SecBSD/src
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync with OpenBSD -current

Browse source
This commit is contained in:
purplerain 2024-01-10 07:22:32 +00:00
parent 77cffac7ea
commit 46994dfb53
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
76 changed files with 1061 additions and 927 deletions
Download patch file Download diff file Expand all files Collapse all files

5
lib/libc/thread/rthread_cond.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: rthread_cond.c,v 1.5 2019/01/29 17:40:26 mpi Exp $ */
/* $OpenBSD: rthread_cond.c,v 1.6 2024/01/10 04:28:43 cheloha Exp $ */
/*
* Copyright (c) 2017 Martin Pieuchot <mpi@openbsd.org>
* Copyright (c) 2012 Philip Guenther <guenther@openbsd.org>
@ -142,8 +142,7 @@ pthread_cond_timedwait(pthread_cond_t *condp, pthread_mutex_t *mutexp,
}
cond = *condp;
if (abs == NULL || abs->tv_sec < 0 || abs->tv_nsec < 0 ||
abs->tv_nsec >= 1000000000)
if (abs == NULL || abs->tv_nsec < 0 || abs->tv_nsec >= 1000000000)
return (EINVAL);
return (_rthread_cond_timedwait(cond, mutexp, abs));

4
lib/libc/thread/rthread_sync.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: rthread_sync.c,v 1.5 2018/04/24 16:28:42 pirofti Exp $ */
/* $OpenBSD: rthread_sync.c,v 1.6 2024/01/10 04:28:43 cheloha Exp $ */
/*
* Copyright (c) 2004,2005 Ted Unangst <tedu@openbsd.org>
* Copyright (c) 2012 Philip Guenther <guenther@openbsd.org>
@ -317,7 +317,7 @@ pthread_cond_timedwait(pthread_cond_t *condp, pthread_mutex_t *mutexp,
abort();
}
if (abstime == NULL || abstime->tv_sec < 0 || abstime->tv_nsec < 0 ||
if (abstime == NULL || abstime->tv_nsec < 0 ||
abstime->tv_nsec >= 1000000000)
return (EINVAL);

14
lib/libc/thread/synch.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: synch.h,v 1.8 2023/11/08 15:51:28 cheloha Exp $ */
/* $OpenBSD: synch.h,v 1.9 2024/01/07 19:44:28 cheloha Exp $ */
/*
* Copyright (c) 2017 Martin Pieuchot
*
@ -28,7 +28,7 @@ _wake(volatile uint32_t *p, int n)
static inline int
_twait(volatile uint32_t *p, int val, clockid_t clockid, const struct timespec *abs)
{
struct timespec rel;
struct timespec now, rel;
int saved_errno = errno;
int error;
@ -41,16 +41,12 @@ _twait(volatile uint32_t *p, int val, clockid_t clockid, const struct timespec *
return error;
}
if (!timespecisvalid(abs) || WRAP(clock_gettime)(clockid, &rel))
if (!timespecisvalid(abs) || WRAP(clock_gettime)(clockid, &now))
return EINVAL;
rel.tv_sec = abs->tv_sec - rel.tv_sec;
if ((rel.tv_nsec = abs->tv_nsec - rel.tv_nsec) < 0) {
rel.tv_sec--;
rel.tv_nsec += 1000000000;
}
if (rel.tv_sec < 0)
if (timespeccmp(abs, &now, <=))
return ETIMEDOUT;
timespecsub(abs, &now, &rel);
error = futex(p, FUTEX_WAIT_PRIVATE, val, &rel, NULL);
if (error == -1) {

3
lib/libcrypto/crypto_init.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: crypto_init.c,v 1.14 2024/01/06 17:43:39 tb Exp $ */
/* $OpenBSD: crypto_init.c,v 1.15 2024/01/07 19:59:32 tb Exp $ */
/*
* Copyright (c) 2018 Bob Beck <beck@openbsd.org>
*
@ -84,7 +84,6 @@ OPENSSL_cleanup(void)
EVP_cleanup();
X509V3_EXT_cleanup();
X509_TRUST_cleanup();
X509_VERIFY_PARAM_table_cleanup();
x509_issuer_cache_free();

6
lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.19 2023/07/07 19:37:53 beck Exp $ */
/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.20 2024/01/08 09:31:09 tb Exp $ */
/* ====================================================================
* Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved.
*
@ -541,7 +541,7 @@ aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
}
}
static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = {
static const EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = {
#ifdef NID_aes_128_cbc_hmac_sha1
.nid = NID_aes_128_cbc_hmac_sha1,
#else
@ -558,7 +558,7 @@ static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = {
.ctrl = aesni_cbc_hmac_sha1_ctrl
};
static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = {
static const EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = {
#ifdef NID_aes_256_cbc_hmac_sha1
.nid = NID_aes_256_cbc_hmac_sha1,
#else

24
lib/libcrypto/evp/e_null.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: e_null.c,v 1.19 2024/01/04 17:38:36 tb Exp $ */
/* $OpenBSD: e_null.c,v 1.20 2024/01/07 15:42:57 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -70,16 +70,18 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl);
static const EVP_CIPHER n_cipher = {
NID_undef,
1, 0, 0,
0,
null_init_key,
null_cipher,
NULL,
0,
NULL,
NULL,
NULL,
.nid = NID_undef,
.block_size = 1,
.key_len = 0,
.iv_len = 0,
.flags = 0,
.init = null_init_key,
.do_cipher = null_cipher,
.cleanup = NULL,
.ctx_size = 0,
.set_asn1_parameters = NULL,
.get_asn1_parameters = NULL,
.ctrl = NULL,
};
const EVP_CIPHER *

46
lib/libcrypto/evp/e_rc2.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: e_rc2.c,v 1.26 2024/01/04 17:38:36 tb Exp $ */
/* $OpenBSD: e_rc2.c,v 1.27 2024/01/07 15:42:57 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -248,29 +248,33 @@ EVP_rc2_ecb(void)
#define RC2_128_MAGIC 0x3a
static const EVP_CIPHER r2_64_cbc_cipher = {
NID_rc2_64_cbc,
8, 8 /* 64 bit */, 8,
EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
rc2_init_key,
rc2_cbc_cipher,
NULL,
sizeof(EVP_RC2_KEY),
rc2_set_asn1_type_and_iv,
rc2_get_asn1_type_and_iv,
rc2_ctrl,
.nid = NID_rc2_64_cbc,
.block_size = 8,
.key_len = 8,
.iv_len = 8,
.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
.init = rc2_init_key,
.do_cipher = rc2_cbc_cipher,
.cleanup = NULL,
.ctx_size = sizeof(EVP_RC2_KEY),
.set_asn1_parameters = rc2_set_asn1_type_and_iv,
.get_asn1_parameters = rc2_get_asn1_type_and_iv,
.ctrl = rc2_ctrl,
};
static const EVP_CIPHER r2_40_cbc_cipher = {
NID_rc2_40_cbc,
8, 5 /* 40 bit */, 8,
EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
rc2_init_key,
rc2_cbc_cipher,
NULL,
sizeof(EVP_RC2_KEY),
rc2_set_asn1_type_and_iv,
rc2_get_asn1_type_and_iv,
rc2_ctrl,
.nid = NID_rc2_40_cbc,
.block_size = 8,
.key_len = 5,
.iv_len = 8,
.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
.init = rc2_init_key,
.do_cipher = rc2_cbc_cipher,
.cleanup = NULL,
.ctx_size = sizeof(EVP_RC2_KEY),
.set_asn1_parameters = rc2_set_asn1_type_and_iv,
.get_asn1_parameters = rc2_get_asn1_type_and_iv,
.ctrl = rc2_ctrl,
};
const EVP_CIPHER *

46
lib/libcrypto/evp/e_rc4.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: e_rc4.c,v 1.18 2024/01/04 17:38:36 tb Exp $ */
/* $OpenBSD: e_rc4.c,v 1.19 2024/01/07 15:42:57 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -83,29 +83,33 @@ static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl);
static const EVP_CIPHER r4_cipher = {
NID_rc4,
1, EVP_RC4_KEY_SIZE, 0,
EVP_CIPH_VARIABLE_LENGTH,
rc4_init_key,
rc4_cipher,
NULL,
sizeof(EVP_RC4_KEY),
NULL,
NULL,
NULL,
.nid = NID_rc4,
.block_size = 1,
.key_len = EVP_RC4_KEY_SIZE,
.iv_len = 0,
.flags = EVP_CIPH_VARIABLE_LENGTH,
.init = rc4_init_key,
.do_cipher = rc4_cipher,
.cleanup = NULL,
.ctx_size = sizeof(EVP_RC4_KEY),
.set_asn1_parameters = NULL,
.get_asn1_parameters = NULL,
.ctrl = NULL,
};
static const EVP_CIPHER r4_40_cipher = {
NID_rc4_40,
1, 5 /* 40 bit */, 0,
EVP_CIPH_VARIABLE_LENGTH,
rc4_init_key,
rc4_cipher,
NULL,
sizeof(EVP_RC4_KEY),
NULL,
NULL,
NULL,
.nid = NID_rc4_40,
.block_size = 1,
.key_len = 5,
.iv_len = 0,
.flags = EVP_CIPH_VARIABLE_LENGTH,
.init = rc4_init_key,
.do_cipher = rc4_cipher,
.cleanup = NULL,
.ctx_size = sizeof(EVP_RC4_KEY),
.set_asn1_parameters = NULL,
.get_asn1_parameters = NULL,
.ctrl = NULL,
};
const EVP_CIPHER *

28
lib/libcrypto/evp/e_rc4_hmac_md5.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: e_rc4_hmac_md5.c,v 1.13 2024/01/04 17:38:36 tb Exp $ */
/* $OpenBSD: e_rc4_hmac_md5.c,v 1.15 2024/01/07 16:18:18 tb Exp $ */
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
@ -281,21 +281,23 @@ rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
}
}
static EVP_CIPHER r4_hmac_md5_cipher = {
static const EVP_CIPHER r4_hmac_md5_cipher = {
#ifdef NID_rc4_hmac_md5
NID_rc4_hmac_md5,
.nid = NID_rc4_hmac_md5,
#else
NID_undef,
.nid = NID_undef,
#endif
1, EVP_RC4_KEY_SIZE, 0,
EVP_CIPH_STREAM_CIPHER|EVP_CIPH_VARIABLE_LENGTH|EVP_CIPH_FLAG_AEAD_CIPHER,
rc4_hmac_md5_init_key,
rc4_hmac_md5_cipher,
NULL,
sizeof(EVP_RC4_HMAC_MD5),
NULL,
NULL,
rc4_hmac_md5_ctrl,
.block_size = 1,
.key_len = EVP_RC4_KEY_SIZE,
.iv_len = 0,
.flags = EVP_CIPH_STREAM_CIPHER|EVP_CIPH_VARIABLE_LENGTH|EVP_CIPH_FLAG_AEAD_CIPHER,
.init = rc4_hmac_md5_init_key,
.do_cipher = rc4_hmac_md5_cipher,
.cleanup = NULL,
.ctx_size = sizeof(EVP_RC4_HMAC_MD5),
.set_asn1_parameters = NULL,
.get_asn1_parameters = NULL,
.ctrl = rc4_hmac_md5_ctrl,
};
const EVP_CIPHER *

24
lib/libcrypto/evp/e_xcbc_d.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: e_xcbc_d.c,v 1.16 2024/01/04 17:38:36 tb Exp $ */
/* $OpenBSD: e_xcbc_d.c,v 1.17 2024/01/07 15:42:57 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -84,16 +84,18 @@ typedef struct {
#define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data)
static const EVP_CIPHER d_xcbc_cipher = {
NID_desx_cbc,
8, 24, 8,
EVP_CIPH_CBC_MODE,
desx_cbc_init_key,
desx_cbc_cipher,
NULL,
sizeof(DESX_CBC_KEY),
EVP_CIPHER_set_asn1_iv,
EVP_CIPHER_get_asn1_iv,
NULL,
.nid = NID_desx_cbc,
.block_size = 8,
.key_len = 24,
.iv_len = 8,
.flags = EVP_CIPH_CBC_MODE,
.init = desx_cbc_init_key,
.do_cipher = desx_cbc_cipher,
.cleanup = NULL,
.ctx_size = sizeof(DESX_CBC_KEY),
.set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
.get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
.ctrl = NULL,
};
const EVP_CIPHER *

51
lib/libcrypto/evp/evp_cipher.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: evp_cipher.c,v 1.15 2024/01/04 09:47:54 tb Exp $ */
/* $OpenBSD: evp_cipher.c,v 1.16 2024/01/07 15:21:04 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -902,22 +902,23 @@ EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
int
EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
{
int i = 0;
int l;
int iv_len;
if (type != NULL) {
l = EVP_CIPHER_CTX_iv_length(ctx);
if (l < 0 || l > sizeof(ctx->oiv) || l > sizeof(ctx->iv)) {
EVPerror(EVP_R_IV_TOO_LARGE);
return 0;
}
i = ASN1_TYPE_get_octetstring(type, ctx->oiv, l);
if (i != l)
return (-1);
else if (i > 0)
memcpy(ctx->iv, ctx->oiv, l);
if (type == NULL)
return 0;
iv_len = EVP_CIPHER_CTX_iv_length(ctx);
if (iv_len < 0 || iv_len > sizeof(ctx->oiv) || iv_len > sizeof(ctx->iv)) {
EVPerror(EVP_R_IV_TOO_LARGE);
return 0; /* XXX */
}
return (i);
if (ASN1_TYPE_get_octetstring(type, ctx->oiv, iv_len) != iv_len)
return -1;
if (iv_len > 0)
memcpy(ctx->iv, ctx->oiv, iv_len);
return iv_len;
}
int
@ -935,18 +936,18 @@ EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
int
EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
{
int i = 0;
int j;
int iv_len;
if (type != NULL) {
j = EVP_CIPHER_CTX_iv_length(ctx);
if (j < 0 || j > sizeof(ctx->oiv)) {
EVPerror(EVP_R_IV_TOO_LARGE);
return 0;
}
i = ASN1_TYPE_set_octetstring(type, ctx->oiv, j);
if (type == NULL)
return 0;
iv_len = EVP_CIPHER_CTX_iv_length(ctx);
if (iv_len < 0 || iv_len > sizeof(ctx->oiv)) {
EVPerror(EVP_R_IV_TOO_LARGE);
return 0;
}
return (i);
return ASN1_TYPE_set_octetstring(type, ctx->oiv, iv_len);
}
int

7
lib/libcrypto/x509/x509_purp.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: x509_purp.c,v 1.34 2024/01/06 17:17:08 tb Exp $ */
/* $OpenBSD: x509_purp.c,v 1.35 2024/01/07 16:22:46 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
@ -232,7 +232,10 @@ LCRYPTO_ALIAS(X509_PURPOSE_get_by_sname);
int
X509_PURPOSE_get_by_id(int purpose)
{
/* X509_PURPOSE_MIN == 1, so the bounds are correct. */
/*
* Ensure the purpose identifier is between MIN and MAX inclusive.
* If so, translate it to an index into the xstandard[] table.
*/
if (purpose < X509_PURPOSE_MIN || purpose > X509_PURPOSE_MAX)
return -1;

115
lib/libcrypto/x509/x509_trs.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: x509_trs.c,v 1.32 2023/07/02 17:12:17 tb Exp $ */
/* $OpenBSD: x509_trs.c,v 1.35 2024/01/08 03:32:01 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -64,9 +64,6 @@
#include "x509_local.h"
static int tr_cmp(const X509_TRUST * const *a, const X509_TRUST * const *b);
static void trtable_free(X509_TRUST *p);
static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
@ -131,14 +128,6 @@ static X509_TRUST trstandard[] = {
#define X509_TRUST_COUNT (sizeof(trstandard) / sizeof(trstandard[0]))
static STACK_OF(X509_TRUST) *trtable = NULL;
static int
tr_cmp(const X509_TRUST * const *a, const X509_TRUST * const *b)
{
return (*a)->trust - (*b)->trust;
}
int
(*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
{
@ -185,38 +174,31 @@ LCRYPTO_ALIAS(X509_check_trust);
int
X509_TRUST_get_count(void)
{
if (!trtable)
return X509_TRUST_COUNT;
return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
return X509_TRUST_COUNT;
}
LCRYPTO_ALIAS(X509_TRUST_get_count);
X509_TRUST *
X509_TRUST_get0(int idx)
{
if (idx < 0)
if (idx < 0 || (size_t)idx >= X509_TRUST_COUNT)
return NULL;
if (idx < (int)X509_TRUST_COUNT)
return trstandard + idx;
return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
return &trstandard[idx];
}
LCRYPTO_ALIAS(X509_TRUST_get0);
int
X509_TRUST_get_by_id(int id)
{
X509_TRUST tmp;
int idx;
/*
* Ensure the trust identifier is between MIN and MAX inclusive.
* If so, translate it into an index into the trstandard[] table.
*/
if (id < X509_TRUST_MIN || id > X509_TRUST_MAX)
return -1;
if ((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
return id - X509_TRUST_MIN;
tmp.trust = id;
if (!trtable)
return -1;
idx = sk_X509_TRUST_find(trtable, &tmp);
if (idx == -1)
return -1;
return idx + X509_TRUST_COUNT;
return id - X509_TRUST_MIN;
}
LCRYPTO_ALIAS(X509_TRUST_get_by_id);
@ -236,85 +218,14 @@ int
X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
const char *name, int arg1, void *arg2)
{
int idx;
X509_TRUST *trtmp;
char *name_dup;
/* This is set according to what we change: application can't set it */
flags &= ~X509_TRUST_DYNAMIC;
/* This will always be set for application modified trust entries */
flags |= X509_TRUST_DYNAMIC_NAME;
/* Get existing entry if any */
idx = X509_TRUST_get_by_id(id);
/* Need a new entry */
if (idx == -1) {
if (!(trtmp = malloc(sizeof(X509_TRUST)))) {
X509error(ERR_R_MALLOC_FAILURE);
return 0;
}
trtmp->flags = X509_TRUST_DYNAMIC;
} else {
trtmp = X509_TRUST_get0(idx);
if (trtmp == NULL) {
X509error(X509_R_INVALID_TRUST);
return 0;
}
}
if ((name_dup = strdup(name)) == NULL)
goto err;
/* free existing name if dynamic */
if (trtmp->flags & X509_TRUST_DYNAMIC_NAME)
free(trtmp->name);
/* dup supplied name */
trtmp->name = name_dup;
/* Keep the dynamic flag of existing entry */
trtmp->flags &= X509_TRUST_DYNAMIC;
/* Set all other flags */
trtmp->flags |= flags;
trtmp->trust = id;
trtmp->check_trust = ck;
trtmp->arg1 = arg1;
trtmp->arg2 = arg2;
/* If it's a new entry, manage the dynamic table */
if (idx == -1) {
if (trtable == NULL &&
(trtable = sk_X509_TRUST_new(tr_cmp)) == NULL)
goto err;
if (sk_X509_TRUST_push(trtable, trtmp) == 0)
goto err;
}
return 1;
err:
free(name_dup);
if (idx == -1)
free(trtmp);
X509error(ERR_R_MALLOC_FAILURE);
X509error(ERR_R_DISABLED);
return 0;
}
LCRYPTO_ALIAS(X509_TRUST_add);
static void
trtable_free(X509_TRUST *p)
{
if (!p)
return;
if (p->flags & X509_TRUST_DYNAMIC) {
if (p->flags & X509_TRUST_DYNAMIC_NAME)
free(p->name);
free(p);
}
}
void
X509_TRUST_cleanup(void)
{
sk_X509_TRUST_pop_free(trtable, trtable_free);
trtable = NULL;
}
LCRYPTO_ALIAS(X509_TRUST_cleanup);

60
lib/libcrypto/x509/x509_vfy.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: x509_vfy.c,v 1.135 2023/12/23 00:52:13 tb Exp $ */
/* $OpenBSD: x509_vfy.c,v 1.138 2024/01/09 07:25:57 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -2163,7 +2163,8 @@ X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
}
LCRYPTO_ALIAS(X509_STORE_CTX_set0_crls);
/* This function is used to set the X509_STORE_CTX purpose and trust
/*
* This function is used to set the X509_STORE_CTX purpose and trust
* values. This is intended to be used when another structure has its
* own trust and purpose values which (if set) will be inherited by
* the ctx. If they aren't set then we will usually have a default
@ -2172,64 +2173,63 @@ LCRYPTO_ALIAS(X509_STORE_CTX_set0_crls);
* purpose and trust settings which the application can set: if they
* aren't set then we use the default of SSL client/server.
*/
int
X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
int purpose, int trust)
{
int idx;
X509error(ERR_R_DISABLED);
return 0;
}
LCRYPTO_ALIAS(X509_STORE_CTX_purpose_inherit);
/* If purpose not set use default */
if (!purpose)
purpose = def_purpose;
static int
x509_vfy_purpose_inherit(X509_STORE_CTX *ctx, int purpose, int trust)
{
/* If we have a purpose then check it is valid */
if (purpose) {
X509_PURPOSE *ptmp;
idx = X509_PURPOSE_get_by_id(purpose);
if (idx == -1) {
if (purpose != 0) {
const X509_PURPOSE *purp;
int purpose_idx;
if (purpose < X509_PURPOSE_MIN || purpose > X509_PURPOSE_MAX) {
X509error(X509_R_UNKNOWN_PURPOSE_ID);
return 0;
}
ptmp = X509_PURPOSE_get0(idx);
if (ptmp->trust == X509_TRUST_DEFAULT) {
idx = X509_PURPOSE_get_by_id(def_purpose);
if (idx == -1) {
X509error(X509_R_UNKNOWN_PURPOSE_ID);
return 0;
}
ptmp = X509_PURPOSE_get0(idx);
purpose_idx = purpose - X509_PURPOSE_MIN;
if ((purp = X509_PURPOSE_get0(purpose_idx)) == NULL) {
X509error(X509_R_UNKNOWN_PURPOSE_ID);
return 0;
}
/* If trust not set then get from purpose default */
if (!trust)
trust = ptmp->trust;
/* If trust is unset, use the purpose's trust. */
if (trust == 0)
trust = purp->trust;
}
if (trust) {
idx = X509_TRUST_get_by_id(trust);
if (idx == -1) {
if (trust != 0) {
if (trust < X509_TRUST_MIN || trust > X509_TRUST_MAX) {
X509error(X509_R_UNKNOWN_TRUST_ID);
return 0;
}
}
if (purpose && !ctx->param->purpose)
if (purpose != 0 && ctx->param->purpose == 0)
ctx->param->purpose = purpose;
if (trust && !ctx->param->trust)
if (trust != 0 && ctx->param->trust == 0)
ctx->param->trust = trust;
return 1;
}
LCRYPTO_ALIAS(X509_STORE_CTX_purpose_inherit);
int
X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
{
return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
return x509_vfy_purpose_inherit(ctx, purpose, 0);
}
LCRYPTO_ALIAS(X509_STORE_CTX_set_purpose);
int
X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
{
return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
return x509_vfy_purpose_inherit(ctx, 0, trust);
}
LCRYPTO_ALIAS(X509_STORE_CTX_set_trust);

19
lib/libcrypto/x509/x509_vpm.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: x509_vpm.c,v 1.41 2023/12/14 12:02:10 tb Exp $ */
/* $OpenBSD: x509_vpm.c,v 1.42 2024/01/08 09:51:09 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2004.
*/
@ -61,6 +61,7 @@
#include <openssl/buffer.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/lhash.h>
#include <openssl/stack.h>
#include <openssl/x509.h>
@ -408,14 +409,26 @@ LCRYPTO_ALIAS(X509_VERIFY_PARAM_get_flags);
int
X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)
{
return X509_PURPOSE_set(&param->purpose, purpose);
if (purpose < X509_PURPOSE_MIN || purpose > X509_PURPOSE_MAX) {
X509V3error(X509V3_R_INVALID_PURPOSE);
return 0;
}
param->purpose = purpose;
return 1;
}
LCRYPTO_ALIAS(X509_VERIFY_PARAM_set_purpose);
int
X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust)
{
return X509_TRUST_set(&param->trust, trust);
if (trust < X509_TRUST_MIN || trust > X509_TRUST_MAX) {
X509error(X509_R_INVALID_TRUST);
return 0;
}
param->trust = trust;
return 1;
}
LCRYPTO_ALIAS(X509_VERIFY_PARAM_set_trust);

14
lib/librthread/synch.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: synch.h,v 1.9 2023/11/08 15:51:28 cheloha Exp $ */
/* $OpenBSD: synch.h,v 1.10 2024/01/07 19:44:28 cheloha Exp $ */
/*
* Copyright (c) 2017 Martin Pieuchot
*
@ -28,7 +28,7 @@ _wake(volatile uint32_t *p, int n)
static inline int
_twait(volatile uint32_t *p, int val, clockid_t clockid, const struct timespec *abs)
{
struct timespec rel;
struct timespec now, rel;
int saved_errno = errno;
int error;
@ -41,16 +41,12 @@ _twait(volatile uint32_t *p, int val, clockid_t clockid, const struct timespec *
return error;
}
if (!timespecisvalid(abs) || clock_gettime(clockid, &rel))
if (!timespecisvalid(abs) || clock_gettime(clockid, &now))
return EINVAL;
rel.tv_sec = abs->tv_sec - rel.tv_sec;
if ((rel.tv_nsec = abs->tv_nsec - rel.tv_nsec) < 0) {
rel.tv_sec--;
rel.tv_nsec += 1000000000;
}
if (rel.tv_sec < 0)
if (timespeccmp(abs, &now, <=))
return ETIMEDOUT;
timespecsub(abs, &now, &rel);
error = futex(p, FUTEX_WAIT, val, &rel, NULL);
if (error == -1) {

70
regress/usr.bin/ssh/channel-timeout.sh
View file

@ -1,10 +1,33 @@
# $OpenBSD: channel-timeout.sh,v 1.1 2023/01/06 08:07:39 djm Exp $
# $OpenBSD: channel-timeout.sh,v 1.2 2024/01/09 22:19:36 djm Exp $
# Placed in the Public Domain.
tid="channel timeout"
# XXX not comprehensive. Still need -R -L agent X11 forwarding + interactive
rm -f $OBJ/finished.* $OBJ/mux.*
MUXPATH=$OBJ/mux.$$
open_mux() {
${SSH} -nNfM -oControlPath=$MUXPATH -F $OBJ/ssh_proxy "$@" somehost ||
fatal "open mux failed"
test -e $MUXPATH || fatal "mux socket $MUXPATH not established"
}
close_mux() {
test -e $MUXPATH || fatal "mux socket $MUXPATH missing"
${SSH} -qF $OBJ/ssh_proxy -oControlPath=$MUXPATH -O exit somehost ||
fatal "could not terminate mux process"
for x in 1 2 3 4 5 6 7 8 9 10 ; do
test -e $OBJ/mux && break
sleep 1
done
test -e $MUXPATH && fatal "mux did not clean up"
}
mux_client() {
${SSH} -F $OBJ/ssh_proxy -oControlPath=$MUXPATH somehost "$@"
}
rm -f $OBJ/sshd_proxy.orig
cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig
@ -24,6 +47,15 @@ if [ $r -ne 255 ]; then
fail "ssh returned unexpected error code $r"
fi
verbose "command long timeout"
(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:command=60") \
> $OBJ/sshd_proxy
${SSH} -F $OBJ/ssh_proxy somehost "exit 23"
r=$?
if [ $r -ne 23 ]; then
fail "ssh returned unexpected error code $r"
fi
verbose "command wildcard timeout"
(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:*=1") \
> $OBJ/sshd_proxy
@ -42,6 +74,41 @@ if [ $r -ne 23 ]; then
fail "ssh failed"
fi
verbose "multiplexed command timeout"
(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:command=1") \
> $OBJ/sshd_proxy
open_mux
mux_client "sleep 5 ; exit 23"
r=$?
if [ $r -ne 255 ]; then
fail "ssh returned unexpected error code $r"
fi
close_mux
verbose "irrelevant multiplexed command timeout"
(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:shell=1") \
> $OBJ/sshd_proxy
open_mux
mux_client "sleep 5 ; exit 23"
r=$?
if [ $r -ne 23 ]; then
fail "ssh returned unexpected error code $r"
fi
close_mux
verbose "global command timeout"
(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout global=10") \
> $OBJ/sshd_proxy
open_mux
mux_client "sleep 1 ; echo ok ; sleep 1; echo ok; sleep 60; touch $OBJ/finished.1" >/dev/null &
mux_client "sleep 60 ; touch $OBJ/finished.2" >/dev/null &
mux_client "sleep 2 ; touch $OBJ/finished.3" >/dev/null &
wait
test -f $OBJ/finished.1 && fail "first mux process completed"
test -f $OBJ/finished.2 && fail "second mux process completed"
test -f $OBJ/finished.3 || fail "third mux process did not complete"
close_mux
# Set up a "slow sftp server" that sleeps before executing the real one.
cat > $OBJ/slow-sftp-server.sh << _EOF
#!/bin/sh
@ -88,4 +155,3 @@ if [ $r -ne 0 ]; then
fail "sftp failed"
fi
cmp $DATA $COPY || fail "corrupted copy"

4
regress/usr.sbin/rpki-client/Makefile.inc
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile.inc,v 1.35 2023/10/13 12:12:05 tb Exp $
# $OpenBSD: Makefile.inc,v 1.36 2024/01/08 08:26:38 tb Exp $
.PATH: ${.CURDIR}/../../../../usr.sbin/rpki-client
@ -92,7 +92,7 @@ run-regress-test-tak: test-tak
SRCS_test-rrdp+= test-rrdp.c rrdp_delta.c rrdp_notification.c cms.c \
rrdp_snapshot.c rrdp_util.c cert.c as.c mft.c io.c \
encoding.c ip.c validate.c crl.c x509.c \
constraints-dummy.c rfc3779.c
constraints-dummy.c rfc3779.c print.c json.c
LDADD_test-rrdp+= -lexpat ${LDADD}
DPADD_test-rrdp+= ${LIBEXPAT} ${DPADD}
run-regress-test-rrdp: test-rrdp

5
regress/usr.sbin/rpki-client/test-rrdp.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: test-rrdp.c,v 1.8 2023/06/24 07:07:36 claudio Exp $ */
/* $OpenBSD: test-rrdp.c,v 1.9 2024/01/08 08:26:38 tb Exp $ */
/*
* Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com>
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
@ -35,8 +35,9 @@
#include "extern.h"
#include "rrdp.h"
int verbose;
int filemode;
int outformats;
int verbose;
#define REGRESS_NOTIFY_URI "https://rpki.example.com/notify.xml"

4
sbin/dump/main.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: main.c,v 1.64 2023/12/18 13:23:52 otto Exp $ */
/* $OpenBSD: main.c,v 1.65 2024/01/09 03:16:00 guenther Exp $ */
/* $NetBSD: main.c,v 1.14 1997/06/05 11:13:24 lukem Exp $ */
/*-
@ -455,11 +455,9 @@ main(int argc, char *argv[])
tp_bshift = ffs(TP_BSIZE) - 1;
if (TP_BSIZE != (1 << tp_bshift))
quit("TP_BSIZE (%d) is not a power of 2\n", TP_BSIZE);
#ifdef FS_44INODEFMT
if (sblock->fs_magic == FS_UFS2_MAGIC ||
sblock->fs_inodefmt >= FS_44INODEFMT)
spcl.c_flags |= DR_NEWINODEFMT;
#endif
maxino = (ino_t)sblock->fs_ipg * sblock->fs_ncg;
mapsize = roundup(howmany(maxino, NBBY), TP_BSIZE);
usedinomap = calloc((unsigned) mapsize, sizeof(char));

10
sbin/dump/traverse.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: traverse.c,v 1.40 2023/02/08 08:25:44 tb Exp $ */
/* $OpenBSD: traverse.c,v 1.41 2024/01/09 03:16:00 guenther Exp $ */
/* $NetBSD: traverse.c,v 1.17 1997/06/05 11:13:27 lukem Exp $ */
/*-
@ -547,13 +547,7 @@ dumpino(union dinode *dp, ino_t ino)
* Check for short symbolic link.
*/
if (DIP(dp, di_size) > 0 &&
#ifdef FS_44INODEFMT
(DIP(dp, di_size) < sblock->fs_maxsymlinklen ||
(sblock->fs_maxsymlinklen == 0 &&
DIP(dp, di_blocks) == 0))) {
#else
DIP(dp, di_blocks) == 0) {
#endif
DIP(dp, di_size) < sblock->fs_maxsymlinklen) {
void *shortlink;
spcl.c_addr[0] = 1;

12
sbin/fsck_ffs/dir.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: dir.c,v 1.33 2023/02/08 08:25:44 tb Exp $ */
/* $OpenBSD: dir.c,v 1.34 2024/01/09 03:16:00 guenther Exp $ */
/* $NetBSD: dir.c,v 1.20 1996/09/27 22:45:11 christos Exp $ */
/*
@ -52,10 +52,6 @@ struct dirtemplate dirhead = {
0, 12, DT_DIR, 1, ".",
0, DIRBLKSIZ - 12, DT_DIR, 2, ".."
};
struct odirtemplate odirhead = {
0, 12, 1, ".",
0, DIRBLKSIZ - 12, 2, ".."
};
static int expanddir(union dinode *, char *);
static void freedir(ino_t, ino_t);
@ -210,7 +206,7 @@ dircheck(struct inodesc *idesc, struct direct *dp)
return (0);
if (dp->d_ino == 0)
return (1);
size = DIRSIZ(0, dp);
size = DIRSIZ(dp);
namlen = dp->d_namlen;
type = dp->d_type;
if (dp->d_reclen < size ||
@ -292,9 +288,9 @@ mkentry(struct inodesc *idesc)
int newlen, oldlen;
newent.d_namlen = strlen(idesc->id_name);
newlen = DIRSIZ(0, &newent);
newlen = DIRSIZ(&newent);
if (dirp->d_ino != 0)
oldlen = DIRSIZ(0, dirp);
oldlen = DIRSIZ(dirp);
else
oldlen = 0;
if (dirp->d_reclen - oldlen < newlen)

5
sbin/fsck_ffs/inode.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: inode.c,v 1.50 2020/07/13 06:52:53 otto Exp $ */
/* $OpenBSD: inode.c,v 1.51 2024/01/09 03:16:00 guenther Exp $ */
/* $NetBSD: inode.c,v 1.23 1996/10/11 20:15:47 thorpej Exp $ */
/*
@ -71,8 +71,7 @@ ckinode(union dinode *dp, struct inodesc *idesc)
idesc->id_filesize = DIP(dp, di_size);
mode = DIP(dp, di_mode) & IFMT;
if (mode == IFBLK || mode == IFCHR || (mode == IFLNK &&
(DIP(dp, di_size) < sblock.fs_maxsymlinklen ||
(sblock.fs_maxsymlinklen == 0 && DIP(dp, di_blocks) == 0))))
DIP(dp, di_size) < sblock.fs_maxsymlinklen))
return (KEEPON);
if (sblock.fs_magic == FS_UFS1_MAGIC)
dino.dp1 = dp->dp1;

5
sbin/fsck_ffs/pass1.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pass1.c,v 1.47 2020/07/13 06:52:53 otto Exp $ */
/* $OpenBSD: pass1.c,v 1.48 2024/01/09 03:16:00 guenther Exp $ */
/* $NetBSD: pass1.c,v 1.16 1996/09/27 22:45:15 christos Exp $ */
/*
@ -266,8 +266,7 @@ checkinode(ino_t inumber, struct inodesc *idesc)
* Fake ndb value so direct/indirect block checks below
* will detect any garbage after symlink string.
*/
if (DIP(dp, di_size) < sblock.fs_maxsymlinklen ||
(sblock.fs_maxsymlinklen == 0 && DIP(dp, di_blocks) == 0)) {
if (DIP(dp, di_size) < sblock.fs_maxsymlinklen) {
if (sblock.fs_magic == FS_UFS1_MAGIC)
ndb = howmany(DIP(dp, di_size),
sizeof(int32_t));

8
sbin/fsck_ffs/pass2.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pass2.c,v 1.37 2015/01/20 18:22:21 deraadt Exp $ */
/* $OpenBSD: pass2.c,v 1.38 2024/01/09 03:16:00 guenther Exp $ */
/* $NetBSD: pass2.c,v 1.17 1996/09/27 22:45:15 christos Exp $ */
/*
@ -283,7 +283,7 @@ pass2check(struct inodesc *idesc)
proto.d_type = DT_DIR;
proto.d_namlen = 1;
(void)strlcpy(proto.d_name, ".", sizeof proto.d_name);
entrysize = DIRSIZ(0, &proto);
entrysize = DIRSIZ(&proto);
if (dirp->d_ino != 0 && strcmp(dirp->d_name, "..") != 0) {
pfatal("CANNOT FIX, FIRST ENTRY IN DIRECTORY CONTAINS %s\n",
dirp->d_name);
@ -314,9 +314,9 @@ chk1:
proto.d_type = DT_DIR;
proto.d_namlen = 2;
(void)strlcpy(proto.d_name, "..", sizeof proto.d_name);
entrysize = DIRSIZ(0, &proto);
entrysize = DIRSIZ(&proto);
if (idesc->id_entryno == 0) {
n = DIRSIZ(0, dirp);
n = DIRSIZ(dirp);
if (dirp->d_reclen < n + entrysize)
goto chk2;
proto.d_reclen = dirp->d_reclen - n;

4
sbin/fsdb/fsdb.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: fsdb.c,v 1.35 2022/07/22 09:04:44 jsg Exp $ */
/* $OpenBSD: fsdb.c,v 1.36 2024/01/09 03:16:00 guenther Exp $ */
/* $NetBSD: fsdb.c,v 1.7 1997/01/11 06:50:53 lukem Exp $ */
/*-
@ -601,7 +601,7 @@ chnamefunc(struct inodesc *idesc)
if (slotcount++ == desired) {
/* will name fit? */
testdir.d_namlen = strlen(idesc->id_name);
if (DIRSIZ(NEWDIRFMT, &testdir) <= dirp->d_reclen) {
if (DIRSIZ(&testdir) <= dirp->d_reclen) {
dirp->d_namlen = testdir.d_namlen;
strlcpy(dirp->d_name, idesc->id_name, sizeof dirp->d_name);
return STOP|ALTERED|FOUND;

30
sbin/newfs/mkfs.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: mkfs.c,v 1.101 2020/06/20 07:49:04 otto Exp $ */
/* $OpenBSD: mkfs.c,v 1.102 2024/01/09 03:16:00 guenther Exp $ */
/* $NetBSD: mkfs.c,v 1.25 1995/06/18 21:35:38 cgd Exp $ */
/*
@ -279,13 +279,8 @@ mkfs(struct partition *pp, char *fsys, int fi, int fo, mode_t mfsmode,
sblock.fs_sblockloc = SBLOCK_UFS1;
sblock.fs_nindir = sblock.fs_bsize / sizeof(int32_t);
sblock.fs_inopb = sblock.fs_bsize / sizeof(struct ufs1_dinode);
if (Oflag == 0) {
sblock.fs_maxsymlinklen = 0;
sblock.fs_inodefmt = FS_42INODEFMT;
} else {
sblock.fs_maxsymlinklen = MAXSYMLINKLEN_UFS1;
sblock.fs_inodefmt = FS_44INODEFMT;
}
sblock.fs_maxsymlinklen = MAXSYMLINKLEN_UFS1;
sblock.fs_inodefmt = FS_44INODEFMT;
sblock.fs_cgoffset = 0;
sblock.fs_cgmask = 0xffffffff;
sblock.fs_ffs1_size = sblock.fs_size;
@ -778,15 +773,6 @@ struct direct root_dir[] = {
{ ROOTINO, sizeof(struct direct), DT_DIR, 1, "." },
{ ROOTINO, sizeof(struct direct), DT_DIR, 2, ".." },
};
struct odirect {
u_int32_t d_ino;
u_int16_t d_reclen;
u_int16_t d_namlen;
u_char d_name[MAXNAMLEN + 1];
} oroot_dir[] = {
{ ROOTINO, sizeof(struct direct), 1, "." },
{ ROOTINO, sizeof(struct direct), 2, ".." },
};
int
fsinit1(time_t utime, mode_t mfsmode, uid_t mfsuid, gid_t mfsgid)
@ -814,11 +800,7 @@ fsinit1(time_t utime, mode_t mfsmode, uid_t mfsuid, gid_t mfsgid)
node.dp1.di_gid = getegid();
}
node.dp1.di_nlink = PREDEFDIR;
if (Oflag == 0)
node.dp1.di_size = makedir((struct direct *)oroot_dir,
PREDEFDIR);
else
node.dp1.di_size = makedir(root_dir, PREDEFDIR);
node.dp1.di_size = makedir(root_dir, PREDEFDIR);
node.dp1.di_db[0] = alloc(sblock.fs_fsize, node.dp1.di_mode);
if (node.dp1.di_db[0] == 0)
return (1);
@ -919,13 +901,13 @@ makedir(struct direct *protodir, int entries)
spcleft = DIRBLKSIZ;
for (cp = iobuf, i = 0; i < entries - 1; i++) {
protodir[i].d_reclen = DIRSIZ(0, &protodir[i]);
protodir[i].d_reclen = DIRSIZ(&protodir[i]);
memcpy(cp, &protodir[i], protodir[i].d_reclen);
cp += protodir[i].d_reclen;
spcleft -= protodir[i].d_reclen;
}
protodir[i].d_reclen = spcleft;
memcpy(cp, &protodir[i], DIRSIZ(0, &protodir[i]));
memcpy(cp, &protodir[i], DIRSIZ(&protodir[i]));
return (DIRBLKSIZ);
}

9
sbin/newfs/newfs.8
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: newfs.8,v 1.79 2022/11/19 08:02:11 sthen Exp $
.\" $OpenBSD: newfs.8,v 1.80 2024/01/09 03:16:00 guenther Exp $
.\" $NetBSD: newfs.8,v 1.12 1995/03/18 14:58:41 cgd Exp $
.\"
.\" Copyright (c) 1983, 1987, 1991, 1993, 1994
@ -30,7 +30,7 @@
.\"
.\" @(#)newfs.8 8.3 (Berkeley) 3/27/94
.\"
.Dd $Mdocdate: November 19 2022 $
.Dd $Mdocdate: January 9 2024 $
.Dt NEWFS 8
.Os
.Sh NAME
@ -186,11 +186,6 @@ without really creating the file system.
Select the filesystem format:
.Pp
.Bl -tag -width 3n -offset indent -compact
.It 0
.Bx 4.3
format file system.
This option is primarily used to build root file systems that can
be understood by older boot ROMs.
.It 1
Fast File System (FFS), the default for
.Nm mount_mfs .

6
sbin/newfs/newfs.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: newfs.c,v 1.117 2022/12/04 23:50:47 cheloha Exp $ */
/* $OpenBSD: newfs.c,v 1.118 2024/01/09 03:16:00 guenther Exp $ */
/* $NetBSD: newfs.c,v 1.20 1996/05/16 07:13:03 thorpej Exp $ */
/*
@ -121,7 +121,7 @@ u_short dkcksum(struct disklabel *);
int mfs; /* run as the memory based filesystem */
int Nflag; /* run without writing file system */
int Oflag = 2; /* 0 = 4.3BSD ffs, 1 = 4.4BSD ffs, 2 = ffs2 */
int Oflag = 2; /* 1 = 4.4BSD ffs, 2 = ffs2 */
daddr_t fssize; /* file system size in 512-byte blocks */
long long sectorsize; /* bytes/sector */
int fsize = 0; /* fragment size */
@ -211,7 +211,7 @@ main(int argc, char *argv[])
Nflag = 1;
break;
case 'O':
Oflag = strtonum(optarg, 0, 2, &errstr);
Oflag = strtonum(optarg, 1, 2, &errstr);
if (errstr)
fatal("%s: invalid ffs version", optarg);
oflagset = 1;

14
sbin/restore/dirs.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: dirs.c,v 1.42 2019/06/28 13:32:46 deraadt Exp $ */
/* $OpenBSD: dirs.c,v 1.43 2024/01/09 03:16:00 guenther Exp $ */
/* $NetBSD: dirs.c,v 1.26 1997/07/01 05:37:49 lukem Exp $ */
/*
@ -175,7 +175,7 @@ extractdirs(int genmode)
nulldir.d_namlen = 1;
nulldir.d_name[0] = '/';
nulldir.d_name[1] = '\0';
nulldir.d_reclen = DIRSIZ(0, &nulldir);
nulldir.d_reclen = DIRSIZ(&nulldir);
for (;;) {
curfile.name = "<directory file - name unknown>";
curfile.action = USING;
@ -364,17 +364,17 @@ putdir(char *buf, size_t size)
i = DIRBLKSIZ - (loc & (DIRBLKSIZ - 1));
if ((dp->d_reclen & 0x3) != 0 ||
dp->d_reclen > i ||
dp->d_reclen < DIRSIZ(0, dp) ||
dp->d_reclen < DIRSIZ(dp) ||
dp->d_namlen > NAME_MAX) {
Vprintf(stdout, "Mangled directory: ");
if ((dp->d_reclen & 0x3) != 0)
Vprintf(stdout,
"reclen not multiple of 4 ");
if (dp->d_reclen < DIRSIZ(0, dp))
if (dp->d_reclen < DIRSIZ(dp))
Vprintf(stdout,
"reclen less than DIRSIZ (%u < %u) ",
(unsigned)dp->d_reclen,
(unsigned)DIRSIZ(0, dp));
(unsigned)DIRSIZ(dp));
if (dp->d_namlen > NAME_MAX)
Vprintf(stdout,
"reclen name too big (%u > %u) ",
@ -404,7 +404,7 @@ long prev = 0;
static void
putent(struct direct *dp)
{
dp->d_reclen = DIRSIZ(0, dp);
dp->d_reclen = DIRSIZ(dp);
if (dirloc + dp->d_reclen > DIRBLKSIZ) {
((struct direct *)(dirbuf + prev))->d_reclen =
DIRBLKSIZ - prev;
@ -440,7 +440,7 @@ dcvt(struct odirect *odp, struct direct *ndp)
ndp->d_type = DT_UNKNOWN;
(void)strncpy(ndp->d_name, odp->d_name, ODIRSIZ);
ndp->d_namlen = strlen(ndp->d_name);
ndp->d_reclen = DIRSIZ(0, ndp);
ndp->d_reclen = DIRSIZ(ndp);
}
/*

34
sys/arch/amd64/amd64/vmm_machdep.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: vmm_machdep.c,v 1.13 2024/01/06 13:17:20 dv Exp $ */
/* $OpenBSD: vmm_machdep.c,v 1.14 2024/01/10 04:13:59 dv Exp $ */
/*
* Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org>
*
@ -3989,6 +3989,13 @@ vcpu_run_vmx(struct vcpu *vcpu, struct vm_run_params *vrp)
if (vcpu->vc_exit.vei.vei_dir == VEI_DIR_IN)
vcpu->vc_gueststate.vg_rax =
vcpu->vc_exit.vei.vei_data;
vcpu->vc_gueststate.vg_rip =
vcpu->vc_exit.vrs.vrs_gprs[VCPU_REGS_RIP];
if (vmwrite(VMCS_GUEST_IA32_RIP,
vcpu->vc_gueststate.vg_rip)) {
printf("%s: failed to update rip\n", __func__);
return (EINVAL);
}
break;
case VMX_EXIT_EPT_VIOLATION:
ret = vcpu_writeregs_vmx(vcpu, VM_RWREGS_GPRS, 0,
@ -4525,7 +4532,6 @@ svm_handle_exit(struct vcpu *vcpu)
case SVM_VMEXIT_IOIO:
if (svm_handle_inout(vcpu) == 0)
ret = EAGAIN;
update_rip = 1;
break;
case SVM_VMEXIT_HLT:
ret = svm_handle_hlt(vcpu);
@ -4610,7 +4616,6 @@ vmx_handle_exit(struct vcpu *vcpu)
case VMX_EXIT_IO:
if (vmx_handle_inout(vcpu) == 0)
ret = EAGAIN;
update_rip = 1;
break;
case VMX_EXIT_EXTINT:
vmx_handle_intr(vcpu);
@ -5159,12 +5164,6 @@ svm_handle_inout(struct vcpu *vcpu)
struct vmcb *vmcb = (struct vmcb *)vcpu->vc_control_va;
insn_length = vmcb->v_exitinfo2 - vmcb->v_rip;
if (insn_length != 1 && insn_length != 2) {
DPRINTF("%s: IN/OUT instruction with length %lld not "
"supported\n", __func__, insn_length);
return (EINVAL);
}
exit_qual = vmcb->v_exitinfo1;
/* Bit 0 - direction */
@ -5190,11 +5189,11 @@ svm_handle_inout(struct vcpu *vcpu)
/* Data */
vcpu->vc_exit.vei.vei_data = vmcb->v_rax;
vcpu->vc_exit.vei.vei_insn_len = (uint8_t)insn_length;
TRACEPOINT(vmm, inout, vcpu, vcpu->vc_exit.vei.vei_port,
vcpu->vc_exit.vei.vei_dir, vcpu->vc_exit.vei.vei_data);
vcpu->vc_gueststate.vg_rip += insn_length;
return (0);
}
@ -5220,12 +5219,6 @@ vmx_handle_inout(struct vcpu *vcpu)
return (EINVAL);
}
if (insn_length != 1 && insn_length != 2) {
DPRINTF("%s: IN/OUT instruction with length %lld not "
"supported\n", __func__, insn_length);
return (EINVAL);
}
if (vmx_get_exit_qualification(&exit_qual)) {
printf("%s: can't get exit qual\n", __func__);
return (EINVAL);
@ -5249,11 +5242,11 @@ vmx_handle_inout(struct vcpu *vcpu)
/* Data */
vcpu->vc_exit.vei.vei_data = (uint32_t)vcpu->vc_gueststate.vg_rax;
vcpu->vc_exit.vei.vei_insn_len = (uint8_t)insn_length;
TRACEPOINT(vmm, inout, vcpu, vcpu->vc_exit.vei.vei_port,
vcpu->vc_exit.vei.vei_dir, vcpu->vc_exit.vei.vei_data);
vcpu->vc_gueststate.vg_rip += insn_length;
return (0);
}
@ -6416,6 +6409,9 @@ vcpu_run_svm(struct vcpu *vcpu, struct vm_run_params *vrp)
vcpu->vc_exit.vei.vei_data;
vmcb->v_rax = vcpu->vc_gueststate.vg_rax;
}
vcpu->vc_gueststate.vg_rip =
vcpu->vc_exit.vrs.vrs_gprs[VCPU_REGS_RIP];
vmcb->v_rip = vcpu->vc_gueststate.vg_rip;
break;
case SVM_VMEXIT_NPF:
ret = vcpu_writeregs_svm(vcpu, VM_RWREGS_GPRS,

3
sys/arch/amd64/include/vmmvar.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: vmmvar.h,v 1.96 2024/01/06 13:17:20 dv Exp $ */
/* $OpenBSD: vmmvar.h,v 1.97 2024/01/10 04:13:59 dv Exp $ */
/*
* Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org>
*
@ -338,6 +338,7 @@ struct vm_exit_inout {
uint8_t vei_encoding; /* operand encoding */
uint16_t vei_port; /* port */
uint32_t vei_data; /* data */
uint8_t vei_insn_len; /* Count of instruction bytes */
};
/*
* vm_exit_eptviolation : describes an EPT VIOLATION exit

10
sys/dev/acpi/acpi.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: acpi.c,v 1.425 2023/07/08 08:01:10 tobhe Exp $ */
/* $OpenBSD: acpi.c,v 1.426 2024/01/08 19:52:29 kettenis Exp $ */
/*
* Copyright (c) 2005 Thorsten Lockert <tholo@sigmasoft.com>
* Copyright (c) 2005 Jordan Hargrave <jordan@openbsd.org>
@ -1104,16 +1104,16 @@ acpi_attach_common(struct acpi_softc *sc, paddr_t base)
printf(" !DSDT");
p_dsdt = entry->q_table;
acpi_parse_aml(sc, p_dsdt->aml, p_dsdt->hdr_length -
sizeof(p_dsdt->hdr));
acpi_parse_aml(sc, NULL, p_dsdt->aml,
p_dsdt->hdr_length - sizeof(p_dsdt->hdr));
/* Load SSDT's */
SIMPLEQ_FOREACH(entry, &sc->sc_tables, q_next) {
if (memcmp(entry->q_table, SSDT_SIG,
sizeof(SSDT_SIG) - 1) == 0) {
p_dsdt = entry->q_table;
acpi_parse_aml(sc, p_dsdt->aml, p_dsdt->hdr_length -
sizeof(p_dsdt->hdr));
acpi_parse_aml(sc, NULL, p_dsdt->aml,
p_dsdt->hdr_length - sizeof(p_dsdt->hdr));
}
}

21
sys/dev/acpi/dsdt.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: dsdt.c,v 1.264 2021/12/09 20:21:35 patrick Exp $ */
/* $OpenBSD: dsdt.c,v 1.265 2024/01/08 19:52:29 kettenis Exp $ */
/*
* Copyright (c) 2005 Jordan Hargrave <jordan@openbsd.org>
*
@ -634,8 +634,9 @@ __aml_search(struct aml_node *root, uint8_t *nameseg, int create)
SIMPLEQ_INIT(&node->son);
SIMPLEQ_INSERT_TAIL(&root->son, node, sib);
return node;
}
return node;
return NULL;
}
/* Get absolute pathname of AML node */
@ -3742,8 +3743,6 @@ aml_loadtable(struct acpi_softc *sc, const char *signature,
struct acpi_dsdt *p_dsdt;
struct acpi_q *entry;
if (strlen(rootpath) > 0)
aml_die("LoadTable: RootPathString unsupported");
if (strlen(parameterpath) > 0)
aml_die("LoadTable: ParameterPathString unsupported");
@ -3755,8 +3754,8 @@ aml_loadtable(struct acpi_softc *sc, const char *signature,
strncmp(hdr->oemtableid, oemtableid,
sizeof(hdr->oemtableid)) == 0) {
p_dsdt = entry->q_table;
acpi_parse_aml(sc, p_dsdt->aml, p_dsdt->hdr_length -
sizeof(p_dsdt->hdr));
acpi_parse_aml(sc, rootpath, p_dsdt->aml,
p_dsdt->hdr_length - sizeof(p_dsdt->hdr));
return aml_allocvalue(AML_OBJTYPE_DDBHANDLE, 0, 0);
}
}
@ -4520,11 +4519,19 @@ parse_error:
}
int
acpi_parse_aml(struct acpi_softc *sc, uint8_t *start, uint32_t length)
acpi_parse_aml(struct acpi_softc *sc, const char *rootpath,
uint8_t *start, uint32_t length)
{
struct aml_node *root = &aml_root;
struct aml_scope *scope;
struct aml_value res;
if (rootpath) {
root = aml_searchname(&aml_root, rootpath);
if (root == NULL)
aml_die("Invalid RootPathName %s\n", rootpath);
}
aml_root.start = start;
memset(&res, 0, sizeof(res));
res.type = AML_OBJTYPE_SCOPE;

6
sys/dev/acpi/dsdt.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: dsdt.h,v 1.80 2023/04/02 11:32:48 jsg Exp $ */
/* $OpenBSD: dsdt.h,v 1.81 2024/01/08 19:52:29 kettenis Exp $ */
/*
* Copyright (c) 2005 Marco Peereboom <marco@openbsd.org>
*
@ -56,8 +56,8 @@ void aml_walktree(struct aml_node *);
void aml_find_node(struct aml_node *, const char *,
int (*)(struct aml_node *, void *), void *);
int acpi_parse_aml(struct acpi_softc *, u_int8_t *,
uint32_t);
int acpi_parse_aml(struct acpi_softc *, const char *,
u_int8_t *, uint32_t);
void aml_register_notify(struct aml_node *, const char *,
int (*)(struct aml_node *, int, void *), void *,
int);

2
sys/dev/pci/drm/drm_drv.c
View file

@ -783,7 +783,9 @@ void *__devm_drm_dev_alloc(struct device *parent,
{
void *container;
struct drm_device *drm;
#ifdef notyet
int ret;
#endif
container = kzalloc(size, GFP_KERNEL);
if (!container)

2
sys/dev/pci/drm/include/linux/of.h
View file

@ -82,6 +82,4 @@ struct device_node *__matching_node(struct device_node *,
#define for_each_matching_node(a, b) \
for (a = __matching_node(NULL, b); a; a = __matching_node(a, b))
static const void *of_device_get_match_data(const struct device *);
#endif

6
sys/dev/pci/drm/include/linux/platform_device.h
View file

@ -29,19 +29,19 @@ extern struct bus_type platform_bus_type;
void __iomem *
devm_platform_ioremap_resource_byname(struct platform_device *, const char *);
inline void
static inline void
platform_set_drvdata(struct platform_device *pdev, void *data)
{
dev_set_drvdata(&pdev->dev, data);
}
inline void *
static inline void *
platform_get_drvdata(struct platform_device *pdev)
{
return dev_get_drvdata(&pdev->dev);
}
inline int
static inline int
platform_driver_register(struct platform_driver *platform_drv)
{
return 0;

13
sys/dev/pci/if_bnxt.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: if_bnxt.c,v 1.40 2024/01/04 07:08:47 jmatthew Exp $ */
/* $OpenBSD: if_bnxt.c,v 1.43 2024/01/10 05:06:00 jmatthew Exp $ */
/*-
* Broadcom NetXtreme-C/E network driver.
*
@ -742,6 +742,8 @@ bnxt_free_slots(struct bnxt_softc *sc, struct bnxt_slot *slots, int allocated,
while (i-- > 0) {
bs = &slots[i];
bus_dmamap_destroy(sc->sc_dmat, bs->bs_map);
if (bs->bs_m != NULL)
m_freem(bs->bs_m);
}
free(slots, M_DEVBUF, total * sizeof(*bs));
}
@ -1001,8 +1003,6 @@ bnxt_queue_down(struct bnxt_softc *sc, struct bnxt_queue *bq)
struct bnxt_rx_queue *rx = &bq->q_rx;
struct bnxt_tx_queue *tx = &bq->q_tx;
/* empty rx ring first i guess */
bnxt_free_slots(sc, tx->tx_slots, tx->tx_ring.ring_size,
tx->tx_ring.ring_size);
tx->tx_slots = NULL;
@ -1073,7 +1073,7 @@ bnxt_up(struct bnxt_softc *sc)
if (bnxt_hwrm_vnic_ctx_alloc(sc, &sc->sc_vnic.rss_id) != 0) {
printf("%s: failed to allocate vnic rss context\n",
DEVNAME(sc));
goto down_queues;
goto down_all_queues;
}
sc->sc_vnic.id = (uint16_t)HWRM_NA_SIGNATURE;
@ -1139,8 +1139,11 @@ dealloc_vnic:
bnxt_hwrm_vnic_free(sc, &sc->sc_vnic);
dealloc_vnic_ctx:
bnxt_hwrm_vnic_ctx_free(sc, &sc->sc_vnic.rss_id);
down_all_queues:
i = sc->sc_nqueues;
down_queues:
for (i = 0; i < sc->sc_nqueues; i++)
while (i-- > 0)
bnxt_queue_down(sc, &sc->sc_queues[i]);
bnxt_dmamem_free(sc, sc->sc_rx_cfg);

4
sys/dev/pci/if_ixl.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: if_ixl.c,v 1.94 2023/12/30 17:52:27 bluhm Exp $ */
/* $OpenBSD: if_ixl.c,v 1.95 2024/01/07 21:01:45 bluhm Exp $ */
/*
* Copyright (c) 2013-2015, Intel Corporation
@ -1881,6 +1881,7 @@ ixl_attach(struct device *parent, struct device *self, void *aux)
goto free_hmc;
}
mtx_init(&sc->sc_link_state_mtx, IPL_NET);
if (ixl_get_link_status(sc) != 0) {
/* error printed by ixl_get_link_status */
goto free_hmc;
@ -1987,7 +1988,6 @@ ixl_attach(struct device *parent, struct device *self, void *aux)
if_attach_queues(ifp, nqueues);
if_attach_iqueues(ifp, nqueues);
mtx_init(&sc->sc_link_state_mtx, IPL_NET);
task_set(&sc->sc_link_state_task, ixl_link_state_update, sc);
ixl_wr(sc, I40E_PFINT_ICR0_ENA,
I40E_PFINT_ICR0_ENA_LINK_STAT_CHANGE_MASK |

7
sys/kern/makesyscalls.sh
View file

@ -1,5 +1,5 @@
#! /bin/sh -
# $OpenBSD: makesyscalls.sh,v 1.21 2023/12/21 19:34:07 miod Exp $
# $OpenBSD: makesyscalls.sh,v 1.22 2024/01/07 20:52:44 miod Exp $
# $NetBSD: makesyscalls.sh,v 1.26 1998/01/09 06:17:51 thorpej Exp $
#
# Copyright (c) 1994,1996 Christopher G. Demetriou
@ -326,6 +326,11 @@ function parseline() {
parserr($f, "argument definition")
} else
varargc = argc;
if (argc > 6) {
printf "%s: line %d: too many syscall arguments (%d > 6)\n", \
infile, NR, argc
exit 1
}
}
function putent(nodefs, compatwrap) {
# output syscall declaration for switch table.

14
sys/netinet/in_pcb.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: in_pcb.c,v 1.283 2024/01/01 22:16:51 bluhm Exp $ */
/* $OpenBSD: in_pcb.c,v 1.284 2024/01/09 19:57:00 bluhm Exp $ */
/* $NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $ */
/*
@ -133,7 +133,7 @@ uint64_t in_pcblhash(struct inpcbtable *, u_int, u_short);
struct inpcb *in_pcblookup_lock(struct inpcbtable *, struct in_addr, u_int,
struct in_addr, u_int, u_int, int);
int in_pcbaddrisavail_lock(struct inpcb *, struct sockaddr_in *, int,
int in_pcbaddrisavail_lock(const struct inpcb *, struct sockaddr_in *, int,
struct proc *, int);
int in_pcbpickport(u_int16_t *, const void *, int, const struct inpcb *,
struct proc *);
@ -365,8 +365,8 @@ in_pcbbind(struct inpcb *inp, struct mbuf *nam, struct proc *p)
}
int
in_pcbaddrisavail_lock(struct inpcb *inp, struct sockaddr_in *sin, int wild,
struct proc *p, int lock)
in_pcbaddrisavail_lock(const struct inpcb *inp, struct sockaddr_in *sin,
int wild, struct proc *p, int lock)
{
struct socket *so = inp->inp_socket;
struct inpcbtable *table = inp->inp_table;
@ -436,8 +436,8 @@ in_pcbaddrisavail_lock(struct inpcb *inp, struct sockaddr_in *sin, int wild,
}
int
in_pcbaddrisavail(struct inpcb *inp, struct sockaddr_in *sin, int wild,
struct proc *p)
in_pcbaddrisavail(const struct inpcb *inp, struct sockaddr_in *sin,
int wild, struct proc *p)
{
return in_pcbaddrisavail_lock(inp, sin, wild, p, IN_PCBLOCK_GRAB);
}
@ -962,7 +962,7 @@ in_pcbselsrc(struct in_addr *insrc, struct sockaddr_in *sin,
{
struct ip_moptions *mopts = inp->inp_moptions;
struct route *ro = &inp->inp_route;
struct in_addr *laddr = &inp->inp_laddr;
const struct in_addr *laddr = &inp->inp_laddr;
u_int rtableid = inp->inp_rtableid;
struct sockaddr *ip4_source = NULL;

12
sys/netinet/in_pcb.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: in_pcb.h,v 1.147 2024/01/03 11:07:04 bluhm Exp $ */
/* $OpenBSD: in_pcb.h,v 1.148 2024/01/09 19:57:00 bluhm Exp $ */
/* $NetBSD: in_pcb.h,v 1.14 1996/02/13 23:42:00 christos Exp $ */
/*
@ -315,7 +315,7 @@ void in_losing(struct inpcb *);
int in_pcballoc(struct socket *, struct inpcbtable *, int);
int in_pcbbind_locked(struct inpcb *, struct mbuf *, struct proc *);
int in_pcbbind(struct inpcb *, struct mbuf *, struct proc *);
int in_pcbaddrisavail(struct inpcb *, struct sockaddr_in *, int,
int in_pcbaddrisavail(const struct inpcb *, struct sockaddr_in *, int,
struct proc *);
int in_pcbconnect(struct inpcb *, struct mbuf *);
void in_pcbdetach(struct inpcb *);
@ -338,9 +338,9 @@ struct inpcb *
struct inpcb *
in6_pcblookup_listen(struct inpcbtable *, struct in6_addr *, u_int,
struct mbuf *, u_int);
int in6_pcbaddrisavail_lock(struct inpcb *, struct sockaddr_in6 *, int,
struct proc *, int);
int in6_pcbaddrisavail(struct inpcb *, struct sockaddr_in6 *, int,
int in6_pcbaddrisavail_lock(const struct inpcb *, struct sockaddr_in6 *,
int, struct proc *, int);
int in6_pcbaddrisavail(const struct inpcb *, struct sockaddr_in6 *, int,
struct proc *);
int in6_pcbconnect(struct inpcb *, struct mbuf *);
void in6_setsockaddr(struct inpcb *, struct mbuf *);
@ -370,7 +370,7 @@ struct rtentry *
void in6_pcbnotify(struct inpcbtable *, struct sockaddr_in6 *,
u_int, const struct sockaddr_in6 *, u_int, u_int, int, void *,
void (*)(struct inpcb *, int));
int in6_selecthlim(struct inpcb *);
int in6_selecthlim(const struct inpcb *);
int in_pcbset_rtableid(struct inpcb *, u_int);
void in_pcbset_laddr(struct inpcb *, const struct sockaddr *, u_int);
void in_pcbunset_faddr(struct inpcb *);

10
sys/netinet6/in6_pcb.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: in6_pcb.c,v 1.131 2023/12/07 16:08:30 bluhm Exp $ */
/* $OpenBSD: in6_pcb.c,v 1.132 2024/01/09 19:57:01 bluhm Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -150,8 +150,8 @@ in6_pcbhash(struct inpcbtable *table, u_int rdomain,
}
int
in6_pcbaddrisavail_lock(struct inpcb *inp, struct sockaddr_in6 *sin6, int wild,
struct proc *p, int lock)
in6_pcbaddrisavail_lock(const struct inpcb *inp, struct sockaddr_in6 *sin6,
int wild, struct proc *p, int lock)
{
struct socket *so = inp->inp_socket;
struct inpcbtable *table = inp->inp_table;
@ -240,8 +240,8 @@ in6_pcbaddrisavail_lock(struct inpcb *inp, struct sockaddr_in6 *sin6, int wild,
}
int
in6_pcbaddrisavail(struct inpcb *inp, struct sockaddr_in6 *sin6, int wild,
struct proc *p)
in6_pcbaddrisavail(const struct inpcb *inp, struct sockaddr_in6 *sin6,
int wild, struct proc *p)
{
return in6_pcbaddrisavail_lock(inp, sin6, wild, p, IN_PCBLOCK_GRAB);
}

4
sys/netinet6/in6_src.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: in6_src.c,v 1.90 2023/12/15 00:24:56 bluhm Exp $ */
/* $OpenBSD: in6_src.c,v 1.91 2024/01/09 19:57:01 bluhm Exp $ */
/* $KAME: in6_src.c,v 1.36 2001/02/06 04:08:17 itojun Exp $ */
/*
@ -422,7 +422,7 @@ in6_selectif(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
}
int
in6_selecthlim(struct inpcb *inp)
in6_selecthlim(const struct inpcb *inp)
{
if (inp && inp->inp_hops >= 0)
return (inp->inp_hops);

6
sys/ufs/ext2fs/ext2fs_dir.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ext2fs_dir.h,v 1.11 2014/07/11 07:59:04 pelikan Exp $ */
/* $OpenBSD: ext2fs_dir.h,v 1.12 2024/01/09 03:16:00 guenther Exp $ */
/* $NetBSD: ext2fs_dir.h,v 1.4 2000/01/28 16:00:23 bouyer Exp $ */
/*
@ -61,9 +61,9 @@
* with null bytes. All names are guaranteed null terminated.
* The maximum length of a name in a directory is EXT2FS_MAXNAMLEN.
*
* The macro EXT2FS_DIRSIZ(fmt, dp) gives the amount of space required to
* The macro EXT2FS_DIRSIZ(dp) gives the amount of space required to
* represent a directory entry. Free space in a directory is represented by
* entries which have dp->e2d_reclen > DIRSIZ(fmt, dp). All d2fs_bsize bytes
* entries which have dp->e2d_reclen > DIRSIZ(dp). All d2fs_bsize bytes
* in a directory block are claimed by the directory entries. This
* usually results in the last entry in a directory having a large
* dp->e2d_reclen. When entries are deleted from a directory, the

6
sys/ufs/ffs/ffs_inode.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ffs_inode.c,v 1.81 2021/12/12 09:14:59 visa Exp $ */
/* $OpenBSD: ffs_inode.c,v 1.82 2024/01/09 03:15:59 guenther Exp $ */
/* $NetBSD: ffs_inode.c,v 1.10 1996/05/11 18:27:19 mycroft Exp $ */
/*
@ -152,9 +152,7 @@ ffs_truncate(struct inode *oip, off_t length, int flags, struct ucred *cred)
return (0);
if (ovp->v_type == VLNK &&
(DIP(oip, size) < oip->i_ump->um_maxsymlinklen ||
(oip->i_ump->um_maxsymlinklen == 0 &&
oip->i_din1->di_blocks == 0))) {
DIP(oip, size) < oip->i_ump->um_maxsymlinklen) {
#ifdef DIAGNOSTIC
if (length != 0)
panic("ffs_truncate: partial truncate of symlink");

6
sys/ufs/ffs/ffs_vfsops.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ffs_vfsops.c,v 1.195 2023/07/05 15:13:28 beck Exp $ */
/* $OpenBSD: ffs_vfsops.c,v 1.196 2024/01/09 03:16:00 guenther Exp $ */
/* $NetBSD: ffs_vfsops.c,v 1.19 1996/02/09 22:22:26 christos Exp $ */
/*
@ -675,8 +675,8 @@ ffs_validate(struct fs *fsp)
return (0); /* Invalid number of fragments */
if (fsp->fs_inodefmt == FS_42INODEFMT)
fsp->fs_maxsymlinklen = 0;
else if (fsp->fs_maxsymlinklen < 0)
return (0); /* Obsolete format, support broken in 2014 */
if (fsp->fs_maxsymlinklen <= 0)
return (0); /* Invalid max size of short symlink */
return (1); /* Super block is okay */

5
sys/ufs/ffs/ffs_vnops.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ffs_vnops.c,v 1.100 2022/06/26 05:20:43 visa Exp $ */
/* $OpenBSD: ffs_vnops.c,v 1.101 2024/01/09 03:16:00 guenther Exp $ */
/* $NetBSD: ffs_vnops.c,v 1.7 1996/05/11 18:27:24 mycroft Exp $ */
/*
@ -202,8 +202,7 @@ ffs_read(void *v)
panic("ffs_read: mode");
if (vp->v_type == VLNK) {
if (DIP(ip, size) < ip->i_ump->um_maxsymlinklen ||
(ip->i_ump->um_maxsymlinklen == 0 && DIP(ip, blocks) == 0))
if (DIP(ip, size) < ip->i_ump->um_maxsymlinklen)
panic("ffs_read: short symlink");
} else if (vp->v_type != VREG && vp->v_type != VDIR)
panic("ffs_read: type %d", vp->v_type);

31
sys/ufs/ufs/dir.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: dir.h,v 1.12 2019/05/04 15:38:12 deraadt Exp $ */
/* $OpenBSD: dir.h,v 1.13 2024/01/09 03:15:59 guenther Exp $ */
/* $NetBSD: dir.h,v 1.8 1996/03/09 19:42:41 scottr Exp $ */
/*
@ -61,9 +61,9 @@
* with null bytes. All names are guaranteed null terminated.
* The maximum length of a name in a directory is MAXNAMLEN.
*
* The macro DIRSIZ(fmt, dp) gives the amount of space required to represent
* The macro DIRSIZ(dp) gives the amount of space required to represent
* a directory entry. Free space in a directory is represented by
* entries which have dp->d_reclen > DIRSIZ(fmt, dp). All DIRBLKSIZ bytes
* entries which have dp->d_reclen > DIRSIZ(dp). All DIRBLKSIZ bytes
* in a directory block are claimed by the directory entries. This
* usually results in the last entry in a directory having a large
* dp->d_reclen. When entries are deleted from a directory, the
@ -112,17 +112,8 @@ struct direct {
#define DIRECTSIZ(namlen) \
((offsetof(struct direct, d_name) + \
((namlen)+1)*sizeof(((struct direct *)0)->d_name[0]) + 3) & ~3)
#if (BYTE_ORDER == LITTLE_ENDIAN)
#define DIRSIZ(oldfmt, dp) \
((oldfmt) ? \
((sizeof(struct direct) - (MAXNAMLEN+1)) + (((dp)->d_type+1 + 3) &~ 3)) : \
((sizeof(struct direct) - (MAXNAMLEN+1)) + (((dp)->d_namlen+1 + 3) &~ 3)))
#else
#define DIRSIZ(oldfmt, dp) \
#define DIRSIZ(dp) \
((sizeof(struct direct) - (MAXNAMLEN+1)) + (((dp)->d_namlen+1 + 3) &~ 3))
#endif
#define OLDDIRFMT 1
#define NEWDIRFMT 0
/*
* Template for manipulating directories. Should use struct direct's,
@ -140,18 +131,4 @@ struct dirtemplate {
u_int8_t dotdot_namlen;
char dotdot_name[4]; /* ditto */
};
/*
* This is the old format of directories, sanz type element.
*/
struct odirtemplate {
u_int32_t dot_ino;
int16_t dot_reclen;
u_int16_t dot_namlen;
char dot_name[4]; /* must be multiple of 4 */
u_int32_t dotdot_ino;
int16_t dotdot_reclen;
u_int16_t dotdot_namlen;
char dotdot_name[4]; /* ditto */
};
#endif /* !_DIR_H_ */

19
sys/ufs/ufs/ufs_dirhash.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ufs_dirhash.c,v 1.42 2019/03/15 05:42:38 kevlo Exp $ */
/* $OpenBSD: ufs_dirhash.c,v 1.43 2024/01/09 03:15:59 guenther Exp $ */
/*
* Copyright (c) 2001, 2002 Ian Dowse. All rights reserved.
*
@ -50,7 +50,6 @@
#define WRAPINCR(val, limit) (((val) + 1 == (limit)) ? 0 : ((val) + 1))
#define WRAPDECR(val, limit) (((val) == 0) ? ((limit) - 1) : ((val) - 1))
#define OFSFMT(ip) ((ip)->i_ump->um_maxsymlinklen == 0)
#define BLKFREE2IDX(n) ((n) > DH_NFSTATS ? DH_NFSTATS : (n))
int ufs_mindirhashsize;
@ -112,7 +111,7 @@ ufsdirhash_build(struct inode *ip)
/* Check if we can/should use dirhash. */
if (ip->i_dirhash == NULL) {
if (DIP(ip, size) < ufs_mindirhashsize || OFSFMT(ip))
if (DIP(ip, size) < ufs_mindirhashsize)
return (-1);
} else {
/* Hash exists, but sysctls could have changed. */
@ -224,7 +223,7 @@ ufsdirhash_build(struct inode *ip)
slot = WRAPINCR(slot, dh->dh_hlen);
dh->dh_hused++;
DH_ENTRY(dh, slot) = pos;
ufsdirhash_adjfree(dh, pos, -DIRSIZ(0, ep));
ufsdirhash_adjfree(dh, pos, -DIRSIZ(ep));
}
pos += ep->d_reclen;
}
@ -430,7 +429,7 @@ restart:
/* Check for sequential access, and update offset. */
if (dh->dh_seqopt == 0 && dh->dh_seqoff == offset)
dh->dh_seqopt = 1;
dh->dh_seqoff = offset + DIRSIZ(0, dp);
dh->dh_seqoff = offset + DIRSIZ(dp);
*bpp = bp;
*offp = offset;
@ -519,7 +518,7 @@ ufsdirhash_findfree(struct inode *ip, int slotneeded, int *slotsize)
brelse(bp);
return (-1);
}
if (dp->d_ino == 0 || dp->d_reclen > DIRSIZ(0, dp))
if (dp->d_ino == 0 || dp->d_reclen > DIRSIZ(dp))
break;
i += dp->d_reclen;
dp = (struct direct *)((char *)dp + dp->d_reclen);
@ -535,7 +534,7 @@ ufsdirhash_findfree(struct inode *ip, int slotneeded, int *slotsize)
while (i < DIRBLKSIZ && freebytes < slotneeded) {
freebytes += dp->d_reclen;
if (dp->d_ino != 0)
freebytes -= DIRSIZ(0, dp);
freebytes -= DIRSIZ(dp);
if (dp->d_reclen == 0) {
brelse(bp);
return (-1);
@ -627,7 +626,7 @@ ufsdirhash_add(struct inode *ip, struct direct *dirp, doff_t offset)
DH_ENTRY(dh, slot) = offset;
/* Update the per-block summary info. */
ufsdirhash_adjfree(dh, offset, -DIRSIZ(0, dirp));
ufsdirhash_adjfree(dh, offset, -DIRSIZ(dirp));
DIRHASH_UNLOCK(dh);
}
@ -660,7 +659,7 @@ ufsdirhash_remove(struct inode *ip, struct direct *dirp, doff_t offset)
ufsdirhash_delslot(dh, slot);
/* Update the per-block summary info. */
ufsdirhash_adjfree(dh, offset, DIRSIZ(0, dirp));
ufsdirhash_adjfree(dh, offset, DIRSIZ(dirp));
DIRHASH_UNLOCK(dh);
}
@ -835,7 +834,7 @@ ufsdirhash_checkblock(struct inode *ip, char *buf, doff_t offset)
/* Check that the entry exists (will panic if it doesn't). */
ufsdirhash_findslot(dh, dp->d_name, dp->d_namlen, offset + i);
nfree += dp->d_reclen - DIRSIZ(0, dp);
nfree += dp->d_reclen - DIRSIZ(dp);
}
if (i != DIRBLKSIZ)
panic("ufsdirhash_checkblock: bad dir end");

67
sys/ufs/ufs/ufs_lookup.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ufs_lookup.c,v 1.59 2022/01/11 03:13:59 jsg Exp $ */
/* $OpenBSD: ufs_lookup.c,v 1.60 2024/01/09 03:15:59 guenther Exp $ */
/* $NetBSD: ufs_lookup.c,v 1.7 1996/02/09 22:36:06 christos Exp $ */
/*
@ -64,8 +64,6 @@ int dirchk = 1;
int dirchk = 0;
#endif
#define OFSFMT(ip) ((ip)->i_ump->um_maxsymlinklen == 0)
/*
* Convert a component of a pathname into a pointer to a locked inode.
* This is a very central and rather complicated routine.
@ -299,7 +297,7 @@ searchloop:
int size = ep->d_reclen;
if (ep->d_ino != 0)
size -= DIRSIZ(OFSFMT(dp), ep);
size -= DIRSIZ(ep);
if (size > 0) {
if (size >= slotneeded) {
slotstatus = FOUND;
@ -322,14 +320,7 @@ searchloop:
* Check for a name match.
*/
if (ep->d_ino) {
# if (BYTE_ORDER == LITTLE_ENDIAN)
if (OFSFMT(dp))
namlen = ep->d_type;
else
namlen = ep->d_namlen;
# else
namlen = ep->d_namlen;
# endif
namlen = ep->d_namlen;
if (namlen == cnp->cn_namelen &&
!memcmp(cnp->cn_nameptr, ep->d_name, namlen)) {
#ifdef UFS_DIRHASH
@ -440,9 +431,9 @@ found:
* Check that directory length properly reflects presence
* of this entry.
*/
if (dp->i_offset + DIRSIZ(OFSFMT(dp), ep) > DIP(dp, size)) {
if (dp->i_offset + DIRSIZ(ep) > DIP(dp, size)) {
ufs_dirbad(dp, dp->i_offset, "i_ffs_size too small");
DIP_ASSIGN(dp, size, dp->i_offset + DIRSIZ(OFSFMT(dp), ep));
DIP_ASSIGN(dp, size, dp->i_offset + DIRSIZ(ep));
dp->i_flag |= IN_CHANGE | IN_UPDATE;
}
brelse(bp);
@ -626,17 +617,10 @@ ufs_dirbadentry(struct vnode *vdp, struct direct *ep, int entryoffsetinblock)
dp = VTOI(vdp);
# if (BYTE_ORDER == LITTLE_ENDIAN)
if (OFSFMT(dp))
namlen = ep->d_type;
else
namlen = ep->d_namlen;
# else
namlen = ep->d_namlen;
# endif
namlen = ep->d_namlen;
if ((ep->d_reclen & 0x3) != 0 ||
ep->d_reclen > DIRBLKSIZ - (entryoffsetinblock & (DIRBLKSIZ - 1)) ||
ep->d_reclen < DIRSIZ(OFSFMT(dp), ep) || namlen > MAXNAMLEN) {
ep->d_reclen < DIRSIZ(ep) || namlen > MAXNAMLEN) {
/*return (1); */
printf("First bad\n");
goto bad;
@ -674,15 +658,7 @@ ufs_makedirentry(struct inode *ip, struct componentname *cnp,
memset(newdirp->d_name + (cnp->cn_namelen & ~(DIR_ROUNDUP-1)),
0, DIR_ROUNDUP);
memcpy(newdirp->d_name, cnp->cn_nameptr, cnp->cn_namelen);
if (OFSFMT(ip)) {
newdirp->d_type = 0;
# if (BYTE_ORDER == LITTLE_ENDIAN)
{ u_char tmp = newdirp->d_namlen;
newdirp->d_namlen = newdirp->d_type;
newdirp->d_type = tmp; }
# endif
} else
newdirp->d_type = IFTODT(DIP(ip, mode));
newdirp->d_type = IFTODT(DIP(ip, mode));
}
/*
@ -712,7 +688,7 @@ ufs_direnter(struct vnode *dvp, struct vnode *tvp, struct direct *dirp,
cr = cnp->cn_cred;
p = cnp->cn_proc;
dp = VTOI(dvp);
newentrysize = DIRSIZ(OFSFMT(dp), dirp);
newentrysize = DIRSIZ(dirp);
if (dp->i_count == 0) {
/*
@ -827,7 +803,7 @@ ufs_direnter(struct vnode *dvp, struct vnode *tvp, struct direct *dirp,
* dp->i_offset + dp->i_count would yield the space.
*/
ep = (struct direct *)dirbuf;
dsize = ep->d_ino ? DIRSIZ(OFSFMT(dp), ep) : 0;
dsize = ep->d_ino ? DIRSIZ(ep) : 0;
spacefree = ep->d_reclen - dsize;
for (loc = ep->d_reclen; loc < dp->i_count; ) {
nep = (struct direct *)(dirbuf + loc);
@ -852,7 +828,7 @@ ufs_direnter(struct vnode *dvp, struct vnode *tvp, struct direct *dirp,
dsize = 0;
continue;
}
dsize = DIRSIZ(OFSFMT(dp), nep);
dsize = DIRSIZ(nep);
spacefree += nep->d_reclen - dsize;
#ifdef UFS_DIRHASH
if (dp->i_dirhash != NULL)
@ -1030,8 +1006,7 @@ ufs_dirrewrite(struct inode *dp, struct inode *oip, ufsino_t newinum,
if (error)
return (error);
ep->d_ino = newinum;
if (!OFSFMT(dp))
ep->d_type = newtype;
ep->d_type = newtype;
oip->i_effnlink--;
if (DOINGSOFTDEP(vdp)) {
softdep_change_linkcnt(oip, 0);
@ -1087,14 +1062,7 @@ ufs_dirempty(struct inode *ip, ufsino_t parentino, struct ucred *cred)
if (dp->d_ino == 0)
continue;
/* accept only "." and ".." */
# if (BYTE_ORDER == LITTLE_ENDIAN)
if (OFSFMT(ip))
namlen = dp->d_type;
else
namlen = dp->d_namlen;
# else
namlen = dp->d_namlen;
# endif
namlen = dp->d_namlen;
if (namlen > 2)
return (0);
if (dp->d_name[0] != '.')
@ -1145,14 +1113,7 @@ ufs_checkpath(struct inode *source, struct inode *target, struct ucred *cred)
IO_NODELOCKED, cred, NULL, curproc);
if (error != 0)
break;
# if (BYTE_ORDER == LITTLE_ENDIAN)
if (OFSFMT(VTOI(vp)))
namlen = dirbuf.dotdot_type;
else
namlen = dirbuf.dotdot_namlen;
# else
namlen = dirbuf.dotdot_namlen;
# endif
namlen = dirbuf.dotdot_namlen;
if (namlen != 2 ||
dirbuf.dotdot_name[0] != '.' ||
dirbuf.dotdot_name[1] != '.') {

35
sys/ufs/ufs/ufs_vnops.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ufs_vnops.c,v 1.158 2023/09/08 20:00:28 mvs Exp $ */
/* $OpenBSD: ufs_vnops.c,v 1.159 2024/01/09 03:15:59 guenther Exp $ */
/* $NetBSD: ufs_vnops.c,v 1.18 1996/05/11 18:28:04 mycroft Exp $ */
/*
@ -81,14 +81,10 @@ void filt_ufsdetach(struct knote *);
/*
* A virgin directory (no blushing please).
*/
static struct dirtemplate mastertemplate = {
static const struct dirtemplate mastertemplate = {
0, 12, DT_DIR, 1, ".",
0, DIRBLKSIZ - 12, DT_DIR, 2, ".."
};
static struct odirtemplate omastertemplate = {
0, 12, 1, ".",
0, DIRBLKSIZ - 12, 2, ".."
};
/*
* Update the times in the inode
@ -1127,7 +1123,7 @@ ufs_mkdir(void *v)
struct vnode *tvp;
struct buf *bp;
struct direct newdir;
struct dirtemplate dirtemplate, *dtp;
struct dirtemplate dirtemplate;
int error, dmode, blkoff;
#ifdef DIAGNOSTIC
@ -1187,11 +1183,7 @@ ufs_mkdir(void *v)
/*
* Initialize directory with "." and ".." from static template.
*/
if (dp->i_ump->um_maxsymlinklen > 0)
dtp = &mastertemplate;
else
dtp = (struct dirtemplate *)&omastertemplate;
dirtemplate = *dtp;
dirtemplate = mastertemplate;
dirtemplate.dot_ino = ip->i_number;
dirtemplate.dotdot_ino = dp->i_number;
@ -1411,9 +1403,6 @@ ufs_readdir(void *v)
caddr_t diskbuf;
size_t count, entries;
int bufsize, readcnt, error;
#if (BYTE_ORDER == LITTLE_ENDIAN)
int ofmt = VTOI(ap->a_vp)->i_ump->um_maxsymlinklen == 0;
#endif
if (uio->uio_rw != UIO_READ)
return (EINVAL);
@ -1468,16 +1457,8 @@ ufs_readdir(void *v)
off += dp->d_reclen;
u.dn.d_off = off;
u.dn.d_fileno = dp->d_ino;
#if (BYTE_ORDER == LITTLE_ENDIAN)
if (ofmt) {
u.dn.d_type = dp->d_namlen;
u.dn.d_namlen = dp->d_type;
} else
#endif
{
u.dn.d_type = dp->d_type;
u.dn.d_namlen = dp->d_namlen;
}
u.dn.d_type = dp->d_type;
u.dn.d_namlen = dp->d_namlen;
memcpy(u.dn.d_name, dp->d_name, u.dn.d_namlen);
memset(u.dn.d_name + u.dn.d_namlen, 0, u.dn.d_reclen
- u.dn.d_namlen - offsetof(struct dirent, d_name));
@ -1513,10 +1494,8 @@ ufs_readlink(void *v)
u_int64_t isize;
isize = DIP(ip, size);
if (isize < ip->i_ump->um_maxsymlinklen ||
(ip->i_ump->um_maxsymlinklen == 0 && DIP(ip, blocks) == 0)) {
if (isize < ip->i_ump->um_maxsymlinklen)
return (uiomove((char *)SHORTLINK(ip), isize, ap->a_uio));
}
return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred));
}

16
usr.bin/ssh/PROTOCOL
View file

@ -152,12 +152,13 @@ When an endpoint that supports this extension observes this algorithm
name in a peer's KEXINIT packet, it MUST make the following changes to
the protocol:
a) During initial KEX, terminate the connection if any unexpected or
out-of-sequence packet is received. This includes terminating the
connection if the first packet received is not SSH2_MSG_KEXINIT.
Unexpected packets for the purpose of strict KEX include messages
that are otherwise valid at any time during the connection such as
SSH2_MSG_DEBUG and SSH2_MSG_IGNORE.
a) During initial KEX, terminate the connection if out-of-sequence
packet or any message that is not strictly required by KEX is
received. This includes terminating the connection if the first
packet received is not SSH2_MSG_KEXINIT. Unexpected packets for
the purpose of strict KEX include messages that are otherwise
valid at any time during the connection such as SSH2_MSG_DEBUG,
SSH2_MSG_IGNORE or SSH2_MSG_UNIMPLEMENTED.
b) After sending or receiving a SSH2_MSG_NEWKEYS message, reset the
packet sequence number to zero. This behaviour persists for the
duration of the connection (i.e. not just the first
@ -735,6 +736,7 @@ identifiers:
The server will reply with a SSH_FXP_EXTENDED_REPLY:
byte SSH_FXP_EXTENDED_REPLY
uint32 id
string usernames
string groupnames
@ -790,4 +792,4 @@ master instance and later clients.
OpenSSH extends the usual agent protocol. These changes are documented
in the PROTOCOL.agent file.
$OpenBSD: PROTOCOL,v 1.53 2023/12/20 00:06:25 jsg Exp $
$OpenBSD: PROTOCOL,v 1.55 2024/01/08 05:05:15 djm Exp $

4
usr.bin/ssh/PROTOCOL.mux
View file

@ -188,8 +188,6 @@ For dynamically allocated listen port the server replies with
7. Requesting closure of port forwards
Note: currently unimplemented (server will always reply with MUX_S_FAILURE).
A client may request the master to close a port forward:
uint32 MUX_C_CLOSE_FWD
@ -295,4 +293,4 @@ XXX session inspection via master
XXX signals via mux request
XXX list active connections via mux
$OpenBSD: PROTOCOL.mux,v 1.13 2022/01/01 01:55:30 jsg Exp $
$OpenBSD: PROTOCOL.mux,v 1.14 2024/01/08 05:11:18 djm Exp $

74
usr.bin/ssh/channels.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: channels.c,v 1.435 2023/12/18 14:47:20 djm Exp $ */
/* $OpenBSD: channels.c,v 1.436 2024/01/09 22:19:00 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -206,6 +206,9 @@ struct ssh_channels {
/* Channel timeouts by type */
struct ssh_channel_timeout *timeouts;
size_t ntimeouts;
/* Global timeout for all OPEN channels */
int global_deadline;
time_t lastused;
};
/* helper */
@ -308,6 +311,11 @@ channel_add_timeout(struct ssh *ssh, const char *type_pattern,
{
struct ssh_channels *sc = ssh->chanctxt;
if (strcmp(type_pattern, "global") == 0) {
debug2_f("global channel timeout %d seconds", timeout_secs);
sc->global_deadline = timeout_secs;
return;
}
debug2_f("channel type \"%s\" timeout %d seconds",
type_pattern, timeout_secs);
sc->timeouts = xrecallocarray(sc->timeouts, sc->ntimeouts,
@ -368,6 +376,38 @@ channel_set_xtype(struct ssh *ssh, int id, const char *xctype)
c->inactive_deadline);
}
/*
* update "last used" time on a channel.
* NB. nothing else should update lastused except to clear it.
*/
static void
channel_set_used_time(struct ssh *ssh, Channel *c)
{
ssh->chanctxt->lastused = monotime();
if (c != NULL)
c->lastused = ssh->chanctxt->lastused;
}
/*
* Get the time at which a channel is due to time out for inactivity.
* Returns 0 if the channel is not due to time out ever.
*/
static time_t
channel_get_expiry(struct ssh *ssh, Channel *c)
{
struct ssh_channels *sc = ssh->chanctxt;
time_t expiry = 0, channel_expiry;
if (sc->lastused != 0 && sc->global_deadline != 0)
expiry = sc->lastused + sc->global_deadline;
if (c->lastused != 0 && c->inactive_deadline != 0) {
channel_expiry = c->lastused + c->inactive_deadline;
if (expiry == 0 || channel_expiry < expiry)
expiry = channel_expiry;
}
return expiry;
}
/*
* Register filedescriptors for a channel, used when allocating a channel or
* when the channel consumer/producer is ready, e.g. shell exec'd
@ -429,6 +469,8 @@ channel_register_fds(struct ssh *ssh, Channel *c, int rfd, int wfd, int efd,
if (efd != -1)
set_nonblock(efd);
}
/* channel might be entering a larval state, so reset global timeout */
channel_set_used_time(ssh, NULL);
}
/*
@ -1185,7 +1227,7 @@ channel_set_fds(struct ssh *ssh, int id, int rfd, int wfd, int efd,
channel_register_fds(ssh, c, rfd, wfd, efd, extusage, nonblock, is_tty);
c->type = SSH_CHANNEL_OPEN;
c->lastused = monotime();
channel_set_used_time(ssh, c);
c->local_window = c->local_window_max = window_max;
if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_WINDOW_ADJUST)) != 0 ||
@ -1356,7 +1398,7 @@ channel_pre_x11_open(struct ssh *ssh, Channel *c)
if (ret == 1) {
c->type = SSH_CHANNEL_OPEN;
c->lastused = monotime();
channel_set_used_time(ssh, c);
channel_pre_open(ssh, c);
} else if (ret == -1) {
logit("X11 connection rejected because of wrong "
@ -2004,7 +2046,7 @@ channel_post_connecting(struct ssh *ssh, Channel *c)
c->self, c->connect_ctx.host, c->connect_ctx.port);
channel_connect_ctx_free(&c->connect_ctx);
c->type = SSH_CHANNEL_OPEN;
c->lastused = monotime();
channel_set_used_time(ssh, c);
if (isopen) {
/* no message necessary */
} else {
@ -2087,7 +2129,7 @@ channel_handle_rfd(struct ssh *ssh, Channel *c)
goto rfail;
}
if (nr != 0)
c->lastused = monotime();
channel_set_used_time(ssh, c);
return 1;
}
@ -2108,7 +2150,7 @@ channel_handle_rfd(struct ssh *ssh, Channel *c)
}
return -1;
}
c->lastused = monotime();
channel_set_used_time(ssh, c);
if (c->input_filter != NULL) {
if (c->input_filter(ssh, c, buf, len) == -1) {
debug2("channel %d: filter stops", c->self);
@ -2179,7 +2221,7 @@ channel_handle_wfd(struct ssh *ssh, Channel *c)
}
return -1;
}
c->lastused = monotime();
channel_set_used_time(ssh, c);
if (c->isatty && dlen >= 1 && buf[0] != '\r') {
if (tcgetattr(c->wfd, &tio) == 0 &&
!(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
@ -2225,7 +2267,7 @@ channel_handle_efd_write(struct ssh *ssh, Channel *c)
if ((r = sshbuf_consume(c->extended, len)) != 0)
fatal_fr(r, "channel %i: consume", c->self);
c->local_consumed += len;
c->lastused = monotime();
channel_set_used_time(ssh, c);
}
return 1;
}
@ -2249,7 +2291,7 @@ channel_handle_efd_read(struct ssh *ssh, Channel *c)
channel_close_fd(ssh, c, &c->efd);
return 1;
}
c->lastused = monotime();
channel_set_used_time(ssh, c);
if (c->extended_usage == CHAN_EXTENDED_IGNORE)
debug3("channel %d: discard efd", c->self);
else if ((r = sshbuf_put(c->extended, buf, len)) != 0)
@ -2539,10 +2581,9 @@ channel_handler(struct ssh *ssh, int table, struct timespec *timeout)
continue;
}
if (ftab[c->type] != NULL) {
if (table == CHAN_PRE &&
c->type == SSH_CHANNEL_OPEN &&
c->inactive_deadline != 0 && c->lastused != 0 &&
now >= c->lastused + c->inactive_deadline) {
if (table == CHAN_PRE && c->type == SSH_CHANNEL_OPEN &&
channel_get_expiry(ssh, c) != 0 &&
now >= channel_get_expiry(ssh, c)) {
/* channel closed for inactivity */
verbose("channel %d: closing after %u seconds "
"of inactivity", c->self,
@ -2554,10 +2595,9 @@ channel_handler(struct ssh *ssh, int table, struct timespec *timeout)
/* inactivity timeouts must interrupt poll() */
if (timeout != NULL &&
c->type == SSH_CHANNEL_OPEN &&
c->lastused != 0 &&
c->inactive_deadline != 0) {
channel_get_expiry(ssh, c) != 0) {
ptimeout_deadline_monotime(timeout,
c->lastused + c->inactive_deadline);
channel_get_expiry(ssh, c));
}
} else if (timeout != NULL) {
/*
@ -3516,7 +3556,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, struct ssh *ssh)
c->open_confirm(ssh, c->self, 1, c->open_confirm_ctx);
debug2_f("channel %d: callback done", c->self);
}
c->lastused = monotime();
channel_set_used_time(ssh, c);
debug2("channel %d: open confirm rwindow %u rmax %u", c->self,
c->remote_window, c->remote_maxpacket);
return 0;

31
usr.bin/ssh/kex.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: kex.c,v 1.184 2023/12/18 14:45:49 djm Exp $ */
/* $OpenBSD: kex.c,v 1.185 2024/01/08 00:34:33 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
@ -757,10 +757,11 @@ static int
kex_input_newkeys(int type, u_int32_t seq, struct ssh *ssh)
{
struct kex *kex = ssh->kex;
int r;
int r, initial = (kex->flags & KEX_INITIAL) != 0;
char *cp, **prop;
debug("SSH2_MSG_NEWKEYS received");
if (kex->ext_info_c && (kex->flags & KEX_INITIAL) != 0)
if (kex->ext_info_c && initial)
ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_input_ext_info);
ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error);
ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);
@ -768,10 +769,32 @@ kex_input_newkeys(int type, u_int32_t seq, struct ssh *ssh)
return r;
if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0)
return r;
if (initial) {
/* Remove initial KEX signalling from proposal for rekeying */
if ((r = kex_buf2prop(kex->my, NULL, &prop)) != 0)
return r;
if ((cp = match_filter_denylist(prop[PROPOSAL_KEX_ALGS],
kex->server ?
"ext-info-s,kex-strict-s-v00@openssh.com" :
"ext-info-c,kex-strict-c-v00@openssh.com")) == NULL) {
error_f("match_filter_denylist failed");
goto fail;
}
free(prop[PROPOSAL_KEX_ALGS]);
prop[PROPOSAL_KEX_ALGS] = cp;
if ((r = kex_prop2buf(ssh->kex->my, prop)) != 0) {
error_f("kex_prop2buf failed");
fail:
kex_proposal_free_entries(prop);
free(prop);
return SSH_ERR_INTERNAL_ERROR;
}
kex_proposal_free_entries(prop);
free(prop);
}
kex->done = 1;
kex->flags &= ~KEX_INITIAL;
sshbuf_reset(kex->peer);
/* sshbuf_reset(kex->my); */
kex->flags &= ~KEX_INIT_SENT;
free(kex->name);
kex->name = NULL;

4
usr.bin/ssh/ssh-add.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-add.c,v 1.170 2023/12/19 06:57:34 jmc Exp $ */
/* $OpenBSD: ssh-add.c,v 1.171 2024/01/08 00:30:39 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -810,7 +810,7 @@ main(int argc, char **argv)
LogLevel log_level = SYSLOG_LEVEL_INFO;
struct sshkey *k, **certs = NULL;
struct dest_constraint **dest_constraints = NULL;
size_t ndest_constraints = 0i, ncerts = 0;
size_t ndest_constraints = 0, ncerts = 0;
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();

14
usr.bin/ssh/ssh_api.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssh_api.c,v 1.27 2021/04/03 06:18:41 djm Exp $ */
/* $OpenBSD: ssh_api.c,v 1.28 2024/01/09 21:39:14 djm Exp $ */
/*
* Copyright (c) 2012 Markus Friedl. All rights reserved.
*
@ -78,6 +78,7 @@ int
ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params)
{
char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
char *populated[PROPOSAL_MAX];
struct ssh *ssh;
char **proposal;
static int called;
@ -97,10 +98,19 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params)
/* Initialize key exchange */
proposal = kex_params ? kex_params->proposal : myproposal;
if ((r = kex_ready(ssh, proposal)) != 0) {
kex_proposal_populate_entries(ssh, populated,
proposal[PROPOSAL_KEX_ALGS],
proposal[PROPOSAL_ENC_ALGS_CTOS],
proposal[PROPOSAL_MAC_ALGS_CTOS],
proposal[PROPOSAL_COMP_ALGS_CTOS],
proposal[PROPOSAL_SERVER_HOST_KEY_ALGS]);
r = kex_ready(ssh, populated);
kex_proposal_free_entries(populated);
if (r != 0) {
ssh_free(ssh);
return r;
}
ssh->kex->server = is_server;
if (is_server) {
#ifdef WITH_OPENSSL

22
usr.bin/ssh/ssh_config.5
View file

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh_config.5,v 1.391 2023/10/12 02:18:18 djm Exp $
.Dd $Mdocdate: October 12 2023 $
.\" $OpenBSD: ssh_config.5,v 1.392 2024/01/09 22:19:00 djm Exp $
.Dd $Mdocdate: January 9 2024 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@ -463,8 +463,10 @@ Timeouts are specified as one or more
.Dq type=interval
pairs separated by whitespace, where the
.Dq type
must be a channel type name (as described in the table below), optionally
containing wildcard characters.
must be the special keyword
.Dq global
or a channel type name from the list below, optionally containing
wildcard characters.
.Pp
The timeout value
.Dq interval
@ -473,11 +475,19 @@ is specified in seconds or may use any of the units documented in the
section.
For example,
.Dq session=5m
would cause the interactive session to terminate after five minutes of
would cause interactive sessions to terminate after five minutes of
inactivity.
Specifying a zero value disables the inactivity timeout.
.Pp
The available channel types include:
The special timeout
.Dq global
Applies to all active channels, taken together.
Traffic on any active channel will reset the timeout, but when the timeout
expires then all open channels will be closed.
Note that this global timeout is not matched by wildcards and must be
specified explicitly.
.Pp
The available channel type names include:
.Bl -tag -width Ds
.It Cm agent-connection
Open connections to

21
usr.bin/ssh/sshconnect2.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect2.c,v 1.371 2023/12/18 14:45:49 djm Exp $ */
/* $OpenBSD: sshconnect2.c,v 1.372 2024/01/08 00:34:34 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@ -216,7 +216,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
const struct ssh_conn_info *cinfo)
{
char *myproposal[PROPOSAL_MAX];
char *s, *all_key, *hkalgs = NULL;
char *all_key, *hkalgs = NULL;
int r, use_known_hosts_order = 0;
xxx_host = host;
@ -244,14 +244,12 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
fatal_fr(r, "kex_assemble_namelist");
free(all_key);
if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
fatal_f("kex_names_cat");
if (use_known_hosts_order)
hkalgs = order_hostkeyalgs(host, hostaddr, port, cinfo);
kex_proposal_populate_entries(ssh, myproposal, s, options.ciphers,
options.macs, compression_alg_list(options.compression),
kex_proposal_populate_entries(ssh, myproposal,
options.kex_algorithms, options.ciphers, options.macs,
compression_alg_list(options.compression),
hkalgs ? hkalgs : options.hostkeyalgorithms);
free(hkalgs);
@ -274,13 +272,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
ssh->kex->verify_host_key=&verify_host_key_callback;
ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done);
/* remove ext-info from the KEX proposals for rekeying */
free(myproposal[PROPOSAL_KEX_ALGS]);
myproposal[PROPOSAL_KEX_ALGS] =
compat_kex_proposal(ssh, options.kex_algorithms);
if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0)
fatal_r(r, "kex_prop2buf");
kex_proposal_free_entries(myproposal);
#ifdef DEBUG_KEXDH
/* send 1st encrypted/maced/compressed message */
@ -290,7 +282,6 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
(r = ssh_packet_write_wait(ssh)) != 0)
fatal_fr(r, "send packet");
#endif
kex_proposal_free_entries(myproposal);
}
/*

4
usr.bin/ssh/sshd.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: sshd.c,v 1.601 2023/12/18 14:45:49 djm Exp $ */
/* $OpenBSD: sshd.c,v 1.602 2024/01/08 00:34:34 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -2261,6 +2261,7 @@ do_ssh2_kex(struct ssh *ssh)
kex->sign = sshd_hostkey_sign;
ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &kex->done);
kex_proposal_free_entries(myproposal);
#ifdef DEBUG_KEXDH
/* send 1st encrypted/maced/compressed message */
@ -2270,7 +2271,6 @@ do_ssh2_kex(struct ssh *ssh)
(r = ssh_packet_write_wait(ssh)) != 0)
fatal_fr(r, "send test");
#endif
kex_proposal_free_entries(myproposal);
debug("KEX done");
}

44
usr.bin/ssh/sshd_config.5
View file

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd_config.5,v 1.350 2023/07/28 05:42:36 jmc Exp $
.Dd $Mdocdate: July 28 2023 $
.\" $OpenBSD: sshd_config.5,v 1.351 2024/01/09 22:19:00 djm Exp $
.Dd $Mdocdate: January 9 2024 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@ -410,8 +410,10 @@ Timeouts are specified as one or more
.Dq type=interval
pairs separated by whitespace, where the
.Dq type
must be a channel type name (as described in the table below), optionally
containing wildcard characters.
must be the special keyword
.Dq global
or a channel type name from the list below, optionally containing
wildcard characters.
.Pp
The timeout value
.Dq interval
@ -419,11 +421,20 @@ is specified in seconds or may use any of the units documented in the
.Sx TIME FORMATS
section.
For example,
.Dq session:*=5m
would cause all sessions to terminate after five minutes of inactivity.
.Dq session=5m
would cause interactive sessions to terminate after five minutes of
inactivity.
Specifying a zero value disables the inactivity timeout.
.Pp
The available channel types include:
The special timeout
.Dq global
Applies to all active channels, taken together.
Traffic on any active channel will reset the timeout, but when the timeout
expires then all open channels will be closed.
Note that this global timeout is not matched by wildcards and must be
specified explicitly.
.Pp
The available channel type names include:
.Bl -tag -width Ds
.It Cm agent-connection
Open connections to
@ -444,15 +455,15 @@ listening on behalf of a
.Xr ssh 1
remote forwarding, i.e.\&
.Cm RemoteForward .
.It Cm session:command
Command execution sessions.
.It Cm session:shell
Interactive shell sessions.
.It Cm session:subsystem:...
Subsystem sessions, e.g. for
.It Cm session
The interactive main session, including shell session, command execution,
.Xr scp 1 ,
.Xr sftp 1 ,
which could be identified as
.Cm session:subsystem:sftp .
etc.
.It Cm tun-connection
Open
.Cm TunnelForward
connections.
.It Cm x11-connection
Open X11 forwarding sessions.
.El
@ -466,9 +477,6 @@ close the SSH connection, nor does it prevent a client from
requesting another channel of the same type.
In particular, expiring an inactive forwarding session does not prevent
another identical forwarding from being subsequently created.
See also
.Cm UnusedConnectionTimeout ,
which may be used in conjunction with this option.
.Pp
The default is not to expire channels of any type for inactivity.
.It Cm ChrootDirectory

20
usr.sbin/bgpctl/bgpctl.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: bgpctl.c,v 1.298 2023/11/20 14:41:55 claudio Exp $ */
/* $OpenBSD: bgpctl.c,v 1.299 2024/01/08 15:09:14 claudio Exp $ */
/*
* Copyright (c) 2003 Henning Brauer <henning@openbsd.org>
@ -194,19 +194,13 @@ main(int argc, char *argv[])
break;
case SHOW_FIB:
if (!res->addr.aid) {
struct ibuf *msg;
sa_family_t af;
struct ctl_kroute_req req = { 0 };
af = aid2af(res->aid);
if ((msg = imsg_create(imsgbuf, IMSG_CTL_KROUTE,
res->rtableid, 0, sizeof(res->flags) +
sizeof(af))) == NULL)
errx(1, "imsg_create failure");
if (imsg_add(msg, &res->flags, sizeof(res->flags)) ==
-1 ||
imsg_add(msg, &af, sizeof(af)) == -1)
errx(1, "imsg_add failure");
imsg_close(imsgbuf, msg);
req.af = aid2af(res->aid);
req.flags = res->flags;
imsg_compose(imsgbuf, IMSG_CTL_KROUTE, res->rtableid,
0, -1, &req, sizeof(req));
} else
imsg_compose(imsgbuf, IMSG_CTL_KROUTE_ADDR,
res->rtableid, 0, -1,

157
usr.sbin/bgpd/bgpd.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: bgpd.c,v 1.261 2024/01/04 10:26:14 claudio Exp $ */
/* $OpenBSD: bgpd.c,v 1.262 2024/01/09 13:41:32 claudio Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -834,6 +834,11 @@ dispatch_imsg(struct imsgbuf *imsgbuf, int idx, struct bgpd_config *conf)
struct imsg imsg;
struct peer *p;
struct rtr_config *r;
struct kroute_full kf;
struct bgpd_addr addr;
struct pftable_msg pfmsg;
struct demote_msg demote;
char reason[REASON_LEN], ifname[IFNAMSIZ];
ssize_t n;
u_int rtableid;
int rv, verbose;
@ -846,81 +851,73 @@ dispatch_imsg(struct imsgbuf *imsgbuf, int idx, struct bgpd_config *conf)
if (n == 0)
break;
switch (imsg.hdr.type) {
switch (imsg_get_type(&imsg)) {
case IMSG_KROUTE_CHANGE:
if (idx != PFD_PIPE_RDE)
log_warnx("route request not from RDE");
else if (imsg.hdr.len != IMSG_HEADER_SIZE +
sizeof(struct kroute_full))
log_warnx("wrong imsg len");
else if (kr_change(imsg.hdr.peerid, imsg.data))
else if (imsg_get_data(&imsg, &kf, sizeof(kf)) == -1)
log_warn("wrong imsg len");
else if (kr_change(imsg_get_id(&imsg), &kf))
rv = -1;
break;
case IMSG_KROUTE_DELETE:
if (idx != PFD_PIPE_RDE)
log_warnx("route request not from RDE");
else if (imsg.hdr.len != IMSG_HEADER_SIZE +
sizeof(struct kroute_full))
log_warnx("wrong imsg len");
else if (kr_delete(imsg.hdr.peerid, imsg.data))
else if (imsg_get_data(&imsg, &kf, sizeof(kf)) == -1)
log_warn("wrong imsg len");
else if (kr_delete(imsg_get_id(&imsg), &kf))
rv = -1;
break;
case IMSG_KROUTE_FLUSH:
if (idx != PFD_PIPE_RDE)
log_warnx("route request not from RDE");
else if (imsg.hdr.len != IMSG_HEADER_SIZE)
log_warnx("wrong imsg len");
else if (kr_flush(imsg.hdr.peerid))
else if (kr_flush(imsg_get_id(&imsg)))
rv = -1;
break;
case IMSG_NEXTHOP_ADD:
if (idx != PFD_PIPE_RDE)
log_warnx("nexthop request not from RDE");
else if (imsg.hdr.len != IMSG_HEADER_SIZE +
sizeof(struct bgpd_addr))
log_warnx("wrong imsg len");
else if (imsg_get_data(&imsg, &addr, sizeof(addr)) ==
-1)
log_warn("wrong imsg len");
else {
rtableid = conf->default_tableid;
if (kr_nexthop_add(rtableid, imsg.data) == -1)
if (kr_nexthop_add(rtableid, &addr) == -1)
rv = -1;
}
break;
case IMSG_NEXTHOP_REMOVE:
if (idx != PFD_PIPE_RDE)
log_warnx("nexthop request not from RDE");
else if (imsg.hdr.len != IMSG_HEADER_SIZE +
sizeof(struct bgpd_addr))
log_warnx("wrong imsg len");
else if (imsg_get_data(&imsg, &addr, sizeof(addr)) ==
-1)
log_warn("wrong imsg len");
else {
rtableid = conf->default_tableid;
kr_nexthop_delete(rtableid, imsg.data);
kr_nexthop_delete(rtableid, &addr);
}
break;
case IMSG_PFTABLE_ADD:
if (idx != PFD_PIPE_RDE)
log_warnx("pftable request not from RDE");
else
if (imsg.hdr.len != IMSG_HEADER_SIZE +
sizeof(struct pftable_msg))
log_warnx("wrong imsg len");
else if (pftable_addr_add(imsg.data) != 0)
rv = -1;
else if (imsg_get_data(&imsg, &pfmsg, sizeof(pfmsg)) ==
-1)
log_warn("wrong imsg len");
else if (pftable_addr_add(&pfmsg) != 0)
rv = -1;
break;
case IMSG_PFTABLE_REMOVE:
if (idx != PFD_PIPE_RDE)
log_warnx("pftable request not from RDE");
else
if (imsg.hdr.len != IMSG_HEADER_SIZE +
sizeof(struct pftable_msg))
log_warnx("wrong imsg len");
else if (pftable_addr_remove(imsg.data) != 0)
rv = -1;
else if (imsg_get_data(&imsg, &pfmsg, sizeof(pfmsg)) ==
-1)
log_warn("wrong imsg len");
else if (pftable_addr_remove(&pfmsg) != 0)
rv = -1;
break;
case IMSG_PFTABLE_COMMIT:
if (idx != PFD_PIPE_RDE)
log_warnx("pftable request not from RDE");
else if (imsg.hdr.len != IMSG_HEADER_SIZE)
log_warnx("wrong imsg len");
else if (pftable_commit() != 0)
rv = -1;
break;
@ -929,7 +926,7 @@ dispatch_imsg(struct imsgbuf *imsgbuf, int idx, struct bgpd_config *conf)
log_warnx("pfkey reload request not from SE");
break;
}
p = getpeerbyid(conf, imsg.hdr.peerid);
p = getpeerbyid(conf, imsg_get_id(&imsg));
if (p != NULL) {
if (pfkey_establish(p) == -1)
log_peer_warnx(&p->conf,
@ -941,24 +938,24 @@ dispatch_imsg(struct imsgbuf *imsgbuf, int idx, struct bgpd_config *conf)
log_warnx("reload request not from SE");
else {
reconfig = 1;
reconfpid = imsg.hdr.pid;
if (imsg.hdr.len == IMSG_HEADER_SIZE +
REASON_LEN && ((char *)imsg.data)[0])
reconfpid = imsg_get_pid(&imsg);
if (imsg_get_data(&imsg, reason,
sizeof(reason)) == 0 && reason[0] != '\0')
log_info("reload due to: %s",
log_reason(imsg.data));
log_reason(reason));
}
break;
case IMSG_CTL_FIB_COUPLE:
if (idx != PFD_PIPE_SESSION)
log_warnx("couple request not from SE");
else
kr_fib_couple(imsg.hdr.peerid);
kr_fib_couple(imsg_get_id(&imsg));
break;
case IMSG_CTL_FIB_DECOUPLE:
if (idx != PFD_PIPE_SESSION)
log_warnx("decouple request not from SE");
else
kr_fib_decouple(imsg.hdr.peerid);
kr_fib_decouple(imsg_get_id(&imsg));
break;
case IMSG_CTL_KROUTE:
case IMSG_CTL_KROUTE_ADDR:
@ -973,28 +970,29 @@ dispatch_imsg(struct imsgbuf *imsgbuf, int idx, struct bgpd_config *conf)
case IMSG_SESSION_DEPENDON:
if (idx != PFD_PIPE_SESSION)
log_warnx("DEPENDON request not from SE");
else if (imsg.hdr.len != IMSG_HEADER_SIZE + IFNAMSIZ)
log_warnx("DEPENDON request with wrong len");
else if (imsg_get_data(&imsg, ifname, sizeof(ifname)) ==
-1)
log_warn("wrong imsg len");
else
kr_ifinfo(imsg.data);
kr_ifinfo(ifname);
break;
case IMSG_DEMOTE:
if (idx != PFD_PIPE_SESSION)
log_warnx("demote request not from SE");
else if (imsg.hdr.len != IMSG_HEADER_SIZE +
sizeof(struct demote_msg))
log_warnx("DEMOTE request with wrong len");
else {
struct demote_msg *msg;
msg = imsg.data;
carp_demote_set(msg->demote_group, msg->level);
}
else if (imsg_get_data(&imsg, &demote, sizeof(demote))
== -1)
log_warn("wrong imsg len");
else
carp_demote_set(demote.demote_group,
demote.level);
break;
case IMSG_CTL_LOG_VERBOSE:
/* already checked by SE */
memcpy(&verbose, imsg.data, sizeof(verbose));
log_setverbose(verbose);
if (imsg_get_data(&imsg, &verbose, sizeof(verbose)) ==
-1)
log_warn("wrong imsg len");
else
log_setverbose(verbose);
break;
case IMSG_RECONF_DONE:
if (reconfpending == 0) {
@ -1037,12 +1035,12 @@ dispatch_imsg(struct imsgbuf *imsgbuf, int idx, struct bgpd_config *conf)
log_warnx("connect request not from RTR");
} else {
SIMPLEQ_FOREACH(r, &conf->rtrs, entry) {
if (imsg.hdr.peerid == r->id)
if (imsg_get_id(&imsg) == r->id)
break;
}
if (r == NULL)
log_warnx("unknown rtr id %d",
imsg.hdr.peerid);
imsg_get_id(&imsg));
else
bgpd_rtr_connect(r);
}
@ -1050,32 +1048,35 @@ dispatch_imsg(struct imsgbuf *imsgbuf, int idx, struct bgpd_config *conf)
case IMSG_CTL_SHOW_RTR:
if (idx == PFD_PIPE_SESSION) {
SIMPLEQ_FOREACH(r, &conf->rtrs, entry) {
imsg_compose(ibuf_rtr, imsg.hdr.type,
r->id, imsg.hdr.pid, -1, NULL, 0);
imsg_compose(ibuf_rtr,
IMSG_CTL_SHOW_RTR, r->id,
imsg_get_pid(&imsg), -1, NULL, 0);
}
imsg_compose(ibuf_rtr, IMSG_CTL_END,
0, imsg.hdr.pid, -1, NULL, 0);
} else if (imsg.hdr.len != IMSG_HEADER_SIZE +
sizeof(struct ctl_show_rtr)) {
log_warnx("IMSG_CTL_SHOW_RTR with wrong len");
0, imsg_get_pid(&imsg), -1, NULL, 0);
} else if (idx == PFD_PIPE_RTR) {
struct ctl_show_rtr rtr;
if (imsg_get_data(&imsg, &rtr, sizeof(rtr)) ==
-1) {
log_warn("wrong imsg len");
break;
}
SIMPLEQ_FOREACH(r, &conf->rtrs, entry) {
if (imsg.hdr.peerid == r->id)
if (imsg_get_id(&imsg) == r->id)
break;
}
if (r != NULL) {
struct ctl_show_rtr *msg;
msg = imsg.data;
strlcpy(msg->descr, r->descr,
sizeof(msg->descr));
msg->local_addr = r->local_addr;
msg->remote_addr = r->remote_addr;
msg->remote_port = r->remote_port;
strlcpy(rtr.descr, r->descr,
sizeof(rtr.descr));
rtr.local_addr = r->local_addr;
rtr.remote_addr = r->remote_addr;
rtr.remote_port = r->remote_port;
imsg_compose(ibuf_se, imsg.hdr.type,
imsg.hdr.peerid, imsg.hdr.pid,
-1, imsg.data,
imsg.hdr.len - IMSG_HEADER_SIZE);
imsg_compose(ibuf_se, IMSG_CTL_SHOW_RTR,
imsg_get_id(&imsg),
imsg_get_pid(&imsg), -1,
&rtr, sizeof(rtr));
}
}
break;
@ -1085,9 +1086,7 @@ dispatch_imsg(struct imsgbuf *imsgbuf, int idx, struct bgpd_config *conf)
log_warnx("connect request not from RTR");
break;
}
imsg_compose(ibuf_se, imsg.hdr.type, imsg.hdr.peerid,
imsg.hdr.pid, -1, imsg.data,
imsg.hdr.len - IMSG_HEADER_SIZE);
imsg_forward(ibuf_se, &imsg);
break;
default:
break;

7
usr.sbin/bgpd/bgpd.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: bgpd.h,v 1.478 2023/10/16 10:25:45 claudio Exp $ */
/* $OpenBSD: bgpd.h,v 1.479 2024/01/08 15:08:34 claudio Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -974,6 +974,11 @@ struct ctl_show_rib_request {
uint8_t aid;
};
struct ctl_kroute_req {
int flags;
sa_family_t af;
};
enum filter_actions {
ACTION_NONE,
ACTION_ALLOW,

64
usr.sbin/bgpd/kroute.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: kroute.c,v 1.307 2023/10/17 17:59:59 claudio Exp $ */
/* $OpenBSD: kroute.c,v 1.309 2024/01/09 13:41:32 claudio Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -883,95 +883,93 @@ kr_show_route(struct imsg *imsg)
struct kroute *kr, *kn;
struct kroute6 *kr6, *kn6;
struct kroute_full *kf;
struct bgpd_addr *addr;
int flags;
sa_family_t af;
struct bgpd_addr addr;
struct ctl_kroute_req req;
struct ctl_show_nexthop snh;
struct knexthop *h;
struct kif *kif;
uint32_t tableid;
pid_t pid;
u_int i;
u_short ifindex = 0;
switch (imsg->hdr.type) {
tableid = imsg_get_id(imsg);
pid = imsg_get_pid(imsg);
switch (imsg_get_type(imsg)) {
case IMSG_CTL_KROUTE:
if (imsg->hdr.len != IMSG_HEADER_SIZE + sizeof(flags) +
sizeof(af)) {
if (imsg_get_data(imsg, &req, sizeof(req)) == -1) {
log_warnx("%s: wrong imsg len", __func__);
break;
}
kt = ktable_get(imsg->hdr.peerid);
kt = ktable_get(tableid);
if (kt == NULL) {
log_warnx("%s: table %u does not exist", __func__,
imsg->hdr.peerid);
tableid);
break;
}
memcpy(&flags, imsg->data, sizeof(flags));
memcpy(&af, (char *)imsg->data + sizeof(flags), sizeof(af));
if (!af || af == AF_INET)
if (!req.af || req.af == AF_INET)
RB_FOREACH(kr, kroute_tree, &kt->krt) {
if (flags && (kr->flags & flags) == 0)
if (req.flags && (kr->flags & req.flags) == 0)
continue;
kn = kr;
do {
kf = kr_tofull(kn);
kf->priority = kr_priority(kf);
send_imsg_session(IMSG_CTL_KROUTE,
imsg->hdr.pid, kf, sizeof(*kf));
pid, kf, sizeof(*kf));
} while ((kn = kn->next) != NULL);
}
if (!af || af == AF_INET6)
if (!req.af || req.af == AF_INET6)
RB_FOREACH(kr6, kroute6_tree, &kt->krt6) {
if (flags && (kr6->flags & flags) == 0)
if (req.flags && (kr6->flags & req.flags) == 0)
continue;
kn6 = kr6;
do {
kf = kr6_tofull(kn6);
kf->priority = kr_priority(kf);
send_imsg_session(IMSG_CTL_KROUTE,
imsg->hdr.pid, kf, sizeof(*kf));
pid, kf, sizeof(*kf));
} while ((kn6 = kn6->next) != NULL);
}
break;
case IMSG_CTL_KROUTE_ADDR:
if (imsg->hdr.len != IMSG_HEADER_SIZE +
sizeof(struct bgpd_addr)) {
if (imsg_get_data(imsg, &addr, sizeof(addr)) == -1) {
log_warnx("%s: wrong imsg len", __func__);
break;
}
kt = ktable_get(imsg->hdr.peerid);
kt = ktable_get(tableid);
if (kt == NULL) {
log_warnx("%s: table %u does not exist", __func__,
imsg->hdr.peerid);
tableid);
break;
}
addr = imsg->data;
kr = NULL;
switch (addr->aid) {
switch (addr.aid) {
case AID_INET:
kr = kroute_match(kt, addr, 1);
kr = kroute_match(kt, &addr, 1);
if (kr != NULL) {
kf = kr_tofull(kr);
kf->priority = kr_priority(kf);
send_imsg_session(IMSG_CTL_KROUTE,
imsg->hdr.pid, kf, sizeof(*kf));
pid, kf, sizeof(*kf));
}
break;
case AID_INET6:
kr6 = kroute6_match(kt, addr, 1);
kr6 = kroute6_match(kt, &addr, 1);
if (kr6 != NULL) {
kf = kr6_tofull(kr6);
kf->priority = kr_priority(kf);
send_imsg_session(IMSG_CTL_KROUTE,
imsg->hdr.pid, kf, sizeof(*kf));
pid, kf, sizeof(*kf));
}
break;
}
break;
case IMSG_CTL_SHOW_NEXTHOP:
kt = ktable_get(imsg->hdr.peerid);
kt = ktable_get(tableid);
if (kt == NULL) {
log_warnx("%s: table %u does not exist", __func__,
imsg->hdr.peerid);
tableid);
break;
}
RB_FOREACH(h, knexthop_tree, KT2KNT(kt)) {
@ -1000,14 +998,14 @@ kr_show_route(struct imsg *imsg)
kr_show_interface(kif),
sizeof(snh.iface));
}
send_imsg_session(IMSG_CTL_SHOW_NEXTHOP, imsg->hdr.pid,
send_imsg_session(IMSG_CTL_SHOW_NEXTHOP, pid,
&snh, sizeof(snh));
}
break;
case IMSG_CTL_SHOW_INTERFACE:
RB_FOREACH(kif, kif_tree, &kit)
send_imsg_session(IMSG_CTL_SHOW_INTERFACE,
imsg->hdr.pid, kr_show_interface(kif),
pid, kr_show_interface(kif),
sizeof(struct ctl_show_interface));
break;
case IMSG_CTL_SHOW_FIB_TABLES:
@ -1025,14 +1023,14 @@ kr_show_route(struct imsg *imsg)
TAILQ_INIT(&ktab.krn);
send_imsg_session(IMSG_CTL_SHOW_FIB_TABLES,
imsg->hdr.pid, &ktab, sizeof(ktab));
pid, &ktab, sizeof(ktab));
}
break;
default: /* nada */
break;
}
send_imsg_session(IMSG_CTL_END, imsg->hdr.pid, NULL, 0);
send_imsg_session(IMSG_CTL_END, pid, NULL, 0);
}
static void

417
usr.sbin/bgpd/rtr_proto.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: rtr_proto.c,v 1.23 2024/01/05 11:02:57 claudio Exp $ */
/* $OpenBSD: rtr_proto.c,v 1.27 2024/01/09 15:13:49 claudio Exp $ */
/*
* Copyright (c) 2020 Claudio Jeker <claudio@openbsd.org>
@ -33,7 +33,7 @@ struct rtr_header {
uint8_t type;
uint16_t session_id; /* or error code */
uint32_t length;
};
} __packed;
#define RTR_MAX_VERSION 2
#define RTR_MAX_LEN 2048
@ -56,42 +56,76 @@ enum rtr_pdu_type {
ASPA = 11,
};
struct rtr_notify {
struct rtr_header hdr;
uint32_t serial;
} __packed;
struct rtr_query {
struct rtr_header hdr;
uint32_t serial;
} __packed;
struct rtr_reset {
struct rtr_header hdr;
} __packed;
struct rtr_response {
struct rtr_header hdr;
} __packed;
#define FLAG_ANNOUNCE 0x1
#define FLAG_MASK FLAG_ANNOUNCE
struct rtr_ipv4 {
uint8_t flags;
uint8_t prefixlen;
uint8_t maxlen;
uint8_t zero;
uint32_t prefix;
uint32_t asnum;
};
struct rtr_header hdr;
uint8_t flags;
uint8_t prefixlen;
uint8_t maxlen;
uint8_t zero;
uint32_t prefix;
uint32_t asnum;
} __packed;
struct rtr_ipv6 {
uint8_t flags;
uint8_t prefixlen;
uint8_t maxlen;
uint8_t zero;
uint32_t prefix[4];
uint32_t asnum;
};
struct rtr_header hdr;
uint8_t flags;
uint8_t prefixlen;
uint8_t maxlen;
uint8_t zero;
uint32_t prefix[4];
uint32_t asnum;
} __packed;
struct rtr_routerkey {
struct rtr_header hdr;
uint8_t ski[20];
uint32_t asnum;
/* followed by Subject Public Key Info */
} __packed;
#define FLAG_AFI_V6 0x1
#define FLAG_AFI_MASK FLAG_AFI_V6
struct rtr_aspa {
uint8_t flags;
uint8_t afi_flags;
uint16_t cnt;
uint32_t cas;
struct rtr_header hdr;
uint8_t flags;
uint8_t afi_flags;
uint16_t cnt;
uint32_t cas;
/* array of spas with cnt elements follows */
};
} __packed;
struct rtr_endofdata {
uint32_t serial;
uint32_t refresh;
uint32_t retry;
uint32_t expire;
};
struct rtr_header hdr;
uint32_t serial;
uint32_t refresh;
uint32_t retry;
uint32_t expire;
} __packed;
struct rtr_endofdata_v0 {
struct rtr_header hdr;
uint32_t serial;
} __packed;
enum rtr_event {
RTR_EVNT_START,
@ -109,6 +143,7 @@ enum rtr_event {
RTR_EVNT_NO_DATA,
RTR_EVNT_RESET_AND_CLOSE,
RTR_EVNT_UNSUPP_PROTO_VERSION,
RTR_EVNT_NEGOTIATION_DONE,
};
static const char *rtr_eventnames[] = {
@ -127,6 +162,7 @@ static const char *rtr_eventnames[] = {
"no data",
"connection closed with reset",
"unsupported protocol version",
"negotiation done",
};
enum rtr_state {
@ -344,7 +380,25 @@ rtr_send_serial_query(struct rtr_session *rs)
}
/*
* Validate the common rtr header (first 8 bytes) including the
* Check the session_id of the rtr_header to match the expected value.
* Returns -1 on failure and 0 on success.
*/
static int
rtr_check_session_id(struct rtr_session *rs, uint16_t session_id,
struct rtr_header *rh, struct ibuf *pdu)
{
if (session_id != ntohs(rh->session_id)) {
log_warnx("rtr %s: received %s: bad session_id: %d != %d",
log_rtr(rs), log_rtr_type(rh->type), ntohs(rh->session_id),
session_id);
rtr_send_error(rs, CORRUPT_DATA, "bad session_id", pdu);
return -1;
}
return 0;
}
/*
* Parse the common rtr header (first 8 bytes) including the
* included length field.
* Returns -1 on failure. On success msgtype and msglen are set
* and the function return 0.
@ -354,123 +408,133 @@ rtr_parse_header(struct rtr_session *rs, struct ibuf *hdr,
size_t *msglen, enum rtr_pdu_type *msgtype)
{
struct rtr_header rh;
uint32_t len = 16; /* default for ERROR_REPORT */
int session_id;
size_t len;
if (ibuf_get(hdr, &rh, sizeof(rh)) == -1)
fatal("%s: ibuf_get", __func__);
if (rh.version != rs->version && rh.type != ERROR_REPORT) {
badversion:
log_warnx("rtr %s: received %s message: unexpected version %d",
log_rtr(rs), log_rtr_type(rh.type), rh.version);
rtr_send_error(rs, UNEXP_PROTOCOL_VERS, NULL, hdr);
len = ntohl(rh.length);
if (len > RTR_MAX_LEN) {
log_warnx("rtr %s: received %s: pdu too big: %zu byte",
log_rtr(rs), log_rtr_type(rh.type), len);
rtr_send_error(rs, CORRUPT_DATA, "pdu too big", hdr);
return -1;
}
*msgtype = rh.type;
*msglen = ntohl(rh.length);
if (rs->state == RTR_STATE_NEGOTIATION) {
switch (rh.type) {
case CACHE_RESPONSE:
case CACHE_RESET:
case ERROR_REPORT:
if (rh.version < rs->version)
rs->version = rh.version;
rtr_fsm(rs, RTR_EVNT_NEGOTIATION_DONE);
break;
case SERIAL_NOTIFY:
/* ignore SERIAL_NOTIFY */
break;
default:
log_warnx("rtr %s: received %s: out of context",
log_rtr(rs), log_rtr_type(rh.type));
rtr_send_error(rs, CORRUPT_DATA, "out of context", hdr);
return -1;
}
} else if (rh.version != rs->version && rh.type != ERROR_REPORT) {
goto badversion;
}
switch (rh.type) {
case SERIAL_NOTIFY:
session_id = rs->session_id;
len = 12;
if (len != sizeof(struct rtr_notify))
goto badlen;
break;
case CACHE_RESPONSE:
/* set session_id if not yet happened */
if (rs->session_id == -1)
rs->session_id = ntohs(rh.session_id);
session_id = rs->session_id;
len = 8;
if (len != sizeof(struct rtr_response))
goto badlen;
break;
case IPV4_PREFIX:
session_id = 0;
len = 20;
if (len != sizeof(struct rtr_ipv4))
goto badlen;
break;
case IPV6_PREFIX:
session_id = 0;
len = 32;
if (len != sizeof(struct rtr_ipv6))
goto badlen;
break;
case END_OF_DATA:
session_id = rs->session_id;
len = 24;
if (rs->version == 0) {
if (len != sizeof(struct rtr_endofdata_v0))
goto badlen;
} else {
if (len != sizeof(struct rtr_endofdata))
goto badlen;
}
break;
case CACHE_RESET:
session_id = 0;
len = 8;
if (len != sizeof(struct rtr_reset))
goto badlen;
break;
case ROUTER_KEY:
if (rs->version < 1)
goto badversion;
len = 36; /* XXX probably too small, but we ignore it */
/* FALLTHROUGH */
if (len < sizeof(struct rtr_routerkey))
goto badlen;
break;
case ERROR_REPORT:
if (*msglen > RTR_MAX_LEN) {
toobig:
log_warnx("rtr %s: received %s: msg too big: %zu byte",
log_rtr(rs), log_rtr_type(rh.type), *msglen);
rtr_send_error(rs, CORRUPT_DATA, "too big", hdr);
return -1;
}
if (*msglen < len) {
toosmall:
log_warnx("rtr %s: received %s: msg too small: "
"%zu byte", log_rtr(rs), log_rtr_type(rh.type),
*msglen);
rtr_send_error(rs, CORRUPT_DATA, "too small", hdr);
return -1;
}
/*
* session_id check omitted since ROUTER_KEY and ERROR_REPORT
* use the field for different things.
*/
return 0;
if (len < 16)
goto badlen;
break;
case ASPA:
if (rs->version < 2)
goto badversion;
session_id = 0;
/* unlike all other messages ASPA is variable sized */
if (*msglen > RTR_MAX_LEN)
goto toobig;
if (*msglen < sizeof(struct rtr_aspa))
goto toosmall;
/* len must be a multiple of 4 */
len = *msglen & ~0x3;
if (len < sizeof(struct rtr_aspa) || (len % 4) != 0)
goto badlen;
break;
default:
log_warnx("rtr %s: received unknown message: type %s",
log_warnx("rtr %s: received unsupported pdu: type %s",
log_rtr(rs), log_rtr_type(rh.type));
rtr_send_error(rs, UNSUPP_PDU_TYPE, NULL, hdr);
return -1;
}
if (len != *msglen) {
log_warnx("rtr %s: received %s: illegal len: %zu byte not %u",
log_rtr(rs), log_rtr_type(rh.type), *msglen, len);
rtr_send_error(rs, CORRUPT_DATA, "bad length", hdr);
return -1;
}
if (session_id != ntohs(rh.session_id)) {
/* ignore SERIAL_NOTIFY during startup */
if (rs->session_id == -1 && rh.type == SERIAL_NOTIFY)
return 0;
log_warnx("rtr %s: received %s: bad session_id: %d != %d",
log_rtr(rs), log_rtr_type(rh.type), ntohs(rh.session_id),
session_id);
rtr_send_error(rs, CORRUPT_DATA, "bad session_id", hdr);
return -1;
}
*msglen = len;
*msgtype = rh.type;
return 0;
badlen:
log_warnx("rtr %s: received %s: bad pdu length: %zu bytes",
log_rtr(rs), log_rtr_type(rh.type), len);
rtr_send_error(rs, CORRUPT_DATA, "bad length", hdr);
return -1;
badversion:
log_warnx("rtr %s: received %s message: unexpected version %d",
log_rtr(rs), log_rtr_type(rh.type), rh.version);
rtr_send_error(rs, UNEXP_PROTOCOL_VERS, NULL, hdr);
return -1;
}
static int
rtr_parse_notify(struct rtr_session *rs, struct ibuf *pdu)
{
if (rs->state == RTR_STATE_EXCHANGE ||
rs->state == RTR_STATE_NEGOTIATION) {
struct rtr_notify notify;
/* ignore SERIAL_NOTIFY during startup */
if (rs->state == RTR_STATE_NEGOTIATION)
return 0;
if (ibuf_get(pdu, &notify, sizeof(notify)) == -1) {
log_warnx("rtr %s: received %s: bad pdu length",
log_rtr(rs), log_rtr_type(SERIAL_NOTIFY));
rtr_send_error(rs, CORRUPT_DATA, "bad length", pdu);
return -1;
}
if (rtr_check_session_id(rs, rs->session_id, &notify.hdr, pdu) == -1)
return -1;
if (rs->state != RTR_STATE_ESTABLISHED) {
log_warnx("rtr %s: received %s: while in state %s (ignored)",
log_rtr(rs), log_rtr_type(SERIAL_NOTIFY),
rtr_statenames[rs->state]);
@ -484,10 +548,26 @@ rtr_parse_notify(struct rtr_session *rs, struct ibuf *pdu)
static int
rtr_parse_cache_response(struct rtr_session *rs, struct ibuf *pdu)
{
if (rs->state != RTR_STATE_ESTABLISHED &&
rs->state != RTR_STATE_NEGOTIATION) {
struct rtr_response resp;
if (ibuf_get(pdu, &resp, sizeof(resp)) == -1) {
log_warnx("rtr %s: received %s: bad pdu length",
log_rtr(rs), log_rtr_type(CACHE_RESPONSE));
rtr_send_error(rs, CORRUPT_DATA, "bad length", pdu);
return -1;
}
/* set session_id if not yet happened */
if (rs->session_id == -1)
rs->session_id = ntohs(resp.hdr.session_id);
if (rtr_check_session_id(rs, rs->session_id, &resp.hdr, pdu) == -1)
return -1;
if (rs->state != RTR_STATE_ESTABLISHED) {
log_warnx("rtr %s: received %s: out of context",
log_rtr(rs), log_rtr_type(CACHE_RESPONSE));
rtr_send_error(rs, CORRUPT_DATA, "out of context", pdu);
return -1;
}
@ -501,18 +581,20 @@ rtr_parse_ipv4_prefix(struct rtr_session *rs, struct ibuf *pdu)
struct rtr_ipv4 ip4;
struct roa *roa;
if (ibuf_skip(pdu, sizeof(struct rtr_header)) == -1 ||
ibuf_get(pdu, &ip4, sizeof(ip4)) == -1) {
log_warnx("rtr %s: received %s: bad pdu len",
if (ibuf_get(pdu, &ip4, sizeof(ip4)) == -1) {
log_warnx("rtr %s: received %s: bad pdu length",
log_rtr(rs), log_rtr_type(IPV4_PREFIX));
rtr_send_error(rs, CORRUPT_DATA, "bad len", pdu);
rtr_send_error(rs, CORRUPT_DATA, "bad length", pdu);
return -1;
}
if (rtr_check_session_id(rs, 0, &ip4.hdr, pdu) == -1)
return -1;
if (rs->state != RTR_STATE_EXCHANGE) {
log_warnx("rtr %s: received %s: out of context",
log_rtr(rs), log_rtr_type(IPV4_PREFIX));
rtr_send_error(rs, CORRUPT_DATA, NULL, pdu);
rtr_send_error(rs, CORRUPT_DATA, "out of context", pdu);
return -1;
}
@ -569,18 +651,20 @@ rtr_parse_ipv6_prefix(struct rtr_session *rs, struct ibuf *pdu)
struct rtr_ipv6 ip6;
struct roa *roa;
if (ibuf_skip(pdu, sizeof(struct rtr_header)) == -1 ||
ibuf_get(pdu, &ip6, sizeof(ip6)) == -1) {
log_warnx("rtr %s: received %s: bad pdu len",
if (ibuf_get(pdu, &ip6, sizeof(ip6)) == -1) {
log_warnx("rtr %s: received %s: bad pdu length",
log_rtr(rs), log_rtr_type(IPV6_PREFIX));
rtr_send_error(rs, CORRUPT_DATA, "bad len", pdu);
rtr_send_error(rs, CORRUPT_DATA, "bad length", pdu);
return -1;
}
if (rtr_check_session_id(rs, 0, &ip6.hdr, pdu) == -1)
return -1;
if (rs->state != RTR_STATE_EXCHANGE) {
log_warnx("rtr %s: received %s: out of context",
log_rtr(rs), log_rtr_type(IPV6_PREFIX));
rtr_send_error(rs, CORRUPT_DATA, NULL, pdu);
rtr_send_error(rs, CORRUPT_DATA, "out of context", pdu);
return -1;
}
@ -638,25 +722,24 @@ rtr_parse_aspa(struct rtr_session *rs, struct ibuf *pdu)
struct aspa_set *aspa, *a;
uint16_t cnt, i;
if (ibuf_skip(pdu, sizeof(struct rtr_header)) == -1 ||
ibuf_get(pdu, &rtr_aspa, sizeof(rtr_aspa)) == -1) {
log_warnx("rtr %s: received %s: bad pdu len",
if (ibuf_get(pdu, &rtr_aspa, sizeof(rtr_aspa)) == -1) {
log_warnx("rtr %s: received %s: bad pdu length",
log_rtr(rs), log_rtr_type(ASPA));
rtr_send_error(rs, CORRUPT_DATA, "bad len", pdu);
rtr_send_error(rs, CORRUPT_DATA, "bad length", pdu);
return -1;
}
cnt = ntohs(rtr_aspa.cnt);
if (ibuf_size(pdu) != cnt * sizeof(uint32_t)) {
log_warnx("rtr %s: received %s: bad pdu len",
log_warnx("rtr %s: received %s: bad pdu length",
log_rtr(rs), log_rtr_type(ASPA));
rtr_send_error(rs, CORRUPT_DATA, "bad len", pdu);
rtr_send_error(rs, CORRUPT_DATA, "bad length", pdu);
return -1;
}
if (rs->state != RTR_STATE_EXCHANGE) {
log_warnx("rtr %s: received %s: out of context",
log_rtr(rs), log_rtr_type(ASPA));
rtr_send_error(rs, CORRUPT_DATA, NULL, pdu);
rtr_send_error(rs, CORRUPT_DATA, "out of context", pdu);
return -1;
}
@ -686,9 +769,9 @@ rtr_parse_aspa(struct rtr_session *rs, struct ibuf *pdu)
}
for (i = 0; i < cnt; i++) {
if (ibuf_get_n32(pdu, &aspa->tas[i]) == -1) {
log_warnx("rtr %s: received %s: bad pdu len",
log_warnx("rtr %s: received %s: bad pdu length",
log_rtr(rs), log_rtr_type(ASPA));
rtr_send_error(rs, CORRUPT_DATA, "bad len",
rtr_send_error(rs, CORRUPT_DATA, "bad length",
pdu);
return -1;
}
@ -727,22 +810,58 @@ rtr_parse_aspa(struct rtr_session *rs, struct ibuf *pdu)
return 0;
}
static int
rtr_parse_end_of_data_v0(struct rtr_session *rs, struct ibuf *pdu)
{
struct rtr_endofdata_v0 eod;
if (ibuf_get(pdu, &eod, sizeof(eod)) == -1) {
log_warnx("rtr %s: received %s: bad pdu length",
log_rtr(rs), log_rtr_type(END_OF_DATA));
rtr_send_error(rs, CORRUPT_DATA, "bad length", pdu);
return -1;
}
if (rtr_check_session_id(rs, rs->session_id, &eod.hdr, pdu) == -1)
return -1;
if (rs->state != RTR_STATE_EXCHANGE) {
log_warnx("rtr %s: received %s: out of context",
log_rtr(rs), log_rtr_type(END_OF_DATA));
rtr_send_error(rs, CORRUPT_DATA, "out of context", pdu);
return -1;
}
rs->serial = ntohl(eod.serial);
rtr_fsm(rs, RTR_EVNT_END_OF_DATA);
return 0;
}
static int
rtr_parse_end_of_data(struct rtr_session *rs, struct ibuf *pdu)
{
struct rtr_endofdata eod;
uint32_t t;
if (ibuf_skip(pdu, sizeof(struct rtr_header)) == -1 ||
ibuf_get(pdu, &eod, sizeof(eod)) == -1) {
log_warnx("rtr %s: received %s: bad pdu len",
/* version 0 does not have the timing values */
if (rs->version == 0)
return rtr_parse_end_of_data_v0(rs, pdu);
if (ibuf_get(pdu, &eod, sizeof(eod)) == -1) {
log_warnx("rtr %s: received %s: bad pdu length",
log_rtr(rs), log_rtr_type(END_OF_DATA));
rtr_send_error(rs, CORRUPT_DATA, "bad length", pdu);
return -1;
}
if (rtr_check_session_id(rs, rs->session_id, &eod.hdr, pdu) == -1)
return -1;
if (rs->state != RTR_STATE_EXCHANGE) {
log_warnx("rtr %s: received %s: out of context",
log_rtr(rs), log_rtr_type(END_OF_DATA));
rtr_send_error(rs, CORRUPT_DATA, "out of context", pdu);
return -1;
}
@ -769,15 +888,29 @@ rtr_parse_end_of_data(struct rtr_session *rs, struct ibuf *pdu)
bad:
log_warnx("rtr %s: received %s: bad timeout values",
log_rtr(rs), log_rtr_type(END_OF_DATA));
rtr_send_error(rs, CORRUPT_DATA, "bad timeout values", pdu);
return -1;
}
static int
rtr_parse_cache_reset(struct rtr_session *rs, struct ibuf *pdu)
{
struct rtr_reset reset;
if (ibuf_get(pdu, &reset, sizeof(reset)) == -1) {
log_warnx("rtr %s: received %s: bad pdu length",
log_rtr(rs), log_rtr_type(CACHE_RESET));
rtr_send_error(rs, CORRUPT_DATA, "bad length", pdu);
return -1;
}
if (rtr_check_session_id(rs, 0, &reset.hdr, pdu) == -1)
return -1;
if (rs->state != RTR_STATE_ESTABLISHED) {
log_warnx("rtr %s: received %s: out of context",
log_rtr(rs), log_rtr_type(CACHE_RESET));
rtr_send_error(rs, CORRUPT_DATA, "out of context", pdu);
return -1;
}
@ -892,38 +1025,28 @@ rtr_process_msg(struct rtr_session *rs)
switch (msgtype) {
case SERIAL_NOTIFY:
if (rtr_parse_notify(rs, &msg) == -1) {
rtr_send_error(rs, CORRUPT_DATA, NULL, &msg);
if (rtr_parse_notify(rs, &msg) == -1)
return;
}
break;
case CACHE_RESPONSE:
if (rtr_parse_cache_response(rs, &msg) == -1) {
rtr_send_error(rs, CORRUPT_DATA, NULL, &msg);
if (rtr_parse_cache_response(rs, &msg) == -1)
return;
}
break;
case IPV4_PREFIX:
if (rtr_parse_ipv4_prefix(rs, &msg) == -1) {
if (rtr_parse_ipv4_prefix(rs, &msg) == -1)
return;
}
break;
case IPV6_PREFIX:
if (rtr_parse_ipv6_prefix(rs, &msg) == -1) {
if (rtr_parse_ipv6_prefix(rs, &msg) == -1)
return;
}
break;
case END_OF_DATA:
if (rtr_parse_end_of_data(rs, &msg) == -1) {
rtr_send_error(rs, CORRUPT_DATA, NULL, &msg);
if (rtr_parse_end_of_data(rs, &msg) == -1)
return;
}
break;
case CACHE_RESET:
if (rtr_parse_cache_reset(rs, &msg) == -1) {
rtr_send_error(rs, CORRUPT_DATA, NULL, &msg);
if (rtr_parse_cache_reset(rs, &msg) == -1)
return;
}
break;
case ROUTER_KEY:
/* silently ignore router key */
@ -935,14 +1058,13 @@ rtr_process_msg(struct rtr_session *rs)
}
break;
case ASPA:
if (rtr_parse_aspa(rs, &msg) == -1) {
if (rtr_parse_aspa(rs, &msg) == -1)
return;
}
break;
default:
log_warnx("rtr %s: received %s: unexpected pdu type",
log_warnx("rtr %s: received %s: unsupported pdu type",
log_rtr(rs), log_rtr_type(msgtype));
rtr_send_error(rs, INVALID_REQUEST, NULL, &msg);
rtr_send_error(rs, UNSUPP_PDU_TYPE, NULL, &msg);
return;
}
}
@ -1094,6 +1216,9 @@ rtr_fsm(struct rtr_session *rs, enum rtr_event event)
/* flush receive buffer */
rs->r.wpos = 0;
break;
case RTR_EVNT_NEGOTIATION_DONE:
rs->state = RTR_STATE_ESTABLISHED;
break;
}
log_debug("rtr %s: state change %s -> %s, reason: %s",

12
usr.sbin/makefs/ffs.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ffs.c,v 1.38 2023/08/08 04:45:44 guenther Exp $ */
/* $OpenBSD: ffs.c,v 1.39 2024/01/09 03:16:00 guenther Exp $ */
/* $NetBSD: ffs.c,v 1.66 2015/12/21 00:58:08 christos Exp $ */
/*
@ -550,9 +550,9 @@ ffs_size_dir(fsnode *root, fsinfo_t *fsopts)
#define ADDDIRENT(e) do { \
tmpdir.d_namlen = strlen((e)); \
this = DIRSIZ(NEWDIRFMT, &tmpdir); \
if (this + curdirsize > roundup(curdirsize, DIRBLKSIZ)) \
curdirsize = roundup(curdirsize, DIRBLKSIZ); \
this = DIRSIZ(&tmpdir); \
if (this + curdirsize > roundup(curdirsize, DIRBLKSIZ)) \
curdirsize = roundup(curdirsize, DIRBLKSIZ); \
curdirsize += this; \
} while (0);
@ -887,12 +887,12 @@ ffs_make_dirbuf(dirbuf_t *dbuf, const char *name, fsnode *node)
de.d_type = IFTODT(node->type);
de.d_namlen = (uint8_t)strlen(name);
strlcpy(de.d_name, name, sizeof de.d_name);
de.d_reclen = DIRSIZ(NEWDIRFMT, &de);
de.d_reclen = DIRSIZ(&de);
dp = (struct direct *)(dbuf->buf + dbuf->cur);
llen = 0;
if (dp != NULL)
llen = DIRSIZ(NEWDIRFMT, dp);
llen = DIRSIZ(dp);
if (de.d_reclen + dbuf->cur + llen > roundup(dbuf->size, DIRBLKSIZ)) {
newbuf = erealloc(dbuf->buf, dbuf->size + DIRBLKSIZ);

9
usr.sbin/radiusd/radiusd.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: radiusd.c,v 1.33 2023/10/23 00:58:32 yasuoka Exp $ */
/* $OpenBSD: radiusd.c,v 1.34 2024/01/08 04:16:48 yasuoka Exp $ */
/*
* Copyright (c) 2013, 2023 Internet Initiative Japan Inc.
@ -1545,6 +1545,13 @@ radiusd_module_response_decoration(struct radiusd_module *module,
radiusd_access_request_aborted(q);
return;
}
if (imsg_compose_radius_packet(&module->ibuf,
IMSG_RADIUSD_MODULE_RESDECO0_REQ, q->id, q->req) == -1) {
log_warn("q=%u Could not send RESDECO0_REQ to `%s'", q->id,
module->name);
radiusd_access_request_aborted(q);
return;
}
if (imsg_compose_radius_packet(&module->ibuf,
IMSG_RADIUSD_MODULE_RESDECO, q->id, q->res) == -1) {
log_warn("q=%u Could not send RESDECO to `%s'", q->id,

3
usr.sbin/radiusd/radiusd.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: radiusd.h,v 1.5 2023/09/08 05:56:22 yasuoka Exp $ */
/* $OpenBSD: radiusd.h,v 1.6 2024/01/08 04:16:48 yasuoka Exp $ */
#ifndef RADIUSD_H
#define RADIUSD_H 1
@ -42,6 +42,7 @@ enum imsg_type {
IMSG_RADIUSD_MODULE_ACCSREQ_ABORTED,
IMSG_RADIUSD_MODULE_REQDECO,
IMSG_RADIUSD_MODULE_REQDECO_DONE,
IMSG_RADIUSD_MODULE_RESDECO0_REQ, /* request pkt for RESDECO */
IMSG_RADIUSD_MODULE_RESDECO,
IMSG_RADIUSD_MODULE_RESDECO_DONE,
IMSG_RADIUSD_MODULE_STOP

42
usr.sbin/radiusd/radiusd_module.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: radiusd_module.c,v 1.14 2023/09/08 05:56:22 yasuoka Exp $ */
/* $OpenBSD: radiusd_module.c,v 1.15 2024/01/08 04:16:48 yasuoka Exp $ */
/*
* Copyright (c) 2015 YASUOKA Masahiko <yasuoka@yasuoka.net>
@ -49,7 +49,7 @@ static void (*module_access_request) (void *, u_int, const u_char *,
static void (*module_request_decoration) (void *, u_int, const u_char *,
size_t) = NULL;
static void (*module_response_decoration) (void *, u_int, const u_char *,
size_t) = NULL;
size_t, const u_char *, size_t) = NULL;
struct module_base {
void *ctx;
@ -60,6 +60,9 @@ struct module_base {
u_char *radpkt;
int radpktsiz;
int radpktoff;
u_char *radpkt2;
int radpkt2siz; /* allocated size */
int radpkt2len; /* actual size */
#ifdef USE_LIBEVENT
struct module_imsgbuf *module_imsgbuf;
@ -131,7 +134,11 @@ module_run(struct module_base *base)
void
module_destroy(struct module_base *base)
{
imsg_clear(&base->ibuf);
if (base != NULL) {
free(base->radpkt);
free(base->radpkt2);
imsg_clear(&base->ibuf);
}
free(base);
}
@ -438,6 +445,7 @@ module_imsg_handler(struct module_base *base, struct imsg *imsg)
}
case IMSG_RADIUSD_MODULE_ACCSREQ:
case IMSG_RADIUSD_MODULE_REQDECO:
case IMSG_RADIUSD_MODULE_RESDECO0_REQ:
case IMSG_RADIUSD_MODULE_RESDECO:
{
struct radiusd_module_radpkt_arg *accessreq;
@ -464,7 +472,10 @@ module_imsg_handler(struct module_base *base, struct imsg *imsg)
"module doesn't support");
break;
}
typestr = "RESDECO";
if (imsg->hdr.type == IMSG_RADIUSD_MODULE_RESDECO0_REQ)
typestr = "RESDECO0_REQ";
else
typestr = "RESDECO";
}
if (datalen <
@ -512,9 +523,28 @@ module_imsg_handler(struct module_base *base, struct imsg *imsg)
else if (imsg->hdr.type == IMSG_RADIUSD_MODULE_REQDECO)
module_request_decoration(base->ctx, accessreq->q_id,
base->radpkt, base->radpktoff);
else
else if (imsg->hdr.type == IMSG_RADIUSD_MODULE_RESDECO0_REQ) {
/* preserve request */
if (base->radpktoff > base->radpkt2siz) {
u_char *nradpkt;
if ((nradpkt = realloc(base->radpkt2,
base->radpktoff)) == NULL) {
syslog(LOG_ERR, "Could not handle "
"received %s message: %m", typestr);
base->radpktoff = 0;
goto accsreq_out;
}
base->radpkt2 = nradpkt;
base->radpkt2siz = base->radpktoff;
}
memcpy(base->radpkt2, base->radpkt, base->radpktoff);
base->radpkt2len = base->radpktoff;
} else {
module_response_decoration(base->ctx, accessreq->q_id,
base->radpkt, base->radpktoff);
base->radpkt2, base->radpkt2len, base->radpkt,
base->radpktoff);
base->radpkt2len = 0;
}
base->radpktoff = 0;
accsreq_out:
break;

2
usr.sbin/radiusd/radiusd_module.h
View file

@ -41,7 +41,7 @@ struct module_handlers {
size_t pktlen);
void (*response_decoration)(void *ctx, u_int query_id,
const u_char *pkt, size_t pktlen);
const u_char *req, size_t reqlen, const u_char *res, size_t reslen);
};
#define SYNTAX_ASSERT(_cond, _msg) \

36
usr.sbin/radiusd/radiusd_standard.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: radiusd_standard.c,v 1.1 2023/09/08 05:56:22 yasuoka Exp $ */
/* $OpenBSD: radiusd_standard.c,v 1.2 2024/01/08 04:16:48 yasuoka Exp $ */
/*
* Copyright (c) 2013, 2023 Internet Initiative Japan Inc.
@ -52,7 +52,8 @@ struct module_standard {
static void module_standard_config_set(void *, const char *, int,
char * const *);
static void module_standard_reqdeco(void *, u_int, const u_char *, size_t);
static void module_standard_resdeco(void *, u_int, const u_char *, size_t);
static void module_standard_resdeco(void *, u_int, const u_char *, size_t,
const u_char *, size_t);
int
main(int argc, char *argv[])
@ -261,38 +262,39 @@ module_standard_reqdeco(void *ctx, u_int q_id, const u_char *pkt, size_t pktlen)
/* response message decoration */
static void
module_standard_resdeco(void *ctx, u_int q_id, const u_char *pkt, size_t pktlen)
module_standard_resdeco(void *ctx, u_int q_id, const u_char *req, size_t reqlen,
const u_char *res, size_t reslen)
{
struct module_standard *module = ctx;
RADIUS_PACKET *radpkt = NULL;
RADIUS_PACKET *radres = NULL;
struct attr *attr;
TAILQ_FOREACH(attr, &module->remove_reqattrs, next) {
if (radpkt == NULL &&
(radpkt = radius_convert_packet(pkt, pktlen)) == NULL) {
syslog(LOG_ERR,
if (radres == NULL &&
(radres = radius_convert_packet(res, reslen)) == NULL) {
syslog(LOG_ERR,
"%s: radius_convert_packet() failed: %m", __func__);
module_stop(module->base);
return;
}
if (attr->type != RADIUS_TYPE_VENDOR_SPECIFIC)
radius_del_attr_all(radpkt, attr->type);
radius_del_attr_all(radres, attr->type);
else
radius_del_vs_attr_all(radpkt, attr->vendor,
radius_del_vs_attr_all(radres, attr->vendor,
attr->vtype);
}
if (radpkt == NULL) {
pkt = NULL;
pktlen = 0;
if (radres == NULL) {
res = NULL;
reslen = 0;
} else {
pkt = radius_get_data(radpkt);
pktlen = radius_get_length(radpkt);
res = radius_get_data(radres);
reslen = radius_get_length(radres);
}
if (module_resdeco_done(module->base, q_id, pkt, pktlen) == -1) {
if (module_resdeco_done(module->base, q_id, res, reslen) == -1) {
syslog(LOG_ERR, "%s: module_resdeco_done() failed: %m",
__func__);
module_stop(module->base);
}
if (radpkt != NULL)
radius_delete_packet(radpkt);
if (radres != NULL)
radius_delete_packet(radres);
}

6
usr.sbin/rpki-client/parser.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: parser.c,v 1.106 2023/12/29 17:15:10 tb Exp $ */
/* $OpenBSD: parser.c,v 1.107 2024/01/08 19:46:19 tb Exp $ */
/*
* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -38,6 +38,8 @@
#include "extern.h"
extern int noop;
static X509_STORE_CTX *ctx;
static struct auth_tree auths = RB_INITIALIZER(&auths);
static struct crl_tree crlt = RB_INITIALIZER(&crlt);
@ -390,7 +392,7 @@ proc_parser_mft(struct entity *entp, struct mft **mp, char **crlfile,
warnx("%s: manifest misissuance, #%s was recycled",
file1, mft1->seqnum);
if (r == 1) {
if (!noop && r == 1) {
*mp = proc_parser_mft_post(file1, mft1, entp->path, err1,
&warned);
if (*mp == NULL) {

4
usr.sbin/vmd/vm.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: vm.c,v 1.94 2023/09/26 01:53:54 dv Exp $ */
/* $OpenBSD: vm.c,v 1.95 2024/01/10 04:13:59 dv Exp $ */
/*
* Copyright (c) 2015 Mike Larkin <mlarkin@openbsd.org>
@ -1750,6 +1750,8 @@ vcpu_exit_inout(struct vm_run_params *vrp)
else if (vei->vei.vei_dir == VEI_DIR_IN)
set_return_data(vei, 0xFFFFFFFF);
vei->vrs.vrs_gprs[VCPU_REGS_RIP] += vei->vei.vei_insn_len;
if (intr != 0xFF)
vcpu_assert_pic_irq(vrp->vrp_vm_id, vrp->vrp_vcpu_id, intr);
}