openbsd/src/lib/libc, branch OPENBSD_4_5

openbsd/src/lib/libc, branch OPENBSD_4_5_BASE A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_4_5_BASE 2009-02-13T23:36:17+00:00 kill whitespace at eol; 2009-02-13T23:36:17+00:00 jmc 2009-02-13T23:36:17+00:00 urn:sha1:0022884d4476647fcc43309b8c245c60ad1cab39 decribe 'F' better and mention flags are debugging aids; ok tedu@ jmc@ 2009-02-13T18:49:14+00:00 otto 2009-02-13T18:49:14+00:00 urn:sha1:5327674e2d04616a68f7f89905418f8fd3fa7cb9 correct function definitions; from Markus Bergkvist 2009-02-10T21:47:56+00:00 jmc 2009-02-10T21:47:56+00:00 urn:sha1:03ba8f736f8a96772bebb01f0fd7b1300d732472 reintroduce extra malloc protections, but avoiding the use of 2009-01-03T12:58:28+00:00 djm 2009-01-03T12:58:28+00:00 urn:sha1:822633f8798a6b4646a8b092e7c67f511cdbdba2 PAGE_(SIZE|SHIFT|MASK) defines that evaluate to variables on the sparc architecture; ok otto@ tested on my reanimated ss20 PAGE_SIZE is not a valid symbol to use in that way. In particular, 2008-12-31T05:21:46+00:00 deraadt 2008-12-31T05:21:46+00:00 urn:sha1:e134ab420324ed0a3522d02baec026316ec84b01 on sparc, it expands to something that just plain does not work, because the page size can be variable. Sorry we didn't spot this before. Backing it all out to allow sparc to build; please find a different way to fix it. Remove mprotecting of struct dir_info introduced in previous commit 2008-12-30T07:44:51+00:00 djm 2008-12-30T07:44:51+00:00 urn:sha1:8723e630fb3ff019db40af226409ed529c731fe6 (MALLOC_OPTIONS=L). It was too slow to turn on by default, and we don't do optional security. requested by deraadt@ grumbling ok otto@ extra paranoia for malloc(3): 2008-12-29T22:25:50+00:00 djm 2008-12-29T22:25:50+00:00 urn:sha1:fd51a00555abf87dae44d852272f90de6709895d Move all runtime options into a structure that is made read-only (via mprotect) after initialisation to protect against attacks that overwrite options to turn off malloc protections (e.g. use-after-free) Allocate the main bookkeeping data (struct dir_info) using mmap(), thereby giving it an unpredictable address. Place a PROT_NONE guard page on either side to further frustrate attacks on it. Add a new 'L' option that maps struct dir_info PROT_NONE except when in the allocator code itself. Makes attacks on it basically impossible. feedback tedu deraadt otto canacar ok otto repair the ARC4 story; ok jmc djm millert 2008-12-23T18:31:02+00:00 deraadt 2008-12-23T18:31:02+00:00 urn:sha1:79eae3468ef3216f558705406485fa84c61ff505 The example for detecting malicious PTR records could be easily misinterpreted. 2008-12-22T12:18:56+00:00 jacekm 2008-12-22T12:18:56+00:00 urn:sha1:c2935e3f205af3b20e797822fedcd1c6cb062d95 Make it less ambiguous; ok gilles@ claudio@ shave off more bytes than you expect by declaring a few const local arrays 2008-12-15T19:47:49+00:00 otto 2008-12-15T19:47:49+00:00 urn:sha1:652dab06c9c86530dcd32b7eaf30a87985945fcc as static const