diff options
author | Enji Cooper <ngie@FreeBSD.org> | 2016-08-29 18:53:36 +0000 |
---|---|---|
committer | Enji Cooper <ngie@FreeBSD.org> | 2016-08-29 18:53:36 +0000 |
commit | 2f52412deecdcb41dbdabd8c6edda1bbd19ed39b (patch) | |
tree | fe0eeb750bc1b8afc8068ea3ccca42c3090deef3 /contrib | |
parent | 6e122b96101bfcb0168c613447c37817d4e02196 (diff) | |
parent | 895897884f1f936e7e6874e9a515a5a3861508a7 (diff) | |
download | src-2f52412deecdcb41dbdabd8c6edda1bbd19ed39b.tar.gz src-2f52412deecdcb41dbdabd8c6edda1bbd19ed39b.zip |
MFhead @ r305013
Notes
Notes:
svn path=/projects/netbsd-tests-update-12/; revision=305014
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/ipfilter/opts.h | 6 | ||||
-rw-r--r-- | contrib/libarchive/libarchive/archive_read_support_format_tar.c | 11 | ||||
-rw-r--r-- | contrib/libarchive/libarchive/archive_read_support_format_zip.c | 42 | ||||
-rw-r--r-- | contrib/libarchive/libarchive/archive_write_disk_acl.c | 3 | ||||
-rw-r--r-- | contrib/libarchive/libarchive/archive_write_disk_posix.c | 12 | ||||
-rw-r--r-- | contrib/libarchive/tar/util.c | 2 | ||||
-rw-r--r-- | contrib/ncurses/ncurses/tinfo/lib_baudrate.c | 2 | ||||
-rwxr-xr-x | contrib/netbsd-tests/usr.bin/dirname/t_dirname.sh | 3 | ||||
-rw-r--r-- | contrib/ofed/libcxgb4/src/qp.c | 16 |
9 files changed, 67 insertions, 30 deletions
diff --git a/contrib/ipfilter/opts.h b/contrib/ipfilter/opts.h index 3c8b88b2f037..6e973186756e 100644 --- a/contrib/ipfilter/opts.h +++ b/contrib/ipfilter/opts.h @@ -12,7 +12,11 @@ #define __OPTS_H__ #ifndef SOLARIS -#define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4))) +# if defined(sun) && (defined(__svr4__) || defined(__SVR4)) +# define SOLARIS 1 +# else +# define SOLARIS 0 +# endif #endif #define OPT_REMOVE 0x000001 #define OPT_DEBUG 0x000002 diff --git a/contrib/libarchive/libarchive/archive_read_support_format_tar.c b/contrib/libarchive/libarchive/archive_read_support_format_tar.c index 9a44078b771a..d0ce05a60e4d 100644 --- a/contrib/libarchive/libarchive/archive_read_support_format_tar.c +++ b/contrib/libarchive/libarchive/archive_read_support_format_tar.c @@ -1128,8 +1128,15 @@ header_common(struct archive_read *a, struct tar *tar, if (tar->entry_bytes_remaining < 0) { tar->entry_bytes_remaining = 0; archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, - "Tar entry has negative size?"); - err = ARCHIVE_WARN; + "Tar entry has negative size"); + return (ARCHIVE_FATAL); + } + if (tar->entry_bytes_remaining == INT64_MAX) { + /* Note: tar_atol returns INT64_MAX on overflow */ + tar->entry_bytes_remaining = 0; + archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, + "Tar entry size overflow"); + return (ARCHIVE_FATAL); } tar->realsize = tar->entry_bytes_remaining; archive_entry_set_size(entry, tar->entry_bytes_remaining); diff --git a/contrib/libarchive/libarchive/archive_read_support_format_zip.c b/contrib/libarchive/libarchive/archive_read_support_format_zip.c index 2b025cbd12ad..2e5579f1fe73 100644 --- a/contrib/libarchive/libarchive/archive_read_support_format_zip.c +++ b/contrib/libarchive/libarchive/archive_read_support_format_zip.c @@ -418,18 +418,30 @@ zip_time(const char *p) * id1+size1+data1 + id2+size2+data2 ... * triplets. id and size are 2 bytes each. */ -static void -process_extra(const char *p, size_t extra_length, struct zip_entry* zip_entry) +static int +process_extra(struct archive_read *a, const char *p, size_t extra_length, struct zip_entry* zip_entry) { unsigned offset = 0; - while (offset < extra_length - 4) { + if (extra_length == 0) { + return ARCHIVE_OK; + } + + if (extra_length < 4) { + archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, + "Too-small extra data: Need at least 4 bytes, but only found %d bytes", (int)extra_length); + return ARCHIVE_FAILED; + } + while (offset <= extra_length - 4) { unsigned short headerid = archive_le16dec(p + offset); unsigned short datasize = archive_le16dec(p + offset + 2); offset += 4; if (offset + datasize > extra_length) { - break; + archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, + "Extra data overflow: Need %d bytes but only found %d bytes", + (int)datasize, (int)(extra_length - offset)); + return ARCHIVE_FAILED; } #ifdef DEBUG fprintf(stderr, "Header id 0x%04x, length %d\n", @@ -715,13 +727,13 @@ process_extra(const char *p, size_t extra_length, struct zip_entry* zip_entry) } offset += datasize; } -#ifdef DEBUG - if (offset != extra_length) - { - fprintf(stderr, - "Extra data field contents do not match reported size!\n"); + if (offset != extra_length) { + archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, + "Malformed extra data: Consumed %d bytes of %d bytes", + (int)offset, (int)extra_length); + return ARCHIVE_FAILED; } -#endif + return ARCHIVE_OK; } /* @@ -840,7 +852,9 @@ zip_read_local_file_header(struct archive_read *a, struct archive_entry *entry, return (ARCHIVE_FATAL); } - process_extra(h, extra_length, zip_entry); + if (ARCHIVE_OK != process_extra(a, h, extra_length, zip_entry)) { + return ARCHIVE_FATAL; + } __archive_read_consume(a, extra_length); /* Work around a bug in Info-Zip: When reading from a pipe, it @@ -1293,7 +1307,7 @@ zip_read_data_deflate(struct archive_read *a, const void **buff, && bytes_avail > zip->entry_bytes_remaining) { bytes_avail = (ssize_t)zip->entry_bytes_remaining; } - if (bytes_avail <= 0) { + if (bytes_avail < 0) { archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, "Truncated ZIP file body"); return (ARCHIVE_FATAL); @@ -2691,7 +2705,9 @@ slurp_central_directory(struct archive_read *a, struct zip *zip) "Truncated ZIP file header"); return ARCHIVE_FATAL; } - process_extra(p + filename_length, extra_length, zip_entry); + if (ARCHIVE_OK != process_extra(a, p + filename_length, extra_length, zip_entry)) { + return ARCHIVE_FATAL; + } /* * Mac resource fork files are stored under the diff --git a/contrib/libarchive/libarchive/archive_write_disk_acl.c b/contrib/libarchive/libarchive/archive_write_disk_acl.c index 54a96696f285..4c61054d18fe 100644 --- a/contrib/libarchive/libarchive/archive_write_disk_acl.c +++ b/contrib/libarchive/libarchive/archive_write_disk_acl.c @@ -138,6 +138,7 @@ set_acl(struct archive *a, int fd, const char *name, acl_permset_t acl_permset; #ifdef ACL_TYPE_NFS4 acl_flagset_t acl_flagset; + int r; #endif int ret; int ae_type, ae_permset, ae_tag, ae_id; @@ -145,7 +146,7 @@ set_acl(struct archive *a, int fd, const char *name, gid_t ae_gid; const char *ae_name; int entries; - int i, r; + int i; ret = ARCHIVE_OK; entries = archive_acl_reset(abstract_acl, ae_requested_type); diff --git a/contrib/libarchive/libarchive/archive_write_disk_posix.c b/contrib/libarchive/libarchive/archive_write_disk_posix.c index a60d225f5c0e..14acc2cd210d 100644 --- a/contrib/libarchive/libarchive/archive_write_disk_posix.c +++ b/contrib/libarchive/libarchive/archive_write_disk_posix.c @@ -2401,8 +2401,18 @@ check_symlinks(struct archive_write_disk *a) r = lstat(a->name, &st); if (r != 0) { /* We've hit a dir that doesn't exist; stop now. */ - if (errno == ENOENT) + if (errno == ENOENT) { break; + } else { + /* Note: This effectively disables deep directory + * support when security checks are enabled. + * Otherwise, very long pathnames that trigger + * an error here could evade the sandbox. + * TODO: We could do better, but it would probably + * require merging the symlink checks with the + * deep-directory editing. */ + return (ARCHIVE_FAILED); + } } else if (S_ISLNK(st.st_mode)) { if (c == '\0') { /* diff --git a/contrib/libarchive/tar/util.c b/contrib/libarchive/tar/util.c index 9d2aced7bd14..f845600193a0 100644 --- a/contrib/libarchive/tar/util.c +++ b/contrib/libarchive/tar/util.c @@ -182,7 +182,7 @@ safe_fprintf(FILE *f, const char *fmt, ...) } /* If our output buffer is full, dump it and keep going. */ - if (i > (sizeof(outbuff) - 20)) { + if (i > (sizeof(outbuff) - 128)) { outbuff[i] = '\0'; fprintf(f, "%s", outbuff); i = 0; diff --git a/contrib/ncurses/ncurses/tinfo/lib_baudrate.c b/contrib/ncurses/ncurses/tinfo/lib_baudrate.c index 252d03c593d8..3960053e60c3 100644 --- a/contrib/ncurses/ncurses/tinfo/lib_baudrate.c +++ b/contrib/ncurses/ncurses/tinfo/lib_baudrate.c @@ -94,7 +94,7 @@ struct speed { int sp; /* the actual speed */ }; -#define DATA(number) { B##number, number } +#define DATA(number) { (NCURSES_OSPEED)B##number, number } static struct speed const speeds[] = { diff --git a/contrib/netbsd-tests/usr.bin/dirname/t_dirname.sh b/contrib/netbsd-tests/usr.bin/dirname/t_dirname.sh index a3935249f47e..31204045b42e 100755 --- a/contrib/netbsd-tests/usr.bin/dirname/t_dirname.sh +++ b/contrib/netbsd-tests/usr.bin/dirname/t_dirname.sh @@ -32,6 +32,9 @@ basic_head() } basic_body() { + # Begin FreeBSD + atf_tc_expect_fail "dirname //usr//bin doesn't return //usr like it used to; bug # 212193" + # End FreeBSD atf_check -o inline:"/\n" dirname / atf_check -o inline:"/\n" dirname // atf_check -o inline:"/usr\n" dirname /usr/bin/ diff --git a/contrib/ofed/libcxgb4/src/qp.c b/contrib/ofed/libcxgb4/src/qp.c index 71cc49b6e8ff..b0e3def5006c 100644 --- a/contrib/ofed/libcxgb4/src/qp.c +++ b/contrib/ofed/libcxgb4/src/qp.c @@ -392,11 +392,9 @@ int c4iw_post_send(struct ibv_qp *ibqp, struct ibv_send_wr *wr, t4_sq_produce(&qhp->wq, len16); idx += DIV_ROUND_UP(len16*16, T4_EQ_ENTRY_SIZE); } - if (t4_wq_db_enabled(&qhp->wq)) { - t4_ring_sq_db(&qhp->wq, idx, dev_is_t5(qhp->rhp), - len16, wqe); - } else - ring_kernel_db(qhp, qhp->wq.sq.qid, idx); + + t4_ring_sq_db(&qhp->wq, idx, dev_is_t5(qhp->rhp), + len16, wqe); qhp->wq.sq.queue[qhp->wq.sq.size].status.host_wq_pidx = \ (qhp->wq.sq.wq_pidx); pthread_spin_unlock(&qhp->lock); @@ -458,11 +456,9 @@ int c4iw_post_receive(struct ibv_qp *ibqp, struct ibv_recv_wr *wr, wr = wr->next; num_wrs--; } - if (t4_wq_db_enabled(&qhp->wq)) - t4_ring_rq_db(&qhp->wq, idx, dev_is_t5(qhp->rhp), - len16, wqe); - else - ring_kernel_db(qhp, qhp->wq.rq.qid, idx); + + t4_ring_rq_db(&qhp->wq, idx, dev_is_t5(qhp->rhp), + len16, wqe); qhp->wq.rq.queue[qhp->wq.rq.size].status.host_wq_pidx = \ (qhp->wq.rq.wq_pidx); pthread_spin_unlock(&qhp->lock); |