deraadt
74b2c8400a
snprintf/vsnprintf return < 0 on error, rather than -1.
5 years ago
schwarze
c3832ee06f
Actually, the C standard only guarantees that atexit(3) returns non-zero
on error, so tweak previous to test "atexit(...) != 0" for portability.
"OK ok ok sorry backwards" deraadt@
5 years ago
deraadt
e5e55cd690
When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
5 years ago
deraadt
ebbe8d8121
atexit() returns -1 on failure
5 years ago
rob
9d258bd6e0
Limit maximum number of length octets to platform independent sizeof(int32_t).
Problem noticed by bluhm@. Discussed on hackers.
ok claudio@
5 years ago
rob
5ea11244b8
whitespace
5 years ago
rob
459d3403bc
Cleanup some residual markup from the ber.3 days.
ok jmc@, schwarze@
5 years ago
schwarze
f6ecccdd17
add various missing information
and remove the lie that these functions would set errno;
tweaks and OK jmc@; OK rob@ on the previous version
5 years ago
rob
509ea037e6
Add XXX to a comment.
5 years ago
rob
8e14404ce3
Correct errno markup. Noticed by schwarze.
Discussed with schwarze and jmc. ok schwarze
5 years ago
jmc
e2a13c2289
sort SEE ALSO;
5 years ago
schwarze
a870edacf8
add substantial amounts of missing information;
OK rob@
5 years ago
rob
4a2c8d4050
Consistently make errno a .Vt
5 years ago
schwarze
0b50432670
delete some duplicate words
5 years ago
rob
b43f7ed0ff
Split ber.3 into logical parts. Further tweaking will be done in tree.
Discussed with and ok jmc@, schwarze@, claudio@
5 years ago
rob
b02b4b32b0
Enable support for the writting of BITSTRING by treating it as an OCTETSTRING.
ok claudio@
5 years ago
rob
b6f67bd097
Enforce smallest number of contents octets for int (and enum).
ok claudio@
5 years ago
rob
f90a0d7af2
Mention #include of <sys/types.h> in synopsis.
Discussed with claudio@ and tedu@.
5 years ago
rob
cbfc875695
Fail early if a (universal) primitive type identifies as constructed, or if a
boolean has a contents length other than 1.
ok claudio@
5 years ago
rob
d7ff82d34b
Enforce minimal number of octets for tag > 30.
"sure" claudio@
5 years ago
rob
b3f85186e0
In long form encoding, explicitly prohibit an initial length octet of 0xff
which is reserved for future use.
ok claudio@
5 years ago
rob
ad393dcd5f
The BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, and
snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync
in ldap, ldapd, ypldap and snmpd.
This commit moves the BER API into /usr/lib/libutil. All current consumers
already link libutil. ldapd and snmpd regress passes, and release builds.
With help from tb@ and guenther@.
ok deraadt@, tb@
5 years ago
schwarze
28c4796b19
missing dots after ".%P pp"; the case of btree(3) was
reported by Fabio Scotoni <fabio at esse dot ch>;
also garbage collect one .Tn while here
5 years ago
millert
47165904cf
I am retiring my old email address; replace it with my OpenBSD one.
5 years ago
bcook
101f48a3de
Change imsg header definitions to use standard types.
ok deraadt@ claudio@
5 years ago
bluhm
df4fda1761
Calling llabs(LLONG_MIN) is undefined behavior, llvm 7.0.1 does not
work with our old code. In fmt_scaled() move the check before
calling llabs().
found by regress/lib/libutil/fmt_scaled; OK deraadt@ millert@ tedu@
5 years ago
jmc
c1931faa11
explicitly mention local processes; from geoff hill
ok nicm
5 years ago
deraadt
68d7aa0670
delete volatile intended to silence whiny old compilers around vfork.
This variable is only used in the parent context so there is no issue.
ok kettenis
5 years ago
djm
468ab01728
constrain fractional part to [0-9] (less confusing to static analysis); ok ian@
6 years ago
nicm
2c571a29e6
Fix function argument names, from Abel Abraham Camarillo Ojeda via jmc@.
6 years ago
deraadt
3bfb6d03b3
Adjust references for sysctl(3) to sysctl(2)
6 years ago
kettenis
0566b09422
Make a few internal symbols static and add a Symbols.map version script
to control which symbols are exported from the shared library.
ok guenther@, deraadt@, jca@
6 years ago
zhuk
8d93985924
It's the imsg_compose(3) who accepts 'fd' argument, not imsg_create(3).
6 years ago
reyk
9b036c42f9
spacing (in EXAMPLES code)
7 years ago
jmc
e471403169
add previous to NAME;
7 years ago
nicm
cddf1b0fbc
Add getptmfd(), fdopenpty(), fdforkpty() functions. These allow programs
to separate the open(/dev/ptm) from the ioctl(PTMGET) for privilege
separation or pledge().
Based on a diff from reyk@.
ok deraadt millert
7 years ago
deraadt
f94fcc6e0f
use freezero() instead of explicit_bzero+free
7 years ago
reyk
9e0fddd8a3
Use freezero(3) for the imsg framework in imsg_free(3) and ibuf_free(3).
In our privsep model, imsg is often used to transport sensitive
information between processes. But a process might free an imsg, and
reuse the memory for a different thing. iked uses some
explicit_bzero() to clean imsg-buffer but doing it in the library with
the freezero() is less error-prone and also benefits other daemons.
OK deraadt@ jsing@ claudio@
7 years ago
nicm
df542bfce2
Use C99 types (uint32_t) instead of BSD (u_int32_t) - the former are
more portable. Add stdint.h to the headers in imsg_init(3).
No objections from millert@.
7 years ago
deraadt
a6614e5870
Grow buffers using recallocarray, to avoid the potential dribble that
the standard realloc*() functions can leave behind. imsg buffers are
sometimes used in protocol stacks which require some secrecy, and layering
violations would be needed to resolve this issue otherwise.
Discussed with many.
7 years ago
dtucker
b249d7ea63
Fix overly-conservative overflow checks on mulitplications and add checks
on additions. This allows scan_scaled to work up to +/-LLONG_MAX (LLONG_MIN
will still be flagged as a range error). ok millert@
7 years ago
dtucker
73af3c1b7e
Collapse underflow and overflow checks into a single block.
ok djm@ millert@
7 years ago
dtucker
4cba5ce8e2
Catch integer underflow in scan_scaled reported by Nicolas Iooss.
ok deraadt@ djm@
7 years ago
djm
29fbe34e31
fix signed integer overflow in scan_scaled. Found by Nicolas Iooss
using AFL against ssh_config. ok deraadt@ millert@
7 years ago
jmc
fa0722f382
zap trailing whitespace;
7 years ago
reyk
0fd38ba8e4
Fixup the example for msgbuf_write() and imsg_read() to check the
error cases for -1 and 0 explicitly (it initially only checked for -1,
I updated it to also check for 0, and rzalamena@ figured out that 0
has to be checked in a differently).
OK millert@ rzalamena@
7 years ago
guenther
487debcae6
Use a constant format string and output the variable part with %s
ok krw@ millert@
7 years ago
guenther
98ac59d5a1
Use O_CLOEXEC when opening fds local to a function
ok jca@ krw@
7 years ago
guenther
b73a72cf6b
Pull in <stdio.h> for NULL
ok deraadt@
7 years ago
tb
68bc198e0c
Refer to /etc/passwd consistently as the "legacy password file" and
remove some references to differences between versions 6 and 7.
ok jmc, millert, tedu
8 years ago