Date: Mon, 18 Mar 2002 18:38:06 -0800 (PST) From: Peter Wemm <peter@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 7899 for review Message-ID: <200203190238.g2J2c6972903@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=7899 Change 7899 by peter@peter_daintree on 2002/03/18 18:37:19 IFC Affected files ... ... //depot/projects/ia64/contrib/smbfs/lib/smb/ctx.c#3 integrate ... //depot/projects/ia64/gnu/usr.bin/send-pr/categories#2 integrate ... //depot/projects/ia64/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#13 integrate ... //depot/projects/ia64/release/doc/ja_JP.eucJP/relnotes/common/new.sgml#5 integrate ... //depot/projects/ia64/sys/dev/md/md.c#5 integrate ... //depot/projects/ia64/sys/dev/mlx/mlx.c#4 integrate ... //depot/projects/ia64/usr.bin/uudecode/uudecode.c#4 integrate ... //depot/projects/ia64/usr.bin/xinstall/xinstall.c#4 integrate Differences ... ==== //depot/projects/ia64/contrib/smbfs/lib/smb/ctx.c#3 (text+ko) ==== @@ -30,6 +30,7 @@ * SUCH DAMAGE. * * $Id: ctx.c,v 1.22 2001/12/26 04:10:52 bp Exp $ + * $FreeBSD: src/contrib/smbfs/lib/smb/ctx.c,v 1.2 2002/03/18 22:40:33 alfred Exp $ */ #include <sys/param.h> #include <sys/sysctl.h> @@ -64,7 +65,9 @@ int minlevel, int maxlevel, int sharetype) { int opt, error = 0; + uid_t euid; const char *arg, *cp; + struct passwd *pwd; bzero(ctx,sizeof(*ctx)); error = nb_ctx_create(&ctx->ct_nb); @@ -92,8 +95,14 @@ ctx->ct_sh.ioc_group = SMBM_ANY_GROUP; nb_ctx_setscope(ctx->ct_nb, ""); - smb_ctx_setuser(ctx, getpwuid(geteuid())->pw_name); - endpwent(); + euid = geteuid(); + if ((pwd = getpwuid(euid)) != NULL) { + smb_ctx_setuser(ctx, pwd->pw_name); + endpwent(); + } else if (euid == 0) + smb_ctx_setuser(ctx, "root"); + else + return 0; if (argv == NULL) return 0; for (opt = 1; opt < argc; opt++) { ==== //depot/projects/ia64/gnu/usr.bin/send-pr/categories#2 (text+ko) ==== @@ -1,3 +1,4 @@ +# $FreeBSD: src/gnu/usr.bin/send-pr/categories,v 1.12 2002/03/19 00:39:55 des Exp $ advocacy alpha bin @@ -5,7 +6,10 @@ docs gnu i386 +ia64 kern misc ports -sparc +powerpc +sparc64 +standards ==== //depot/projects/ia64/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#13 (text+ko) ==== @@ -3,7 +3,7 @@ <corpauthor>The FreeBSD Project</corpauthor> - <pubdate>$FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.302 2002/03/18 20:26:04 bmah Exp $</pubdate> + <pubdate>$FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.303 2002/03/19 00:19:53 bmah Exp $</pubdate> <copyright> <year>2000</year> @@ -1640,6 +1640,17 @@ url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc">FreeBSD-SA-02:13</ulink>.) &merged;</para> + <para>A programming error in <application>zlib</application> could + result in attempts to free memory multiple times. The + &man.malloc.3;/&man.free.3; routines used in &os; are not + vulnerable to this error, but applications receiving + specially-crafted blocks of invalid compressed data could + be made to function incorrectly or abort. This + <application>zlib</application> bug has been fixed. For a + workaround and solutions, see security advisory <ulink + url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:18.zlib.asc">FreeBSD-SA-02:18</ulink>. + &merged;</para> + </sect2> <sect2 id="userland"> <title>Userland Changes</title> ==== //depot/projects/ia64/release/doc/ja_JP.eucJP/relnotes/common/new.sgml#5 (text+ko) ==== @@ -1,9 +1,9 @@ <!-- FreeBSD Japanese Documentation Project - $FreeBSD: src/release/doc/ja_JP.eucJP/relnotes/common/new.sgml,v 1.52 2002/03/17 16:02:56 kuriyama Exp $ + $FreeBSD: src/release/doc/ja_JP.eucJP/relnotes/common/new.sgml,v 1.53 2002/03/19 00:41:57 kuriyama Exp $ - Original revision: 1.299 + Original revision: 1.302 --> <articleinfo> @@ -11,7 +11,7 @@ <corpauthor>FreeBSD プロジェクト</corpauthor> - <pubdate>$FreeBSD: src/release/doc/ja_JP.eucJP/relnotes/common/new.sgml,v 1.52 2002/03/17 16:02:56 kuriyama Exp $</pubdate> + <pubdate>$FreeBSD: src/release/doc/ja_JP.eucJP/relnotes/common/new.sgml,v 1.53 2002/03/19 00:41:57 kuriyama Exp $</pubdate> <copyright> <year>2000</year> @@ -1457,7 +1457,7 @@ に新しく対応しました. ACPI の機能は <application>Intel ACPI Component Architecture</application> プロジェクトから提供されているもので, - ACPI CA 20020214 スナップショットに更新されています. + ACPI CA 20020308 スナップショットに更新されています. 旧来の APM 標準を用いるアプリケーション向けの後方互換性 も提供されました.</para> @@ -1889,7 +1889,8 @@ 含まれる <quote>一つ違い</quote> バグが修正されました. このバグにより, 認証されたリモートユーザが &man.sshd.8; にスーパユーザ権限で任意のコードを実行できます. - また, 接続している SSH クライアントにそのクライアントユーザの権限で + また, 悪意のある SSH サーバがそのクライアントシステムの + クライアントユーザの権限で 任意のコードを実行させることができます. (セキュリティ勧告 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc">FreeBSD-SA-02:13</ulink> @@ -3141,7 +3142,8 @@ <para>Bell Labs の <application>awk</application> ( <quote>BWK awk</quote> や <quote>The One True AWK</quote> - として知られています ) がインポートされました. + として知られています ) の 2002/02/10 版スナップショット + がインポートされました. sparc64 アーキテクチャでは <command>awk</command> として, それ以外のプラットフォームでは <command>nawk</command> としてインストールされます.</para> @@ -3277,7 +3279,7 @@ 4.1.0 に更新されました. &merged;</para> <para><application>OpenPAM</application> - (<quote>Celandine</quote> リリース) が + (<quote>Centaury</quote> リリース) が <application>Linux-PAM</application> に代わって import されました.</para> @@ -3288,7 +3290,7 @@ の機能を完全に置き換えるものです.</para> <para><application>Perl</application> がバージョン - 5.6.0 に更新されました.</para> + 5.6.1 に更新されました.</para> <para>&man.routed.8; がバージョン 2.22 に更新されました. &merged;</para> ==== //depot/projects/ia64/sys/dev/md/md.c#5 (text+ko) ==== @@ -6,7 +6,7 @@ * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp * ---------------------------------------------------------------------------- * - * $FreeBSD: src/sys/dev/md/md.c,v 1.54 2002/03/15 18:49:43 mckusick Exp $ + * $FreeBSD: src/sys/dev/md/md.c,v 1.55 2002/03/19 01:45:04 gallatin Exp $ * */ @@ -384,7 +384,8 @@ if (md_debug > 1) printf("mdstrategy(%p) %s %x, %lld, %ld, %p)\n", - bp, devtoname(bp->bio_dev), bp->bio_flags, bp->bio_blkno, + bp, devtoname(bp->bio_dev), bp->bio_flags, + (long long)bp->bio_blkno, bp->bio_bcount / DEV_BSIZE, bp->bio_data); sc = bp->bio_dev->si_drv1; ==== //depot/projects/ia64/sys/dev/mlx/mlx.c#4 (text+ko) ==== @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/dev/mlx/mlx.c,v 1.32 2002/03/18 20:50:04 imp Exp $ + * $FreeBSD: src/sys/dev/mlx/mlx.c,v 1.33 2002/03/18 23:38:16 bde Exp $ */ /* @@ -1777,8 +1777,10 @@ blkcount = (MLX_BIO_LENGTH(bp) + MLX_BLKSIZE - 1) / MLX_BLKSIZE; if ((MLX_BIO_LBA(bp) + blkcount) > sc->mlx_sysdrive[driveno].ms_size) - device_printf(sc->mlx_dev, "I/O beyond end of unit (%llu,%d > %u)\n", - MLX_BIO_LBA(bp), blkcount, sc->mlx_sysdrive[driveno].ms_size); + device_printf(sc->mlx_dev, + "I/O beyond end of unit (%lld,%d > %lu)\n", + (long long)MLX_BIO_LBA(bp), blkcount, + (u_long)sc->mlx_sysdrive[driveno].ms_size); /* * Build the I/O command. Note that the SG list type bits are set to zero, ==== //depot/projects/ia64/usr.bin/uudecode/uudecode.c#4 (text+ko) ==== @@ -42,7 +42,7 @@ static char sccsid[] = "@(#)uudecode.c 8.2 (Berkeley) 4/2/94"; #endif static const char rcsid[] = - "$FreeBSD: src/usr.bin/uudecode/uudecode.c,v 1.19 2002/03/05 03:27:47 jmallett Exp $"; + "$FreeBSD: src/usr.bin/uudecode/uudecode.c,v 1.20 2002/03/19 00:44:07 jmallett Exp $"; #endif /* not lint */ /* @@ -159,9 +159,11 @@ struct passwd *pw; register int n; register char ch, *p; - int base64, ignore, mode, n1; - char buf[MAXPATHLEN]; - char buffn[MAXPATHLEN]; /* file name buffer */ + int base64, ignore, n1; + char buf[MAXPATHLEN+1]; + char buffn[MAXPATHLEN+1]; /* file name buffer */ + char *mode, *s; + void *mode_handle; base64 = ignore = 0; /* search for header line */ @@ -178,52 +180,56 @@ if (strncmp(buf, "begin-base64", 12) == 0) base64 = 1; - if (oflag) { - if (base64) - (void)sscanf(buf, "begin-base64 %o ", &mode); - else - (void)sscanf(buf, "begin %o ", &mode); - if (strlcpy(buf, outfile, sizeof(buf)) >= sizeof(buf)) { - warnx("%s: filename too long", outfile); - return (1); - } - } else { - if (base64) - (void)sscanf(buf, "begin-base64 %o %[^\n\r]", &mode, buf); - else - (void)sscanf(buf, "begin %o %[^\n\r]", &mode, buf); + /* Parse the header: begin{,-base64} mode outfile. */ + s = strtok(buf, " "); + if (s == NULL) + errx(1, "no mode or filename in input file"); + s = strtok(NULL, " "); + if (s == NULL) + errx(1, "no mode in input file"); + else { + mode = strdup(s); + if (mode == NULL) + err(1, "strdup()"); + } + if (!oflag) { + outfile = strtok(NULL, " \r\n"); + if (outfile == NULL) + errx(1, "no filename in input file"); } + if (strlcpy(buf, outfile, sizeof(buf)) >= sizeof(buf)) + errx(1, "%s: filename too long", outfile); if (!sflag && !pflag) { - strncpy(buffn, buf, sizeof(buffn)); + strlcpy(buffn, buf, sizeof(buffn)); if (strrchr(buffn, '/') != NULL) strncpy(buf, strrchr(buffn, '/') + 1, sizeof(buf)); if (buf[0] == '\0') { warnx("%s: illegal filename", buffn); return(1); } - } - /* handle ~user/file format */ - if (buf[0] == '~') { - if (!(p = index(buf, '/'))) { - warnx("%s: illegal ~user", filename); - return(1); - } - *p++ = '\0'; - if (!(pw = getpwnam(buf + 1))) { - warnx("%s: no user %s", filename, buf); - return(1); - } - n = strlen(pw->pw_dir); - n1 = strlen(p); - if (n + n1 + 2 > MAXPATHLEN) { - warnx("%s: path too long", filename); - return(1); + /* handle ~user/file format */ + if (buf[0] == '~') { + if (!(p = index(buf, '/'))) { + warnx("%s: illegal ~user", filename); + return(1); + } + *p++ = '\0'; + if (!(pw = getpwnam(buf + 1))) { + warnx("%s: no user %s", filename, buf); + return(1); + } + n = strlen(pw->pw_dir); + n1 = strlen(p); + if (n + n1 + 2 > MAXPATHLEN) { + warnx("%s: path too long", filename); + return(1); + } + bcopy(p, buf + n + 1, n1 + 1); + bcopy(pw->pw_dir, buf, n); + buf[n] = '/'; } - bcopy(p, buf + n + 1, n1 + 1); - bcopy(pw->pw_dir, buf, n); - buf[n] = '/'; } /* create output file, set mode */ @@ -231,14 +237,19 @@ ; /* print to stdout */ else { + mode_handle = setmode(mode); + if (mode_handle == NULL) + err(1, "setmode()"); if (iflag && !access(buf, F_OK)) { (void)fprintf(stderr, "not overwritten: %s\n", buf); ignore++; } else if (!freopen(buf, "w", stdout) || - fchmod(fileno(stdout), mode&0666)) { + fchmod(fileno(stdout), getmode(mode_handle, 0) & 0666)) { warn("%s: %s", buf, filename); return(1); } + free(mode_handle); + free(mode); } strcpy(buffn, buf); /* store file name from header line */ ==== //depot/projects/ia64/usr.bin/xinstall/xinstall.c#4 (text+ko) ==== @@ -34,7 +34,7 @@ #include <sys/cdefs.h> #ifdef __FBSDID -__FBSDID("$FreeBSD: src/usr.bin/xinstall/xinstall.c,v 1.47 2001/12/19 06:05:42 imp Exp $"); +__FBSDID("$FreeBSD: src/usr.bin/xinstall/xinstall.c,v 1.48 2002/03/18 23:26:13 des Exp $"); #endif #ifndef lint @@ -74,6 +74,8 @@ #define MAP_FAILED ((void *)-1) /* from <sys/mman.h> */ #endif +#define MAX_CMP_SIZE (16 * 1024 * 1024) + #define DIRECTORY 0x01 /* Tell install it's a directory. */ #define SETFLAGS 0x02 /* Tell install to set flags. */ #define NOCHANGEBITS (UF_IMMUTABLE | UF_APPEND | SF_IMMUTABLE | SF_APPEND) @@ -528,7 +530,7 @@ if (from_len != to_len) return 1; - if (from_len <= 8 * 1024 * 1024) { + if (from_len <= MAX_CMP_SIZE) { done_compare = 0; if (trymmap(from_fd) && trymmap(to_fd)) { p = mmap(NULL, from_len, PROT_READ, MAP_SHARED, from_fd, (off_t)0); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203190238.g2J2c6972903>