Replace assert() with a graceful failure by aborting the http request.
An overlong HTTP line can fill the receive buffer to its max but then
http_get_line() would still return NULL trying to read more data.
Since the buffer is full the assert would trigger. Now the http request
is terminated.
Reported by Frank Denis
OK tb@
For bgpctl show mrt detail print the last change time as an ISO format time.
If abs_time is set then switch fmt_monotime() to absolute timestamps.
This uses monotime_to_time, gmtime and strftime("%FT%TZ") to get an
ISO format timestamp string.
While there also adjust get_rel_monotime() to be more like
monotime_to_time() and stop treating negative numbers as error.
In fmt_monotime() check the monotime against 0 to print 'Never' for timers
that are not running.
With this bgpctl show mrt detail prints:
Last update: 2019-05-08T20:03:06Z
OK tb@
rfc3779 test: exercise IPAddressFamily_cmp a bit more
This populates an IPAddrBlocks object with not all that sensible data and
tests behavior of serialization and deserialization of this thing. Prior
to x509_addr.c rev 1.96 this would call memcmp() on NULL.
Implement a better fix. The previous fix allowed to overflow in a
different spot. This would still only lead to a crash, and would only be
reachable by arbitrary users if the admin enabled the agentx socket, and
set custom permissions.
OK deraadt@, mvs@
mention that compression could potentially leak information about session
contents (cf. the CRIME attack on TLS) if a connection allows attacker-
controlled traffic over it alongside trused traffic. This might occur
in some forwarding scenarios.
with deraadt@
In the vscsi_callback() handle ISCSI_SCSI_STAT_CHCK_COND more carefully.
Especially the embedded sense data needs to be extracted respecting the
real buffer length. Make sure at least 2 bytes are availabe for the lenght
and also check that the resulting len is not bigger then the buffer
itself.
Reported by Frank Denis
OK deraadt@
Introduce a force_update flag to force pend_prefix_add() calls
in adjout_prefix_update().
peer_dump() can be called with a preloaded Adj-RIB-Out and in that case
the code needs to force updates out. This is done instead of walking the
table twice -- once with peer_dump() and then with peer_blast().
Using the force_update flag there ensures that all entries are properly
sent to the peer.
OK tb@
sndiod: Allow control slots to have NULL opt pointer
This case is not encoutered yet, but to control non-audio properties
the control slots must work with no opt structure.
Adjust last commit, the loop termination was not quite correct.
Set pte to NULL before the inner pt_get loop so that the outer
loop terminates correctly on (!found && pte != NULL).
Since pte is NULL now plen needs to be set earlier as well.
OK tb@
Use clearer semantics on how rde_generate_updates is called.
Adjust prefix_evaluate and prefix_evaluate_nexthop so that
rde_generate_updates() is only called with a few options.
Either new is valid or old is valid. If both are invalid then
there is no need to call rde_generate_updates(). If both are
valid only new matters and old_pathid_tx is set to 0.
In prefix_evaluate() most calls are with either new or old set to NULL.
If both are set then new->path_id_tx == old->path_id_tx.
In prefix_evaluate_nexthop() if old was valid then new becomes invalid
but if old was invalid new may still be invalid.
OK tb@
Respect RTR min-version in the implicit downgrade path and release
activity lock when closing the connection.
Check min_version in the implict downgrade case and error out if the
suggested version is too low. Also trigger the RTR_EVNT_NEGOTIATION_DONE
event only after parsing all of the header. If the PDU was bad don't
trigger this event.
In the rtr_fsm() when closing a connection check the state of the
active_lock and if the lock is held, reset the cache, release the lock and
recalculate the sets. The internal state is corrupt if a connection error
triggerd during an exchange so it makes no sense to carry a bad cache
around.
OK tb@
sndiod: Add a reference counter to the port structure
Using a counter is simpler than (ab-)using the midi endpoint bitmaps
to figure out if the port is in use. In turn this allows holding a
reference to the port without involving midi endpoint
connections. This change also reduces the differences between MIDI
ports and audio devices: less logic, less bugs.
sndiod: Save a pointer to the struct opt associated to the midi endpoint
As the socket code holds a reference to the struct opt, it's simpler
to just save it and release it when the socket is closed. This avoids
iterating over the full set of midi endpoint structures.
No behavior change
sndiod: Unlink the MIDI port from the socket when its closed
Not unlinking the port is bad style and might keep the port open after
the socket is closed.
