ntpd: use the usual error check for timegm(3).
Straightforward change. The code could use some refactoring to avoid two
consecutive timegm(3) calls on tm_tls. The layering is a bit strange here.
ok deraadt henning job
Fix uploads using chunked transfer-encoding
The current code is broken so rework server_read_httpchunks() to properly
implement chunked transfer-encoding. Chunked uploads only matter for
fastcgi handlers, so adjust them to operate with chunked uploads.
The problem is that the CGI spec mandates that CONTENT_LENGTH is set
but for chunked transfers the content-length header is actually not
allowed. Both fastcgi and cgi don't really need CONTENT_LENGTH since the
data is passed via FCGI_STDIN messages or a pipe and in both cases EOF
can be signaled just fine. Still some cgi/fastcgi handlers depend on the
presence of CONTENT_LENGTH and so those fail to process such chunked
uploads. For this reason add a config option to opt-in for chunked
uploads but by default any upload with transfer-encoding chunked will
result in a HTTP 400 error.
OK kirill@ rsadowski@
sk-usbhid: skip unsupported key types in read_rks()
When enumerating resident keys, encountering a credential with an
unsupported COSE key type (not ES256 or EdDSA) caused the entire
enumeration to abort via goto out, discarding all valid keys.
Move the key type check before the per-credential allocation so
unsupported types can be skipped with continue instead. This
preserves all valid resident keys on the token.
Patch from Akhilesh Arora via GHPR657
Actually set pollfd.events correctly for socket type channels;
previously we were throwing away the events we computed if the
channel had a c->sock distinct from it's other read and write
fds. Fortunately, it appears that this case happens rarely, if
ever.
Reported by Darafei Praliaskouski via GHPR660
When pane-border-indicators is set to "both" or "arrows", only draw
arrows on the active floating pane and no other floating panes. Also
there is no need to loop in screen_redraw_cell_border if only checking
one pane.
Fix vmd(8) emulation for Linux guests.
The memory safety checks introduced in previous commit were too
strict and broke Linux guests running on top of vmd. Adapt the
checks to the variation of virtio 1.x that vmd implements.
virtio 1.x doesn't need page alignment. The used area offset needs
to just be 4 byte aligned for some sanity, but not really critical.
The descriptor table, available area, and used areas must be in
guest memory ranges and not spill out allowing guest access to host
memory by using hvaddr_mem() to check.
from dv@; OK mlarkin@; tested by jmatthew@ and Remi Bougard
ctime.3: remove warning about tm_zone and tm_gmtoff
These are standardized in posix 2024 via Austin Group Defect 1533. So they
won't go away or change anytime soon.
ok job millert
Clean up signature algorithm handling.
Now that we no longer support TLSv1.0 and TLSv1.1, SSL_USE_SIGALGS()
is always true - remove all of the code that handles the non-sigalgs
path, along with SSL_USE_SIGALGS() and the related flags.
Also remove SIGALG_RSA_PKCS1_MD5_SHA1 and references to it, since this
is also now unused.
ok kenjiro@ tb@
in the qwx newstate task, only attempt to reset the device if RUNNING
If we are not RUNNING then we are being called from qwx_stop(), and any
error recovery the init task would try to perform would at best be
pointless and might even cause problems.
Fix use of wrong tailq pointers in qwx.
Fortunately, this was a non-issue on devices with single radios and
there are no multi-radio devices known to us so far.
With help from kevlo@ who spotted a case I had missed.
handle compiled-time unsupported options in servconf.h better; leave
a zero placeholder variable so we don't have #ifdef around their
absence elsehwere in the tree
the new configuration dump code emits configuration directives with
capitalisation (previously they were all lowercase), so make the tests
that consume them insensitive to case
big refactor of sshd config management code.
This generates much of the initialisation, defaults and keyword table
code from a set of macros rather than hand coding them. These same
macros are also used to generate serialisation and deserialisation
code.
The macros are admittedly ugly but have the advantage of forcing a
good degree of consistency across places that need to stay in sync
with each other.
The new de/serialisation code is used to pass configurations across
the various sshd-* process boundaries. This removes the need to pass
around raw text configurations that need to be re-parsed as well as
eliminating some raw pointer leakage across the processes where
structures were previously clumsily serialised.
feedback/ok markus@
Don't fail hard on version mismatch and ignore extra end-of-params messages.
Replace the lerrx on version mismatch with a lwarnx and error return.
Switch to ssize_t return for that so that slowcgi_request() can properly
fail when this happens.
Also do not execute multiple commands when extra end-of-params messages
are received. Once a command is executed fail to start a 2nd one.
Same diff as bgplgd rev. 1.9
Reported by Frank Denis
OK florian@ tb@
DNS0x20[1] can randomise the case of domain names returned by lookup
to force some more uniqueness in queries to reduce the likelihood
of spoofing attacks succeeding.
Normally this should be hidden from the user by the resolver, but
in some cases it can leak through. When it does, it can mess up
ssh's CanonicalizePermittedCNAMEs.
Fix this by forcing the name we received from the system resolver to
lowercase.
bz3966, report and fix by Martin D Kealey
[1] https://datatracker.ietf.org/doc/html/draft-vixie-dnsext-dns0x20-00
Fix two separate one-byte out-of-cound reads
1) if a server sent an empty reply to a SSH2_FXP_REALPATH request
2) if a batch command used the full 2048 byte buffer but ended in a
literal backslash character
Both reported by Zhenpeng (Leo) Lin from depthfirst
ok markus@
make the transport protocol stricter by disconnecting if the peer
sends non-KEX messages during a key re-exchange.
Previously an evil peer could continue sending non-KEX messages
without penalty, causing memory to be wasted up until the
connection terminated or the server/client hit a OOM limit.
reported by Marko Jevtic; ok markus@
