aboutsummaryrefslogtreecommitdiff
path: root/lib/libc
Commit message (Collapse)AuthorAgeFilesLines
* libc: Don't use uninitialised string for getnetbyaddr[_r](0) DNS lookupJessica Clarke74 min.1-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | If net is all-zero, the loop to extract all leading non-zero octets will iterate zero times and leave nn with the value 4, which the following switch statement to initialise qbuf does not handle. As a result, _dns_getnetbyaddr will look up the PTR record for this uninitialised string, which will leak the pre-existing contents of that stack memory to the DNS resolver and, if remote and not otherwise protected, network. Note that _dns_getnetbyaddr is only used if nsswitch.conf is configured to enable the "dns" source for the "networks" database, which is not the default configuration in FreeBSD. For glibc this same bug, in code also derived from BIND's, was issued CVE-2026-0915. This commit adopts the same behaviour as glibc's fix, which is to regard a net of 0 as being for 0.0.0.0. Apparently NetBSD will return NS_UNAVAIL instead, which may or may not make more sense, but in general glibc compatibility tends to cause less friction when there's not a good reason to avoid it. Reviewed by: markj (secteam) Fixes: 1363f04ce1b8 ("get* rework and new bind code") MFC after: 1 day Security: Same bug as glibc's CVE-2026-0915
* btree/bt_seq.c: Fix two NULL pointer dereferencesBojan Novković6 hours1-4/+4
| | | | | | | | | | | | | | | | This change fixes two NULL pointer dereferences caused by the __bt_first function. The first was caused by returning 0 (i.e., RET_SUCCESS) when a key was not found, causing the caller to dereference an uninitalized or NULL pointer. The second one was caused by an if statment clobbering a local variable with a function call result that might be NULL. Reported by: clang-tidy Sponsored by: Klara, Inc. Reviewed by: markj Obtained from: https://github.com/apple-oss-distributions/libc (partially) Differential Revision: https://reviews.freebsd.org/D54905
* btree/bt_split.c: Fix a misaligned if statementBojan Novković9 hours1-1/+1
| | | | Sponsored by: Klara, Inc.
* libc: document posix_spawnattr_{get,set}procdescp_np(3)Konstantin Belousov25 hours3-0/+98
| | | | | | | Reviewed by: asomers Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D54899
* METALOG: Order keyword entriesJose Luis Duran27 hours1-3/+3
| | | | | | | | | | | To facilitate comparison with mtree -C generated output, keep the keywords ordered. No functional change intended. Reviewed by: imp MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D54872
* posix_spawnattr_getexecfd_np.3: add closing .FcKonstantin Belousov27 hours1-0/+1
| | | | | | Fixes: 9bf69c37f43e96292e97e41bf942d7aca4101362 Sponsored by: The FreeBSD Foundation MFC after: 1 week
* libc: add posix_spawnattr_{get,set}procdescp_npKonstantin Belousov27 hours2-5/+51
| | | | | | | Reviewed by: asomers Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D54879
* libc: document posix_spawnattr_getexecfd_np(3)Konstantin Belousov2 days3-0/+90
| | | | | | | Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D54862
* libc: add posix_spawnattr_{get,set}execfd_np(3)Konstantin Belousov2 days2-1/+26
| | | | | | | | | | If execfd is set, the fexecve(2) is used by posix_spawn() instead of the provided path. Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D54862
* Regen for the fork and exit/wait exterror category additionKonstantin Belousov2 days1-0/+2
|
* lib/libsys, lib/libc: export pdwaitKonstantin Belousov2 days3-0/+25
| | | | | | | | | | Make pdwait(2) cancellable, same as all other wait*(2) syscalls wrappers. Reviewed by: asomers, markj Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D54592
* xdr_string: don't leak strings with xdr_freeBrooks Davis5 days1-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | Historically (and in a small amount of older software such as OpenAFS), developers would attempt to free XDR strings with xdr_free((xdrproc_t)xdr_string, &string) This resulted in xdr_free calling xdr_string with only two intentional arguments and whatever was left in the third argument register. If the register held a sufficently small number, xdr_string would return FALSE and not free the string (no one checks the return values). Software should instead free strings with: xdr_free((xdrproc_t)xdr_wrapstring, &string) Because buggy software exists in the wild, act as though xdr_wrapstring was used in the XDR_FREE case and plug these leaks. Reviewed by: kib MFC after: 3 days Effort: CHERI upstreaming Sponsored by: Innovate UK Differential Revision: https://reviews.freebsd.org/D54825
* rpc/xdr.h: make xdrproc_t always take two argumentsBrooks Davis5 days1-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The type of xdrproc_t is clearly defined in the comments as a function with two arguments, an XDR * and a void * (sometimes spelled caddr_t). It was initialy defined as: typedef bool_t (*xdrproc_t)(); At some point people started giving it a non-empty argument list. Unfortunatly, there has been widespread disagreement about how arguments are passed. There seems to have been a widespread view that it should be allowed to pass three argument function pointer to xdrproc_t. Most notable is xdr_string which takes a maximum length parameter. This lead to all sorts of prototypes (all of which have been present in the FreeBSD source tree): FreeBSD userspace (nominally from tirpc, but seemingly local): typedef bool_t (*xdrproc_t)(XDR *, ...); FreeBSD kernel, glibc: typedef bool_t (*xdrproc_t)(XDR *, void *, ...); rcp/xdr.h with _KERNEL defined (not used?): typedef bool_t (*xdrproc_t)(XDR *, void *, u_int); gssrpc (in krb5) and Linux kernel: typedef bool_t (*xdrproc_t)(XDR *, void *); For two argument functions on current ABIs, these all equivalent as these arguments are passed in registers regardless of decleration and definition, but we end up with two problems: - xdr_free((xdrproc_t)xdr_string, ...) calls xdr_string with no third argument and (at least on FreeBSD) may fail to free memory if the string is shorter than the value lying around in the third argument register. There are no instance of this in tree, but I found some with Debian code search, in particular in OpenAFS. - Under CheriABI, variadic arguments are passed in a separate, bounded array so theses prototypes aren't equilvalent to the non-variadic calling convention of the functions. The reality is that that xdr_string should not be cast to xdrproc_t and xdr_wrapstring should be used instead so we do not need to support this case. Instances of the former behavior are now extremely rare. With this change we bring FreeBSD in line with gssrpc and the Linux Kernel. Warnings about casts should now be correct and should be fixed. Bump __FreeBSD_version as some software required adaptation if it is declaring functions to cast to xdrproc_t. Update OpenZFS's workaround of this historic mess accordingly. Effort: CHERI upstreaming Sponsored by: Innovate UK Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D54824
* jail(3): fix common usage after mac.label supportKyle Evans8 days2-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Nobody else's mac.conf(5) has any entries for jails, so they get a trivial ENOENT and we fail before we can fetch any jail parameters. Most notably, this breaks `jls -s` / `jls -n` if you do not have any loaded policy that applies jail labels. Add an entry that works for everyone, and hardcode that as an ENOENT fallback in libjail to provide a smoother transition. This is probably not harmful to leave in long-term, since mac.conf(5) will override it. This unearthed one additional issue, in that mac_get_prison() in the MAC framework handled the no-label-policies bit wrong. We don't want to break jail utilities enumerating jail parameters automatically, so we must ingest the label in all cases -- we can still use it as a small optimization to avoid trying to copy out any label. We will break things if a non-optional element is specified in the copied in label, but that's expected. The APIs dedicated to jaildescs remain unphased, since they won't be used in the same way. Fixes: db3b39f063d9f05 ("libjail: extend struct handlers [...]") Fixes: bd55cbb50c58876 ("kern: add a mac.label jail parameter") Reported by: jlduran (on behalf of Jenkins) Reviewed by: jlduran Differential Revision: https://reviews.freebsd.org/D54786
* libc: drop NO_FP_LIBC supportXin LI11 days10-75/+0
| | | | | | | | | | | NO_FP_LIBC was added in 2004 to save space by disabling FP support in *printf()/*scanf(). The size benefit is negligible on modern systems and conflicts with assumptions made by current base utilities. Remove the option and always build libc with floating-point support. Reported by: Oskar Holmlund <eovholmlund at gmail com> MFC after: 2 weeks
* tdestroy: don't visit one-child node twiceDoug Moore11 days1-34/+32
| | | | | | | | | Change tdestroy() to immediately free a node with no right child as soon as it is encountered. Currently, such nodes are visited twice before deletion. Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D54699
* exterr: Regenerate exterr_cat_filenames.hMark Johnston11 days1-1/+1
|
* libc/stdlib: Port strtonumx() from IllumosHans Rosenfeld12 days4-23/+80
| | | | | | | | | | | Add strtonumx(), a companion to strtonum(3) that preserves its safety and error-reporting semantics while allowing the caller to specify a conversion base, similar to the strtol(3) family of functions. Reviewed by: emaste, kib, ziaee Obtained from: https://www.illumos.org/issues/15365 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D54270
* swab: Correctly treat the data as misalignedJohn Baldwin13 days1-3/+10
| | | | | | | | | | | | | | | | | | | | | The __aligned attribute in the previous version applied to the location of the pointers, not the data the pointers pointed to. While this could be fixed by applying the attribute to a local typedef of uint16_t, just using memcpy() for the unaligned access is simpler and ISO C. This fixes the build on CHERI architectures which do not support misaligned pointers and were thus failing with: lib/libc/string/swab.c:12:18: error: alignment (1) of 'const uint16_t *' (aka 'const unsigned short *') is less than the required capability alignment (16) [-Werror,-Wcheri-capability-misuse] 12 | const uint16_t *f __aligned(1) = from; | Co-authored by: Jessica Clarke <jrtc27@FreeBSD.org> Fixes: 02ebbc781f08 ("swab: Fix implementation to support overlapping copies") Sponsored by: AFRL, DARPA Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D54399
* libc/aarch64: Use MOPS implementations of memcpy/memmove/memset where availbleSarah Walker2026-01-136-6/+139
| | | | | | Reviewed by: andrew Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D54560
* libc/csu: Pass HWCAP flags to ifunc resolver functionsSarah Walker2026-01-131-3/+28
| | | | | | | | | | Function arguments are based on Section 9.4.1 "GNU C Library IFUNC interface" from "System V ABI for the Arm 64-bit Architecture (AArch64)", 2025Q1. (https://github.com/ARM-software/abi-aa/releases/download/2025Q1/sysvabi64.pdf) Reviewed by: andrew Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D54599
* getopt(3): be more explicit about :: extensionSimon Wollwage2026-01-091-15/+34
| | | | | | | | | | | | Make it possible to search for literal two colons (::) and actually find something. Make the "x"/"x:"/"x::" examples more explicit and more visibile. Signed-off-by: Simon Wollwage <rootnode+freebsd@wollwage.com> Obtained from: NetBSD, nbuwe <uwe@stderr.spb.ru>, 856d5b6 PR: 291374 Reviewed by: imp, jlduran Pull Request: https://github.com/freebsd/freebsd-src/pull/1923
* lib: remove powerpcspeMinsoo Choo2026-01-0917-1244/+0
| | | | | | | Signed-off-by: Minsoo Choo <minsoochoo0122@proton.me> Reviewed by: emaste Pull Request: https://github.com/freebsd/freebsd-src/pull/1914 (cherry picked from commit 907cf3e4378f9d114af41d05a59ef4a075d3efb0)
* libc/amd64: fix stpncpy.S againRobert Clausecker2026-01-041-6/+3
| | | | | | | | | | | | | | | | | | The previous fix introduced a regression on machines without the BMI1 instruction set extension. The TZCNT instruction used in this function behaves different on old machines when the source operand is zero, but the code was originally designed to never trigger this case. The bug fix caused this case to be possible, leading to a regression on sufficiently old hardware. Fix the code by messing with things such that the source operand is never zero. PR: 291720 Fixes: 66eb78377bf109af1d9e25626bf254b4369436ec Tested by: cy Approved by: markj (mentor) Differential Revision: https://reviews.freebsd.org/D54303
* tdestroy(3): add testsKonstantin Belousov2025-12-291-0/+65
| | | | | | | Reviewed by: alc, emaste Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D54365
* tdestroy(3) man pageKonstantin Belousov2025-12-292-3/+25
| | | | | | | Reviewed by: alc, emaste, ziaee Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D54365
* libc: add glibc-compatible tdestroy(3)Konstantin Belousov2025-12-293-0/+70
| | | | | | | | | | | The function clears the whole tree. Relnotes: yes Reviewed by: alc, emaste Discussed with: dougm Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D54365
* libc/stdlib/Makefile: one line for each source file nameKonstantin Belousov2025-12-291-13/+69
| | | | | | | Reviewed by: alc, emaste Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D54365
* man pages: provide some description for extended errorsKonstantin Belousov2025-12-291-0/+16
| | | | | | | | | , related functions, and the EXTERROR_VERBOSE environment variable. Reviewed by: emaste, mckusick Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D54380
* exterr: in verbose mode, print the source file nameKonstantin Belousov2025-12-291-4/+17
| | | | | | | Reviewed by: emaste, mckusick Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D54380
* Add automatically generated file libc/gen/exterr_cat_filenames.hKonstantin Belousov2025-12-291-0/+17
| | | | MFC after: 1 week
* exterror: Add EXTERROR_VERBOSE env variable to control verbosityKonstantin Belousov2025-12-291-5/+48
| | | | | | | | | | | | If the variable is set and the process is not suid, __uexterr_format(), used by err(3), prints errno/category/source line/pX always, not only when there is no kernel message provided. Requested by: mckusick Reviewed by: emaste, mckusick Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D54380
* exterror: add support for the format specifiers in the extended error msgKonstantin Belousov2025-12-291-1/+2
| | | | | | | | | | Note that we trust kernel code to only request the printout of integer types, and use the 'j' modifier always. Reviewed by: emaste, mckusick Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D54380
* libc/gen/err.c: remove 'extended error' herald from extended error outputKonstantin Belousov2025-12-291-1/+1
| | | | | | | Reviewed by: emaste, mckusick Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D54380
* libc/amd64: Disable baseline version of stpncpy()Dag-Erling Smørgrav2025-12-161-0/+2
| | | | | | | | | This implementation appears to be broken on some CPUs. Disable it until the issue can be investigated and fixed. PR: 291720 Fixes: 66eb78377bf1 ("libc/amd64: fix overread conditions in stpncpy()") Fixes: 90253d49db09 ("lib/libc/amd64/string: add stpncpy scalar, baseline implementation")
* libc/test: fix typoRobert Clausecker2025-12-141-1/+1
| | | | | | | I misapplied ngie's recommended correction. Fixes: 123c086200491819595abc271d360e605288fd18 Differential Revision: https://reviews.freebsd.org/D54169
* libc/amd64: fix overread conditions in stpncpy()Robert Clausecker2025-12-141-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to incorrect unit test design, two overread conditions went undetected in the amd64 baseline stpncpy() implementation. For buffers of 1--16 and 32 bytes that do not contain nul bytes and end exactly at a page boundary, the code would incorrectly read 16 bytes from the next page, possibly crossing into an unmapped page and crashing the program. If the next page was mapped, the code would then proceed with the expected behaviour of the stpncpy() function. Three changes were made to fix the bug: - an off-by-one error is fixed in the code deciding whether to enter the runt case or not, entering it for 0<n<=32 bytes instead of 0<n<32 bytes as it was before. - in the runt case, the logic to skip reading a second 16-byte chunk if the buffer ends in the first chunk was fixed to account for buffers that end at a 16-byte boundary but do not hold a nul byte. - in the runt case, the logic to transform the location of the end of the input buffer into a bit mask was fixed to allow the case of n==32, which was previously impossible due to the incorrect logic for entering said case. The performance impact should be minimal. PR: 291359 See also: D54169 Reported by: Collin Funk <collin.funk1@gmail.com> Reviewed by: getz Approved by: markj (mentor) MFC after: 1 week Fixes: 90253d49db09a9b1490c448d05314f3e4bbfa468 (D42519) Differential Revision: https://reviews.freebsd.org/D54170
* libc/tests/string: improve stpncpy() "bounds" unit testRobert Clausecker2025-12-141-16/+39
| | | | | | | | | | | | | | | | The test is extended the same way I previously extended the memccpy() test to fix what is probably the same kind of bug. PR: 291359 Reported by: Collin Funk <collin.funk1@gmail.com> Reviewed by: ngie Approved by: markj (mentor) Fixes: 6fa9e7d8737548ef93c573387ce62402c368d486 (D42519) See also: 61ed5748e4e9c7397fcb2638b442f46ac5c9e7c5 (D46051) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D54169 lib/libc/tests/string/stpncpy_test.c: apply ngie's fixes
* get*ent: be consistant about _ALIGN(p) - pBrooks Davis2025-12-107-13/+21
| | | | | | | | | | | | | Add an nscache specific inline function to calculate the misalignment rather than adding and subtracting _ALIGN(p) and p which can take the buffer far out of bound (undefined behavior in C and unsupported on CHERI). Reviewed by: kib Effort: CHERI upstreaming Obtained from: CheriBSD Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D53945
* libc/string: add strdupa(3) and strndupa(3)Konstantin Belousov2025-12-082-2/+36
| | | | | | | Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D54066
* libc/string: put source files list one item per lineKonstantin Belousov2025-12-081-23/+121
| | | | | | | Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D54066
* libc/limits_test: add no-op testcase to satisfy kyuaSiva Mahadevan2025-12-051-1/+4
| | | | | | | | | | | | | This test suite is purely tested with compile-time assertions, so it needs a dummy runtime test to ensure that kyua reports the file as passing. Pull Request: https://github.com/freebsd/freebsd-src/pull/1915 Sponsored by: The FreeBSD Foundation Reviewed by: fuz Approved by: markj (mentor) MFC after: 1 month Signed-off-by: Siva Mahadevan <me@svmhdvn.name>
* libc/stdc_has_single_bit.c: fix gcc warning (-Wparentheses)Robert Clausecker2025-12-031-5/+5
| | | | | | | | | | | | gcc14 is concerned that the operator precedence between - and & might be confusing. Throw in some redundant parentheses to make it shut up. The LLVM build was fine before this change. Reported by: Martin Filla <freebsd@sysctl.cz> Approved by: markj (mentor) MFC after: 1 month Fixes: 6296500a85c8474e3ff3fe2f8e4a9d56dd0acd64 Differential Revision: https://reviews.freebsd.org/D54057
* libc: Fix TESTSDIR for new stdbit testsJessica Clarke2025-12-011-0/+2
| | | | | | | | | | Otherwise the directory created by etc/mtree/BSD.tests.dist, which is where these belong, and referred to by the generated Kyuafile for /usr/tests/lib/libc (via stdbit's existence in TESTS_SUBDIRS), ends up empty with no Kyuafile, which is an error for kyua. Reported by: kp Fixes: 2fb8cbc6ef1b ("libc/tests: add stdbit test framework and unit tests")
* man/man3: add cross references to stdbit(3)Robert Clausecker2025-11-301-0/+2
| | | | | | | | Add cross references to relevant stdbit man pages Approved by: markj (mentor) MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D53661
* libc/tests: add stdbit test framework and unit testsRobert Clausecker2025-11-3018-0/+511
| | | | | | | | | | | | This adds unit tests for all 70 functions in <stdbit.h>. I'm sorry for the test framework, but it makes it so I don't have to write 70 unit tests by hand. Reviewed by: adrian, des Approved by: markj (mentor) MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D53660
* libc/stdbit: add man pages for stdbit functionsRobert Clausecker2025-11-3015-0/+1283
| | | | | | | | | | | | This adds man pages for each group of functions in <stdbit.h>. The man pages have cross references to one-another. Cross references from external man pages to these will be added in a later commit. Reviewed by: pauamma@gundo.com, kib Approved by: markj (mentor) MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D53659
* libc: implement C23 <stdbit.h> functionsRobert Clausecker2025-11-3017-0/+847
| | | | | | | | | | | | | | This new header complies with ISO/IEC 9899:2024 (C23). Contrary to glibc, we do not provide inline definitions in <stdbit.h> as we expect our system compiler to soon recognise these as builtins anyway. Relnotes: yes MFC after: 1 month Reviewed by: adrian Approved by: markj (mentor) Differential Revision: https://reviews.freebsd.org/D53657
* libc/tests: add test for *_MAX, *_MIN, and *_WIDTHRobert Clausecker2025-11-302-0/+102
| | | | | | | | | | This file checks the correctness of the various _MAX, _MIN, and _WIDTH macros defined for the libc types. It assumes that none of the types have padding bits. Approved by: markj (mentor) MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D53831
* libc: remove ARMv5/6 from man pageMinsoo Choo2025-11-291-4/+1
| | | | | | Signed-off-by: Minsoo Choo <minsoochoo0122@proton.me> Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1903
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-27 22:58:15 +0000