Re: [patch] sed: missing bound check resulting stack overflow

2014-12-10 Thread Sébastien Marie
On Thu, Dec 11, 2014 at 04:38:50PM +1100, Jonathan Gray wrote: > > Yes, I agree. I plan to commit this version: > It is ok for me. Thanks. Sébastien Marie > Index: compile.c > === > RCS file: /cvs/src/usr.bin/sed/compile.c,v > re

Re: [patch] sed: missing bound check resulting stack overflow

2014-12-10 Thread Jonathan Gray
On Wed, Dec 10, 2014 at 02:09:10PM +0100, Sébastien Marie wrote: > Hi Jonathan, > > I think there is a mistake in pointer comparaison (q + 1 >= eq): it > results we keep two chars at end (whereas only one is necessary for > '\0'). > > - eq points to the last cell in array before out-of-bound. >

Re: LibreSSL 2.1.2 linking issues

2014-12-10 Thread Theo de Raadt
> >> A second reason is to prevent software from using the version number or > >> string > >> to test for features, which has been frequently misused and abused. > > > > Have strings really been misused this way? Yikes... > > > > Many Lolz.. Lukas you just made my day.. > > They've been misu

Re: LibreSSL 2.1.2 linking issues

2014-12-10 Thread Brent Cook
On Wed, Dec 10, 2014 at 6:27 PM, Stuart Henderson wrote: > On 2014/12/10 22:57, Lukas Tribus wrote: >> I get your point, but I don't believe its always that simple. Should we >> really >> exclusively care about users of the packaging systems provided by the OS, >> nobody else? > > The standard wa

Re: LibreSSL 2.1.2 linking issues

2014-12-10 Thread Stuart Henderson
On 2014/12/10 22:57, Lukas Tribus wrote: > I get your point, but I don't believe its always that simple. Should we really > exclusively care about users of the packaging systems provided by the OS, > nobody else? The standard way to handle this for build-from-source is with pkg-config. I haven't l

Re: [PATCH] crypto/gost: use GOST_le2bn in priv_decode_gost01

2014-12-10 Thread Dmitry Eremin-Solenikov
Hello, 2014-12-11 1:03 GMT+03:00 Miod Vallat : > I agree with the intent; but I believe that... > >> - if (s == NULL || s->length != 32) { >> + if (s == NULL) { > > ... the exact length check should be kept. I don't think so. This is a leftover from GOST 34.10-2001-only. T

Re: LibreSSL 2.1.2 linking issues

2014-12-10 Thread Bob Beck
>> A second reason is to prevent software from using the version number or >> string >> to test for features, which has been frequently misused and abused. > > Have strings really been misused this way? Yikes... > Many Lolz.. Lukas you just made my day.. They've been misused that way, and mo

Re: LibreSSL 2.1.2 linking issues

2014-12-10 Thread Lukas Tribus
> Sorry if this is long-winded: Dito :) > One reason is that incrementing for sub-minor versions in the CVS source > doesn’t mean anything, since the portable release schedule is independent in > OpenBSD land. Agreed that this doesn't make much sense for CVS source, for the -portable tarballs

Re: [PATCH] crypto/gost: use GOST_le2bn in priv_decode_gost01

2014-12-10 Thread Miod Vallat
I agree with the intent; but I believe that... > - if (s == NULL || s->length != 32) { > + if (s == NULL) { ... the exact length check should be kept. Miod

Re: support to view rc(8) startup skript output via dmesg -s

2014-12-10 Thread Marco Pfatschbacher
New diff after some feedback: Restrict this to root only, since there might be sensitive information in the output. e.g. fsck output revealing files. Thanks Theo. Use -s, since -c is already used in other BSDs. I did not go with -a, since that does sth. slightly different on FreeBSD. Thanks Olli.

Re: assert(3) manpage tweaks

2014-12-10 Thread Ingo Schwarze
Hi Kaspars, Kaspars Bankovskis wrote on Sun, Dec 07, 2014 at 05:48:07PM +0200: > On Sun, Dec 07, 2014 at 02:33:29AM +0100, Ingo Schwarze wrote: >> By the way, i just grepped v6 for "assert" and came up empty-handed. >> Anybody knows whether the statement is even correct? Didn't it >> rather firs

Re: relayd: convert to siphash

2014-12-10 Thread Max Fillinger
Here's a version without malloc'ing the key. Index: usr.sbin/relayd/parse.y === RCS file: /cvs/src/usr.sbin/relayd/parse.y,v retrieving revision 1.195 diff -u -p -r1.195 parse.y --- usr.sbin/relayd/parse.y 20 Nov 2014 05:51:20 -

three Decemeber 10 errata

2014-12-10 Thread Ted Unangst
Three new errata to announce. Malicious DNS servers could cause a denial of service with an endless series of delegations. This affects named (BIND) and unbound. There is a patch for unbound in 5.6. (unbound wasn't built in 5.5.) We don't have patches for BIND at this time. Missing memory barrier

Re: dup(2) manpage fix

2014-12-10 Thread Ingo Schwarze
Hi Kaspars, committed, thanks. Ingo Kaspars Bankovskis wrote on Wed, Dec 10, 2014 at 02:26:21PM +0200: > Index: dup.2 > === > RCS file: /cvs/src/lib/libc/sys/dup.2,v > retrieving revision 1.17 > diff -u -p -r1.17 dup.2 > --- dup.

Re: cleanup of return values in section 2 manpages

2014-12-10 Thread Ingo Schwarze
Hi Kapsars, Kaspars Bankovskis wrote on Wed, Dec 10, 2014 at 02:31:14PM +0200: > I think these two are good for the change as well: Committed, too. Ingo > Index: getrlimit.2 > === > RCS file: /cvs/src/lib/libc/sys/getrlimit.2,v

Re: cleanup of return values in section 2 manpages

2014-12-10 Thread Ingo Schwarze
Hi Kaspars, Kaspars Bankovskis wrote on Wed, Dec 10, 2014 at 01:57:49PM +0200: > On Wed, Dec 10, 2014 at 12:18:44AM -0700, Philip Guenther wrote: >> CVSROOT: /cvs >> Module name: src >> Changes by: guent...@cvs.openbsd.org2014/12/10 00:18:44 >> >> Modified files: >> lib/libc/sy

Re: LibreSSL 2.1.2 linking issues

2014-12-10 Thread Brent Cook
> On Dec 10, 2014, at 10:58 AM, Lukas Tribus wrote: > >>> I believe a not to be underestimated amount of applications #ifdef's >>> certain functionality of openssl out, for example NPN >>> (SSL_CTRL_SET_TLSEXT_HOSTNAME) or server preferential cipher ordering >>> (SSL_OP_CIPHER_SERVER_PREFERENCE)

[PATCH] crypto/gost: use GOST_le2bn in priv_decode_gost01

2014-12-10 Thread Dmitry Eremin-Solenikov
Signed-off-by: Dmitry Eremin-Solenikov --- src/lib/libssl/src/crypto/gost/gostr341001_ameth.c | 19 +++ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/src/lib/libssl/src/crypto/gost/gostr341001_ameth.c b/src/lib/libssl/src/crypto/gost/gostr341001_ameth.c index fb1

Re: get_cipher_by_char again (and put_cipher_by_char)

2014-12-10 Thread Miod Vallat
> //Ciphers list. It is stored after the Session ID. > const unsigned char *ciphers = hello + 44 + sessIDLen; > int ciphersLen = (ciphers[0] << 8) | ciphers[1]; > ciphers += 2; > if (ciphersLen) { > const SSL_METHOD *method = SSLv3_method(); >

Re: Implement a watchdog

2014-12-10 Thread sven falempin
On Wed, Dec 10, 2014 at 9:31 AM, Stuart Henderson wrote: > On 2014/12/10 09:15, sven falempin wrote: >> http://lxr.free-electrons.com/source/drivers/hwmon/nct6775.c >> >> https://github.com/groeck/nct6775 >> >> So i guess the first step is to detect the chip > > You'll also need somewhere (files)

Re: LibreSSL 2.1.2 linking issues

2014-12-10 Thread Lukas Tribus
>> I believe a not to be underestimated amount of applications #ifdef's >> certain functionality of openssl out, for example NPN >> (SSL_CTRL_SET_TLSEXT_HOSTNAME) or server preferential cipher ordering >> (SSL_OP_CIPHER_SERVER_PREFERENCE). > > That's rather different to checking using defines with

no allocbuf in buffercache

2014-12-10 Thread Kaspars Bankovskis
allocbuf was removed in 1.88 of sys/kern/vfs_bio.c but not from manpages Index: distrib/sets/lists/comp/mi === RCS file: /cvs/src/distrib/sets/lists/comp/mi,v retrieving revision 1.1117 diff -u -p -r1.1117 mi --- distrib/sets/lists/c

Re: LibreSSL 2.1.2 linking issues

2014-12-10 Thread Joel Sing
On Wed, 10 Dec 2014, Lukas Tribus wrote: > > On 2014/12/09 07:37, Brent Cook wrote: > >> If an app calls a function, it should probably check if that function > >> exists during configuration time, rather than inferring if define A > >> exists, function B and C must exist. Especially things that ar

Re: Implement a watchdog

2014-12-10 Thread Stuart Henderson
On 2014/12/10 09:15, sven falempin wrote: > http://lxr.free-electrons.com/source/drivers/hwmon/nct6775.c > > https://github.com/groeck/nct6775 > > So i guess the first step is to detect the chip You'll also need somewhere (files) to put the detection. Maybe look at the commit from when tcpcib wa

Re: Implement a watchdog

2014-12-10 Thread sven falempin
http://lxr.free-electrons.com/source/drivers/hwmon/nct6775.c https://github.com/groeck/nct6775 So i guess the first step is to detect the chip On Wed, Dec 10, 2014 at 8:32 AM, sven falempin wrote: > I guess the chip used is obviously this one : > > Nuvoton NCT6106D > > spec : > https://downlo

Re: Implement a watchdog

2014-12-10 Thread sven falempin
I guess the chip used is obviously this one : Nuvoton NCT6106D spec : https://download.nuvoton.com/NuvotonMOSS/DownloadService/Member/DocumentsInfo.aspx?tp_GUID=DA00-NCT6106D What now :p On Tue, Dec 9, 2014 at 2:15 PM, Mark Kettenis wrote: >> >> Dear Tech, >> >> i have a ENDAT 7703 motherboa

Re: [patch] sed: segfault due to use of initialized variable

2014-12-10 Thread Sébastien Marie
On Wed, Dec 10, 2014 at 10:05:49PM +1100, Jonathan Gray wrote: > On Wed, Dec 10, 2014 at 10:39:37AM +0100, Sébastien Marie wrote: > > > > Hi, > > > > Fuzzing sed with afl, I found a crash due to use of uninitialized > > variable. > > > > In process.c oldpsl variable need to be initialized: > >

Re: [patch] sed: missing bound check resulting stack overflow

2014-12-10 Thread Sébastien Marie
Hi Jonathan, I think there is a mistake in pointer comparaison (q + 1 >= eq): it results we keep two chars at end (whereas only one is necessary for '\0'). - eq points to the last cell in array before out-of-bound. eq = wfile + sizeof(wfile) - 1; - q points to the cell that would receive a new

upd(4) and some strange upses

2014-12-10 Thread Gregory Edigarov
Hi, I have a rather strange device that reports itself as ATCL FOR UPS. Almost no info is available about it on the net. Normally it attaches as a really strange generic HID, or as an ugen(4) if I set UQ_WRONG_HID quirk. As an experiment I want to attach upd(4) to this device and see what will

Re: cleanup of return values in section 2 manpages

2014-12-10 Thread Kaspars Bankovskis
I think these two are good for the change as well: Index: getrlimit.2 === RCS file: /cvs/src/lib/libc/sys/getrlimit.2,v retrieving revision 1.24 diff -u -p -r1.24 getrlimit.2 --- getrlimit.2 20 Nov 2014 03:19:23 - 1.24 +++ ge

dup(2) manpage fix

2014-12-10 Thread Kaspars Bankovskis
Index: dup.2 === RCS file: /cvs/src/lib/libc/sys/dup.2,v retrieving revision 1.17 diff -u -p -r1.17 dup.2 --- dup.2 31 Aug 2014 01:42:36 - 1.17 +++ dup.2 10 Dec 2014 12:20:09 - @@ -129,6 +129,7 @@ is zero then

cleanup of return values in section 2 manpages

2014-12-10 Thread Kaspars Bankovskis
On Wed, Dec 10, 2014 at 12:18:44AM -0700, Philip Guenther wrote: > CVSROOT: /cvs > Module name: src > Changes by: guent...@cvs.openbsd.org2014/12/10 00:18:44 > > Modified files: > lib/libc/sys : bind.2 intro.2 kill.2 > > Log message: > Prefer .In and .Rv -std More of thi

Re: [patch] sed: missing bound check resulting stack overflow

2014-12-10 Thread Jonathan Gray
On Wed, Dec 10, 2014 at 11:46:57AM +0100, Sébastien Marie wrote: > On Wed, Dec 10, 2014 at 11:16:21AM +0100, Sébastien Marie wrote: > > Hi, > > > > In compile_flags, the variable holding the filename ('w' flag of 's' > > command) is an array with PATH_MAX length. > > > > We should check the size

Re: [patch] sed: segfault due to use of initialized variable

2014-12-10 Thread Jonathan Gray
On Wed, Dec 10, 2014 at 10:39:37AM +0100, Sébastien Marie wrote: > > Hi, > > Fuzzing sed with afl, I found a crash due to use of uninitialized > variable. > > In process.c oldpsl variable need to be initialized: > > $ echo | sed -e 'g;P' > Segmentation fault (core dumped) > > The following pat

Re: [patch] sed: missing bound check resulting stack overflow

2014-12-10 Thread Sébastien Marie
On Wed, Dec 10, 2014 at 11:16:21AM +0100, Sébastien Marie wrote: > Hi, > > In compile_flags, the variable holding the filename ('w' flag of 's' > command) is an array with PATH_MAX length. > > We should check the size of wanted filename, before copying it in wfile. > > $ echo | sed -e s/a//w`per

Re: [patch] sed: missing bound check resulting stack overflow

2014-12-10 Thread Sébastien Marie
On Wed, Dec 10, 2014 at 11:16:21AM +0100, Sébastien Marie wrote: > Hi, > > In compile_flags, the variable holding the filename ('w' flag of 's' > command) is an array with PATH_MAX length. > > We should check the size of wanted filename, before copying it in wfile. > > $ echo | sed -e s/a//w`per

[patch] sed: missing bound check resulting stack overflow

2014-12-10 Thread Sébastien Marie
Hi, In compile_flags, the variable holding the filename ('w' flag of 's' command) is an array with PATH_MAX length. We should check the size of wanted filename, before copying it in wfile. $ echo | sed -e s/a//w`perl -e "print '_' x 1"` Bus error (core dumped) Found also with afl-fuzz. Th

typos

2014-12-10 Thread Kaspars Bankovskis
Index: vfs_bio.c === RCS file: /cvs/src/sys/kern/vfs_bio.c,v retrieving revision 1.163 diff -u -p -r1.163 vfs_bio.c --- vfs_bio.c 8 Oct 2014 07:33:14 - 1.163 +++ vfs_bio.c 9 Dec 2014 21:25:27 - @@ -86,7 +86,7 @@ long

[patch] sed: segfault due to use of initialized variable

2014-12-10 Thread Sébastien Marie
Hi, Fuzzing sed with afl, I found a crash due to use of uninitialized variable. In process.c oldpsl variable need to be initialized: $ echo | sed -e 'g;P' Segmentation fault (core dumped) The following patch correct this. I also include the initialization of p, as it is reported by compiler w