From owner-svn-src-stable-10@freebsd.org Sun Apr 8 15:35:58 2018 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 540FCF8AB60; Sun, 8 Apr 2018 15:35:58 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 062AA6CFC9; Sun, 8 Apr 2018 15:35:58 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D931C11CAA; Sun, 8 Apr 2018 15:35:57 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w38FZv0M067032; Sun, 8 Apr 2018 15:35:57 GMT (envelope-from brooks@FreeBSD.org) Received: (from brooks@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w38FZvwg067031; Sun, 8 Apr 2018 15:35:57 GMT (envelope-from brooks@FreeBSD.org) Message-Id: <201804081535.w38FZvwg067031@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: brooks set sender to brooks@FreeBSD.org using -f From: Brooks Davis Date: Sun, 8 Apr 2018 15:35:57 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r332280 - stable/10/sys/dev/nxge X-SVN-Group: stable-10 X-SVN-Commit-Author: brooks X-SVN-Commit-Paths: stable/10/sys/dev/nxge X-SVN-Commit-Revision: 332280 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Apr 2018 15:35:58 -0000 Author: brooks Date: Sun Apr 8 15:35:57 2018 New Revision: 332280 URL: https://svnweb.freebsd.org/changeset/base/332280 Log: MFC r331654, r331869 r331654: Don't access userspace directly from the kernel in nxge(4). Update to what the previous code seemed to be doing via the correct interfaces. Further issues exist in xge_ioctl_registers(), but this is debugging code in a driver that has few users and they don't appear to be crashes or leaks. Reviewed by: jhb (prior version) Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D14848 r331869: Fix the build on arches with default unsigned char. Capture the fubyte() return value in an int as well as the char, and test the full int value for fubyte() failure. Modified: stable/10/sys/dev/nxge/if_nxge.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/dev/nxge/if_nxge.c ============================================================================== --- stable/10/sys/dev/nxge/if_nxge.c Sun Apr 8 15:30:58 2018 (r332279) +++ stable/10/sys/dev/nxge/if_nxge.c Sun Apr 8 15:35:57 2018 (r332280) @@ -1361,11 +1361,16 @@ int xge_ioctl_stats(xge_lldev_t *lldev, struct ifreq *ifreqp) { xge_hal_status_e status = XGE_HAL_OK; - char *data = (char *)ifreqp->ifr_data; + char cmd, mode; void *info = NULL; - int retValue = EINVAL; + int retValue; - switch(*data) { + cmd = retValue = fubyte(ifreqp->ifr_data); + if (retValue == -1) + return (EFAULT); + + retValue = EINVAL; + switch(cmd) { case XGE_QUERY_STATS: mtx_lock(&lldev->mtx_drv); status = xge_hal_stats_hw(lldev->devh, @@ -1493,8 +1498,8 @@ xge_ioctl_stats(xge_lldev_t *lldev, struct ifreq *ifre case XGE_SET_BUFFER_MODE_1: case XGE_SET_BUFFER_MODE_2: case XGE_SET_BUFFER_MODE_5: - *data = (*data == XGE_SET_BUFFER_MODE_1) ? 'Y':'N'; - if(copyout(data, ifreqp->ifr_data, sizeof(data)) == 0) + mode = (cmd == XGE_SET_BUFFER_MODE_1) ? 'Y':'N'; + if(copyout(&mode, ifreqp->ifr_data, sizeof(mode)) == 0) retValue = 0; break; default: @@ -1515,10 +1520,17 @@ xge_ioctl_stats(xge_lldev_t *lldev, struct ifreq *ifre int xge_ioctl_registers(xge_lldev_t *lldev, struct ifreq *ifreqp) { - xge_register_t *data = (xge_register_t *)ifreqp->ifr_data; + xge_register_t tmpdata; + xge_register_t *data; xge_hal_status_e status = XGE_HAL_OK; int retValue = EINVAL, offset = 0, index = 0; + int error; u64 val64 = 0; + + error = copyin(ifreqp->ifr_data, &tmpdata, sizeof(tmpdata)); + if (error != 0) + return (error); + data = &tmpdata; /* Reading a register */ if(strcmp(data->option, "-r") == 0) { From owner-svn-src-stable-10@freebsd.org Sun Apr 8 16:24:38 2018 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 191D0F8E07F; Sun, 8 Apr 2018 16:24:38 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BDF45683C3; Sun, 8 Apr 2018 16:24:37 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id B5A27124F7; Sun, 8 Apr 2018 16:24:37 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w38GObcQ092210; Sun, 8 Apr 2018 16:24:37 GMT (envelope-from tuexen@FreeBSD.org) Received: (from tuexen@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w38GOb3r092209; Sun, 8 Apr 2018 16:24:37 GMT (envelope-from tuexen@FreeBSD.org) Message-Id: <201804081624.w38GOb3r092209@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: tuexen set sender to tuexen@FreeBSD.org using -f From: Michael Tuexen Date: Sun, 8 Apr 2018 16:24:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r332282 - stable/10/sys/netinet/libalias X-SVN-Group: stable-10 X-SVN-Commit-Author: tuexen X-SVN-Commit-Paths: stable/10/sys/netinet/libalias X-SVN-Commit-Revision: 332282 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Apr 2018 16:24:38 -0000 Author: tuexen Date: Sun Apr 8 16:24:37 2018 New Revision: 332282 URL: https://svnweb.freebsd.org/changeset/base/332282 Log: MFC r327203: Allow the first (and second) argument of sn_calloc() be a sum. This fixes a bug reported in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224103 PR: 224103 Modified: stable/10/sys/netinet/libalias/alias_sctp.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netinet/libalias/alias_sctp.c ============================================================================== --- stable/10/sys/netinet/libalias/alias_sctp.c Sun Apr 8 15:52:32 2018 (r332281) +++ stable/10/sys/netinet/libalias/alias_sctp.c Sun Apr 8 16:24:37 2018 (r332282) @@ -185,7 +185,7 @@ static MALLOC_DEFINE(M_SCTPNAT, "sctpnat", "sctp nat d /* Use kernel allocator. */ #ifdef _SYS_MALLOC_H_ #define sn_malloc(x) malloc(x, M_SCTPNAT, M_NOWAIT|M_ZERO) -#define sn_calloc(n,x) sn_malloc(x * n) +#define sn_calloc(n,x) sn_malloc((x) * (n)) #define sn_free(x) free(x, M_SCTPNAT) #endif// #ifdef _SYS_MALLOC_H_ From owner-svn-src-stable-10@freebsd.org Sun Apr 8 16:26:16 2018 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D8A06F8E229; Sun, 8 Apr 2018 16:26:16 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 868C4692E0; Sun, 8 Apr 2018 16:26:16 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 81136124FB; Sun, 8 Apr 2018 16:26:16 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w38GQGYl092335; Sun, 8 Apr 2018 16:26:16 GMT (envelope-from tuexen@FreeBSD.org) Received: (from tuexen@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w38GQGnp092334; Sun, 8 Apr 2018 16:26:16 GMT (envelope-from tuexen@FreeBSD.org) Message-Id: <201804081626.w38GQGnp092334@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: tuexen set sender to tuexen@FreeBSD.org using -f From: Michael Tuexen Date: Sun, 8 Apr 2018 16:26:16 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r332283 - stable/10/sys/netinet/libalias X-SVN-Group: stable-10 X-SVN-Commit-Author: tuexen X-SVN-Commit-Paths: stable/10/sys/netinet/libalias X-SVN-Commit-Revision: 332283 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Apr 2018 16:26:17 -0000 Author: tuexen Date: Sun Apr 8 16:26:16 2018 New Revision: 332283 URL: https://svnweb.freebsd.org/changeset/base/332283 Log: MFC r327205: Fix an assignment. While there, do some whitespace cleanups. CID: 1008936 Modified: stable/10/sys/netinet/libalias/alias_sctp.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netinet/libalias/alias_sctp.c ============================================================================== --- stable/10/sys/netinet/libalias/alias_sctp.c Sun Apr 8 16:24:37 2018 (r332282) +++ stable/10/sys/netinet/libalias/alias_sctp.c Sun Apr 8 16:26:16 2018 (r332283) @@ -2114,31 +2114,31 @@ FindSctpGlobal(struct libalias *la, struct in_addr g_a * @return pointer to association or NULL */ static struct sctp_nat_assoc* -FindSctpLocalT(struct libalias *la, struct in_addr g_addr, uint32_t l_vtag, uint16_t g_port, uint16_t l_port) +FindSctpLocalT(struct libalias *la, struct in_addr g_addr, uint32_t l_vtag, uint16_t g_port, uint16_t l_port) { u_int i; struct sctp_nat_assoc *assoc = NULL, *lastmatch = NULL; struct sctp_GlobalAddress *G_Addr = NULL; int cnt = 0; - + if (l_vtag != 0) { /* an init packet, vtag==0 */ i = SN_TABLE_HASH(l_vtag, g_port, la->sctpNatTableSize); LIST_FOREACH(assoc, &la->sctpTableGlobal[i], list_G) { if ((assoc->g_vtag == l_vtag) && (assoc->g_port == g_port) && (assoc->l_port == l_port)) { if (assoc->num_Gaddr) { LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) { - if(G_Addr->g_addr.s_addr == G_Addr->g_addr.s_addr) - return(assoc); /* full match */ + if (G_Addr->g_addr.s_addr == g_addr.s_addr) + return (assoc); /* full match */ } } else { - if (++cnt > 1) return(NULL); + if (++cnt > 1) return (NULL); lastmatch = assoc; } } } } /* If there is more than one match we do not know which local address to send to */ - return( cnt ? lastmatch : NULL ); + return (cnt ? lastmatch : NULL); } /** @ingroup Hash From owner-svn-src-stable-10@freebsd.org Sun Apr 8 16:29:25 2018 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5899BF8E513; Sun, 8 Apr 2018 16:29:25 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0D2166AF01; Sun, 8 Apr 2018 16:29:25 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 054D212501; Sun, 8 Apr 2018 16:29:25 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w38GTOhq092494; Sun, 8 Apr 2018 16:29:24 GMT (envelope-from tuexen@FreeBSD.org) Received: (from tuexen@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w38GTOuG092493; Sun, 8 Apr 2018 16:29:24 GMT (envelope-from tuexen@FreeBSD.org) Message-Id: <201804081629.w38GTOuG092493@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: tuexen set sender to tuexen@FreeBSD.org using -f From: Michael Tuexen Date: Sun, 8 Apr 2018 16:29:24 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r332284 - stable/10/sys/netinet/libalias X-SVN-Group: stable-10 X-SVN-Commit-Author: tuexen X-SVN-Commit-Paths: stable/10/sys/netinet/libalias X-SVN-Commit-Revision: 332284 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Apr 2018 16:29:25 -0000 Author: tuexen Date: Sun Apr 8 16:29:24 2018 New Revision: 332284 URL: https://svnweb.freebsd.org/changeset/base/332284 Log: Fix an assignment to force the level to be in the required interval. CID: 1008428 Modified: stable/10/sys/netinet/libalias/alias_sctp.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netinet/libalias/alias_sctp.c ============================================================================== --- stable/10/sys/netinet/libalias/alias_sctp.c Sun Apr 8 16:26:16 2018 (r332283) +++ stable/10/sys/netinet/libalias/alias_sctp.c Sun Apr 8 16:29:24 2018 (r332284) @@ -420,9 +420,9 @@ int sysctl_chg_loglevel(SYSCTL_HANDLER_ARGS) error = sysctl_handle_int(oidp, &level, 0, req); if (error) return (error); - sysctl_log_level = (level > SN_LOG_DEBUG_MAX)?(SN_LOG_DEBUG_MAX):(level); - sysctl_log_level = (level < SN_LOG_LOW)?(SN_LOG_LOW):(level); - + level = (level > SN_LOG_DEBUG_MAX)?(SN_LOG_DEBUG_MAX):(level); + level = (level < SN_LOG_LOW)?(SN_LOG_LOW):(level); + sysctl_log_level = level; return (0); } From owner-svn-src-stable-10@freebsd.org Sun Apr 8 17:03:40 2018 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E5D65F91156; Sun, 8 Apr 2018 17:03:39 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 97D8F7E769; Sun, 8 Apr 2018 17:03:39 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 92AB812BA5; Sun, 8 Apr 2018 17:03:39 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w38H3duS014075; Sun, 8 Apr 2018 17:03:39 GMT (envelope-from brooks@FreeBSD.org) Received: (from brooks@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w38H3dgR014073; Sun, 8 Apr 2018 17:03:39 GMT (envelope-from brooks@FreeBSD.org) Message-Id: <201804081703.w38H3dgR014073@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: brooks set sender to brooks@FreeBSD.org using -f From: Brooks Davis Date: Sun, 8 Apr 2018 17:03:39 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r332291 - stable/10/sys/dev/de X-SVN-Group: stable-10 X-SVN-Commit-Author: brooks X-SVN-Commit-Paths: stable/10/sys/dev/de X-SVN-Commit-Revision: 332291 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Apr 2018 17:03:40 -0000 Author: brooks Date: Sun Apr 8 17:03:39 2018 New Revision: 332291 URL: https://svnweb.freebsd.org/changeset/base/332291 Log: MFC r331737: GC never enabled support for SIOCGADDRROM and SIOCGCHIPID. When de(4) was imported in 1997 the world was not ready for these ioctls. In over 20 years that hasn't changed so it seems safe to assume their time will never come. Reviewed by: imp, jhb Approved by: CheriBSD Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D14889 Modified: stable/10/sys/dev/de/if_de.c stable/10/sys/dev/de/if_devar.h Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/dev/de/if_de.c ============================================================================== --- stable/10/sys/dev/de/if_de.c Sun Apr 8 16:59:39 2018 (r332290) +++ stable/10/sys/dev/de/if_de.c Sun Apr 8 17:03:39 2018 (r332291) @@ -4263,18 +4263,6 @@ tulip_ifioctl(struct ifnet * ifp, u_long cmd, caddr_t break; } -#ifdef SIOCGADDRROM - case SIOCGADDRROM: { - error = copyout(sc->tulip_rombuf, ifr->ifr_data, sizeof(sc->tulip_rombuf)); - break; - } -#endif -#ifdef SIOCGCHIPID - case SIOCGCHIPID: { - ifr->ifr_metric = (int) sc->tulip_chipid; - break; - } -#endif default: { error = ether_ioctl(ifp, cmd, data); break; Modified: stable/10/sys/dev/de/if_devar.h ============================================================================== --- stable/10/sys/dev/de/if_devar.h Sun Apr 8 16:59:39 2018 (r332290) +++ stable/10/sys/dev/de/if_devar.h Sun Apr 8 17:03:39 2018 (r332291) @@ -874,11 +874,6 @@ static const struct { #define TULIP_TXMAP_POSTSYNC(ri, di) \ _TULIP_MAP_SYNC(ri, di, BUS_DMASYNC_POSTWRITE) -#ifdef notyet -#define SIOCGADDRROM _IOW('i', 240, struct ifreq) /* get 128 bytes of ROM */ -#define SIOCGCHIPID _IOWR('i', 241, struct ifreq) /* get chipid */ -#endif - #if defined(TULIP_HDR_DATA) static tulip_softc_t *tulips[TULIP_MAX_DEVICES]; #endif From owner-svn-src-stable-10@freebsd.org Sun Apr 8 17:23:34 2018 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2FFD7F92CA2; Sun, 8 Apr 2018 17:23:34 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D0D5F6A040; Sun, 8 Apr 2018 17:23:33 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CBD9512EFD; Sun, 8 Apr 2018 17:23:33 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w38HNXdk024805; Sun, 8 Apr 2018 17:23:33 GMT (envelope-from brooks@FreeBSD.org) Received: (from brooks@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w38HNXpP024804; Sun, 8 Apr 2018 17:23:33 GMT (envelope-from brooks@FreeBSD.org) Message-Id: <201804081723.w38HNXpP024804@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: brooks set sender to brooks@FreeBSD.org using -f From: Brooks Davis Date: Sun, 8 Apr 2018 17:23:33 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r332295 - stable/10/sys/net X-SVN-Group: stable-10 X-SVN-Commit-Author: brooks X-SVN-Commit-Paths: stable/10/sys/net X-SVN-Commit-Revision: 332295 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Apr 2018 17:23:34 -0000 Author: brooks Date: Sun Apr 8 17:23:33 2018 New Revision: 332295 URL: https://svnweb.freebsd.org/changeset/base/332295 Log: MFC r332087: ifconf(): Always zero the whole struct ifreq. The previous split of zeroing ifr_name and ifr_addr seperately is safe on current architectures, but would be unsafe if pointers were larger than 8 bytes. Combining the zeroing adds no real cost (a few instructions) and makes the security property easier to verify. Reviewed by: kib, emaste Obtained from: CheriBSD Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D14912 Modified: stable/10/sys/net/if.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/net/if.c ============================================================================== --- stable/10/sys/net/if.c Sun Apr 8 17:18:51 2018 (r332294) +++ stable/10/sys/net/if.c Sun Apr 8 17:23:33 2018 (r332295) @@ -3024,10 +3024,10 @@ again: int addrs; /* - * Zero the ifr_name buffer to make sure we don't - * disclose the contents of the stack. + * Zero the ifr to make sure we don't disclose the contents + * of the stack. */ - memset(ifr.ifr_name, 0, sizeof(ifr.ifr_name)); + memset(&ifr, 0, sizeof(ifr)); if (strlcpy(ifr.ifr_name, ifp->if_xname, sizeof(ifr.ifr_name)) >= sizeof(ifr.ifr_name)) { @@ -3071,7 +3071,6 @@ again: } IF_ADDR_RUNLOCK(ifp); if (addrs == 0) { - bzero((caddr_t)&ifr.ifr_addr, sizeof(ifr.ifr_addr)); sbuf_bcat(sb, &ifr, sizeof(ifr)); max_len += sizeof(ifr); From owner-svn-src-stable-10@freebsd.org Mon Apr 9 12:53:16 2018 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C757FFA1F87; Mon, 9 Apr 2018 12:53:16 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 775FC86D34; Mon, 9 Apr 2018 12:53:16 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 711ED1EF51; Mon, 9 Apr 2018 12:53:16 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w39CrG6H013967; Mon, 9 Apr 2018 12:53:16 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w39CrGZa013963; Mon, 9 Apr 2018 12:53:16 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201804091253.w39CrGZa013963@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Mon, 9 Apr 2018 12:53:16 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r332320 - stable/10/sys/dev/ath X-SVN-Group: stable-10 X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: stable/10/sys/dev/ath X-SVN-Commit-Revision: 332320 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Apr 2018 12:53:17 -0000 Author: emaste Date: Mon Apr 9 12:53:15 2018 New Revision: 332320 URL: https://svnweb.freebsd.org/changeset/base/332320 Log: MFC ath(4) potential memory disclosure fixes [1] r327499: ath: fix memory disclosure from ath_btcoex_ioctl The ath_btcoex_ioctl handler allocated a buffer without M_ZERO and returned it to userland without writing to it. The device has permissions only for root so this is not urgent, and the fix can be MFCd and considered for a future EN. [2] r327500: ath: fix possible memory disclosures in ioctl handlers Apply the fix from r327499 to additional ioctl handlers. Note: related fix in r327529 does not apply directly to stable/10 and will be addressed in a followup commit. Submitted by: Domagoj Stolfa [1] Reported by: Ilja van Sprundel [1,2] Reviewed by: adrian [1] Sponsored by: The FreeBSD Foundation Modified: stable/10/sys/dev/ath/if_ath_btcoex.c stable/10/sys/dev/ath/if_ath_lna_div.c stable/10/sys/dev/ath/if_ath_spectral.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/dev/ath/if_ath_btcoex.c ============================================================================== --- stable/10/sys/dev/ath/if_ath_btcoex.c Mon Apr 9 09:24:26 2018 (r332319) +++ stable/10/sys/dev/ath/if_ath_btcoex.c Mon Apr 9 12:53:15 2018 (r332320) @@ -321,7 +321,7 @@ ath_btcoex_ioctl(struct ath_softc *sc, struct ath_diag * pointer for us to use below in reclaiming the buffer; * may want to be more defensive. */ - outdata = malloc(outsize, M_TEMP, M_NOWAIT); + outdata = malloc(outsize, M_TEMP, M_NOWAIT | M_ZERO); if (outdata == NULL) { error = ENOMEM; goto bad; @@ -330,6 +330,7 @@ ath_btcoex_ioctl(struct ath_softc *sc, struct ath_diag switch (id) { default: error = EINVAL; + goto bad; } if (outsize < ad->ad_out_size) ad->ad_out_size = outsize; Modified: stable/10/sys/dev/ath/if_ath_lna_div.c ============================================================================== --- stable/10/sys/dev/ath/if_ath_lna_div.c Mon Apr 9 09:24:26 2018 (r332319) +++ stable/10/sys/dev/ath/if_ath_lna_div.c Mon Apr 9 12:53:15 2018 (r332320) @@ -185,7 +185,7 @@ ath_lna_div_ioctl(struct ath_softc *sc, struct ath_dia * pointer for us to use below in reclaiming the buffer; * may want to be more defensive. */ - outdata = malloc(outsize, M_TEMP, M_NOWAIT); + outdata = malloc(outsize, M_TEMP, M_NOWAIT | M_ZERO); if (outdata == NULL) { error = ENOMEM; goto bad; @@ -194,6 +194,7 @@ ath_lna_div_ioctl(struct ath_softc *sc, struct ath_dia switch (id) { default: error = EINVAL; + goto bad; } if (outsize < ad->ad_out_size) ad->ad_out_size = outsize; Modified: stable/10/sys/dev/ath/if_ath_spectral.c ============================================================================== --- stable/10/sys/dev/ath/if_ath_spectral.c Mon Apr 9 09:24:26 2018 (r332319) +++ stable/10/sys/dev/ath/if_ath_spectral.c Mon Apr 9 12:53:15 2018 (r332320) @@ -210,7 +210,7 @@ ath_ioctl_spectral(struct ath_softc *sc, struct ath_di * pointer for us to use below in reclaiming the buffer; * may want to be more defensive. */ - outdata = malloc(outsize, M_TEMP, M_NOWAIT); + outdata = malloc(outsize, M_TEMP, M_NOWAIT | M_ZERO); if (outdata == NULL) { error = ENOMEM; goto bad; @@ -273,6 +273,7 @@ ath_ioctl_spectral(struct ath_softc *sc, struct ath_di break; default: error = EINVAL; + goto bad; } if (outsize < ad->ad_out_size) ad->ad_out_size = outsize; From owner-svn-src-stable-10@freebsd.org Mon Apr 9 12:55:10 2018 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8931BFA21E1; Mon, 9 Apr 2018 12:55:10 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3CE9787E02; Mon, 9 Apr 2018 12:55:10 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3213B1EF52; Mon, 9 Apr 2018 12:55:10 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w39CtAFo014110; Mon, 9 Apr 2018 12:55:10 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w39CtA8L014109; Mon, 9 Apr 2018 12:55:10 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201804091255.w39CtA8L014109@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Mon, 9 Apr 2018 12:55:10 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r332321 - stable/10/sys/dev/ath X-SVN-Group: stable-10 X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: stable/10/sys/dev/ath X-SVN-Commit-Revision: 332321 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Apr 2018 12:55:10 -0000 Author: emaste Date: Mon Apr 9 12:55:09 2018 New Revision: 332321 URL: https://svnweb.freebsd.org/changeset/base/332321 Log: MFC r327529: ath: fix possible memory disclosure in ioctl handler Submitted by: Domagoj Stolfa Modified: stable/10/sys/dev/ath/if_ath.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/dev/ath/if_ath.c ============================================================================== --- stable/10/sys/dev/ath/if_ath.c Mon Apr 9 12:53:15 2018 (r332320) +++ stable/10/sys/dev/ath/if_ath.c Mon Apr 9 12:55:09 2018 (r332321) @@ -5910,7 +5910,7 @@ ath_ioctl_diag(struct ath_softc *sc, struct ath_diag * * pointer for us to use below in reclaiming the buffer; * may want to be more defensive. */ - outdata = malloc(outsize, M_TEMP, M_NOWAIT); + outdata = malloc(outsize, M_TEMP, M_NOWAIT | M_ZERO); if (outdata == NULL) { error = ENOMEM; goto bad; From owner-svn-src-stable-10@freebsd.org Mon Apr 9 12:57:09 2018 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 183F4FA2405; Mon, 9 Apr 2018 12:57:09 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BF5F668F5A; Mon, 9 Apr 2018 12:57:08 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id B4F4E1EF53; Mon, 9 Apr 2018 12:57:08 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w39Cv88H014242; Mon, 9 Apr 2018 12:57:08 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w39Cv8wL014241; Mon, 9 Apr 2018 12:57:08 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201804091257.w39Cv8wL014241@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Mon, 9 Apr 2018 12:57:08 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r332322 - stable/10/usr.bin/vtfontcvt X-SVN-Group: stable-10 X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: stable/10/usr.bin/vtfontcvt X-SVN-Commit-Revision: 332322 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Apr 2018 12:57:09 -0000 Author: emaste Date: Mon Apr 9 12:57:08 2018 New Revision: 332322 URL: https://svnweb.freebsd.org/changeset/base/332322 Log: MFC r331935: vtfontcvt: allow .bdf characters less than full height Sponsored by: The FreeBSD Foundation Modified: stable/10/usr.bin/vtfontcvt/vtfontcvt.c Directory Properties: stable/10/ (props changed) Modified: stable/10/usr.bin/vtfontcvt/vtfontcvt.c ============================================================================== --- stable/10/usr.bin/vtfontcvt/vtfontcvt.c Mon Apr 9 12:55:09 2018 (r332321) +++ stable/10/usr.bin/vtfontcvt/vtfontcvt.c Mon Apr 9 12:57:08 2018 (r332322) @@ -265,10 +265,23 @@ parse_bdf(FILE *fp, unsigned int map_idx) if (strncmp(ln, "BITMAP", 6) == 0 && (ln[6] == ' ' || ln[6] == '\0')) { + /* + * Assume that the next _height_ lines are bitmap + * data. ENDCHAR is allowed to terminate the bitmap + * early but is not otherwise checked; any extra data + * is ignored. + */ for (i = 0; i < height; i++) { if ((ln = fgetln(fp, &length)) == NULL) errx(1, "Unexpected EOF!\n"); ln[length - 1] = '\0'; + if (strcmp(ln, "ENDCHAR") == 0) { + memset(bytes + i * wbytes, 0, + (height - i) * wbytes); + memset(bytes_r + i * wbytes, 0, + (height - i) * wbytes); + break; + } sscanf(ln, "%x", &line); if (parse_bitmap_line(bytes + i * wbytes, bytes_r + i * wbytes, line, dwidth) != 0) From owner-svn-src-stable-10@freebsd.org Mon Apr 9 12:58:57 2018 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 92889FA25ED; Mon, 9 Apr 2018 12:58:57 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8C12B69FD1; Mon, 9 Apr 2018 12:58:54 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E1C1F1EF55; Mon, 9 Apr 2018 12:58:53 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w39Cwro7014350; Mon, 9 Apr 2018 12:58:53 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w39Cwr3p014349; Mon, 9 Apr 2018 12:58:53 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201804091258.w39Cwr3p014349@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Mon, 9 Apr 2018 12:58:53 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r332323 - stable/10/usr.bin/vtfontcvt X-SVN-Group: stable-10 X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: stable/10/usr.bin/vtfontcvt X-SVN-Commit-Revision: 332323 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Apr 2018 12:58:57 -0000 Author: emaste Date: Mon Apr 9 12:58:53 2018 New Revision: 332323 URL: https://svnweb.freebsd.org/changeset/base/332323 Log: MFC r296920: vtfontcvt: support .hex fonts with chars beyond Unicode BMP This is already supported by the vt(4) vfnt format mapping from code points to glyphs. Update the .hex font parser to accept up to six hex digits. Sponsored by: The FreeBSD Foundation Modified: stable/10/usr.bin/vtfontcvt/vtfontcvt.c Directory Properties: stable/10/ (props changed) Modified: stable/10/usr.bin/vtfontcvt/vtfontcvt.c ============================================================================== --- stable/10/usr.bin/vtfontcvt/vtfontcvt.c Mon Apr 9 12:57:08 2018 (r332322) +++ stable/10/usr.bin/vtfontcvt/vtfontcvt.c Mon Apr 9 12:58:53 2018 (r332323) @@ -328,12 +328,13 @@ parse_hex(FILE *fp, unsigned int map_idx) if (bytes != NULL) errx(1, "malformed input: Width tag after font data"); set_width(atoi(ln + 9)); - } else if (sscanf(ln, "%4x:", &curchar)) { + } else if (sscanf(ln, "%6x:", &curchar)) { if (bytes == NULL) { bytes = xmalloc(wbytes * height); bytes_r = xmalloc(wbytes * height); } - p = ln + 5; + /* ln is guaranteed to have a colon here. */ + p = strchr(ln, ':') + 1; chars_per_row = strlen(p) / height; dwidth = width; if (chars_per_row / 2 > (width + 7) / 8) From owner-svn-src-stable-10@freebsd.org Mon Apr 9 13:00:03 2018 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C6D5AFA270C; Mon, 9 Apr 2018 13:00:03 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 733626AA23; Mon, 9 Apr 2018 13:00:03 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6E15F1EF5A; Mon, 9 Apr 2018 13:00:03 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w39D03Ob014501; Mon, 9 Apr 2018 13:00:03 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w39D03eI014500; Mon, 9 Apr 2018 13:00:03 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201804091300.w39D03eI014500@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Mon, 9 Apr 2018 13:00:03 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r332324 - stable/10/usr.bin/vtfontcvt X-SVN-Group: stable-10 X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: stable/10/usr.bin/vtfontcvt X-SVN-Commit-Revision: 332324 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Apr 2018 13:00:04 -0000 Author: emaste Date: Mon Apr 9 13:00:03 2018 New Revision: 332324 URL: https://svnweb.freebsd.org/changeset/base/332324 Log: MFC r282920: vtfontcvt: Allow 6 digits in verbose output Some fonts (e.g. GNU Unifont) have more than 100,000 (half-)glyphs. Sponsored by: The FreeBSD Foundation Modified: stable/10/usr.bin/vtfontcvt/vtfontcvt.c Directory Properties: stable/10/ (props changed) Modified: stable/10/usr.bin/vtfontcvt/vtfontcvt.c ============================================================================== --- stable/10/usr.bin/vtfontcvt/vtfontcvt.c Mon Apr 9 12:58:53 2018 (r332323) +++ stable/10/usr.bin/vtfontcvt/vtfontcvt.c Mon Apr 9 13:00:03 2018 (r332324) @@ -513,24 +513,24 @@ print_font_info(void) { printf( "Statistics:\n" -"- glyph_total: %5u\n" -"- glyph_normal: %5u\n" -"- glyph_normal_right: %5u\n" -"- glyph_bold: %5u\n" -"- glyph_bold_right: %5u\n" -"- glyph_unique: %5u\n" -"- glyph_dupe: %5u\n" -"- mapping_total: %5u\n" -"- mapping_normal: %5u\n" -"- mapping_normal_folded: %5u\n" -"- mapping_normal_right: %5u\n" -"- mapping_normal_right_folded: %5u\n" -"- mapping_bold: %5u\n" -"- mapping_bold_folded: %5u\n" -"- mapping_bold_right: %5u\n" -"- mapping_bold_right_folded: %5u\n" -"- mapping_unique: %5u\n" -"- mapping_dupe: %5u\n", +"- glyph_total: %6u\n" +"- glyph_normal: %6u\n" +"- glyph_normal_right: %6u\n" +"- glyph_bold: %6u\n" +"- glyph_bold_right: %6u\n" +"- glyph_unique: %6u\n" +"- glyph_dupe: %6u\n" +"- mapping_total: %6u\n" +"- mapping_normal: %6u\n" +"- mapping_normal_folded: %6u\n" +"- mapping_normal_right: %6u\n" +"- mapping_normal_right_folded: %6u\n" +"- mapping_bold: %6u\n" +"- mapping_bold_folded: %6u\n" +"- mapping_bold_right: %6u\n" +"- mapping_bold_right_folded: %6u\n" +"- mapping_unique: %6u\n" +"- mapping_dupe: %6u\n", glyph_total, glyph_count[0], glyph_count[1], From owner-svn-src-stable-10@freebsd.org Mon Apr 9 13:01:44 2018 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0AB22FA29BB; Mon, 9 Apr 2018 13:01:44 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B24B66BA39; Mon, 9 Apr 2018 13:01:43 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id AD5851EFAE; Mon, 9 Apr 2018 13:01:43 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w39D1hOO019154; Mon, 9 Apr 2018 13:01:43 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w39D1heB019153; Mon, 9 Apr 2018 13:01:43 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201804091301.w39D1heB019153@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Mon, 9 Apr 2018 13:01:43 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r332325 - stable/10/sys/i386/i386 X-SVN-Group: stable-10 X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: stable/10/sys/i386/i386 X-SVN-Commit-Revision: 332325 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Apr 2018 13:01:44 -0000 Author: emaste Date: Mon Apr 9 13:01:43 2018 New Revision: 332325 URL: https://svnweb.freebsd.org/changeset/base/332325 Log: MFC r331053: ANSIfy i386/vm86.c Modified: stable/10/sys/i386/i386/vm86.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/i386/i386/vm86.c ============================================================================== --- stable/10/sys/i386/i386/vm86.c Mon Apr 9 13:00:03 2018 (r332324) +++ stable/10/sys/i386/i386/vm86.c Mon Apr 9 13:01:43 2018 (r332325) @@ -128,8 +128,7 @@ POPL(struct vm86frame *vmf) } int -vm86_emulate(vmf) - struct vm86frame *vmf; +vm86_emulate(struct vm86frame *vmf) { struct vm86_kernel *vm86; caddr_t addr; @@ -586,10 +585,7 @@ vm86_intcall(int intnum, struct vm86frame *vmf) * caller's cs:ip routine. */ int -vm86_datacall(intnum, vmf, vmc) - int intnum; - struct vm86frame *vmf; - struct vm86context *vmc; +vm86_datacall(int intnum, struct vm86frame *vmf, struct vm86context *vmc) { pt_entry_t *pte = (pt_entry_t *)vm86paddr; vm_paddr_t page; @@ -634,11 +630,8 @@ vm86_getaddr(struct vm86context *vmc, u_short sel, u_s } int -vm86_getptr(vmc, kva, sel, off) - struct vm86context *vmc; - vm_offset_t kva; - u_short *sel; - u_short *off; +vm86_getptr(struct vm86context *vmc, vm_offset_t kva, u_short *sel, + u_short *off) { int i; @@ -653,9 +646,7 @@ vm86_getptr(vmc, kva, sel, off) } int -vm86_sysarch(td, args) - struct thread *td; - char *args; +vm86_sysarch(struct thread *td, char *args) { int error = 0; struct i386_vm86_args ua; From owner-svn-src-stable-10@freebsd.org Mon Apr 9 15:29:15 2018 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AB8EFF88EDF; Mon, 9 Apr 2018 15:29:15 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5973A7F105; Mon, 9 Apr 2018 15:29:15 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 50DF5207B2; Mon, 9 Apr 2018 15:29:15 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w39FTFk9089687; Mon, 9 Apr 2018 15:29:15 GMT (envelope-from kp@FreeBSD.org) Received: (from kp@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w39FTFdH089686; Mon, 9 Apr 2018 15:29:15 GMT (envelope-from kp@FreeBSD.org) Message-Id: <201804091529.w39FTFdH089686@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org using -f From: Kristof Provost Date: Mon, 9 Apr 2018 15:29:15 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r332330 - stable/10/sys/netpfil/pf X-SVN-Group: stable-10 X-SVN-Commit-Author: kp X-SVN-Commit-Paths: stable/10/sys/netpfil/pf X-SVN-Commit-Revision: 332330 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Apr 2018 15:29:15 -0000 Author: kp Date: Mon Apr 9 15:29:14 2018 New Revision: 332330 URL: https://svnweb.freebsd.org/changeset/base/332330 Log: MFC r331225: pf: Fix memory leak in DIOCRADDTABLES If a user attempts to add two tables with the same name the duplicate table will not be added, but we forgot to free the duplicate table, leaking memory. Ensure we free the duplicate table in the error path. Reported by: Coverity CID: 1382111 Modified: stable/10/sys/netpfil/pf/pf_table.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netpfil/pf/pf_table.c ============================================================================== --- stable/10/sys/netpfil/pf/pf_table.c Mon Apr 9 15:21:40 2018 (r332329) +++ stable/10/sys/netpfil/pf/pf_table.c Mon Apr 9 15:29:14 2018 (r332330) @@ -1123,8 +1123,10 @@ pfr_add_tables(struct pfr_table *tbl, int size, int *n if (p == NULL) senderr(ENOMEM); SLIST_FOREACH(q, &addq, pfrkt_workq) { - if (!pfr_ktable_compare(p, q)) + if (!pfr_ktable_compare(p, q)) { + pfr_destroy_ktable(p, 0); goto _skip; + } } SLIST_INSERT_HEAD(&addq, p, pfrkt_workq); xadd++; From owner-svn-src-stable-10@freebsd.org Mon Apr 9 16:32:49 2018 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D1918F8D510; Mon, 9 Apr 2018 16:32:49 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 81A61828D0; Mon, 9 Apr 2018 16:32:49 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 784272130B; Mon, 9 Apr 2018 16:32:49 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w39GWna2024736; Mon, 9 Apr 2018 16:32:49 GMT (envelope-from brooks@FreeBSD.org) Received: (from brooks@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w39GWnui024735; Mon, 9 Apr 2018 16:32:49 GMT (envelope-from brooks@FreeBSD.org) Message-Id: <201804091632.w39GWnui024735@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: brooks set sender to brooks@FreeBSD.org using -f From: Brooks Davis Date: Mon, 9 Apr 2018 16:32:49 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r332332 - stable/10/sys/net X-SVN-Group: stable-10 X-SVN-Commit-Author: brooks X-SVN-Commit-Paths: stable/10/sys/net X-SVN-Commit-Revision: 332332 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Apr 2018 16:32:50 -0000 Author: brooks Date: Mon Apr 9 16:32:49 2018 New Revision: 332332 URL: https://svnweb.freebsd.org/changeset/base/332332 Log: MFC r332151: ifconf(): correct handling of sockaddrs smaller than struct sockaddr. Portable programs that use SIOCGIFCONF (e.g. traceroute) assume that each pseudo ifreq is of length MAX(sizeof(struct ifreq), sizeof(ifr_name) + ifr_addr.sa_len). For short sockaddrs we copied too much from the source sockaddr resulting in a heap leak. I believe only one such sockaddr exists (struct sockaddr_sco which is 8 bytes) and it is unclear if such sockaddrs end up on interfaces in practice. If it did, the result would be an 8 byte heap leak on current architectures. admbugs: 869 Reviewed by: kib Obtained from: CheriBSD Security: kernel heap leak Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D14981 Modified: stable/10/sys/net/if.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/net/if.c ============================================================================== --- stable/10/sys/net/if.c Mon Apr 9 16:18:02 2018 (r332331) +++ stable/10/sys/net/if.c Mon Apr 9 16:32:49 2018 (r332332) @@ -3055,7 +3055,13 @@ again: } else #endif if (sa->sa_len <= sizeof(*sa)) { - ifr.ifr_addr = *sa; + if (sa->sa_len < sizeof(*sa)) { + memset(&ifr.ifr_ifru.ifru_addr, 0, + sizeof(ifr.ifr_ifru.ifru_addr)); + memcpy(&ifr.ifr_ifru.ifru_addr, sa, + sa->sa_len); + } else + ifr.ifr_ifru.ifru_addr = *sa; sbuf_bcat(sb, &ifr, sizeof(ifr)); max_len += sizeof(ifr); } else { From owner-svn-src-stable-10@freebsd.org Tue Apr 10 03:15:08 2018 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EEC43F97FBD; Tue, 10 Apr 2018 03:15:07 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A524880736; Tue, 10 Apr 2018 03:15:07 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9FD2727C2D; Tue, 10 Apr 2018 03:15:07 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w3A3F7wN054791; Tue, 10 Apr 2018 03:15:07 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w3A3F7Tk054790; Tue, 10 Apr 2018 03:15:07 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201804100315.w3A3F7Tk054790@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Tue, 10 Apr 2018 03:15:07 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r332348 - stable/10/usr.sbin/rpcbind X-SVN-Group: stable-10 X-SVN-Commit-Author: delphij X-SVN-Commit-Paths: stable/10/usr.sbin/rpcbind X-SVN-Commit-Revision: 332348 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Apr 2018 03:15:08 -0000 Author: delphij Date: Tue Apr 10 03:15:07 2018 New Revision: 332348 URL: https://svnweb.freebsd.org/changeset/base/332348 Log: MFC r331180: Plug a possible memory leak. Modified: stable/10/usr.sbin/rpcbind/rpcbind.c Directory Properties: stable/10/ (props changed) Modified: stable/10/usr.sbin/rpcbind/rpcbind.c ============================================================================== --- stable/10/usr.sbin/rpcbind/rpcbind.c Tue Apr 10 03:12:22 2018 (r332347) +++ stable/10/usr.sbin/rpcbind/rpcbind.c Tue Apr 10 03:15:07 2018 (r332348) @@ -548,6 +548,8 @@ init_transport(struct netconfig *nconf) pml->pml_map.pm_port = PMAPPORT; if (strcmp(nconf->nc_proto, NC_TCP) == 0) { if (tcptrans[0]) { + free(pml); + pml = NULL; syslog(LOG_ERR, "cannot have more than one TCP transport"); goto error; From owner-svn-src-stable-10@freebsd.org Tue Apr 10 14:07:30 2018 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A1606F9FA94; Tue, 10 Apr 2018 14:07:30 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 536C6747B8; Tue, 10 Apr 2018 14:07:30 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4B5D068F8; Tue, 10 Apr 2018 14:07:30 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w3AE7UYD078419; Tue, 10 Apr 2018 14:07:30 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w3AE7Twe078417; Tue, 10 Apr 2018 14:07:29 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <201804101407.w3AE7Twe078417@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Tue, 10 Apr 2018 14:07:29 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r332370 - in stable: 10/release/doc/share/xml 11/release/doc/share/xml X-SVN-Group: stable-10 X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: in stable: 10/release/doc/share/xml 11/release/doc/share/xml X-SVN-Commit-Revision: 332370 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Apr 2018 14:07:31 -0000 Author: gjb Date: Tue Apr 10 14:07:29 2018 New Revision: 332370 URL: https://svnweb.freebsd.org/changeset/base/332370 Log: Document EN-18:03, EN-18:04, SA-18:04, SA-18:05. Sponsored by: The FreeBSD Foundation Modified: stable/10/release/doc/share/xml/errata.xml stable/10/release/doc/share/xml/security.xml Changes in other areas also in this revision: Modified: stable/11/release/doc/share/xml/errata.xml stable/11/release/doc/share/xml/security.xml Modified: stable/10/release/doc/share/xml/errata.xml ============================================================================== --- stable/10/release/doc/share/xml/errata.xml Tue Apr 10 14:07:02 2018 (r332369) +++ stable/10/release/doc/share/xml/errata.xml Tue Apr 10 14:07:29 2018 (r332370) @@ -40,6 +40,22 @@ 07 March 2018 Stack-based buffer overflow + + + FreeBSD-EN-18:03.tzdata + 04 April 2018 + Update timezone database + information + + + + FreeBSD-EN-18:04.mem + 04 April 2018 + Multiple small kernel memory + disclosures + Modified: stable/10/release/doc/share/xml/security.xml ============================================================================== --- stable/10/release/doc/share/xml/security.xml Tue Apr 10 14:07:02 2018 (r332369) +++ stable/10/release/doc/share/xml/security.xml Tue Apr 10 14:07:29 2018 (r332370) @@ -83,6 +83,21 @@ 07 March 2018 Multiple vulnerabilities + + + FreeBSD-SA-18:04.vt + 04 April 2018 + Fix &man.vt.4; console memory + disclosure + + + + FreeBSD-SA-18:05.ipsec + 04 April 2018 + Fix denial of service + From owner-svn-src-stable-10@freebsd.org Fri Apr 13 03:47:42 2018 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5A49EF8758A; Fri, 13 Apr 2018 03:47:42 +0000 (UTC) (envelope-from rgrimes@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 05CEB87286; Fri, 13 Apr 2018 03:47:42 +0000 (UTC) (envelope-from rgrimes@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 009A5148FC; Fri, 13 Apr 2018 03:47:42 +0000 (UTC) (envelope-from rgrimes@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w3D3lfG7050580; Fri, 13 Apr 2018 03:47:41 GMT (envelope-from rgrimes@FreeBSD.org) Received: (from rgrimes@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w3D3lfTx050579; Fri, 13 Apr 2018 03:47:41 GMT (envelope-from rgrimes@FreeBSD.org) Message-Id: <201804130347.w3D3lfTx050579@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rgrimes set sender to rgrimes@FreeBSD.org using -f From: "Rodney W. Grimes" Date: Fri, 13 Apr 2018 03:47:41 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r332465 - in stable: 10/sbin/reboot 11/sbin/reboot X-SVN-Group: stable-10 X-SVN-Commit-Author: rgrimes X-SVN-Commit-Paths: in stable: 10/sbin/reboot 11/sbin/reboot X-SVN-Commit-Revision: 332465 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Apr 2018 03:47:42 -0000 Author: rgrimes Date: Fri Apr 13 03:47:41 2018 New Revision: 332465 URL: https://svnweb.freebsd.org/changeset/base/332465 Log: MFC: r332075 Exit with usage when extra arguments are on command line preventing mistakes such as "halt 0p" for "halt -p". Approved by: bde (mentor, implicit), phk (mentor,implicit) MFC after: 1 week Modified: stable/10/sbin/reboot/reboot.c Directory Properties: stable/10/ (props changed) Changes in other areas also in this revision: Modified: stable/11/sbin/reboot/reboot.c Directory Properties: stable/11/ (props changed) Modified: stable/10/sbin/reboot/reboot.c ============================================================================== --- stable/10/sbin/reboot/reboot.c Fri Apr 13 03:32:18 2018 (r332464) +++ stable/10/sbin/reboot/reboot.c Fri Apr 13 03:47:41 2018 (r332465) @@ -111,6 +111,8 @@ main(int argc, char *argv[]) } argc -= optind; argv += optind; + if (argc != 0) + usage(); if ((howto & (RB_DUMP | RB_HALT)) == (RB_DUMP | RB_HALT)) errx(1, "cannot dump (-d) when halting; must reboot instead"); From owner-svn-src-stable-10@freebsd.org Fri Apr 13 19:23:10 2018 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1D822FA10AD; Fri, 13 Apr 2018 19:23:10 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1C41971A47; Fri, 13 Apr 2018 19:23:06 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6E4F61DF03; Fri, 13 Apr 2018 19:23:06 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w3DJN67t018944; Fri, 13 Apr 2018 19:23:06 GMT (envelope-from kp@FreeBSD.org) Received: (from kp@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w3DJN6JZ018943; Fri, 13 Apr 2018 19:23:06 GMT (envelope-from kp@FreeBSD.org) Message-Id: <201804131923.w3DJN6JZ018943@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org using -f From: Kristof Provost Date: Fri, 13 Apr 2018 19:23:06 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r332487 - stable/10/sys/netpfil/pf X-SVN-Group: stable-10 X-SVN-Commit-Author: kp X-SVN-Commit-Paths: stable/10/sys/netpfil/pf X-SVN-Commit-Revision: 332487 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Apr 2018 19:23:10 -0000 Author: kp Date: Fri Apr 13 19:23:06 2018 New Revision: 332487 URL: https://svnweb.freebsd.org/changeset/base/332487 Log: MFC r332101: pf: Improve ioctl validation for DIOCRADDTABLES and DIOCRDELTABLES The DIOCRADDTABLES and DIOCRDELTABLES ioctls can process a number of tables at a time, and as such try to allocate * sizeof(struct pfr_table). This multiplication can overflow. Thanks to mallocarray() this is not exploitable, but an overflow does panic the system. Arbitrarily limit this to 65535 tables. pfctl only ever processes one table at a time, so it presents no issues there. Modified: stable/10/sys/netpfil/pf/pf_ioctl.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netpfil/pf/pf_ioctl.c ============================================================================== --- stable/10/sys/netpfil/pf/pf_ioctl.c Fri Apr 13 19:23:01 2018 (r332486) +++ stable/10/sys/netpfil/pf/pf_ioctl.c Fri Apr 13 19:23:06 2018 (r332487) @@ -83,6 +83,8 @@ __FBSDID("$FreeBSD$"); #include #endif +#define PF_TABLES_MAX_REQUEST 65535 /* Maximum tables per request. */ + static int pfattach(void); static struct pf_pool *pf_get_pool(char *, u_int32_t, u_int8_t, u_int32_t, u_int8_t, u_int8_t, u_int8_t); @@ -2513,13 +2515,15 @@ DIOCCHANGEADDR_error: error = ENODEV; break; } - totlen = io->pfrio_size * sizeof(struct pfr_table); - pfrts = mallocarray(io->pfrio_size, sizeof(struct pfr_table), - M_TEMP, M_WAITOK); - if (! pfrts) { + + if (io->pfrio_size < 0 || io->pfrio_size > PF_TABLES_MAX_REQUEST) { error = ENOMEM; break; } + + totlen = io->pfrio_size * sizeof(struct pfr_table); + pfrts = mallocarray(io->pfrio_size, sizeof(struct pfr_table), + M_TEMP, M_WAITOK); error = copyin(io->pfrio_buffer, pfrts, totlen); if (error) { free(pfrts, M_TEMP); @@ -2542,13 +2546,15 @@ DIOCCHANGEADDR_error: error = ENODEV; break; } - totlen = io->pfrio_size * sizeof(struct pfr_table); - pfrts = mallocarray(io->pfrio_size, sizeof(struct pfr_table), - M_TEMP, M_WAITOK); - if (! pfrts) { + + if (io->pfrio_size < 0 || io->pfrio_size > PF_TABLES_MAX_REQUEST) { error = ENOMEM; break; } + + totlen = io->pfrio_size * sizeof(struct pfr_table); + pfrts = mallocarray(io->pfrio_size, sizeof(struct pfr_table), + M_TEMP, M_WAITOK); error = copyin(io->pfrio_buffer, pfrts, totlen); if (error) { free(pfrts, M_TEMP); From owner-svn-src-stable-10@freebsd.org Fri Apr 13 21:19:07 2018 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4E044F826B8; Fri, 13 Apr 2018 21:19:07 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EDB906B6D8; Fri, 13 Apr 2018 21:19:06 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DD0A21F0C3; Fri, 13 Apr 2018 21:19:06 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w3DLJ6TI079264; Fri, 13 Apr 2018 21:19:06 GMT (envelope-from kp@FreeBSD.org) Received: (from kp@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w3DLJ6fU079263; Fri, 13 Apr 2018 21:19:06 GMT (envelope-from kp@FreeBSD.org) Message-Id: <201804132119.w3DLJ6fU079263@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org using -f From: Kristof Provost Date: Fri, 13 Apr 2018 21:19:06 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r332492 - stable/10/sys/netpfil/pf X-SVN-Group: stable-10 X-SVN-Commit-Author: kp X-SVN-Commit-Paths: stable/10/sys/netpfil/pf X-SVN-Commit-Revision: 332492 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Apr 2018 21:19:07 -0000 Author: kp Date: Fri Apr 13 21:19:06 2018 New Revision: 332492 URL: https://svnweb.freebsd.org/changeset/base/332492 Log: MFC r332136: pf: Improve ioctl validation for DIOCIGETIFACES and DIOCXCOMMIT These ioctls can process a number of items at a time, which puts us at risk of overflow in mallocarray() and of impossibly large allocations even if we don't overflow. There's no obvious limit to the request size for these, so we limit the requests to something which won't overflow. Change the memory allocation to M_NOWAIT so excessive requests will fail rather than stall forever. Modified: stable/10/sys/netpfil/pf/pf_ioctl.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netpfil/pf/pf_ioctl.c ============================================================================== --- stable/10/sys/netpfil/pf/pf_ioctl.c Fri Apr 13 21:19:03 2018 (r332491) +++ stable/10/sys/netpfil/pf/pf_ioctl.c Fri Apr 13 21:19:06 2018 (r332492) @@ -3105,10 +3105,17 @@ DIOCCHANGEADDR_error: error = ENODEV; break; } + + if (io->size < 0 || + WOULD_OVERFLOW(io->size, sizeof(struct pfioc_trans_e))) { + error = EINVAL; + break; + } + totlen = sizeof(struct pfioc_trans_e) * io->size; ioes = mallocarray(io->size, sizeof(struct pfioc_trans_e), - M_TEMP, M_WAITOK); - if (! ioes) { + M_TEMP, M_NOWAIT); + if (ioes == NULL) { error = ENOMEM; break; } @@ -3311,13 +3318,20 @@ DIOCCHANGEADDR_error: break; } + if (io->pfiio_size < 0 || + WOULD_OVERFLOW(io->pfiio_size, sizeof(struct pfi_kif))) { + error = EINVAL; + break; + } + bufsiz = io->pfiio_size * sizeof(struct pfi_kif); ifstore = mallocarray(io->pfiio_size, sizeof(struct pfi_kif), - M_TEMP, M_WAITOK); - if (! ifstore) { + M_TEMP, M_NOWAIT); + if (ifstore == NULL) { error = ENOMEM; break; } + PF_RULES_RLOCK(); pfi_get_ifaces(io->pfiio_name, ifstore, &io->pfiio_size); PF_RULES_RUNLOCK(); From owner-svn-src-stable-10@freebsd.org Fri Apr 13 22:33:19 2018 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 01B43F87C6D; Fri, 13 Apr 2018 22:33:19 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AB52F7C8FB; Fri, 13 Apr 2018 22:33:18 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A65011FD65; Fri, 13 Apr 2018 22:33:18 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w3DMXIr1019364; Fri, 13 Apr 2018 22:33:18 GMT (envelope-from kp@FreeBSD.org) Received: (from kp@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w3DMXIEW019361; Fri, 13 Apr 2018 22:33:18 GMT (envelope-from kp@FreeBSD.org) Message-Id: <201804132233.w3DMXIEW019361@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org using -f From: Kristof Provost Date: Fri, 13 Apr 2018 22:33:18 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r332494 - in stable/10/sys: net netpfil/pf X-SVN-Group: stable-10 X-SVN-Commit-Author: kp X-SVN-Commit-Paths: in stable/10/sys: net netpfil/pf X-SVN-Commit-Revision: 332494 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Apr 2018 22:33:19 -0000 Author: kp Date: Fri Apr 13 22:33:18 2018 New Revision: 332494 URL: https://svnweb.freebsd.org/changeset/base/332494 Log: MFC r332107: pf: Improve ioctl validation for DIOCRGETTABLES, DIOCRGETTSTATS, DIOCRCLRTSTATS and DIOCRSETTFLAGS These ioctls can process a number of items at a time, which puts us at risk of overflow in mallocarray() and of impossibly large allocations even if we don't overflow. Limit the allocation to required size (or the user allocation, if that's smaller). That does mean we need to do the allocation with the rules lock held (so the number doesn't change while we're doing this), so it can't M_WAITOK. Modified: stable/10/sys/net/pfvar.h stable/10/sys/netpfil/pf/pf_ioctl.c stable/10/sys/netpfil/pf/pf_table.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/net/pfvar.h ============================================================================== --- stable/10/sys/net/pfvar.h Fri Apr 13 22:32:28 2018 (r332493) +++ stable/10/sys/net/pfvar.h Fri Apr 13 22:33:18 2018 (r332494) @@ -1627,6 +1627,7 @@ void pfr_detach_table(struct pfr_ktable *); int pfr_clr_tables(struct pfr_table *, int *, int); int pfr_add_tables(struct pfr_table *, int, int *, int); int pfr_del_tables(struct pfr_table *, int, int *, int); +int pfr_table_count(struct pfr_table *, int); int pfr_get_tables(struct pfr_table *, struct pfr_table *, int *, int); int pfr_get_tstats(struct pfr_table *, struct pfr_tstats *, int *, int); int pfr_clr_tstats(struct pfr_table *, int, int *, int); Modified: stable/10/sys/netpfil/pf/pf_ioctl.c ============================================================================== --- stable/10/sys/netpfil/pf/pf_ioctl.c Fri Apr 13 22:32:28 2018 (r332493) +++ stable/10/sys/netpfil/pf/pf_ioctl.c Fri Apr 13 22:33:18 2018 (r332494) @@ -2571,20 +2571,25 @@ DIOCCHANGEADDR_error: case DIOCRGETTABLES: { struct pfioc_table *io = (struct pfioc_table *)addr; struct pfr_table *pfrts; - size_t totlen; + size_t totlen, n; if (io->pfrio_esize != sizeof(struct pfr_table)) { error = ENODEV; break; } + PF_RULES_RLOCK(); + n = pfr_table_count(&io->pfrio_table, io->pfrio_flags); + io->pfrio_size = min(io->pfrio_size, n); + totlen = io->pfrio_size * sizeof(struct pfr_table); + pfrts = mallocarray(io->pfrio_size, sizeof(struct pfr_table), - M_TEMP, M_WAITOK); - if (! pfrts) { + M_TEMP, M_NOWAIT); + if (pfrts == NULL) { error = ENOMEM; + PF_RULES_RUNLOCK(); break; } - PF_RULES_RLOCK(); error = pfr_get_tables(&io->pfrio_table, pfrts, &io->pfrio_size, io->pfrio_flags | PFR_FLAG_USERIOCTL); PF_RULES_RUNLOCK(); @@ -2597,20 +2602,24 @@ DIOCCHANGEADDR_error: case DIOCRGETTSTATS: { struct pfioc_table *io = (struct pfioc_table *)addr; struct pfr_tstats *pfrtstats; - size_t totlen; + size_t totlen, n; if (io->pfrio_esize != sizeof(struct pfr_tstats)) { error = ENODEV; break; } + PF_RULES_WLOCK(); + n = pfr_table_count(&io->pfrio_table, io->pfrio_flags); + io->pfrio_size = min(io->pfrio_size, n); + totlen = io->pfrio_size * sizeof(struct pfr_tstats); pfrtstats = mallocarray(io->pfrio_size, - sizeof(struct pfr_tstats), M_TEMP, M_WAITOK); - if (! pfrtstats) { + sizeof(struct pfr_tstats), M_TEMP, M_NOWAIT); + if (pfrtstats == NULL) { error = ENOMEM; + PF_RULES_WUNLOCK(); break; } - PF_RULES_WLOCK(); error = pfr_get_tstats(&io->pfrio_table, pfrtstats, &io->pfrio_size, io->pfrio_flags | PFR_FLAG_USERIOCTL); PF_RULES_WUNLOCK(); @@ -2623,25 +2632,31 @@ DIOCCHANGEADDR_error: case DIOCRCLRTSTATS: { struct pfioc_table *io = (struct pfioc_table *)addr; struct pfr_table *pfrts; - size_t totlen; + size_t totlen, n; if (io->pfrio_esize != sizeof(struct pfr_table)) { error = ENODEV; break; } + + PF_RULES_WLOCK(); + n = pfr_table_count(&io->pfrio_table, io->pfrio_flags); + io->pfrio_size = min(io->pfrio_size, n); + totlen = io->pfrio_size * sizeof(struct pfr_table); pfrts = mallocarray(io->pfrio_size, sizeof(struct pfr_table), - M_TEMP, M_WAITOK); - if (! pfrts) { + M_TEMP, M_NOWAIT); + if (pfrts == NULL) { error = ENOMEM; + PF_RULES_WUNLOCK(); break; } error = copyin(io->pfrio_buffer, pfrts, totlen); if (error) { free(pfrts, M_TEMP); + PF_RULES_WUNLOCK(); break; } - PF_RULES_WLOCK(); error = pfr_clr_tstats(pfrts, io->pfrio_size, &io->pfrio_nzero, io->pfrio_flags | PFR_FLAG_USERIOCTL); PF_RULES_WUNLOCK(); @@ -2652,25 +2667,31 @@ DIOCCHANGEADDR_error: case DIOCRSETTFLAGS: { struct pfioc_table *io = (struct pfioc_table *)addr; struct pfr_table *pfrts; - size_t totlen; + size_t totlen, n; if (io->pfrio_esize != sizeof(struct pfr_table)) { error = ENODEV; break; } + + PF_RULES_WLOCK(); + n = pfr_table_count(&io->pfrio_table, io->pfrio_flags); + io->pfrio_size = min(io->pfrio_size, n); + totlen = io->pfrio_size * sizeof(struct pfr_table); pfrts = mallocarray(io->pfrio_size, sizeof(struct pfr_table), - M_TEMP, M_WAITOK); - if (! pfrts) { + M_TEMP, M_NOWAIT); + if (pfrts == NULL) { error = ENOMEM; + PF_RULES_WUNLOCK(); break; } error = copyin(io->pfrio_buffer, pfrts, totlen); if (error) { free(pfrts, M_TEMP); + PF_RULES_WUNLOCK(); break; } - PF_RULES_WLOCK(); error = pfr_set_tflags(pfrts, io->pfrio_size, io->pfrio_setflag, io->pfrio_clrflag, &io->pfrio_nchange, &io->pfrio_ndel, io->pfrio_flags | PFR_FLAG_USERIOCTL); Modified: stable/10/sys/netpfil/pf/pf_table.c ============================================================================== --- stable/10/sys/netpfil/pf/pf_table.c Fri Apr 13 22:32:28 2018 (r332493) +++ stable/10/sys/netpfil/pf/pf_table.c Fri Apr 13 22:33:18 2018 (r332494) @@ -174,7 +174,6 @@ static struct pfr_ktable *pfr_lookup_table(struct pfr_table *); static void pfr_clean_node_mask(struct pfr_ktable *, struct pfr_kentryworkq *); -static int pfr_table_count(struct pfr_table *, int); static int pfr_skip_table(struct pfr_table *, struct pfr_ktable *, int); static struct pfr_kentry @@ -1680,7 +1679,7 @@ pfr_fix_anchor(char *anchor) return (0); } -static int +int pfr_table_count(struct pfr_table *filter, int flags) { struct pf_ruleset *rs; From owner-svn-src-stable-10@freebsd.org Sat Apr 14 00:20:48 2018 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 36C07F8F015; Sat, 14 Apr 2018 00:20:48 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D78AA736CF; Sat, 14 Apr 2018 00:20:47 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D26E920D49; Sat, 14 Apr 2018 00:20:47 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w3E0KlKu069549; Sat, 14 Apr 2018 00:20:47 GMT (envelope-from kp@FreeBSD.org) Received: (from kp@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w3E0KlCv069548; Sat, 14 Apr 2018 00:20:47 GMT (envelope-from kp@FreeBSD.org) Message-Id: <201804140020.w3E0KlCv069548@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org using -f From: Kristof Provost Date: Sat, 14 Apr 2018 00:20:47 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r332497 - stable/10/sys/netpfil/pf X-SVN-Group: stable-10 X-SVN-Commit-Author: kp X-SVN-Commit-Paths: stable/10/sys/netpfil/pf X-SVN-Commit-Revision: 332497 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Apr 2018 00:20:48 -0000 Author: kp Date: Sat Apr 14 00:20:47 2018 New Revision: 332497 URL: https://svnweb.freebsd.org/changeset/base/332497 Log: MFC r332142: pf: Improve ioctl validation Ensure that multiplications for memory allocations cannot overflow, and that we'll not try to allocate M_WAITOK for potentially overly large allocations. Modified: stable/10/sys/netpfil/pf/pf_ioctl.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netpfil/pf/pf_ioctl.c ============================================================================== --- stable/10/sys/netpfil/pf/pf_ioctl.c Sat Apr 14 00:12:16 2018 (r332496) +++ stable/10/sys/netpfil/pf/pf_ioctl.c Sat Apr 14 00:20:47 2018 (r332497) @@ -2723,9 +2723,14 @@ DIOCCHANGEADDR_error: error = ENODEV; break; } + if (io->pfrio_size < 0 || + WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_addr))) { + error = EINVAL; + break; + } totlen = io->pfrio_size * sizeof(struct pfr_addr); pfras = mallocarray(io->pfrio_size, sizeof(struct pfr_addr), - M_TEMP, M_WAITOK); + M_TEMP, M_NOWAIT); if (! pfras) { error = ENOMEM; break; @@ -2755,9 +2760,14 @@ DIOCCHANGEADDR_error: error = ENODEV; break; } + if (io->pfrio_size < 0 || + WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_addr))) { + error = EINVAL; + break; + } totlen = io->pfrio_size * sizeof(struct pfr_addr); pfras = mallocarray(io->pfrio_size, sizeof(struct pfr_addr), - M_TEMP, M_WAITOK); + M_TEMP, M_NOWAIT); if (! pfras) { error = ENOMEM; break; @@ -2787,10 +2797,18 @@ DIOCCHANGEADDR_error: error = ENODEV; break; } + if (io->pfrio_size < 0 || io->pfrio_size2 < 0) { + error = EINVAL; + break; + } count = max(io->pfrio_size, io->pfrio_size2); + if (WOULD_OVERFLOW(count, sizeof(struct pfr_addr))) { + error = EINVAL; + break; + } totlen = count * sizeof(struct pfr_addr); pfras = mallocarray(count, sizeof(struct pfr_addr), M_TEMP, - M_WAITOK); + M_NOWAIT); if (! pfras) { error = ENOMEM; break; @@ -2821,9 +2839,14 @@ DIOCCHANGEADDR_error: error = ENODEV; break; } + if (io->pfrio_size < 0 || + WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_addr))) { + error = EINVAL; + break; + } totlen = io->pfrio_size * sizeof(struct pfr_addr); pfras = mallocarray(io->pfrio_size, sizeof(struct pfr_addr), - M_TEMP, M_WAITOK); + M_TEMP, M_NOWAIT); if (! pfras) { error = ENOMEM; break; @@ -2847,9 +2870,14 @@ DIOCCHANGEADDR_error: error = ENODEV; break; } + if (io->pfrio_size < 0 || + WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_astats))) { + error = EINVAL; + break; + } totlen = io->pfrio_size * sizeof(struct pfr_astats); pfrastats = mallocarray(io->pfrio_size, - sizeof(struct pfr_astats), M_TEMP, M_WAITOK); + sizeof(struct pfr_astats), M_TEMP, M_NOWAIT); if (! pfrastats) { error = ENOMEM; break; @@ -2873,9 +2901,14 @@ DIOCCHANGEADDR_error: error = ENODEV; break; } + if (io->pfrio_size < 0 || + WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_addr))) { + error = EINVAL; + break; + } totlen = io->pfrio_size * sizeof(struct pfr_addr); pfras = mallocarray(io->pfrio_size, sizeof(struct pfr_addr), - M_TEMP, M_WAITOK); + M_TEMP, M_NOWAIT); if (! pfras) { error = ENOMEM; break; @@ -2905,9 +2938,14 @@ DIOCCHANGEADDR_error: error = ENODEV; break; } + if (io->pfrio_size < 0 || + WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_addr))) { + error = EINVAL; + break; + } totlen = io->pfrio_size * sizeof(struct pfr_addr); pfras = mallocarray(io->pfrio_size, sizeof(struct pfr_addr), - M_TEMP, M_WAITOK); + M_TEMP, M_NOWAIT); if (! pfras) { error = ENOMEM; break; @@ -2937,9 +2975,14 @@ DIOCCHANGEADDR_error: error = ENODEV; break; } + if (io->pfrio_size < 0 || + WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_addr))) { + error = EINVAL; + break; + } totlen = io->pfrio_size * sizeof(struct pfr_addr); pfras = mallocarray(io->pfrio_size, sizeof(struct pfr_addr), - M_TEMP, M_WAITOK); + M_TEMP, M_NOWAIT); if (! pfras) { error = ENOMEM; break; @@ -2984,9 +3027,14 @@ DIOCCHANGEADDR_error: error = ENODEV; break; } + if (io->size < 0 || + WOULD_OVERFLOW(io->size, sizeof(struct pfioc_trans_e))) { + error = EINVAL; + break; + } totlen = sizeof(struct pfioc_trans_e) * io->size; ioes = mallocarray(io->size, sizeof(struct pfioc_trans_e), - M_TEMP, M_WAITOK); + M_TEMP, M_NOWAIT); if (! ioes) { error = ENOMEM; break; @@ -3055,9 +3103,14 @@ DIOCCHANGEADDR_error: error = ENODEV; break; } + if (io->size < 0 || + WOULD_OVERFLOW(io->size, sizeof(struct pfioc_trans_e))) { + error = EINVAL; + break; + } totlen = sizeof(struct pfioc_trans_e) * io->size; ioes = mallocarray(io->size, sizeof(struct pfioc_trans_e), - M_TEMP, M_WAITOK); + M_TEMP, M_NOWAIT); if (! ioes) { error = ENOMEM; break;