In the event of a failure in _rs_allocate for rsx, we still have a reference to
freed memory for rs on return. Not a huge deal since we subsequently abort in
_rs_init, but it looks strange on its own.
ok deraadt@
For Windows, we are simply using calloc, which has two annoyances:
the memory has more permissions than needed by default, and it comes
from the process heap, which looks like a memory leak since this memory
is rightfully never freed.
This switches _rs_alloc on Windows to use VirtualAlloc, which restricts the
memory to READ|WRITE and keeps the memory out of the process heap.
ok deraadt@
expensive syscall, and we don't want to tie up other threads. there's no
need to hold the lock, so defer it to afterwards.
from Michael McConville
ok deraadt
filters (AS, peer-as, source-as, transit-as).
Add a use case (block illegal AS numbers) to the bgpd.conf example.
feedback from claudio, sthen, florian,
ok florian@ phessler@
Point at wikipedia's list of blacklists instead, some are DNS-only but there
are a few rsyncable ones in there (including a good commercial one and some
free ones).
- run commands in subshell only if mktemp is successful
- on error just leave the for-loop but set _error=true
- cleanup tmpdirs afterwards
- set _error=true if the ro remount fails
- print appropriate final message depending on $_error
positive feedback from deraadt
OK krw
- move the info message inside the function
- skip reordering if /usr/lib is on a nfs mounted filesystem
- temporarily remount rw if /usr/lib is on a ro ffs file-system
OK deraadt
ensure that we load the CA certificates and use tls_connect_servername()
so that we can verify the server we are connecting to (even though we've
already resolved the hostname). Also add additional warnings for TLS
connect and TLS write failures so that we know what is happening and why.
Lack of server name verification also reported by Luis M. Merino
<luismiguelmerino at gmail dot com> - thanks!
ok deraadt@ reyk@
deraadt