|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Move all runtime options into a structure that is made read-only
(via mprotect) after initialisation to protect against attacks that
overwrite options to turn off malloc protections (e.g. use-after-free)
Allocate the main bookkeeping data (struct dir_info) using mmap(),
thereby giving it an unpredictable address. Place a PROT_NONE guard
page on either side to further frustrate attacks on it.
Add a new 'L' option that maps struct dir_info PROT_NONE except when
in the allocator code itself. Makes attacks on it basically impossible.
feedback tedu deraadt otto canacar
ok otto | 
| | |  | 
| | 
| 
| 
| | Make it less ambiguous; ok gilles@ claudio@ | 
| | 
| 
| 
| | as static const | 
| | |  | 
| | 
| 
| 
| | Suggested by and ok claudio@, ok jmc@ | 
| | |  | 
| | 
| 
| 
| 
| 
| | struct in the if_msghdr instead of using sizeof() blindly. This allows us
to grow if_data without causing issues for the getifaddrs() users.
OK deraadt@ (who needs this for some cool upcomming stuff) | 
| | 
| 
| 
| 
| | the page as possible (i.e. make malloc option P a default).
ok art@ millert@ krw@ | 
| | 
| 
| 
| 
| | a page to 0. P default will be changed in a separate commit.
ok millert@ art@ krw@ | 
| | 
| 
| 
| 
| | a separate symbolic constant for the leeway we allow when moving
allocations towards the end of a page. No functional change. | 
| | |  | 
| | 
| 
| 
| 
| 
| | (might catch errors closer to the trouble spot) and junk fill pages just
before reuse instead of immediate (we can't access the page anyway)
since we set PROT_NONE in the F case. ok djm@ | 
| | 
| 
| 
| | ok jmc@ | 
| | |  | 
| | 
| 
| 
| | tried and how many actually succeeded. | 
| | |  | 
| | 
| 
| 
| | threaded case) but much smaller working set; prompted by and ok deraadt@ | 
| | 
| 
| 
| 
| | non-syscalls, there's just too much code not doing the right thing on
error paths; prompted by and ok deraadt@ | 
| | 
| 
| 
| | kurt@ | 
| | 
| 
| 
| 
| | mapping the region next to the existing one first; there's a pretty
high chance there's a hole there we can use; ok deraadt@ tedu@ | 
| | 
| 
| 
| | too much pressure on the amaps. ok tedu@ deraadt@ | 
| | |  | 
| | 
| 
| 
| | from Thomas Pfaff.  ok millert@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | - provide proper dtoa locks
- use the real strtof implementation
- add strtold, __hdtoa, __hldtoa
- add %a/%A support
- don't lose precision in printf, don't round to double anymore
- implement extended-precision versions of libc functions: fpclassify,
isnan, isinf, signbit, isnormal, isfinite, now that the ieee.h is
fixed
- separate vax versions of strtof, and __hdtoa
- add complex math support.  added functions: cacos, casin, catan,
ccos, csin, ctan, cacosh, casinh, catanh, ccosh, csinh, ctanh, cexp,
clog, cabs, cpow, csqrt, carg, cimag, conj, cproj, creal, cacosf,
casinf, catanf, ccosf, csinf, ctanf, cacoshf, casinhf, catanhf,
ccoshf, csinhf, ctanhf, cexpf, clogf, cabsf, cpowf, csqrtf, cargf,
cimagf, conjf, cprojf, crealf
- add fdim, fmax, fmin
- add log2. (adapted implementation e_log.c.  could be more acruate
& faster, but it's good enough for now)
- remove wrappers & cruft in libm, supposed to work-around mistakes
in SVID, etc.;  use ieee versions.  fixes issues in python 2.6 for
djm@
- make _digittoint static
- proper definitions for i386, and amd64 in ieee.h
- sh, powerpc don't really have extended-precision
- add missing definitions for mips64 (quad), m{6,8}k (96-bit) float.h
for LDBL_*
- merge lead to frac for m{6,8}k, for gdtoa to work properly
- add FRAC*BITS & EXT_TO_ARRAY32 definitions in ieee.h, for hdtoa&ldtoa
to use
- add EXT_IMPLICIT_NBIT definition, which indicates implicit
normalization bit
- add regression tests for libc: fpclassify and printf
- arith.h & gd_qnan.h definitions
- update ieee.h: hppa doesn't have quad-precision, hppa64 does
- add missing prototypes to gdtoaimp
- on 64-bit platforms make sure gdtoa doesn't use a long when it
really wants an int
- etc., what i may have forgotten...
- bump libm major, due to removed&changed symbols
- no libc bump, since this is riding on djm's libc major crank from
a day ago
discussed with / requested by / testing theo, sthen@, djm@, jsg@,
merdely@, jsing@, tedu@, brad@, jakemsr@, and others.
looks good to millert@
parts of the diff ok kettenis@
this commit does not include:
- man page changes | 
| | |  | 
| | 
| 
| 
| | report Maksymilian Arciemowicz; ok djm, deraadt | 
| | 
| 
| 
| | effort as possible in most cases; ok djm@ | 
| | 
| 
| 
| | slightly kludgey solution for until otto fixes it properly; ok otto@ | 
| | 
| 
| 
| 
| | the freshly mmaped pages disrupting their pure zeroness;
ok otto@ deraadt@ | 
| | 
| 
| 
| | rather than a pointer to the terminating nul; ok deraadt@ | 
| | 
| 
| 
| | case spotted by beck, one by me; ok deraadt@ beck@ | 
| | 
| 
| 
| 
| | returns zero filled pages; remember to replace this function as well if you
provide your own malloc implementation; ok djm@ deraadt@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Also Extend "nameserver" declaration syntax to support port
numbers.  To avoid ambiguity these are only parsed when the address
is enclosed in square brackets, e.g. "nameserver [127.0.0.1]:5353"
Together these changes make forwarding DNS over a SSH tunnel very
easy, but unfortunately some programs in ports/ implement their
own resolvers (e.g. firefox). These will need to be modified to
support these options separately.
fixes jsing@ reyk@
ok deraadt@ millert@ krw@ + "I like it" from lots | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| | structure of tracking pages returned by mmap(). Lots of testing by
lots of people, thanks to you all.
ok djm@ (for a slighly earlier version) deraadt@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | Not sure what's more surprising: how long it took for NetBSD to
catch up to the rest of the BSDs (including UCB), or the amount of
code that NetBSD has claimed for itself without attributing to the
actual authors.
OK deraadt@ | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| | call to strtod() with bounding check.
Discussed with pyr@ and otto@
ok otto@ deraadt@ | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| | (2^30,2^31). Nothing in the tree yet requests random numbers bounded
by this range.
report jakob!deraadt; ok deraadt@ | 
| | |  | 
| | 
| 
| 
| | costs; ok jmc@ for the man page bits; ok millert@ deraadt@ | 
| | 
| 
| 
| | ok djm@ deraadt@ | 
| | 
| 
| 
| | feedback deraadt@ drahn@; ok deraadt@ | 
| | |  |