Fix sys_shmat().
The shminfo.shmseg could be changed via sysctl during sleeping malloc().
It only grows, so we access memory outside of allocated chunk within the
following 'for' loop. This issue was exposed by syzkaller [1].
Also, p->p_vmspace points to the ps_vmspace common to the whole process,
so p->p_vmspace->vm_shm could be already set by concurrent sys_shmat()
thread. We need to check this case, otherwise the pointer to
concurrently allocated segment will be overwritten.
1. https://syzkaller.appspot.com/bug?extid=9669e87e543ae1f05884
ok deraadt
Replace semid_ds with semid_ds_kern for in-kernel sysv semaphore
implementation.
Note, the buffer used for userland dlivery in sysctl_sysvipc() was
filled with zeros during allocation, we don't need extra zeroing.
ok deraadt millert
usr.sbin/relayd: handle HTTP responses without bodies
RFC 9112 section 6.3 specifies that responses to HEAD requests, and
responses with 1xx, 204, or 304 status codes, are terminated by the
empty line after the header section regardless of Content-Length or
Transfer-Encoding. They cannot contain a message body or trailer
section.
Teach relayd to apply that framing rule before deciding whether a
response body is bounded. Otherwise relayd treats these responses as
unbounded, adds Connection: close, and can forward both the backend's
Connection: keep-alive and its own Connection: close.
Tweaks and OK: rsadowski@
Import devel/scnlib
scnlib is a modern C++ library for replacing scanf and std::istream.
This library attempts to move us ever so much closer to replacing
iostreams and C stdio altogether. It's faster than iostream, and
type-safe, unlike scanf. Think {fmt} or C++20 std::format, but in
the other direction.
ok rsadowski@
repair more prototypes for pseudo-device attach functions
pppattach and spppattach should have a single int parameter to match
what's in ioconf.c.
also noticed independently by jsg@; ok jsg@
