openbsd/src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2026-06-18 07:13:36 +02:00
Code Activity

Commit Graph

  • 2f1744f1f4 openssl s_client: avoid two out of bounds writes tb 2026-05-09 14:16:37 +00:00
  • 0dafc4003a Simplify previous by shifting the rcpi value first then use a common mask. Also set ic_max_rssi = 0 since this driver will uses DBm reporting. claudio 2026-05-09 12:13:15 +00:00
  • a91355d1f3 Implement RSSI reporting for mwx(4). claudio 2026-05-09 11:49:46 +00:00
  • 177318a750 libssl: record extension lengths in ClientHello hashing tb 2026-05-09 11:45:50 +00:00
  • faf182d374 ssl_lib: trade two extra empty lines for a missing one tb 2026-05-09 11:29:51 +00:00
  • 6eb008e379 unifdef call into removed sparc-only tctrl(4) jsg 2026-05-09 11:20:54 +00:00
  • a150599321 PKCS#12: fix erroneous error check in PKCS12_newpass() tb 2026-05-09 10:52:02 +00:00
  • a948fd097e remove unneeded ufs/ffs/fs.h includes jsg 2026-05-09 09:11:47 +00:00
  • 84482c2d31 Use uint32_t instead of SHA_LONG in the SHA-256 code. jsing 2026-05-09 07:14:42 +00:00
  • f35adb275c Use W rather than X for the SHA-256 message schedule. jsing 2026-05-09 07:12:51 +00:00
  • 7b35a4fe6a Use consistent variable names in the sha256 code. jsing 2026-05-09 07:11:05 +00:00
  • 0eb29a1099 Use crypto_add_u32dw_u64() to increment SHA-256 message bit counter. jsing 2026-05-09 07:08:43 +00:00
  • dcbba1f6b3 Correct argument type for SHA context. jsing 2026-05-09 07:03:49 +00:00
  • ca56b5a4b5 Correct argument type in comments. jsing 2026-05-09 07:02:29 +00:00
  • 5f126d4ce1 remove unneeded mpls.h includes jsg 2026-05-09 06:36:06 +00:00
  • fc4fe263ab MT_DMASHDL_SW_CONTROL is accessed via remapping. Define it with the explicit address 0x7c026004 as Linux does to avoid confusion. kevlo 2026-05-09 05:50:33 +00:00
  • 387d82fb61 split: allocate space for NUL terminator in CSV mode millert 2026-05-09 02:13:21 +00:00
  • 61a495c8c6 Avoid recursive cleanup in getrrsetbyname() tb 2026-05-09 01:54:51 +00:00
  • ec14518eb5 avoid leaking memory when mbuf chain allocations fail in tun_dev_write() dlg 2026-05-09 01:47:12 +00:00
  • 800aa5a38c rpki-client: fix ip_addr_check_overlap() tb 2026-05-09 01:42:30 +00:00
  • 9dee11da98 rpki-client: fix shortlist and skiplist checks tb 2026-05-09 01:22:32 +00:00
  • c207c8e9b2 detect out of bound reads from an int overflow in the bpf_mem backends. dlg 2026-05-09 00:37:45 +00:00
  • e402aac5b4 Add wide version of open_memstream regress. millert 2026-05-08 14:37:16 +00:00
  • b751158fbe Adapt the negative seek fix from rev 1.8 of open_memstream.c millert 2026-05-08 14:30:57 +00:00
  • 34e7bded0e remove unused plic.h; ok kettenis@ jsg 2026-05-08 12:25:33 +00:00
  • 4ef7690b02 bgpd: continue converting loop counters from uint8_t to u_int tb 2026-05-08 12:03:50 +00:00
  • 2d98a1950a Do sleeping malloc() and copyin() before checks within sys_semop(). Otherwise the semaphore id referenced by `semaptr' could be destroyed or replaced during context switch. mvs 2026-05-08 09:38:07 +00:00
  • 968c8b9e3e sync jsg 2026-05-08 07:18:02 +00:00
  • 682697e54d Do not cache format for status line because it stores various pointers that might be stale, instead cache the cmd_find_state and rebuild the formats every time they are needed. Reported by Marcel Partap in GitHub isue 5065. nicm 2026-05-08 06:57:38 +00:00
  • 9259edce4a Solve an infinite loop on malformed ed script input renaud 2026-05-08 06:35:47 +00:00
  • 592256e2a3 pf(4): load balancer rpool->weight is never zero, state that explicitly in code to make future reviews more smooth. sashan 2026-05-08 06:31:51 +00:00
  • e241fc24cf bgpd: switch last u_int8_t to uint8_t tb 2026-05-08 05:27:25 +00:00
  • f4119e0bbe bgpd: switch two for loop index from u8 to u_int tb 2026-05-08 05:26:32 +00:00
  • 68af95de98 remove bogus ifdefs; ok tb@ jsg 2026-05-08 05:15:20 +00:00
  • 09c0e9f1f2 x509_purp: fix doc comment for check_ca() tb 2026-05-08 04:28:28 +00:00
  • fd0785b0c5 asr regress: workaround due to removal of . from the path tb 2026-05-08 04:13:44 +00:00
  • 2885e4e696 asr regress: /etc/networks was removed in 2018 tb 2026-05-08 04:02:59 +00:00
  • ae42c7c03e asr regress: set -Wno-unused-but-set-variables in CFLAGS tb 2026-05-08 04:02:24 +00:00
  • db105c1133 asr regress: extern three variables to fix build with -fcommon tb 2026-05-08 04:01:04 +00:00
  • d1081477e0 remove unused trunklacp code jsg 2026-05-08 03:45:29 +00:00
  • 49f512cd8c make ifconfig build without trunklacp.h jsg 2026-05-08 03:36:04 +00:00
  • 9c7363c2d6 Add forgotten addpath regress test. claudio 2026-05-07 21:08:40 +00:00
  • d38427aacd Use unsigned int for the length variable when traversing the others array. claudio 2026-05-07 20:35:19 +00:00
  • 32f3526e66 Convert grestart.timeout to uint16_t while the value can never be negative the compiler trips over this in a comparison with u_int. claudio 2026-05-07 18:56:38 +00:00
  • cbb2e5b678 Reduce maximum configurable stale time to CAPA_GR_TIMEMASK (4095) since that is the maximum anyway. claudio 2026-05-07 18:55:05 +00:00
  • dfc436a2a7 A collection of AI-assisted reports come from Frank Denis, which says that the YP getgrent code when doing YP operations has a group of buffer mismanagement issues which in the reports are labelled 'high severity'. This fixes the buffer checks. The big question to ask is this: Is a malicious YP server going to send you messages that exercise a buffer overflow codepath, or are they going to send you perfectly correct messages containing wrong group members? The old-school ypserv model was that you run ypserv on a "trusted network" segment, which today is laughable but it matched operations in that era. (Our) new operational model is that ypbind is reached with a custom system call and provides trusted path to a an on-host ypserv, which is more likely to be the ypldap(8) LDAP schema to YP protocol converter. If a YP server is broken and sending bad messages, THIS code is the least of your worries. High severity? No. ok millert jmatthew deraadt 2026-05-07 18:22:26 +00:00
  • 59d7872af4 A collection of AI-assisted reports come from Frank Denis, which says that the YP getpwent code when doing YP operations has a group of buffer mismanagement issues which in the reports are labelled 'high severity'. This fixes the buffer checks. In reality, the memory being operated on is always a full page so the overflow onto unmanagement memory is hard to see as a risk. The big question to ask is this: Is a malicious YP server going to send you messages that exercise a buffer overflow codepath, or are they going to send you perfectly correct messages containing :0:0: ? The old-school ypserv model was that you run ypserv on a "trusted network" segment, which today is laughable but it matched operations in that era. (Our) new operational model is that ypbind is reached with a custom system call and provides trusted path to a an on-host ypserv, which is more likely to be the ypldap(8) LDAP schema to YP protocol converter. If a YP server is broken and sending bad messages, THIS code is the least of your worries. High severity? No. ok millert jmatthew deraadt 2026-05-07 18:21:27 +00:00
  • 834364c0c8 In the yp_next() case, on error the key memory is leaked. Hiding in an unrelated diff from Frank Denis ok millert jmatthew deraadt 2026-05-07 17:59:56 +00:00
  • e56636e265 In session_graceful_restart() also arm the SessionDown timer claudio 2026-05-07 17:59:15 +00:00
  • ef976b65ce Use macros for global functions and objects within SHA assembly. jsing 2026-05-07 15:50:47 +00:00
  • eaa7a73416 Use defines for symbol offsets in aarch64 assembly. jsing 2026-05-07 15:41:37 +00:00
  • 94719c1d33 Use defines for text and rodata section names in SHA assembly. jsing 2026-05-07 15:40:33 +00:00
  • c4e88d036f Use a define based instruction separator in SHA assembly. jsing 2026-05-07 15:38:03 +00:00
  • 4ef3db58c2 In ipsec_common_input_cb() ensure that the packet size does not overflow the maximum packet size before writing the value back to the IP header. IPv4 and IPv6 have slightly different rules and so do it per AF. claudio 2026-05-07 14:58:03 +00:00
  • 3699ef323c Include the padding length when testing the remaining bytes in an octet string, to prevent a size_t underflow on a malformed packet and make us run into infinity. martijn 2026-05-07 14:51:20 +00:00
  • d8525c0ee8 Template peers need to check xp->rdesession to know if the RDE has the session running or not. Right now it checks the template itself which is never synced. claudio 2026-05-07 14:47:36 +00:00
  • 5105a7b42c Include the padding length when testing the remaining bytes in an octet string, to prevent a size_t underflow on a malformed packet and make us run into infinity. martijn 2026-05-07 14:35:12 +00:00
  • b514ca4504 Default to STDIN_FILENO for the mrtfd so that the documented behaviour of using stdin in show mrt, if no file argument is used, is restored. claudio 2026-05-07 12:35:03 +00:00
  • 35dc093402 Typecast idx to size_t so that the comparison is safe on 32bit arch. claudio 2026-05-07 12:33:12 +00:00
  • e5866aa1e6 KNF claudio 2026-05-07 12:20:42 +00:00
  • b73a2735ae Improve path_calc_hash() claudio 2026-05-07 11:21:24 +00:00
  • a8d6852e57 Fix treat as withdraw handling for invalid ORIGIN attributes claudio 2026-05-07 09:42:26 +00:00
  • b2f9966e67 lower std::deque blocksize if _LIBCPP_USE_LOWER_DEQUE_BLOCK_SIZE is defined robert 2026-05-07 09:28:48 +00:00
  • fc31459de6 Fix two memory accounting issues in chash claudio 2026-05-07 09:22:10 +00:00
  • 045ee73f86 Require layout prefix to be 5 characters, GitHub issue 5067 from cglosner at gmail dot com. nicm 2026-05-07 09:21:05 +00:00
  • dad04fec3d Use simpler logic to ensure path_id_tx is never 0 claudio 2026-05-07 09:19:48 +00:00
  • 87f75ee078 Convert the control_accept pauseaccept timeout to a deadline. claudio 2026-05-07 09:17:27 +00:00
  • 543032af24 Add Emacs-style recentre-top-bottom, GitHub issue 5053 from sinyax75 at gmail dot com. nicm 2026-05-07 09:15:44 +00:00
  • 881b9efb0d drm/amdgpu: fix zero-size GDS range init on RDNA4 jsg 2026-05-07 06:36:31 +00:00
  • 6856f0c8e2 amdgpu/jpeg: fix deepsleep register for jpeg 5_0_0 and 5_0_2 jsg 2026-05-07 06:34:30 +00:00
  • 199e2e1a89 drm/amd: Fix set but not used warnings jsg 2026-05-07 06:31:44 +00:00
  • f3dea0ff1f fix copy-paste error assigning vmc owner fields mlarkin 2026-05-07 06:15:23 +00:00
  • d1c68a1e3f sync sthen 2026-05-06 16:51:30 +00:00
  • eea3785ced Get rid of struct dtls1_retransmit_state. jsing 2026-05-06 15:06:35 +00:00
  • 501fc80d11 Avoid use of uninitialised decode_error variable. jsing 2026-05-06 15:02:51 +00:00
  • b03a69ff5b Add time limit to a couple of other loops. nicm 2026-05-06 13:43:38 +00:00
  • f7b67fbe70 Add missing bounds check for the relocation flags table. ok kettenis@ jsg 2026-05-06 13:30:26 +00:00
  • 468b62575c High Severity end-of-line whitespace found by GrepTechnologies AI ok guenther mlarkin deraadt 2026-05-06 12:54:27 +00:00
  • 5aff7e2bf8 callloc -> calloc tb 2026-05-06 12:07:19 +00:00
  • 3f03630caf fix build with ENCDEBUG defined, broken by rev 1.409 from Jan Schreiber jsg 2026-05-06 11:36:13 +00:00
  • e2945eecee Add checks to make sure that the ELF header and program header fit into the data we read from the on-disk shared library. These checks should only fail for malformed shared libraries, but failing to load a shared library is better than crashing the program because of an out-of-bounds access. kettenis 2026-05-06 09:05:48 +00:00
  • a8c1ae96f5 Fix a regression in rev. 1.269 reported by anton@. schwarze 2026-05-06 08:26:16 +00:00
  • 57704f4fa5 Add missing bounds check for the relocation flags table. Found by Frank Denis using the Swival Security Scanner. kettenis 2026-05-06 08:07:05 +00:00
  • 881e5316ef Size is the number of wide characters, not the number of bytes. The correct amount of memory was allocated but the stored size did not match the allocation due to being multiplied by sizeof(wchar_t). millert 2026-05-06 02:54:35 +00:00
  • 061e996ab8 define HAVE_DECL_REALLOCARRAY to use libc reallocarray() ok millert@ tb@ jsg 2026-05-06 00:07:46 +00:00
  • 7d583815d8 When I added UF_PLEDGEOPEN in the sys_fchflags() chunk I mistakenly used the wrong vnode operation. spotted by Frank Denis using the Swival Security Scanner ok claudio deraadt 2026-05-05 14:01:56 +00:00
  • eec9cf095b Do not sanitize title when popping it from stack, also add a limit to number of pushed titles. nicm 2026-05-05 13:18:46 +00:00
  • ae4d791652 correct bounds test found with smatch, ok tb@ deraadt@ jsg 2026-05-05 13:01:42 +00:00
  • 486d7c837a Frank Denis using the Swival Security Scanner concludes that kill(0,sig) should not be allowed because of a source code comment. Actually, kill of the default pgid 0 MUST be allowed or large amounts of userland software won't work. What pledge prevents is playing with other process groups (ie. -pid where pid is not 0) which require permission from the "proc" pledge. Killing the default pgrp 0 is a common way for privsep (and other) software to tear itself down it's process trees, for cases where a pipe read of 0 doesn't work. The current behaviour is intentional, and the proposed diff was not considered nor tested for consequences. Change the comment very subtly to see which AI/human collaboration fails next. deraadt 2026-05-05 13:00:00 +00:00
  • 0ea3e79d59 wycheproof: add regress target to ensure proper go formatting tb 2026-05-05 12:56:12 +00:00
  • a80b42e23f Use the correct struct itemerval when recording the old value for ktrace. This fixes a potential information leak from an uninitializes stack variable. Found by Frank Denis using the Swival Security Scanner. kettenis 2026-05-05 12:28:59 +00:00
  • afd2c39274 Add missing flags to screen_mode_to_string and do not write before before if any are missed, second bit from qingliu at alauda dot io. nicm 2026-05-05 12:06:52 +00:00
  • f6a78276fd Discard queued data and clear offsets when turning pane off to prevent later read of data that has been removed. From Aaron Campbell in GitHub issue 5054. nicm 2026-05-05 12:02:12 +00:00
  • f168ea5af1 In eigrp the TLV encoding includes the header length in the length encoding. claudio 2026-05-05 11:46:18 +00:00
  • c842882f9d Fix minimal length check for notification status messages. claudio 2026-05-05 11:44:27 +00:00
  • dd38993704 Unlike all other TLV encodings in ldp the sub-tlv includes the header size in its length. Therefore check that the size is at least that of the header. claudio 2026-05-05 11:42:56 +00:00
  • f2c7d03598 Ensure that alt_len includes at least the size of alt.family member to ensure that the parser is not going off the rails. claudio 2026-05-05 11:40:02 +00:00
  • 1193c4b79d Add RK3576 support. kettenis 2026-05-05 10:23:27 +00:00
  • 9845333fcb add parentheses around use of a macro argument jsg 2026-05-05 10:23:06 +00:00
  • f049d1e2dd rpki-client: convert ip.c and mft.c to ASN1_BIT_STRING_get_length() tb 2026-05-05 09:33:15 +00:00