:06 jsg Exp $ */
/*
* Copyright (c) 2010, Oracle America, Inc.
@ -77,7 +77,7 @@ clntudp_bufcreate1(struct clntudp_bufcreate_args *args)
}
args->sendsz = ((args->sendsz + 3) / 4) * 4;
args->recvsz = ((args->recvsz + 3) / 4) * 4;
args->cu = (struct cu_data *)mem_alloc(sizeof(args->cu) +
args->cu = (struct cu_data *)mem_alloc(sizeof(*args->cu) +
args->sendsz + args->recvsz);
if (args->cu == NULL) {
rpc_createerr.cf_stat = RPC_SYSTEMERROR;

12
lib/libc/sys/getsockopt.2
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: getsockopt.2,v 1.61 2023/02/22 06:31:51 guenther Exp $
.\" $OpenBSD: getsockopt.2,v 1.62 2024/04/02 14:23:15 claudio Exp $
.\" $NetBSD: getsockopt.2,v 1.7 1995/02/27 12:33:29 cgd Exp $
.\"
.\" Copyright (c) 1983, 1991, 1993
@ -30,7 +30,7 @@
.\"
.\" @(#)getsockopt.2 8.3 (Berkeley) 4/19/94
.\"
.Dd $Mdocdate: February 22 2023 $
.Dd $Mdocdate: April 2 2024 $
.Dt GETSOCKOPT 2
.Os
.Sh NAME
@ -176,6 +176,8 @@ get and clear error on the socket (get only)
get the domain of the socket (get only)
.It Dv SO_PROTOCOL
get the protocol of the socket (get only)
.It Dv SO_ACCEPTCONN
get listening status of the socket (get only)
.It Dv SO_PEERCRED
get the credentials from other side of connection (get only)
.El
@ -447,6 +449,7 @@ Finally,
.Dv SO_DOMAIN ,
.Dv SO_PROTOCOL ,
.Dv SO_ERROR ,
.Dv SO_ACCEPTCONN ,
and
.Dv SO_PEERCRED
are options used only with
@ -465,6 +468,11 @@ returns the protocol of the socket such as
returns any pending error on the socket and clears the error status.
It may be used to check for asynchronous errors on connected
datagram sockets or for other asynchronous errors.
.Dv SO_ACCEPTCONN
returns whether the socket is currently accepting connections, that is,
whether or not
.Xr listen 2
was called.
.Dv SO_PEERCRED
fetches the
.Va struct sockpeercred

6
lib/libc/sys/pinsyscalls.2
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: pinsyscalls.2,v 1.4 2023/12/19 19:39:52 deraadt Exp $
.\" $OpenBSD: pinsyscalls.2,v 1.5 2024/04/01 19:29:16 benno Exp $
.\"
.\" Copyright (c) 2023 Theo de Raadt <deraadt@openbsd.org>
.\"
@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 19 2023 $
.Dd $Mdocdate: April 1 2024 $
.Dt PINSYSCALLS 2
.Os
.Sh NAME
@ -77,4 +77,4 @@ At least one system call offset is beyond the bounds of
The
.Fn pinsyscalls
system call first appeared in
.Ox 7.4 .
.Ox 7.5 .

8
lib/libcrypto/ec/ecx_methods.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ecx_methods.c,v 1.12 2024/03/29 06:41:58 tb Exp $ */
/* $OpenBSD: ecx_methods.c,v 1.13 2024/04/02 04:04:07 tb Exp $ */
/*
* Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
*
@ -536,7 +536,6 @@ static int
ecx_cms_sign_or_verify(EVP_PKEY *pkey, long verify, CMS_SignerInfo *si)
{
X509_ALGOR *digestAlgorithm, *signatureAlgorithm;
ASN1_OBJECT *aobj;
if (verify != 0 && verify != 1)
return -1;
@ -575,9 +574,8 @@ ecx_cms_sign_or_verify(EVP_PKEY *pkey, long verify, CMS_SignerInfo *si)
return 1;
}
if ((aobj = OBJ_nid2obj(NID_ED25519)) == NULL)
return -1;
if (!X509_ALGOR_set0(signatureAlgorithm, aobj, V_ASN1_UNDEF, NULL))
if (!X509_ALGOR_set0_by_nid(signatureAlgorithm, NID_ED25519,
V_ASN1_UNDEF, NULL))
return -1;
return 1;

4
libexec/spamd/spamd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: spamd.c,v 1.161 2023/09/05 16:01:58 jca Exp $ */
/* $OpenBSD: spamd.c,v 1.162 2024/04/01 21:09:44 millert Exp $ */
/*
* Copyright (c) 2015 Henning Brauer <henning@openbsd.org>
@ -845,6 +845,8 @@ nextstate(struct con *cp)
match(cp->ibuf, "EHLO")) {
snprintf(cp->obuf, cp->osize,
"250-%s\r\n"
"250-8BITMIME\r\n"
"250-SMTPUTF8\r\n"
"250 STARTTLS\r\n",
hostname);
nextstate = 7;

13
regress/sys/arch/amd64/fpu/fenv.S
View File

@ -1,4 +1,4 @@
/* $OpenBSD: fenv.S,v 1.1.1.1 2018/08/21 18:35:18 bluhm Exp $ */
/* $OpenBSD: fenv.S,v 1.2 2024/04/01 18:52:34 anton Exp $ */
/*
* Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org>
*
@ -17,6 +17,13 @@
#include <sys/syscall.h>
#define PINSYSCALL(sysno, label) \
.pushsection .openbsd.syscalls,"",%progbits; \
.p2align 2; \
.long label; \
.long sysno; \
.popsection;
.section .note.openbsd.ident, "a"
.p2align 2
.long 8
@ -49,7 +56,11 @@ _start:
mov $1, %rdi
mov $env, %rsi
mov $(env_end-env), %rdx
1:
syscall
PINSYSCALL(SYS_write, 1b)
mov $SYS_exit, %rax
mov $0, %rdi
2:
syscall
PINSYSCALL(SYS_exit, 2b)

134
regress/usr.sbin/bgpd/config/bgpd.conf.example.ok
View File

@ -1,134 +0,0 @@
ASN = "65001"
peer1 = "10.1.0.2"
peer2 = "10.1.0.3"
AS 65001
router-id 127.0.0.1
socket "/var/run/bgpd.sock.0"
prefix-set "mynetworks" { 192.0.2.0/24 }
rde rib Adj-RIB-In no evaluate
rde rib Loc-RIB rtable 0 fib-update yes
neighbor 10.2.1.1 {
remote-as 65023
local-address 10.0.0.8
enforce neighbor-as yes
enforce local-as yes
ipsec esp in spi 1010 sha1 XXXXXX aes XXXXXX
ipsec esp out spi 1012 sha1 XXXXXX aes XXXXXX
announce IPv4 unicast
}
neighbor 10.0.0.0/24 {
descr "template for local peers"
enforce neighbor-as no
enforce local-as yes
announce IPv4 unicast
}
neighbor 10.0.2.0 {
descr "upstream2"
remote-as 65004
local-address 10.0.0.8
enforce neighbor-as yes
enforce local-as yes
ipsec ah ike
announce IPv4 unicast
}
neighbor 10.0.1.0 {
descr "upstream"
remote-as 65003
multihop 2
passive
local-address 10.0.0.8
holdtime 180
holdtime min 3
export none
enforce neighbor-as yes
enforce local-as yes
tcp md5sig
announce IPv4 unicast
}
group "peering AS65002" {
neighbor 10.1.0.2 {
descr "AS 65001 peer 1"
remote-as 65002
enforce neighbor-as yes
enforce local-as yes
tcp md5sig
announce IPv4 unicast
}
neighbor 10.1.0.3 {
descr "AS 65001 peer 2"
remote-as 65002
local-address 10.0.0.8
enforce neighbor-as yes
enforce local-as yes
ipsec esp ike
announce IPv4 unicast
}
}
group "peering AS65042" {
neighbor 10.2.0.2 {
descr "peering AS 65042"
remote-as 65042
local-address 10.0.0.8
enforce neighbor-as yes
enforce local-as yes
ipsec ah ike
announce IPv4 unicast
}
neighbor 10.2.0.1 {
descr "peering AS 65042"
remote-as 65042
local-address 10.0.0.8
enforce neighbor-as yes
enforce local-as yes
ipsec ah ike
announce IPv4 unicast
}
}
allow from ibgp
allow from any prefix 0.0.0.0/0 prefixlen 8 - 24
allow from any prefix ::/0 prefixlen 16 - 48
match from any community 65535:0 set { localpref 0 }
allow from any prefix 23.128.0.0/10 prefixlen 24 - 28
deny from any prefix 0.0.0.0/8 prefixlen >= 8
deny from any prefix 10.0.0.0/8 prefixlen >= 8
deny from any prefix 100.64.0.0/10 prefixlen >= 10
deny from any prefix 127.0.0.0/8 prefixlen >= 8
deny from any prefix 169.254.0.0/16 prefixlen >= 16
deny from any prefix 172.16.0.0/12 prefixlen >= 12
deny from any prefix 192.0.2.0/24 prefixlen >= 24
deny from any prefix 192.88.99.0/24 prefixlen >= 24
deny from any prefix 192.168.0.0/16 prefixlen >= 16
deny from any prefix 198.18.0.0/15 prefixlen >= 15
deny from any prefix 198.51.100.0/24 prefixlen >= 24
deny from any prefix 203.0.113.0/24 prefixlen >= 24
deny from any prefix 224.0.0.0/4 prefixlen >= 4
deny from any prefix 240.0.0.0/4 prefixlen >= 4
deny from any prefix ::/8 prefixlen >= 8
deny from any prefix 100::/64 prefixlen >= 64
deny from any prefix 2001:2::/48 prefixlen >= 48
deny from any prefix 2001:10::/28 prefixlen >= 28
deny from any prefix 2001:db8::/32 prefixlen >= 32
deny from any prefix 2002::/16 prefixlen >= 16
deny from any prefix 3ffe::/16 prefixlen >= 16
deny from any prefix fc00::/7 prefixlen >= 7
deny from any prefix fe80::/10 prefixlen >= 10
deny from any prefix fec0::/10 prefixlen >= 10
deny from any prefix ff00::/8 prefixlen >= 8
deny from any AS 23456
deny from any AS 64496 - 64511
deny from any AS 64512 - 65534
deny from any AS 65535
deny from any AS 65536 - 65551
deny from any AS 65552 - 131071
deny from any AS 4200000000 - 4294967294
deny from any AS 4294967295
allow to ibgp
allow to ebgp prefix-set "mynetworks" large-community 65001:1:1

16
sbin/iked/ikev2_pld.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ikev2_pld.c,v 1.134 2024/03/02 16:16:07 tobhe Exp $ */
/* $OpenBSD: ikev2_pld.c,v 1.135 2024/04/02 19:58:28 tobhe Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@ -2074,19 +2074,25 @@ ikev2_pld_eap(struct iked *env, struct ikev2_payload *pld,
struct eap_header hdr;
struct eap_message *eap = NULL;
const struct iked_sa *sa = msg->msg_sa;
size_t len;
size_t eap_len;
if (ikev2_validate_eap(msg, offset, left, &hdr))
return (-1);
len = betoh16(hdr.eap_length);
if (len < sizeof(*eap)) {
eap_len = betoh16(hdr.eap_length);
if (left != eap_len) {
log_info("%s: malformed payload: EAP length does not match"
" payload length (%zu != %zu)", __func__, left, eap_len);
return (-1);
}
if (eap_len < sizeof(*eap)) {
log_info("%s: %s id %d length %d", SPI_SA(sa, __func__),
print_map(hdr.eap_code, eap_code_map),
hdr.eap_id, betoh16(hdr.eap_length));
} else {
/* Now try to get the indicated length */
if ((eap = ibuf_seek(msg->msg_data, offset, len)) == NULL) {
if ((eap = ibuf_seek(msg->msg_data, offset, eap_len)) == NULL) {
log_debug("%s: invalid EAP length", __func__);
return (-1);
}

45
sys/dev/pci/if_vmx.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: if_vmx.c,v 1.82 2024/02/29 22:09:33 jan Exp $ */
/* $OpenBSD: if_vmx.c,v 1.83 2024/04/02 20:59:48 jan Exp $ */
/*
* Copyright (c) 2013 Tsubai Masanari
@ -34,11 +34,14 @@
#include <net/if.h>
#include <net/toeplitz.h>
#include <net/if_media.h>
#include <net/route.h>
#include <netinet/in.h>
#include <netinet/if_ether.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netinet/tcp_timer.h>
#include <netinet/tcp_var.h>
#include <netinet/udp.h>
#include <machine/bus.h>
@ -407,6 +410,8 @@ vmxnet3_attach(struct device *parent, struct device *self, void *aux)
ifp->if_capabilities |= IFCAP_CSUM_TCPv6 | IFCAP_CSUM_UDPv6;
}
ifp->if_capabilities |= IFCAP_TSOv4 | IFCAP_TSOv6;
#if NVLAN > 0
if (sc->sc_ds->upt_features & UPT1_F_VLAN)
ifp->if_capabilities |= IFCAP_VLAN_HWTAGGING;
@ -579,8 +584,8 @@ vmxnet3_alloc_txring(struct vmxnet3_softc *sc, int queue, int intr)
comp_ring->txcd = VMX_DMA_KVA(&comp_ring->dmamem);
for (idx = 0; idx < NTXDESC; idx++) {
if (bus_dmamap_create(sc->sc_dmat, JUMBO_LEN, NTXSEGS,
VMXNET3_TX_LEN_M + 1, 0, BUS_DMA_NOWAIT, &ring->dmap[idx]))
if (bus_dmamap_create(sc->sc_dmat, MAXMCLBYTES, NTXSEGS,
VMXNET3_TX_LEN_M, 0, BUS_DMA_NOWAIT, &ring->dmap[idx]))
return -1;
}
@ -1440,13 +1445,41 @@ vmxnet3_tx_offload(struct vmxnet3_txdesc *sop, struct mbuf *m)
offset = hdrlen + offsetof(struct tcphdr, th_sum);
else if (ext.udp)
offset = hdrlen + offsetof(struct udphdr, uh_sum);
else
return;
if (!ISSET(m->m_pkthdr.csum_flags, M_TCP_TSO)) {
hdrlen &= VMXNET3_TX_HLEN_M;
offset &= VMXNET3_TX_OP_M;
sop->tx_word3 |= htole32(VMXNET3_OM_CSUM << VMXNET3_TX_OM_S);
sop->tx_word3 |= htole32(hdrlen << VMXNET3_TX_HLEN_S);
sop->tx_word2 |= htole32(offset << VMXNET3_TX_OP_S);
return;
}
/*
* TCP Segmentation Offload
*/
if (ext.tcp == NULL) {
tcpstat_inc(tcps_outbadtso);
return;
}
if (ext.ip4)
ext.ip4->ip_sum = 0;
hdrlen += ext.tcphlen;
hdrlen &= VMXNET3_TX_HLEN_M;
offset &= VMXNET3_TX_OP_M;
sop->tx_word3 |= htole32(VMXNET3_OM_CSUM << VMXNET3_TX_OM_S);
sop->tx_word3 |= htole32(VMXNET3_OM_TSO << VMXNET3_TX_OM_S);
sop->tx_word3 |= htole32(hdrlen << VMXNET3_TX_HLEN_S);
sop->tx_word2 |= htole32(offset << VMXNET3_TX_OP_S);
sop->tx_word2 |= htole32(m->m_pkthdr.ph_mss << VMXNET3_TX_OP_S);
tcpstat_add(tcps_outpkttso, (m->m_pkthdr.len - hdrlen +
m->m_pkthdr.ph_mss - 1) / m->m_pkthdr.ph_mss);
}
void

24
sys/kern/exec_elf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: exec_elf.c,v 1.185 2024/01/17 22:22:25 kurt Exp $ */
/* $OpenBSD: exec_elf.c,v 1.186 2024/04/02 08:39:16 deraadt Exp $ */
/*
* Copyright (c) 1996 Per Fogelstrom
@ -494,10 +494,15 @@ elf_load_file(struct proc *p, char *path, struct exec_package *epp,
addr = ph[i].p_vaddr - base_ph->p_vaddr;
}
elf_load_psection(&epp->ep_vmcmds, nd.ni_vp,
&ph[i], &addr, &size, &prot, flags | VMCMD_SYSCALL);
&ph[i], &addr, &size, &prot, flags);
/* If entry is within this section it must be text */
if (eh.e_entry >= ph[i].p_vaddr &&
eh.e_entry < (ph[i].p_vaddr + size)) {
/* LOAD containing e_entry may not be writable */
if (prot & PROT_WRITE) {
error = ENOEXEC;
goto bad1;
}
epp->ep_entry = addr + eh.e_entry -
ELF_TRUNC(ph[i].p_vaddr,ph[i].p_align);
if (flags == VMCMD_RELATIVE)
@ -715,7 +720,7 @@ exec_elf_makecmds(struct proc *p, struct exec_package *epp)
*/
for (i = 0, pp = ph; i < eh->e_phnum; i++, pp++) {
Elf_Addr addr, size = 0;
int prot = 0, syscall = 0;
int prot = 0;
int flags = 0;
switch (pp->p_type) {
@ -731,16 +736,9 @@ exec_elf_makecmds(struct proc *p, struct exec_package *epp)
} else
addr = ELF_NO_ADDR;
/*
* Permit system calls in main-text static binaries.
* static binaries may not call msyscall() or
* pinsyscalls()
*/
if (interp == NULL) {
syscall = VMCMD_SYSCALL;
p->p_vmspace->vm_map.flags |= VM_MAP_SYSCALL_ONCE;
/* Static binaries may not call pinsyscalls() */
if (interp == NULL)
p->p_vmspace->vm_map.flags |= VM_MAP_PINSYSCALL_ONCE;
}
/*
* Calculates size of text and data segments
@ -750,7 +748,7 @@ exec_elf_makecmds(struct proc *p, struct exec_package *epp)
* for DATA_PLT, is fine for TEXT_PLT.
*/
elf_load_psection(&epp->ep_vmcmds, epp->ep_vp,
pp, &addr, &size, &prot, flags | textrel | syscall);
pp, &addr, &size, &prot, flags | textrel);
/*
* Update exe_base in case alignment was off.

8
sys/kern/exec_subr.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: exec_subr.c,v 1.66 2023/03/19 20:32:13 kettenis Exp $ */
/* $OpenBSD: exec_subr.c,v 1.67 2024/04/02 08:39:16 deraadt Exp $ */
/* $NetBSD: exec_subr.c,v 1.9 1994/12/04 03:10:42 mycroft Exp $ */
/*
@ -194,9 +194,6 @@ vmcmd_map_pagedvn(struct proc *p, struct exec_vmcmd *cmd)
/*
* do the map
*/
if ((cmd->ev_flags & VMCMD_SYSCALL) && (cmd->ev_prot & PROT_EXEC))
flags |= UVM_FLAG_SYSCALL;
error = uvm_map(&p->p_vmspace->vm_map, &cmd->ev_addr, cmd->ev_len,
uobj, cmd->ev_offset, 0,
UVM_MAPFLAG(cmd->ev_prot, PROT_MASK, MAP_INHERIT_COPY,
@ -217,8 +214,7 @@ vmcmd_map_pagedvn(struct proc *p, struct exec_vmcmd *cmd)
round_page(cmd->ev_addr + cmd->ev_len), 1);
#ifdef PMAP_CHECK_COPYIN
if (PMAP_CHECK_COPYIN &&
((flags & UVM_FLAG_SYSCALL) ||
((cmd->ev_flags & VMCMD_IMMUTABLE) && (cmd->ev_prot & PROT_EXEC))))
((cmd->ev_flags & VMCMD_IMMUTABLE) && (cmd->ev_prot & PROT_EXEC)))
uvm_map_check_copyin_add(&p->p_vmspace->vm_map,
cmd->ev_addr, round_page(cmd->ev_addr + cmd->ev_len));
#endif

4
sys/kern/init_main.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: init_main.c,v 1.325 2024/02/14 06:17:51 miod Exp $ */
/* $OpenBSD: init_main.c,v 1.326 2024/04/02 08:39:16 deraadt Exp $ */
/* $NetBSD: init_main.c,v 1.84.4.1 1996/06/02 09:08:06 mrg Exp $ */
/*
@ -627,7 +627,7 @@ start_init(void *arg)
NULL, UVM_UNKNOWN_OFFSET, 0,
UVM_MAPFLAG(PROT_READ | PROT_WRITE, PROT_MASK, MAP_INHERIT_COPY,
MADV_NORMAL,
UVM_FLAG_FIXED|UVM_FLAG_OVERLAY|UVM_FLAG_COPYONW|UVM_FLAG_STACK|UVM_FLAG_SYSCALL)))
UVM_FLAG_FIXED|UVM_FLAG_OVERLAY|UVM_FLAG_COPYONW|UVM_FLAG_STACK)))
panic("init: couldn't allocate argument space");
for (pathp = &initpaths[0]; (path = *pathp) != NULL; pathp++) {

4
sys/kern/kern_exec.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kern_exec.c,v 1.254 2024/01/17 18:56:13 deraadt Exp $ */
/* $OpenBSD: kern_exec.c,v 1.255 2024/04/02 08:39:16 deraadt Exp $ */
/* $NetBSD: kern_exec.c,v 1.75 1996/02/09 18:59:28 christos Exp $ */
/*-
@ -905,7 +905,7 @@ exec_sigcode_map(struct process *pr)
if (uvm_map(&pr->ps_vmspace->vm_map, &pr->ps_sigcode, round_page(sz),
sigobject, 0, 0, UVM_MAPFLAG(PROT_EXEC,
PROT_READ | PROT_WRITE | PROT_EXEC, MAP_INHERIT_COPY,
MADV_RANDOM, UVM_FLAG_COPYONW | UVM_FLAG_SYSCALL))) {
MADV_RANDOM, UVM_FLAG_COPYONW))) {
uao_detach(sigobject);
return (ENOMEM);
}

2
sys/kern/sys_process.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sys_process.c,v 1.96 2024/03/30 13:33:20 mpi Exp $ */
/* $OpenBSD: sys_process.c,v 1.97 2024/04/02 08:27:22 deraadt Exp $ */
/* $NetBSD: sys_process.c,v 1.55 1996/05/15 06:17:47 tls Exp $ */
/*-

7
sys/kern/uipc_socket.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: uipc_socket.c,v 1.325 2024/03/31 14:01:28 mvs Exp $ */
/* $OpenBSD: uipc_socket.c,v 1.327 2024/04/02 14:23:15 claudio Exp $ */
/* $NetBSD: uipc_socket.c,v 1.21 1996/02/04 02:17:52 christos Exp $ */
/*
@ -2050,6 +2050,7 @@ sogetopt(struct socket *so, int level, int optname, struct mbuf *m)
case SO_REUSEPORT:
case SO_BROADCAST:
case SO_OOBINLINE:
case SO_ACCEPTCONN:
case SO_TIMESTAMP:
case SO_ZEROIZE:
*mtod(m, int *) = so->so_options & optname;
@ -2290,7 +2291,7 @@ filt_soread(struct knote *kn, long hint)
}
kn->kn_fflags = so->so_error;
rv = 1;
} else if (so->so_error) { /* temporary udp error */
} else if (so->so_error) {
rv = 1;
} else if (kn->kn_sfflags & NOTE_LOWAT) {
rv = (kn->kn_data >= kn->kn_sdata);
@ -2327,7 +2328,7 @@ filt_sowrite(struct knote *kn, long hint)
}
kn->kn_fflags = so->so_error;
rv = 1;
} else if (so->so_error) { /* temporary udp error */
} else if (so->so_error) {
rv = 1;
} else if (((so->so_state & SS_ISCONNECTED) == 0) &&
(so->so_proto->pr_flags & PR_CONNREQUIRED)) {

3
sys/sys/exec.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: exec.h,v 1.53 2024/01/16 19:05:00 deraadt Exp $ */
/* $OpenBSD: exec.h,v 1.54 2024/04/02 08:39:16 deraadt Exp $ */
/* $NetBSD: exec.h,v 1.59 1996/02/09 18:25:09 christos Exp $ */
/*-
@ -92,7 +92,6 @@ struct exec_vmcmd {
#define VMCMD_RELATIVE 0x0001 /* ev_addr is relative to base entry */
#define VMCMD_BASE 0x0002 /* marks a base entry */
#define VMCMD_STACK 0x0004 /* create with UVM_FLAG_STACK */
#define VMCMD_SYSCALL 0x0008 /* create with UVM_FLAG_SYSCALL */
#define VMCMD_IMMUTABLE 0x0010 /* create with UVM_ET_IMMUTABLE */
#define VMCMD_TEXTREL 0x0020 /* terrible binary contains terrible textrel */
};

3
sys/sys/proc.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: proc.h,v 1.357 2024/03/30 13:33:21 mpi Exp $ */
/* $OpenBSD: proc.h,v 1.358 2024/04/02 08:39:16 deraadt Exp $ */
/* $NetBSD: proc.h,v 1.44 1996/04/22 01:23:21 christos Exp $ */
/*-
@ -337,7 +337,6 @@ struct proc {
struct filedesc *p_fd; /* copy of p_p->ps_fd */
struct vmspace *p_vmspace; /* [I] copy of p_p->ps_vmspace */
struct p_inentry p_spinentry; /* [o] cache for SP check */
struct p_inentry p_pcinentry; /* [o] cache for PC check */
int p_flag; /* P_* flags. */
u_char p_spare; /* unused */

3
sys/uvm/uvm.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: uvm.h,v 1.72 2024/03/30 12:47:47 mpi Exp $ */
/* $OpenBSD: uvm.h,v 1.73 2024/04/02 08:39:17 deraadt Exp $ */
/* $NetBSD: uvm.h,v 1.24 2000/11/27 08:40:02 chs Exp $ */
/*
@ -92,7 +92,6 @@ struct uvm {
#define UVM_ET_STACK 0x0040 /* this is a stack */
#define UVM_ET_WC 0x0080 /* write combining */
#define UVM_ET_CONCEAL 0x0100 /* omit from dumps */
#define UVM_ET_SYSCALL 0x0200 /* syscall text segment */
#define UVM_ET_IMMUTABLE 0x0400 /* entry may not be changed */
#define UVM_ET_FREEMAPPED 0x8000 /* map entry is on free list (DEBUG) */

3
sys/uvm/uvm_extern.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: uvm_extern.h,v 1.173 2024/01/19 21:20:35 deraadt Exp $ */
/* $OpenBSD: uvm_extern.h,v 1.174 2024/04/02 08:39:17 deraadt Exp $ */
/* $NetBSD: uvm_extern.h,v 1.57 2001/03/09 01:02:12 chs Exp $ */
/*
@ -111,7 +111,6 @@ typedef int vm_prot_t;
#define UVM_FLAG_STACK 0x2000000 /* page may contain a stack */
#define UVM_FLAG_WC 0x4000000 /* write combining */
#define UVM_FLAG_CONCEAL 0x8000000 /* omit from dumps */
#define UVM_FLAG_SYSCALL 0x10000000 /* system calls allowed */
#define UVM_FLAG_SIGALTSTACK 0x20000000 /* sigaltstack validation required */
/* macros to extract info */

89
sys/uvm/uvm_map.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: uvm_map.c,v 1.327 2024/02/21 03:28:29 deraadt Exp $ */
/* $OpenBSD: uvm_map.c,v 1.328 2024/04/02 08:39:17 deraadt Exp $ */
/* $NetBSD: uvm_map.c,v 1.86 2000/11/27 08:40:03 chs Exp $ */
/*
@ -871,12 +871,6 @@ uvm_mapanon(struct vm_map *map, vaddr_t *addr, vsize_t sz,
entry->inheritance = inherit;
entry->wired_count = 0;
entry->advice = advice;
if (prot & PROT_WRITE)
map->wserial++;
if (flags & UVM_FLAG_SYSCALL) {
entry->etype |= UVM_ET_SYSCALL;
map->wserial++;
}
if (flags & UVM_FLAG_STACK) {
entry->etype |= UVM_ET_STACK;
if (flags & (UVM_FLAG_FIXED | UVM_FLAG_UNMAP))
@ -1146,12 +1140,6 @@ uvm_map(struct vm_map *map, vaddr_t *addr, vsize_t sz,
entry->inheritance = inherit;
entry->wired_count = 0;
entry->advice = advice;
if (prot & PROT_WRITE)
map->wserial++;
if (flags & UVM_FLAG_SYSCALL) {
entry->etype |= UVM_ET_SYSCALL;
map->wserial++;
}
if (flags & UVM_FLAG_STACK) {
entry->etype |= UVM_ET_STACK;
if (flags & UVM_FLAG_UNMAP)
@ -1613,23 +1601,6 @@ uvm_map_inentry_sp(vm_map_entry_t entry)
return (1);
}
/*
* The system call must not come from a writeable entry, W^X is violated.
* (Would be nice if we can spot aliasing, which is also kind of bad)
*
* The system call must come from an syscall-labeled entry (which are
* the text regions of the main program, sigtramp, ld.so, or libc).
*/
int
uvm_map_inentry_pc(vm_map_entry_t entry)
{
if (entry->protection & PROT_WRITE)
return (0); /* not permitted */
if ((entry->etype & UVM_ET_SYSCALL) == 0)
return (0); /* not permitted */
return (1);
}
int
uvm_map_inentry_recheck(u_long serial, vaddr_t addr, struct p_inentry *ie)
{
@ -1747,8 +1718,6 @@ uvm_map_is_stack_remappable(struct vm_map *map, vaddr_t addr, vaddr_t sz,
return FALSE;
}
if (sigaltstack_check) {
if ((iter->etype & UVM_ET_SYSCALL))
return FALSE;
if (iter->protection != (PROT_READ | PROT_WRITE))
return FALSE;
}
@ -2937,13 +2906,12 @@ uvm_map_printit(struct vm_map *map, boolean_t full,
(long long)entry->offset, entry->aref.ar_amap,
entry->aref.ar_pageoff);
(*pr)("\tsubmap=%c, cow=%c, nc=%c, stack=%c, "
"syscall=%c, prot(max)=%d/%d, inh=%d, "
"prot(max)=%d/%d, inh=%d, "
"wc=%d, adv=%d\n",
(entry->etype & UVM_ET_SUBMAP) ? 'T' : 'F',
(entry->etype & UVM_ET_COPYONWRITE) ? 'T' : 'F',
(entry->etype & UVM_ET_NEEDSCOPY) ? 'T' : 'F',
(entry->etype & UVM_ET_STACK) ? 'T' : 'F',
(entry->etype & UVM_ET_SYSCALL) ? 'T' : 'F',
entry->protection, entry->max_protection,
entry->inheritance, entry->wired_count, entry->advice);
@ -3222,10 +3190,6 @@ uvm_map_protect(struct vm_map *map, vaddr_t start, vaddr_t end,
mask = UVM_ET_ISCOPYONWRITE(iter) ?
~PROT_WRITE : PROT_MASK;
/* XXX should only wserial++ if no split occurs */
if (iter->protection & PROT_WRITE)
map->wserial++;
if (map->flags & VM_MAP_ISVMSPACE) {
if (old_prot == PROT_NONE) {
((struct vmspace *)map)->vm_dused +=
@ -3401,7 +3365,7 @@ uvmspace_exec(struct proc *p, vaddr_t start, vaddr_t end)
*/
vm_map_lock(map);
vm_map_modflags(map, 0, VM_MAP_WIREFUTURE |
VM_MAP_SYSCALL_ONCE | VM_MAP_PINSYSCALL_ONCE);
VM_MAP_PINSYSCALL_ONCE);
/*
* now unmap the old program
@ -3938,8 +3902,7 @@ uvmspace_fork(struct process *pr)
new_map, new_entry->start, new_entry->end);
}
}
new_map->flags |= old_map->flags &
(VM_MAP_SYSCALL_ONCE | VM_MAP_PINSYSCALL_ONCE);
new_map->flags |= old_map->flags & VM_MAP_PINSYSCALL_ONCE;
#ifdef PMAP_CHECK_COPYIN
if (PMAP_CHECK_COPYIN) {
memcpy(&new_map->check_copyin, &old_map->check_copyin,
@ -4244,48 +4207,6 @@ uvm_map_check_copyin_add(struct vm_map *map, vaddr_t start, vaddr_t end)
}
#endif /* PMAP_CHECK_COPYIN */
/*
* uvm_map_syscall: permit system calls for range of addrs in map.
*
* => map must be unlocked
*/
int
uvm_map_syscall(struct vm_map *map, vaddr_t start, vaddr_t end)
{
struct vm_map_entry *entry;
if (start > end)
return EINVAL;
start = MAX(start, map->min_offset);
end = MIN(end, map->max_offset);
if (start >= end)
return 0;
if (map->flags & VM_MAP_SYSCALL_ONCE) /* only allowed once */
return (EPERM);
vm_map_lock(map);
entry = uvm_map_entrybyaddr(&map->addr, start);
if (entry->end > start)
UVM_MAP_CLIP_START(map, entry, start);
else
entry = RBT_NEXT(uvm_map_addr, entry);
while (entry != NULL && entry->start < end) {
UVM_MAP_CLIP_END(map, entry, end);
entry->etype |= UVM_ET_SYSCALL;
entry = RBT_NEXT(uvm_map_addr, entry);
}
#ifdef PMAP_CHECK_COPYIN
check_copyin_add(map, start, end); /* Add libc's text segment */
#endif
map->wserial++;
map->flags |= VM_MAP_SYSCALL_ONCE;
vm_map_unlock(map);
return (0);
}
/*
* uvm_map_immutable: block mapping/mprotect for range of addrs in map.
*
@ -4328,8 +4249,6 @@ uvm_map_immutable(struct vm_map *map, vaddr_t start, vaddr_t end, int imut)
entry->etype &= ~UVM_ET_IMMUTABLE;
entry = RBT_NEXT(uvm_map_addr, entry);
}
map->wserial++;
error = 0;
out:
vm_map_unlock(map);

6
sys/uvm/uvm_map.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: uvm_map.h,v 1.88 2024/01/16 19:05:01 deraadt Exp $ */
/* $OpenBSD: uvm_map.h,v 1.89 2024/04/02 08:39:17 deraadt Exp $ */
/* $NetBSD: uvm_map.h,v 1.24 2001/02/18 21:19:08 chs Exp $ */
/*
@ -261,7 +261,6 @@ RBT_PROTOTYPE(uvm_map_addr, vm_map_entry, daddrs.addr_entry,
struct vm_map {
struct pmap *pmap; /* [I] Physical map */
u_long sserial; /* [v] # stack changes */
u_long wserial; /* [v] # PROT_WRITE increases */
struct uvm_map_addr addr; /* [v] Entry tree, by addr */
@ -328,7 +327,6 @@ struct vm_map {
#define VM_MAP_WANTLOCK 0x10 /* rw: want to write-lock */
#define VM_MAP_GUARDPAGES 0x20 /* rw: add guard pgs to map */
#define VM_MAP_ISVMSPACE 0x40 /* ro: map is a vmspace */
#define VM_MAP_SYSCALL_ONCE 0x80 /* rw: libc syscall registered */
#define VM_MAP_PINSYSCALL_ONCE 0x100 /* rw: pinsyscall done */
/* Number of kernel maps and entries to statically allocate */
@ -358,7 +356,6 @@ struct vm_map * uvm_map_create(pmap_t, vaddr_t, vaddr_t, int);
vaddr_t uvm_map_pie(vaddr_t);
vaddr_t uvm_map_hint(struct vmspace *, vm_prot_t, vaddr_t, vaddr_t);
int uvm_map_check_copyin_add(struct vm_map *, vaddr_t, vaddr_t);
int uvm_map_syscall(struct vm_map *, vaddr_t, vaddr_t);
int uvm_map_immutable(struct vm_map *, vaddr_t, vaddr_t, int);
int uvm_map_inherit(struct vm_map *, vaddr_t, vaddr_t, vm_inherit_t);
int uvm_map_advice(struct vm_map *, vaddr_t, vaddr_t, int);
@ -385,7 +382,6 @@ int uvm_map_mquery(struct vm_map*, vaddr_t*, vsize_t, voff_t, int);
struct p_inentry;
int uvm_map_inentry_sp(vm_map_entry_t);
int uvm_map_inentry_pc(vm_map_entry_t);
boolean_t uvm_map_inentry(struct proc *, struct p_inentry *, vaddr_t addr,
const char *fmt, int (*fn)(vm_map_entry_t), u_long serial);

21
sys/uvm/uvm_mmap.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: uvm_mmap.c,v 1.186 2024/03/28 02:19:57 deraadt Exp $ */
/* $OpenBSD: uvm_mmap.c,v 1.187 2024/04/02 08:39:17 deraadt Exp $ */
/* $NetBSD: uvm_mmap.c,v 1.49 2001/02/18 21:19:08 chs Exp $ */
/*
@ -592,24 +592,7 @@ sys_mprotect(struct proc *p, void *v, register_t *retval)
int
sys_msyscall(struct proc *p, void *v, register_t *retval)
{
struct sys_msyscall_args /* {
syscallarg(void *) addr;
syscallarg(size_t) len;
} */ *uap = v;
vaddr_t addr;
vsize_t size, pageoff;
addr = (vaddr_t)SCARG(uap, addr);
size = (vsize_t)SCARG(uap, len);
/*
* align the address to a page boundary, and adjust the size accordingly
*/
ALIGN_ADDR(addr, size, pageoff);
if (addr > SIZE_MAX - size)
return EINVAL; /* disallow wrap-around. */
return uvm_map_syscall(&p->p_vmspace->vm_map, addr, addr+size);
return 0;
}
/*

4
usr.bin/sndiod/dev.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dev.c,v 1.107 2023/12/09 22:12:03 ratchov Exp $ */
/* $OpenBSD: dev.c,v 1.108 2024/04/02 05:21:32 ratchov Exp $ */
/*
* Copyright (c) 2008-2012 Alexandre Ratchov <alex@caoua.org>
*
@ -1108,7 +1108,7 @@ dev_abort(struct dev *d)
if (c->ops == NULL)
continue;
if (c->opt == o) {
c->ops->exit(s->arg);
c->ops->exit(c->arg);
c->ops = NULL;
}
}

3
usr.bin/sndiod/siofile.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: siofile.c,v 1.26 2022/04/29 08:30:48 ratchov Exp $ */
/* $OpenBSD: siofile.c,v 1.27 2024/04/02 05:32:10 ratchov Exp $ */
/*
* Copyright (c) 2008-2012 Alexandre Ratchov <alex@caoua.org>
*
@ -84,6 +84,7 @@ dev_sio_timeout(void *arg)
dev_log(d);
log_puts(": watchdog timeout\n");
dev_migrate(d);
dev_abort(d);
}

12
usr.bin/ssh/addr.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: addr.c,v 1.7 2023/03/27 03:31:05 djm Exp $ */
/* $OpenBSD: addr.c,v 1.8 2024/04/02 09:29:31 deraadt Exp $ */
/*
* Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
@ -25,6 +25,7 @@
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <limits.h>
#include "addr.h"
@ -453,8 +454,9 @@ int
addr_pton_cidr(const char *p, struct xaddr *n, u_int *l)
{
struct xaddr tmp;
long unsigned int masklen = 999;
char addrbuf[64], *mp, *cp;
u_int masklen = 999;
char addrbuf[64], *mp;
const char *errstr;
/* Don't modify argument */
if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) >= sizeof(addrbuf))
@ -463,8 +465,8 @@ addr_pton_cidr(const char *p, struct xaddr *n, u_int *l)
if ((mp = strchr(addrbuf, '/')) != NULL) {
*mp = '\0';
mp++;
masklen = strtoul(mp, &cp, 10);
if (*mp < '0' || *mp > '9' || *cp != '\0' || masklen > 128)
masklen = (u_int)strtonum(mp, 0, INT_MAX, &errstr);
if (errstr)
return -1;
}

71
usr.bin/ssh/misc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: misc.c,v 1.190 2024/03/04 02:16:11 djm Exp $ */
/* $OpenBSD: misc.c,v 1.193 2024/04/02 10:02:08 deraadt Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005-2020 Damien Miller. All rights reserved.
@ -511,6 +511,14 @@ a2tun(const char *s, int *remote)
#define DAYS (HOURS * 24)
#define WEEKS (DAYS * 7)
static char *
scandigits(char *s)
{
while (isdigit((unsigned char)*s))
s++;
return s;
}
/*
* Convert a time string into seconds; format is
* a sequence of:
@ -535,28 +543,31 @@ a2tun(const char *s, int *remote)
int
convtime(const char *s)
{
long total, secs, multiplier;
const char *p;
char *endp;
int secs, total = 0, multiplier;
char *p, *os, *np, c;
const char *errstr;
errno = 0;
total = 0;
p = s;
if (p == NULL || *p == '\0')
if (s == NULL || *s == '\0')
return -1;
p = os = strdup(s); /* deal with const */
if (os == NULL)
return -1;
while (*p) {
secs = strtol(p, &endp, 10);
if (p == endp ||
(errno == ERANGE && (secs == INT_MIN || secs == INT_MAX)) ||
secs < 0)
return -1;
np = scandigits(p);
if (np) {
c = *np;
*np = '\0';
}
secs = (int)strtonum(p, 0, INT_MAX, &errstr);
if (errstr)
goto fail;
*np = c;
multiplier = 1;
switch (*endp++) {
switch (c) {
case '\0':
endp--;
np--; /* back up */
break;
case 's':
case 'S':
@ -578,20 +589,23 @@ convtime(const char *s)
multiplier = WEEKS;
break;
default:
return -1;
goto fail;
}
if (secs > INT_MAX / multiplier)
return -1;
goto fail;
secs *= multiplier;
if (total > INT_MAX - secs)
return -1;
goto fail;
total += secs;
if (total < 0)
return -1;
p = endp;
goto fail;
p = ++np;
}
free(os);
return total;
fail:
free(os);
return -1;
}
#define TF_BUFS 8
@ -1776,9 +1790,9 @@ static const struct {
int
parse_ipqos(const char *cp)
{
const char *errstr;
u_int i;
char *ep;
long val;
int val;
if (cp == NULL)
return -1;
@ -1787,8 +1801,8 @@ parse_ipqos(const char *cp)
return ipqos[i].value;
}
/* Try parsing as an integer */
val = strtol(cp, &ep, 0);
if (*cp == '\0' || *ep != '\0' || val < 0 || val > 255)
val = (int)strtonum(cp, 0, 255, &errstr);
if (errstr)
return -1;
return val;
}
@ -2307,13 +2321,10 @@ const char *
atoi_err(const char *nptr, int *val)
{
const char *errstr = NULL;
long long num;
if (nptr == NULL || *nptr == '\0')
return "missing";
num = strtonum(nptr, 0, INT_MAX, &errstr);
if (errstr == NULL)
*val = (int)num;
*val = strtonum(nptr, 0, INT_MAX, &errstr);
return errstr;
}

27
usr.bin/ssh/ssh-pkcs11.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-pkcs11.c,v 1.59 2023/07/27 22:26:49 djm Exp $ */
/* $OpenBSD: ssh-pkcs11.c,v 1.62 2024/04/02 12:22:38 deraadt Exp $ */
/*
* Copyright (c) 2010 Markus Friedl. All rights reserved.
* Copyright (c) 2014 Pedro Martelletto. All rights reserved.
@ -1360,11 +1360,23 @@ pkcs11_rsa_generate_private_key(struct pkcs11_provider *p, CK_ULONG slotidx,
return pkcs11_fetch_rsa_pubkey(p, slotidx, &pubKey);
}
static int
h2i(char c)
{
if (c >= '0' && c <= '9')
return c - '0';
else if (c >= 'a' && c <= 'f')
return c - 'a' + 10;
else if (c >= 'A' && c <= 'F')
return c - 'A' + 10;
else
return -1;
}
static int
pkcs11_decode_hex(const char *hex, unsigned char **dest, size_t *rlen)
{
size_t i, len;
char ptr[3];
if (dest)
*dest = NULL;
@ -1377,13 +1389,14 @@ pkcs11_decode_hex(const char *hex, unsigned char **dest, size_t *rlen)
*dest = xmalloc(len);
ptr[2] = '\0';
for (i = 0; i < len; i++) {
ptr[0] = hex[2 * i];
ptr[1] = hex[(2 * i) + 1];
if (!isxdigit(ptr[0]) || !isxdigit(ptr[1]))
int hi, low;
hi = h2i(hex[2 * i]);
lo = h2i(hex[(2 * i) + 1]);
if (hi == -1 || lo == -1)
return -1;
(*dest)[i] = (unsigned char)strtoul(ptr, NULL, 16);
(*dest)[i] = (hi << 4) | lo;
}
if (rlen)

4
usr.sbin/btrace/ksyms.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ksyms.c,v 1.9 2024/03/16 17:42:37 cheloha Exp $ */
/* $OpenBSD: ksyms.c,v 1.10 2024/04/01 22:49:04 jsg Exp $ */
/*
* Copyright (c) 2016 Martin Pieuchot <mpi@openbsd.org>
@ -51,7 +51,7 @@ kelf_open(const char *path)
char *name;
Elf *elf;
Elf_Data *data = NULL;
Elf_Scn *scn = NULL, *symtab;
Elf_Scn *scn = NULL, *symtab = NULL;
GElf_Sym sym;
GElf_Shdr shdr;
size_t i, shstrndx, strtabndx = SIZE_MAX, symtab_size;