summaryrefslogtreecommitdiff
path: root/src/lib/libc (follow)
Commit message (Collapse)AuthorAgeFilesLines
* When describing v3 crypt, be specific as to which machine was simulated.jsg2025-01-091-3/+3
| | | | feedback jmc@ ok deraadt@ schwarze@
* appeared in 4.3BSD before 4.3BSD-Tahoejsg2024-12-1111-33/+33
| | | | ok millert@ schwarze@
* remove unneeded semicolons; checked by millert@jsg2024-09-201-2/+2
|
* typo in comment; Effectivly -> Effectively; ok gilles@op2024-09-031-2/+2
|
* wild white spacederaadt2024-09-031-2/+2
|
* Revert commitid KcCtsA53F9UQzc0t:guenther2024-08-301-5/+6
| | | | | | | | | | | | "Make exit(), fclose(), fflush(), and freopen() comply with POSIX-2008 requirements for setting the underlying file position when flushing read-mode streams, and make an fseek()-after-fflush() not change the underlying file position." Something isn't correct about it and it breaks at least initdb from the postgresql-server package. discussed with tb@, semarie@, and deraadt@
* Use struct __sFILE instead of FILE in thread locking callbackguenther2024-08-181-5/+6
| | | | | | | declarations to reduce <stdio.h> pollution. Declare __isthreaded in thread_private.h where it's really needed. ok deraadt@
* Make exit(), fclose(), fflush(), and freopen() comply with POSIX-2008guenther2024-08-121-6/+5
| | | | | | | | | requirements for setting the underlying file position when flushing read-mode streams, and make an fseek()-after-fflush() not change the underlying file position. Much testing, review, and assistance from tb@ ok tb@ millert@
* wcslcpy() and wcslcat() are in POSIX-2024. Update #include visibilityguenther2024-08-071-4/+11
| | | | | | and manpages and add restrict qualifiers. ok millert@
* A dozen interfaces in <endian.h> were standardized in POSIX-2024 as expectedguenther2024-08-031-6/+4
|
* The improbable occurred: strlcpy(3) and strlcat(3) are in POSIX-2024.guenther2024-08-032-7/+16
| | | | | | | memmem(3) was also added. Update #include visibility and manpages and add restrict qualifiers. "never thought I'd see this day" millert@
* mkostemp(3) and reallocarray(3) are in POSIX-2024:guenther2024-08-031-2/+6
| | | | | | adjust #include visibility and update the reallocarray(3) manpage ok millert@
* Add wcsnlen(3), wcslen(3) with a max len argumentjca2024-07-143-7/+84
| | | | Missing function hit by fcambus@ some time ago. ok millert@
* Zap warning against __findenv usage, it is not exported by libcjca2024-07-101-3/+1
| | | | | The comment probably made sense before guenther restricted the symbols exported by libc in 2015.
* strmode takes a mode_t, not an int; prompted by Collin Funk.otto2024-06-231-4/+2
| | | | ok kettenis@ deraadt@ tb@
* drop htonl(), htons(), ntohl(), ntohs() MD functions from libcnaddy2024-04-155-50/+21
| | | | | | | | | | | Userland code compiled in a normal fashion picks up the htonl(), htons(), ntohl(), ntohs() macros implemented by endian.h. The functions in libc are effectively unused. Keep the MI functions in case something looks for the symbols in libc or plays games with #undef, but change them to wrap the implementation from endian.h. tweaks suggested by claudio@, ok miod@
* In _malloc_init(), round up the region being mprotected RW to the mallocmiod2024-03-301-11/+11
| | | | | | | | | | page size, rather than relying upon mprotect to round up to the actual mmu page size. This repairs malloc operation on systems where the malloc page size (1 << _MAX_PAGE_SHIFT) is larger than the mmu page size. ok otto@
* POSIX defines inet_ntoa, not inet_aton.bentley2024-03-061-3/+3
| | | | ok deraadt@ jmc@
* Add mkdtemps(3), like mkdtemp(3) but with a suffix.millert2024-03-012-8/+32
| | | | OK deraadt@ tb@
* make login.conf(5) and crypt_newhash(3) and the underlying codederaadt2024-01-221-2/+2
| | | | | | | | consistant regarding bcrypt,a instead of blowfish,a. "blowfish" is a historical alias which we don't need to document as firmly as "bcrypt". report about difficult manual page discovery from ataraxia937 ok millert
* Make our mktemp(3) callback-driven and split into multiple files.millert2024-01-195-130/+195
| | | | | | Previously, calling any of the mktemp(3) family would pull in lstat(2), open(2) and mkdir(2). Now, only the necessary system calls will be reachable from the binary. OK deraadt@ guenther@
* Move mktemp.c to stdlib where it belongs.millert2024-01-193-4/+582
| | | | OK deraadt@
* A small cleanup of malloc_bytes(), getting rid of a goto and a tinyotto2023-12-191-29/+27
| | | | bit of optimization; ok tb@ asou@
* zap trailing whitespacetb2023-12-041-2/+2
|
* Save backtraces to show in leak dump. Depth of backtrace set byotto2023-12-042-87/+184
| | | | | malloc option D (aka 1), 2, 3 or 4. No performance impact if not used. ok asou@
* KNF plus fixed a few signed vs unsigned compares (that we actuallyotto2023-11-041-22/+33
| | | | not real problems)
* Enable ISO C11 APIs when building libc, even with an older compiler.millert2023-10-291-1/+9
| | | | | Otherwise, the prototypes for timespec_get() and aligned_alloc() are not visible. OK guenther@
* A few micro-optimizations; ok asou@otto2023-10-261-20/+15
|
* correct Va in previous;jmc2023-10-221-2/+3
|
* When option D is active, store callers for all chunks; this avoidsotto2023-10-222-86/+178
| | | | | | | the 0x0 call sites for leak reports. Also display more info on detected write of free chunks: print the info about where the chunk was allocated, and for the preceding chunk as well. ok asou@
* Print waring message when not allocated memory in putleakinfo().asou2023-09-091-2/+20
| | | | ok otto.
* Document that small allocations are initially junked with 0xdf nowotto2023-07-011-3/+3
|
* Recommit "Allow to ask for deeper callers for leak reports usingotto2023-06-302-12/+71
| | | | | | | malloc options" Now only enabled for platforms where it's know to work and written as a inline functions instead of a macro.
* Revert previous, not all platforms allow compilingotto2023-06-232-37/+4
| | | | __builtin_return_address(a) with a != 0.
* Allow to ask for deeper callers for leak reports using malloc options.otto2023-06-222-4/+37
| | | | ok deraadt@
* Add portable version and m88k-specific version lb() function, becauseaoyama2023-06-071-1/+21
| | | | | | unfortunately gcc3 does not have __builtin_clz(). ok miod@ otto@
* More thorough write-afetr-free checks.otto2023-06-042-19/+33
| | | | | | | | | | | | | | | | | | | On free, chunks (the pieces of a pages used for smaller allocations) are junked and then validated after they leave the delayed free list. So after free, a chunk always contains junk bytes. This means that if we start with the right contents for a new page of chunks, we can *validate* instead of *write* junk bytes when (re)-using a chunk. With this, we can detect write-after-free when a chunk is recycled, not justy when a chunk is in the delayed free list. We do a little bit more work on initial allocation of a page of chunks and when re-using (as we validate now even on junk level 1). Also: some extra consistency checks for recallocaray(3) and fixes in error messages to make them more consistent, with man page bits. Plus regress additions.
* Remove malloc interposition, a workaround that was once needed for emacsotto2023-05-271-7/+7
| | | | ok guenther@
* Add PROTO_NORMAL() declarations for the remaining syscalls, to avoidguenther2023-05-181-4/+1
| | | | | | | | future, inadvertant PLT entries. Move the __getcwd and __realpath declarations to hidden/{stdlib,unistd}.h to consolidate and remove duplication. ok tb@ otto@ deraadt@
* As mmap(2) is no longer a LOCK syscall, do away with the extraotto2023-05-101-23/+1
| | | | | unlock-lock dance it serves no real purpose any more. Confirmed by a small performance increase in tests. ok @tb
* remove duplicate includejsg2023-04-211-2/+1
| | | | ok otto@
* remove bad Pp;jmc2023-04-171-3/+2
| | | | (sorry, otto, for not spotting in the updated diff)
* Dump (leak) info using utrace(2) and compile the code always inotto2023-04-162-148/+199
| | | | | except for bootblocks. This way we have built-in leak detecction always (if enable by malloc flags). See man pages for details.
* Introduce variation in location of junked bytes; ok tb@otto2023-04-051-3/+8
|
* Check all chunks in the delayed free list for write-after-free.otto2023-04-012-8/+25
| | | | Should catch more of them and closer (in time) to the WAF. ok tb@
* Last arg is also a pointer, so pass NULL instead of 0; ok deraadt@otto2023-03-251-2/+2
|
* Change malloc chunk sizes to be fine grained.otto2023-03-251-102/+142
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The basic idea is simple: one of the reasons the recent sshd bug is potentially exploitable is that a (erroneously) freed malloc chunk gets re-used in a different role. malloc has power of two chunk sizes and so one page of chunks holds many different types of allocations. Userland malloc has no knowledge of types, we only know about sizes. So I changed that to use finer-grained chunk sizes. This has some performance impact as we need to allocate chunk pages in more cases. Gain it back by allocation chunk_info pages in a bundle, and use less buckets is !malloc option S. The chunk sizes used are 16, 32, 48, 64, 80, 96, 112, 128, 160, 192, 224, 256, 320, 384, 448, 512, 640, 768, 896, 1024, 1280, 1536, 1792, 2048 (and a few more for sparc64 with its 8k sized pages and loongson with its 16k pages). If malloc option S (or rather cache size 0) is used we use strict multiple of 16 sized chunks, to get as many buckets as possible. ssh(d) enabled malloc option S, in general security sensitive programs should. See the find_bucket() and bin_of() functions. Thanks to Tony Finch for pointing me to code to compute nice bucket sizes. ok tb@
* Fix a number of out of bound reads in DNS response parsing.millert2023-03-151-1/+7
| | | | Originally from djm@. OK deraadt@ florian@ bluhm@
* There is no reason to-be-cleared chunks cannot participate in delayedotto2023-02-271-27/+23
| | | | freeing; ok tb@
* Change the way malloc_init() works so that the main data structuresotto2022-12-271-65/+66
| | | | | | | can be made immutable to provide extra protection. Also init pools on-demand: only pools that are actually used are initialized. Tested by many