openbsd/src/lib/libc/net, branch OPENBSD_6_1

openbsd/src/lib/libc/net, branch OPENBSD_6_1_BASE A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_6_1_BASE 2017-03-06T18:16:27+00:00 size is unsigned so using ==0 not <=0 when checking for buffer exhaustion 2017-03-06T18:16:27+00:00 millert 2017-03-06T18:16:27+00:00 urn:sha1:ff039d35a200670887f77531569823a1886c89af Pull in a change from the bind 8 resolver that fixes a potential 2017-03-06T18:14:41+00:00 millert 2017-03-06T18:14:41+00:00 urn:sha1:1baf267ffff48256f940f576b0151fa86e33fb0d crash when given a large hex number as part of the dotted quad. OK deraadt@ jsg@ Add support for RES_USE_DNSSEC 2017-02-27T11:38:08+00:00 jca 2017-02-27T11:38:08+00:00 urn:sha1:f342c8b34221802ef356eb6400adc82ca528d0ad RES_USE_DNSSEC is implemented by setting the DNSSEC DO bit in outgoing queries. The resolver is then supposed to set the AD bit in the reply if it managed to validate the answer through DNSSEC. Useful when the application doesn't implement validation internally. This scheme assumes that the validating resolver is trusted and that the communication channel between the validating resolver and and the client is secure. ok eric@ gilles@ Add EDNS0 support. 2017-02-18T19:23:05+00:00 jca 2017-02-18T19:23:05+00:00 urn:sha1:17eaedeba84258abf9626346d66e5be2d6f42442 EDNS allows for various DNS extensions, among which UDP DNS packets size bigger than 512 bytes. The default is still to not advertize anything. ok eric@ in resolver(3), document that _EDNS0 and _DNSSEC are no ops; 2017-01-24T12:43:00+00:00 jmc 2017-01-24T12:43:00+00:00 urn:sha1:59a707819f6dd67e0b7265936ed3e71e4e0c9144 diff from kirill miazine while here, bump all the no op texts to one standard blurb; help/ok jca Eliminate some gcc warnings about 'unused variables', mostly by 2016-12-16T17:44:59+00:00 krw 2016-12-16T17:44:59+00:00 urn:sha1:d06f9ce0e745bde818ae635e4937d91d5f559ac7 adding appropriate #ifdef's around declarations. ok millert@ (with a tweak I will commit separately) Nuke some trailing tabs. 2016-12-15T20:50:36+00:00 krw 2016-12-15T20:50:36+00:00 urn:sha1:53571ade8baa9a9c14c2ab794374cac49a3a8212 Fix regressions introduce in the fix for CVE-2016-6559. 2016-12-08T03:20:50+00:00 millert 2016-12-08T03:20:50+00:00 urn:sha1:ae4af104f03d1d60aa0b563b4c396cfe76d4f653 From FreeBSD (glebius) Fix a typo, decrement rem, don't increment for single digit hex bytes. 2016-12-07T01:05:47+00:00 millert 2016-12-07T01:05:47+00:00 urn:sha1:35c0f29873c26b2ee2958debb24b023f35d097b2 From Henri Kemppainen CVE-2016-6559: fix potential buffer overflow(s) in link_ntoa(3). 2016-12-06T22:32:58+00:00 millert 2016-12-06T22:32:58+00:00 urn:sha1:9c7308f23068f3d90f1bb1a2ef7d36ecbed581d6 A specially crafted struct sockaddr_dl argument can trigger a stack overflow of a static buffer in libc. An attacker may be able to use this to write to arbitrary locations in the data segment. From FreeBSD (glebius); OK deraadt@ mestre@