Author: truckman
Date: Sun Nov 12 01:28:20 2017
New Revision: 325731
URL: https://svnweb.freebsd.org/changeset/base/325731
Log:
MFC r325008
Fix Dummynet AQM packet marking function ecn_mark() and fq_codel /
fq_pie schedulers packet classification functions in layer2 (bridge mode).
Du
Author: truckman
Date: Thu May 25 22:41:34 2017
New Revision: 318905
URL: https://svnweb.freebsd.org/changeset/base/318905
Log:
MFC r318527
Fix the queue delay estimation in PIE/FQ-PIE when the timestamp
(TS) method is used. When packet timestamp is used, the "current_qdelay"
keeps sto
Author: truckman
Date: Thu May 25 17:23:26 2017
New Revision: 318886
URL: https://svnweb.freebsd.org/changeset/base/318886
Log:
MFC r318511
The result of right shifting a negative signed value is implementation
defined. On machines without arithmetic shift instructions, zero bits
may b
Author: truckman
Date: Thu Apr 27 07:32:07 2017
New Revision: 317489
URL: https://svnweb.freebsd.org/changeset/base/317489
Log:
MFC r316777 (by cem)
dummynet: Use strlcpy to appease static checkers
Some dummynet modules used strcpy() to copy from a larger buffer
(dn_aqm->name) to a s
Author: truckman
Date: Fri Mar 31 06:33:20 2017
New Revision: 316325
URL: https://svnweb.freebsd.org/changeset/base/316325
Log:
MFC r315516
Change several constants used by the PIE algorithm from unsigned to signed.
- PIE_MAX_PROB is compared to variable of int64_t and the type promot
Author: truckman
Date: Mon Jul 18 06:09:52 2016
New Revision: 302987
URL: https://svnweb.freebsd.org/changeset/base/302987
Log:
MFC r302667
Fix problems in the FQ-PIE AQM cleanup code that could leak memory or
cause a crash.
Because dummynet calls pie_cleanup() while holding a mutex,
Author: truckman
Date: Fri Jul 8 02:52:39 2016
New Revision: 302422
URL: https://svnweb.freebsd.org/changeset/base/302422
Log:
MFC r302338
Fix a race condition between the main thread in aqm_pie_cleanup() and the
callout thread that can cause a kernel panic. Always do the final cleanup
Author: truckman
Date: Wed Jul 6 17:45:38 2016
New Revision: 302377
URL: https://svnweb.freebsd.org/changeset/base/302377
Log:
MFC r300547
Fix multiple Coverity Out-of-bounds access false postive issues in CAM
The currently used idiom for clearing the part of a ccb after its
header
Author: truckman
Date: Wed Jul 6 17:42:09 2016
New Revision: 302376
URL: https://svnweb.freebsd.org/changeset/base/302376
Log:
MFC r299371 (by trasz)
Add "camcontrol reprobe" subcommand, and implement it for da(4).
This makes it possible to manually force updating capacity data
after t
Author: truckman
Date: Mon Jun 20 19:00:47 2016
New Revision: 302032
URL: https://svnweb.freebsd.org/changeset/base/302032
Log:
MFC r300240
Change net.inet.tcp.ecn.enable sysctl mib from a binary off/on
control to a three way setting.
0 - Totally disable ECN. (no change)
1 - Enabl
Author: truckman
Date: Wed Jun 15 06:27:43 2016
New Revision: 301917
URL: https://svnweb.freebsd.org/changeset/base/301917
Log:
MFC r299484, r301574
r299484 | cem | 2016-05-11 15:04:28 -0700 (Wed, 11 May 2016) | 13 lines
random(6): Fix double-close
In the case where a file lacks a
Author: truckman
Date: Wed Jun 15 06:42:30 2016
New Revision: 301921
URL: https://svnweb.freebsd.org/changeset/base/301921
Log:
MFC r301596
Don't leak olinep if malloc() fails.
If malloc() fails to allocate linep, then free olinep (if it exists)
before returning to avoid a memory lea
Author: truckman
Date: Wed Jun 15 06:40:30 2016
New Revision: 301920
URL: https://svnweb.freebsd.org/changeset/base/301920
Log:
MFC r301592
Don't leak addrinfo if ai->ai_addrlen <= minsiz test fails.
If the ai->ai_addrlen <= minsiz test fails, then freeaddrinfo()
does not get called
Author: truckman
Date: Wed Jun 15 06:33:40 2016
New Revision: 301919
URL: https://svnweb.freebsd.org/changeset/base/301919
Log:
MFC r301582
Explicitly NUL terminate the buffer filled by fread().
The fix in r300649 was not sufficient to convince Coverity that the
buffer was NUL te
Author: truckman
Date: Fri Jun 10 00:00:25 2016
New Revision: 301772
URL: https://svnweb.freebsd.org/changeset/base/301772
Log:
MFC r300779, r300781, r300783, r300784, r300949, r301162, r301180
r300779 | truckman | 2016-05-26 14:40:13 -0700 (Thu, 26 May 2016) | 64 lines
Import Dummynet
Author: truckman
Date: Wed Jun 8 01:17:22 2016
New Revision: 301571
URL: https://svnweb.freebsd.org/changeset/base/301571
Log:
MFC r301139
The (i < PROMPTLEN - 1) test added by r300442 in the code for the default
case of \c in the prompt format string is a no-op. We already passed
thi
Author: truckman
Date: Tue Jun 7 16:56:15 2016
New Revision: 301557
URL: https://svnweb.freebsd.org/changeset/base/301557
Log:
MFC r300564
Fix CID 1006692 in /usr/sbin/pw pw_log() function and other fixes
The length of the name returned from the $LOGNAME and $USER can be
very long a
Author: truckman
Date: Tue Jun 7 16:53:05 2016
New Revision: 301556
URL: https://svnweb.freebsd.org/changeset/base/301556
Log:
MFC r299921
Add an assertion to catch a potential underflow in an array index
calculation, though this should not happen in the current code.
Reported by:
Author: truckman
Date: Fri Jun 3 00:48:50 2016
New Revision: 301231
URL: https://svnweb.freebsd.org/changeset/base/301231
Log:
MFC r266941, r266955
Needed for anticipated dummynet AQM MFC next week.
r266941 | hiren | 2014-06-01 00:28:24 -0700 (Sun, 01 Jun 2014) | 9 lines
ECN mark
Author: truckman
Date: Wed Jun 1 22:39:15 2016
New Revision: 301178
URL: https://svnweb.freebsd.org/changeset/base/301178
Log:
MFC r300705 (compensating for fortune moving from games to usr.bin)
Avoid buffer overflow when copying the input file name and appending .dat.
Check the retur
Author: truckman
Date: Wed Jun 1 17:57:56 2016
New Revision: 301156
URL: https://svnweb.freebsd.org/changeset/base/301156
Log:
MFC r300706
Avoid buffer overflow or truncation when constructing path_zoneinfo_file.
Reported by: Coverity
CID: 1011160
Modified:
stable/10/us
Author: truckman
Date: Wed Jun 1 17:47:34 2016
New Revision: 301155
URL: https://svnweb.freebsd.org/changeset/base/301155
Log:
MFC r300692
Close the input FILE * in read_file() and the output FILE * in write_file()
if read_stream() or write_stream() fails to avoid leaking the FILE.
Author: truckman
Date: Wed Jun 1 17:45:00 2016
New Revision: 301154
URL: https://svnweb.freebsd.org/changeset/base/301154
Log:
MFC r300666
Call closedir() before returning from fetchListFile() to avoid a leak.
Reported by: Coverity
CID: 1016697
Modified:
stable/10/lib/l
Author: truckman
Date: Wed Jun 1 17:43:04 2016
New Revision: 301153
URL: https://svnweb.freebsd.org/changeset/base/301153
Log:
MFC r300665
Don't leak addrinfo in fetch_bind()
Submitted by: Coverity
CID: 1225038
Modified:
stable/10/lib/libfetch/common.c
Directory Properti
Author: truckman
Date: Wed Jun 1 17:41:00 2016
New Revision: 301152
URL: https://svnweb.freebsd.org/changeset/base/301152
Log:
MFC r300664
Fix Coverity CID 978183 Resource leak in rexec().
Close the socket if connect() fails to avoid leaking it.
Reported by: Coverity
CID:
Author: truckman
Date: Wed Jun 1 17:39:03 2016
New Revision: 301151
URL: https://svnweb.freebsd.org/changeset/base/301151
Log:
MFC r300662
Fix Coverity CID 1016714 Resource leak in process_file_actions_entry()
Don't leak a file descriptor of _dup2() fails (shouldn't happen).
Repo
Author: truckman
Date: Wed Jun 1 17:37:16 2016
New Revision: 301150
URL: https://svnweb.freebsd.org/changeset/base/301150
Log:
MFC r300660
Fix 1016718 Resource leak.
Don't leak a file descriptor if fchdir() fails.
Reported by: Coverity
CID: 1016718
Modified:
stable
Author: truckman
Date: Wed Jun 1 17:35:03 2016
New Revision: 301149
URL: https://svnweb.freebsd.org/changeset/base/301149
Log:
MFC r300649
Fix Coverity CID 1019054 (String not null terminated) in setfacl.
Increase the size of buf[] by one to allow room for a NUL character
at the end
Author: truckman
Date: Wed Jun 1 17:33:02 2016
New Revision: 301148
URL: https://svnweb.freebsd.org/changeset/base/301148
Log:
MFC r300648
Fix CID 1011370 (Resource leak) in ps.
There is no need to to call strdup() on the value returned by fmt().
The latter calls fmt_argv() which al
Author: truckman
Date: Wed Jun 1 17:30:50 2016
New Revision: 301147
URL: https://svnweb.freebsd.org/changeset/base/301147
Log:
MFC r300643
Close from_fd if malloc() fails to avoid a file descriptor leak.
Reported by: Coverity
CID: 1007203
Modified:
stable/10/bin/mv/mv.c
Author: truckman
Date: Wed Jun 1 17:29:15 2016
New Revision: 301146
URL: https://svnweb.freebsd.org/changeset/base/301146
Log:
MFC r300642
Match the descriptions of the \H and \h prompt string sequences to reality.
They were swapped.
X-Confirmed by: jilles
Modified:
stable/
Author: truckman
Date: Wed Jun 1 17:18:35 2016
New Revision: 301143
URL: https://svnweb.freebsd.org/changeset/base/301143
Log:
MFC r300635
Call free(cur) if strdup(dirp->d_name) fails to avoid a memory leak.
Reported by: Coverity
CID: 1007414
Modified:
stable/10/usr.sbi
Author: truckman
Date: Wed Jun 1 17:20:36 2016
New Revision: 301144
URL: https://svnweb.freebsd.org/changeset/base/301144
Log:
MFC r300636
Delay calling yp_malloc_dnsent() until after some additional sanity
checks to avoid leaking memory on error returns.
Reported by: Coverity
CI
Author: truckman
Date: Wed Jun 1 17:16:35 2016
New Revision: 301142
URL: https://svnweb.freebsd.org/changeset/base/301142
Log:
MFC r300633
Fix acpidb CIDs 1011279 (Buffer not null terminated) and 978405 and
1199380 (Resource leak).
load_dsdt() calls strncpy() to copy a filename and
Author: truckman
Date: Wed Jun 1 17:13:43 2016
New Revision: 301141
URL: https://svnweb.freebsd.org/changeset/base/301141
Log:
MFC r300632
Fix acpidump CID 1011278 (Buffer not null terminated) and other issues
Coverity reports that a buffer used for temporary file generation
might n
Author: truckman
Date: Wed Jun 1 17:09:50 2016
New Revision: 301140
URL: https://svnweb.freebsd.org/changeset/base/301140
Log:
MFC r300442
Hopefully fix Coverity CID 1008328 (Out-of-bounds write) in /bin/sh.
Replace the magic constant 127 in the loop interation count with
"PROMPTLEN
Author: truckman
Date: Mon May 23 05:45:52 2016
New Revision: 300473
URL: https://svnweb.freebsd.org/changeset/base/300473
Log:
MFC r35
swprintf() and apparently wcsftime() want the their output buffer size
specified in terms of the the number of wide characters and not
sizeof(buffe
Author: truckman
Date: Mon May 23 05:43:59 2016
New Revision: 300472
URL: https://svnweb.freebsd.org/changeset/base/300472
Log:
MFC r32
When clearing rtmsg, pass &rtmsg to bzero() instead of the address of
just the header
Reported by: Coverity
CID: 1007568, 1194256
M
Author: truckman
Date: Mon May 23 05:41:23 2016
New Revision: 300470
URL: https://svnweb.freebsd.org/changeset/base/300470
Log:
MFC r21
Don't walk off the end of the array when proto isn't explicitly
listed above. Instead update the catch-all "Others" bucket.
Reported by: Cover
Author: truckman
Date: Mon May 23 05:38:40 2016
New Revision: 300469
URL: https://svnweb.freebsd.org/changeset/base/300469
Log:
MFC r299988
Set ai2 to NULL in in find_host() before the loop and after calling
freeaddrinfo() on it to indicate that it doesn't point to a valid
addrinfo list
Author: truckman
Date: Mon May 23 05:27:31 2016
New Revision: 300463
URL: https://svnweb.freebsd.org/changeset/base/300463
Log:
MFC r299986
Actually use the loop interation limit so carefully computed on the
previous line to prevent buffer overflow. This turns out to not be
important b
Author: truckman
Date: Mon May 23 05:25:29 2016
New Revision: 300461
URL: https://svnweb.freebsd.org/changeset/base/300461
Log:
MFC r299971
Fix off by one error that overflowed the rep_len array when doing
the final NUL termination.
Reported by: Coverity
CID: 1007617
Mod
Author: truckman
Date: Mon May 23 05:21:55 2016
New Revision: 300459
URL: https://svnweb.freebsd.org/changeset/base/300459
Log:
MFC r299953
Fix an off by one error to avoid overflowing rp[].
Reported by: Coverity
CID: 1007579
Modified:
stable/10/usr.sbin/makefs/mtree.c
D
Author: truckman
Date: Mon May 23 05:19:37 2016
New Revision: 300458
URL: https://svnweb.freebsd.org/changeset/base/300458
Log:
MFC r299952
Increase size of argv[] array to avoid running off the end.
Reported by: Coverity
CID: 1193819
Modified:
stable/10/usr.bin/ldd/ldd.
Author: truckman
Date: Mon May 23 05:14:26 2016
New Revision: 300456
URL: https://svnweb.freebsd.org/changeset/base/300456
Log:
MFC r299948
Set retval in the empty password case to avoid a path through the
code that fails to set retval before falling through to the final
return().
Author: truckman
Date: Mon May 23 05:11:08 2016
New Revision: 300453
URL: https://svnweb.freebsd.org/changeset/base/300453
Log:
MFC r299926
Hoist the getpwnam() call outside the first if/else block in
pam_sm_chauthtok(). Set user = getlogin() inside the true
branch so that it is initia
Author: truckman
Date: Mon May 23 05:07:13 2016
New Revision: 300452
URL: https://svnweb.freebsd.org/changeset/base/300452
Log:
MFC r299922
Don't call free_addrselectpolicy(&policyhead) before policyhead has been
initialized.
Reported by: Coverity
CID: 1018727
Modified:
Author: truckman
Date: Mon May 23 04:52:27 2016
New Revision: 300451
URL: https://svnweb.freebsd.org/changeset/base/300451
Log:
MFC r299897
NULL releasedfl after calling deallocate_file_lock() which frees it
to avoid a use-after-free error in the debuglog() call at the top
of the loop.
Author: truckman
Date: Mon May 23 04:50:01 2016
New Revision: 300450
URL: https://svnweb.freebsd.org/changeset/base/300450
Log:
MFC r299894
pdu_delete(request) frees request, so move the call after
login_new_response(request) to avoid a use-after-free error
Reported by: Coverity
C
Author: truckman
Date: Mon May 23 04:47:24 2016
New Revision: 300449
URL: https://svnweb.freebsd.org/changeset/base/300449
Log:
MFC r299893
Don't free fnamebuf before we calling cfgfile_add(). This changes a
use-after-free error into a minor memory leak.
Reported by: Coverity
CID
Author: truckman
Date: Fri May 20 07:18:33 2016
New Revision: 300286
URL: https://svnweb.freebsd.org/changeset/base/300286
Log:
MFC r299879, r299880
r299879 | truckman | 2016-05-15 18:30:32 -0700 (Sun, 15 May 2016) | 7 lines
Likely a false positive ... but make sure that -1 can't be us
Author: truckman
Date: Fri May 20 07:14:03 2016
New Revision: 300285
URL: https://svnweb.freebsd.org/changeset/base/300285
Log:
MFC r299873
Use strlcpy() instead of strncpy() when copying ifname to ensure
that it is NUL terminated. Additional NUL padding is not required
for short names
Author: truckman
Date: Fri May 20 07:11:04 2016
New Revision: 300284
URL: https://svnweb.freebsd.org/changeset/base/300284
Log:
MFC r299869
Use strlcpy() instead of strncpy() when copying ifname to ensure
that it is NUL terminated. Additional NUL padding is not required
for short names
Author: truckman
Date: Fri May 20 07:08:19 2016
New Revision: 300283
URL: https://svnweb.freebsd.org/changeset/base/300283
Log:
MFC r299868
Use strlcpy() instead of strncpy() when copying ifname to ensure
that it is NUL terminated. Additional NUL padding is not required
for short names
Author: truckman
Date: Fri May 20 07:00:11 2016
New Revision: 300281
URL: https://svnweb.freebsd.org/changeset/base/300281
Log:
MFC r299867
Use strlcpy() instead of strncpy() when copying ifname to ensure
that it is NUL terminated. Additional NUL padding is not required
for short names
Author: truckman
Date: Fri May 20 06:56:43 2016
New Revision: 300279
URL: https://svnweb.freebsd.org/changeset/base/300279
Log:
MFC 299866
Use strlcpy() instead of strncpy() when copying ifname to ensure
that it is NUL terminated. Additional NUL padding is not required
for short names.
Author: truckman
Date: Fri May 20 06:54:59 2016
New Revision: 300278
URL: https://svnweb.freebsd.org/changeset/base/300278
Log:
MFC r299865
When handling SIOCSIFNAME ensure that the new interface name is NUL
terminated. Reject the rename attempt if the name is too long.
Modified:
stab
Author: truckman
Date: Fri May 20 06:47:42 2016
New Revision: 300276
URL: https://svnweb.freebsd.org/changeset/base/300276
Log:
MFC r299593
Properly compute the size argument to pass to malloc().
Reported by: Coverity
CID: 1198856
Modified:
stable/10/usr.sbin/bsnmpd/tool
Author: truckman
Date: Fri May 20 06:43:55 2016
New Revision: 300275
URL: https://svnweb.freebsd.org/changeset/base/300275
Log:
MFC r299592
Move a call to cam_freeccb() to avoid a use after free error and
a later double free.
Reported by: Coverity
CID: 1018507
Modified:
Author: truckman
Date: Fri May 20 06:41:26 2016
New Revision: 300274
URL: https://svnweb.freebsd.org/changeset/base/300274
Log:
MFC r299591
Always return either a dynamically allocated string or NULL from
expand(). Never return the name parameter, which could be a the buf[]
buffer whic
Author: truckman
Date: Fri May 20 06:38:46 2016
New Revision: 300273
URL: https://svnweb.freebsd.org/changeset/base/300273
Log:
MFC r299585
Declare line[] in the outermost scope of retrieve() instead of
declaring it in an inner scope and then using it via a pointer
in the outer scope.
Author: truckman
Date: Fri May 20 06:35:14 2016
New Revision: 300272
URL: https://svnweb.freebsd.org/changeset/base/300272
Log:
MFC r299581
Use strlcpy() instead of strncpy() to ensure that qf->fsname is NUL
terminated. Don't bother checking for truncation since the subsequent
stat() c
Author: truckman
Date: Fri May 20 06:33:02 2016
New Revision: 300271
URL: https://svnweb.freebsd.org/changeset/base/300271
Log:
MFC r299580
Use strlcpy() instead of strncpy() to ensure that ret->name is
NUL terminated. The source and destination buffers are the same
size and the source
Author: truckman
Date: Fri May 20 06:27:58 2016
New Revision: 300270
URL: https://svnweb.freebsd.org/changeset/base/300270
Log:
MFC r299579
Use strlcpy() instead of strncpy() to ensure that qup->fsname is NUL
terminated. Don't bother checking for truncation since the subsequent
quota_r
Author: truckman
Date: Fri May 20 06:24:16 2016
New Revision: 300269
URL: https://svnweb.freebsd.org/changeset/base/300269
Log:
MFC r299577, r299578, r299589
r299577 | truckman | 2016-05-12 16:14:31 -0700 (Thu, 12 May 2016) | 15 lines
Avoid Coverity NUL termination warning about strncp
Author: truckman
Date: Fri May 20 06:19:00 2016
New Revision: 300268
URL: https://svnweb.freebsd.org/changeset/base/300268
Log:
MFC r290903, r299573
r290903 is needed to prevent a conflict whem merging r299573
r290903 | araujo | 2015-11-15 19:18:40 -0800 (Sun, 15 Nov 2015) | 5 lines
Author: truckman
Date: Fri May 20 06:05:20 2016
New Revision: 300266
URL: https://svnweb.freebsd.org/changeset/base/300266
Log:
MFC r299525
Use strlcpy() instead of strncpy() when copying date and subj
to ensure that these are properly NUL terminated since they
are passed to print
Author: truckman
Date: Fri May 20 06:02:44 2016
New Revision: 300265
URL: https://svnweb.freebsd.org/changeset/base/300265
Log:
MFC r299524
Use strlcpy() instead of strncpy() when copying the encoding value
to ensure that the destination is NUL terminated. Length truncation
of on
Author: truckman
Date: Wed Mar 9 17:40:33 2016
New Revision: 296568
URL: https://svnweb.freebsd.org/changeset/base/296568
Log:
MFC r283869 (by araujo)
Fix the wrong format, format specifies type 'int' but the argument has type
'long', it was spotted by clang.
Modified:
stable/10/contr
69 matches
Mail list logo
