summaryrefslogtreecommitdiff
path: root/src/lib/libc (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fix a number of out of bound reads in DNS response parsing.OPENBSD_7_1bluhm2023-03-161-1/+7
| | | | | | from millert@; originally from djm@; OK deraadt@ florian@ bluhm@ this is errata/7.1/026_resolv.patch.sig
* man pages: add missing commas between subordinate and main clausesnaddy2022-03-316-24/+24
| | | | | | | jmc@ dislikes a comma before "then" in a conditional, so leave those untouched. ok jmc@
* man pages: add missing word, The foo() ... -> The foo() function ...naddy2022-03-294-12/+12
| | | | ok jmc@ schwarze@
* Remove unused ivbits argument from chacha_keysetup to match otherdtucker2022-02-282-4/+4
| | | | instances in the tree. ok deraadt@
* Currently malloc caches a number of free'ed regions up to 128kotto2022-02-261-33/+160
| | | | | | | | | | in size. This cache is indexed by size (in # of pages), so it is very quick to check. Some programs allocate and deallocate larger allocations in a frantic way. Accomodate those programs by also keeping a cache of regions between 128k and 2M, in a cache of variable sized regions. Tested by many in snaps; ok deraadt@
* remove please from manual pagesjsg2022-02-061-3/+3
| | | | ok jmc@ sthen@ millert@
* refer to longindex as an argument, not a field;jmc2022-01-061-3/+3
| | | | | | from uwe@netbsd -r1.22 ok millert
* Update to reflect changes over the last six yearsguenther2021-12-251-34/+47
|
* lsearch(3): reimplement using lfind(3)cheloha2021-12-081-32/+13
| | | | | | | | | | | | | | | | | | | | | | | | lsearch(3) is really just lfind(3) with an additional branch to append the key if lfind(3) fails. If we get rid of the underlying linear_base() function and move the search portion into lfind(3) and the key-copying portion into lsearch(3) we get smaller and simpler code. Misc. notes: - We do not need to keep the historical comment about errno. lsearch(3) is pure computation and does not set errno. That's really all you need to know. The specification reserves no errors, either. - We are using lfind(3) internally now, so it switches from PROTO_DEPRECATED to PROTO_NORMAL in hidden/search.h and needs DEF_WEAK in stdlib/lsearch.c. With advice from guenther@ on symbol housekeeping in libc. Thread: https://marc.info/?l=openbsd-tech&m=163885187632449&w=2 ok millert@
* lsearch(3): append key to array with memmove(3) instead of memcpy(3)cheloha2021-12-071-2/+7
| | | | | | | | | | | | | | | If the key overlaps the end of the array, memcpy(3) mutates the key and copies a corrupted value into the end of the array. If we use memmove(3) instead we at least end up with a clean copy of the key at the end of the array. This is closer to the intended behavior. With input from millert@ and deraadt@. Thread: https://marc.info/?l=openbsd-tech&m=163880307403606&w=2 ok millert@
* bsearch(3): support arrays with more than INT_MAX elementscheloha2021-12-021-2/+3
| | | | | | | | | | | | | | | The "lim" variable needs to be a size_t to match nmemb, otherwise we get undefined behavior when nmemb exceeds INT_MAX. Prompted by a blog post by Joshua Bloch: https://ai.googleblog.com/2006/06/extra-extra-read-all-about-it-nearly.html Fixed by Chris Torek a long time ago: https://svnweb.freebsd.org/csrg/lib/libc/stdlib/bsearch.c?revision=51742&view=markup ok millert@
* A few sys/param.h annotations lacked ALIGNBYTESderaadt2021-11-291-2/+2
|
* Niels agreed to remove the advertising clause; switching thesedjm2021-11-292-11/+5
| | | | to 3-term BSD license.
* Describe what RES_USE_DNSSEC does and how it's affected by trust-adjca2021-11-241-2/+15
| | | | ok florian@
* Implement rfc6840 (AD flag processing) if using trusted name serversjca2021-11-221-2/+14
| | | | | | | | | | | | | | | | | | | | | | | | | libc can't do DNSSEC validation but it can ask a "security-aware" resolver to do so. Let's send queries with the AD flag set when appropriate, and let applications look at the AD flag in responses in a safe way, ie clear the AD flag if the resolvers aren't trusted. By default we only trust resolvers if resolv.conf(5) only lists name servers on localhost - the obvious candidates being unwind(8) and unbound(8). For non-localhost resolvers, an admin who trusts *all the name servers* listed in resolv.conf(5) *and the network path leading to them* can annotate this with "options trust-ad". AD flag processing gives ssh -o VerifyHostkeyDNS=Yes a chance to fetch SSHFP records in a secure manner, and tightens the situation for other applications, eg those using RES_USE_DNSSEC for DANE. It should be noted that postfix currently assumes trusted name servers by default and forces RES_TRUSTAD if available. RES_TRUSTAD and "options trust-ad" were first introduced in glibc by Florian Weimer. Florian Obser (florian@) contributed various improvements, fixed a bug and added automatic trust for name servers on localhost. ok florian@ phessler@
* add missing .h file includederaadt2021-10-291-2/+3
| | | | from Emil Engler
* Revert accidental change.jca2021-10-251-1/+2
| | | | Dunno why this ended up here, cvs is always full of surprises.
* Make brk() and sbrk() weak again as intended.jca2021-10-251-2/+1
| | | | | | Apparently spotted by mortimer@ while working on clang 13 and amd64. No actual change on sparc64 as this architecture still uses ld.bfd. ok kettenis@
* For open/openat, if the flags parameter does not contain O_CREAT, thederaadt2021-10-242-6/+6
| | | | | | | | | | | | | 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
* ansijsg2021-10-242-13/+6
| | | | ok mpi@ deraadt@
* Put back sys/types.h and sys/socket.h. The latter was unintentionallytb2021-10-221-1/+3
| | | | removed and the former is still needed, as pointed out by kettenis
* Fix some ghastly whitespace. From Martin Vahlensiecktb2021-10-221-6/+6
|
* Use unsigned char instead of u_char in base64.c. This is a mildtb2021-10-221-9/+6
| | | | | | | | | portability annoyance since not all systems have u_char. Remove the now unused includes sys/types.h and stdio.h. u_char diff from Jonas Termansen ok deraadt
* Provide realpath(1)kn2021-10-131-2/+3
| | | | | | | A tiny realpath(3) wrapper to make a porter's life easier. Feedback kettenis deraadt cheloha sthen OK cheloha martijn deraadt
* does not need arpa/nameser.hderaadt2021-10-111-2/+1
|
* Switch two calls from memset() to explicit_bzero()tb2021-09-191-3/+3
| | | | | | | This matches the documented behavior more obviously and ensures that these aren't optimized away, although this is unlikely. Discussed with deraadt and otto
* * add the missing STANDARDS section as noticed by tb@schwarze2021-09-031-3/+20
| | | | | | * mention that the *optionp input string will be modified * clarify that the array of tokens is expected to be NULL-terminated OK millert@ tb@, and the first half of STANDARDS also OK jmc@
* inet_ntop(3) needs sys/socket.h for AF_INET / AF_INET6 so add the headerclaudio2021-09-012-6/+5
| | | | | to the list. While here remove some of the headers from inet_net_ntop(3) for balance.
* Make MALLOC_STATS compile again; noted by Omar Polo and Joe Nelsonotto2021-07-231-2/+2
|
* An extra internal consistency check and a missing stats adjustment. ok tb@otto2021-04-091-1/+4
|
* Cache implementation has changed, we do not hold on to an exact numberotto2021-04-091-3/+4
| | | | of pages anymore, but also cache larger regions; ok tb@
* Type-cast getpagesize() from int to size_t for the comparison with d.claudio2021-03-181-2/+2
| | | | | | | getpagesize() will only return positive numbers (there is no negative page size system) and it can not fail. Should fix some compiler warnings seen in -portable projects. OK otto@
* Change the implementation of the malloc cache to keep lists ofotto2021-03-091-152/+118
| | | | | regions of a given size. In snaps for a while, committing since no issues were reported and a wider audience is good. ok deraadt@
* - Make use of the fact that we know how the chunks are aligned, andotto2021-02-252-49/+83
| | | | | | | | | | write 8 bytes at the time by using a uint64_t pointer. For an allocation a max of 4 such uint64_t's are written spread over the allocation. For pages sized and larger, the first page is junked in such a way. - Delayed free of a small chunk checks the corresponiding way. - Pages ending up in the cache are validated upon unmapping or re-use. In snaps for a while
* Some people still argue that rand(3) and random(3) have suitable deterministicderaadt2021-02-122-4/+10
| | | | | | | | | | | use cases, so explain the situation a bit more. Since the 80's, I estimate around 5 algorithm changes, so any chosen seed is unrepeatable UB. +The deterministic sequence algorithm changed a number of times since +original development, is underspecified, and should not be relied upon to +remain consistent between platforms and over time. ok jmc kettenis
* Prevent an overflow in inet_net_pton(3) when the passed in buffer isflorian2021-01-191-11/+18
| | | | | | | | | | | | | | | | | too small in the AF_INET6 case. Spotted by Brad House (brad AT brad-house.com) with the c-ares regression test. The man page says Caution: The dst field should be zeroed before calling inet_net_pton() as the function will only fill the number of bytes necessary to encode the network number in network byte order. Which seems to suggest that the function should work if the passed in storage is big enough to hold the prefix, which might be smaller than sizeof(in6_addr). Input & OK tb
* Fix two issues related to thread private data in asr.otto2021-01-061-3/+10
| | | | | | | | - setting up asr in single thread mode and then starting threads using asr would lead to multiple threads sharing the same resolver. - destruction of a thread that has been using asr would leak data. Problem originally reported by Alexey Sokolov and Uli Schlachter. ok kettenis@
* mapalign() only handles allocations >= a page; problem found by and ok semarie@otto2020-11-231-1/+3
|
* make fixed-sized fixed-value mib[] arrays be constderaadt2020-10-121-4/+3
| | | | ok guenther tb millert
* As noted by tb@ previous commit only removed an unused fucntion.otto2020-10-091-4/+9
| | | | | So redo previous commit properly: Use random value for canary bytes; ok tb@.
* Use random value for canary bytes; ok tb@otto2020-10-061-23/+1
|
* For page-sized and larger allocations do not put the pages we'reotto2020-09-061-21/+18
| | | | | | | shaving off into the cache but unamp them. Pages in the cache get re-used and then a future grow of the first allocation will be hampered. Also make realloc a no-op for small shrinkage. ok deraadt@
* Add support for timeconting in userland.pirofti2020-07-062-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | This diff exposes parts of clock_gettime(2) and gettimeofday(2) to userland via libc eliberating processes from the need for a context switch everytime they want to count the passage of time. If a timecounter clock can be exposed to userland than it needs to set its tc_user member to a non-zero value. Tested with one or multiple counters per architecture. The timing data is shared through a pointer found in the new ELF auxiliary vector AUX_openbsd_timekeep containing timehands information that is frequently updated by the kernel. Timing differences between the last kernel update and the current time are adjusted in userland by the tc_get_timecount() function inside the MD usertc.c file. This permits a much more responsive environment, quite visible in browsers, office programs and gaming (apparently one is are able to fly in Minecraft now). Tested by robert@, sthen@, naddy@, kmos@, phessler@, and many others! OK from at least kettenis@, cheloha@, naddy@, sthen@
* This patch fixes one bug and one instance of undesirable behaviour.schwarze2020-05-271-9/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The bug, present since 4.4BSD, was that a trailing dash in an option group, when the dash is not permitted as an option letter, resulted in the whole option group being returned as an argument, even though the previous option in the group was already parsed as an option: OPTS=abc ./getopt-test -a- -c arg ===>> OPT(a)ARG(-a-)ARG(-c)ARG(arg). Instead, treat the dash as an invalid option and continue parsing options: ===>> OPT(a)ERR(?-)OPT(c)ARG(arg). The undesirable behaviour was that allowing the dash as an option letter only allowed isolated dashes ("-") and trailing dashes in groups ("-a-"), but neither middle dashes in groups ("-a-b"), even though that already partially worked in 4.4BSD, nor leading dashes in groups ("--a"), even though that works on all other BSDs and on glibc. Also, while POSIX does not require that the dash can be used as an option letter at all, arguably, it encourages that letters either be fully supported or not supported at all. It is dubious whether supporting an option letter in some positions but not in others can be considered conforming. This patch makes OpenBSD behaviour identical to FreeBSD and NetBSD, improves compatibility with glibc (except that glibc does not support isolated "-"), improves compatibility with DragonFly (except that DragonFly is buggy when the dash option letter can take an optional argument but that argument is not present), improves compatibility with Illumos and Solaris 11 (except those do not support "-" and mishandle "--a"), and restores 4.4BSD behaviour for "-a-b". In no respect i'm aware of is compatibility with any other systems reduced. For the full rationale, see my mail to tech@ on 30 Mar 2020 14:26:41 +0200. Part of the problem was originally reported by an anonymous coward on tech@ on 12 Mar 2020 03:40:24 +0200, additional analysis was contributed by martijn@, and then the OP sent the final version of the patch i'm now committing on 17 Mar 2020 19:17:56 +0200. No licensing problem here because after the commit, the file does not contain a single word written by the OP. Also, the OP told me in private mail that he intends to publish the patch under the ISC license already contained in the file and that he wishes to be known by the pseudonym "0xef967c36". OK martijn@, and no objection when shown on tech@, but commit delayed to stay clear of the release.
* Minimal maintenance to make this mess slightly less confusing:schwarze2020-04-261-10/+10
| | | | | | | queue -> list; mention "intrusive"; element -> member at one place; delete a bogus remark that maybe referred to a long-gone implementation in VAX assembly code. Much more could be improved, but i don't want to waste too much time here.
* fix the description; from andras farkasjmc2020-04-261-5/+4
| | | | | | ok schwarze kill a Tn while here...
* A comma is not appropriate here, use a semicolonjca2020-04-251-2/+2
| | | | Suggested by Evan Silberman, confirmed by jmc@
* Discourage use of RES_USE_INET6jca2020-04-251-1/+5
| | | | Suggested by eric@, input from deraadt@, ok deraadt@ eric@
* Fix RES_USE_INET6 descriptionjca2020-04-251-7/+9
| | | | | | | | | | The previous wording implied this option does nothing, which is wrong. This option does affect the way gethostbyname(3) works on OpenBSD (return IPv6 addresses if available). On some systems, it also introduces IPv4-mapped IPv6 addresses, a "feature" that we don't support. ok deraadt@ eric@
* Remove AUTHORS section. This follows what is done in strstr.3claudio2020-04-161-4/+2
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 23:42:12 +0000