Avoid infinite loop when parsing PFKEY replies
In bgpd, iked, isakmpd, ldpd and sasyncd we have similar code to
parse PFKEY replies from the kernel. To avoid an infinite loop on
malformed replies validate the SADB extension size.
For consistency with the other daemons rewrite the parsing loop of
iked.
sasyncd already validates the extension size, so no change needed.
ok claudio@ tb@ tobhe@
Adjust the adjout_prefix_dump walker to operate using the adjout_bid
and stop using peer_get() in the walker.
This fixes the peer_reaper walker which before this was not working
at all. The peer reaper removed the peer from the RB tree before walking
the table and so peer_get() would return NULL and abort the walk immediatly.
Adjust the adjout_prefix_dump context to use the adjout_bid and stop using
peer->conf.id and peer_get.
To make this work the following changes are needed:
- For the callback drop the struct rde_peer argument instead add a uint32_t
bid argument.
- adjout_prefix_first() also needs to switch to using the adjout bitmask id
instead of using the peer directly.
- also change adjout_prefix_next() just to be in sync with
adjout_prefix_first()
- In most callbacks use the arg pointer to pass in the peer
- Adjust rde_dump_ctx_new() and rde_dump_adjout_upcall(). The latter now
[8 lines not shown]
The extended nexthop capability only works with 'fib-update no'
enfoce this in the parser.
Right now there is no FIB support for IPv6 nexthops for IPv4 routes.
Both the bgpd kroute.c code and the OpenBSD network stack are not ready
for this. This feature is currently only used to allow some IXP to play
with RFC8950 so no FIB support is fine for that use case.
Protect other people from tripping over this thinking there is full support.
Issue brought up by a report from 7Asecurity
OK tb@
In rde_attr_missing() make sure the nexthop attribute is present if there
is any nlri data. In rde_as4byte_fixup() only run if ATTR_ASPATH is present.
Depending the nexthop attribute on MP_REACH is not correct since and UPDATE
can in theory carry both MP_REACH nlri and old school IPv4 nlri.
rde_as4byte_fixup() should only fixup paths that have
- ATTR_AS4_AGGREGATOR or ATTR_AS4_PATH present
- ATTR_ASPATH must be present as well
- no parse error (F_ATTR_PARSE_ERR)
The rde_as4byte_fixup() is entered all the time even for path that only
contain an ATTR_MP_UNREACH (which then could also include an ATTR_AS4_PATH
but no ATTR_ASPATH).
Reported by 7Asecurity
OK tb@
Add window-pane-status-format options and adjust the default second
status line to show panes, also change how window-style is checked now
it is a pane option.
use I/O submission queue entry size reported by controller
On the Apple T2 NVMe, 128-byte submission queue entries on I/O
queues are required instead of the standard 64 bytes.
ok jmatthew
rpki-client: use sentinel idiom for timegm(3) error check
We currently fail on ASN.1 times before the epoch. There is nothing wrong
in principle with those. Both UTCTime and GeneralizedTimes can represent
such times and we should be able to accept them.
Modern OpenSSL and LibreSSL ensure in ASN1_TIME_to_tm() that the times are
well formed according to the DER, so this call is really only a translation
step.
ok claudio deraadt
ssh: use sentinel idiom for timegm(3) and mktime(3)
There is nothing wrong with times before the epoch, even -1, so use the
idiom recently added to the CAVEATS section to figure out whether there
was an error in the timegm() or mktime() calls.
We should sweep the tree for this. If anyone is bored, feel free to beat
me to it...
ok deraadt djm
A new variable (RELINK) makes rules for creating a relink tar file and
installing it in the correct place. The variable needs to be a test
command which verifies the re-linked binary works correctly, which
requires it to exit(0).
This 1-liner will replace the large adhoc relink tarfile production
in the Makefiles of various relinked programs.
