create_priority_list: add bounds check for priority_len
Overflow should not be possible since we deduplicate the options
but an explicit check won't hurt. Also move the dedup check for
options 121 and 245 right before they are stored to match the other
checks. OK deraadt@ florian@
sndiod: Add the server.thru control to midithru/N ports
It defines if programs connected to the midithru/N port can see each
other. It defaults to 1, which is the current behavior.
sndiod: Use pointers to midithru structures instead of indices
This makes handling of the midithru structure more similar to others,
making the code more readable. No behavior change.
sndiod: Implement control of midithru ports with sndioctl
For now there's a single new server.port control that specifies which
hardware MIDI ports programs will see. It's the equivalent of what's
the server.device control is for audio.
SSL_alert_desc_string: update manpage after change to return "!!" always
Also change some totally unreadable roff macros to slightly less unreadable
mdoc markup.
The mwx_delete_key() callback from net80211 can't use a task.
While adding a key must be done via task to be able to sleep, the
delete key operation must operate in fire and forget mode because
defering the work results in a use-after-free (or at least bzero).
Because of this split the functions to update and remove a key
and use the no wait msg sending function in the delete case.
This fixes a panic on interface down.
add dma_length member to struct scatterlist
inteldrm code assumes that sg_dma_len() does not return the length
member of the struct as it increments both.
Problem reported by Ryan Fahy in FreeBSD drm-kmod PR 468.
Avoids a 'Data modified on freelist' panic on boot when using discrete
Intel cards (DG2). DG2 has other issues, so remains disabled for now.
The main bus_dma_tag is passed all over the device tree to provide
operation function pointers. A bug in a driver could be exploited to
overwrite these function pointers, causing a later operation to call
wrong code. Many mitigations (KARL, bti/pac cfi, various mechanisms
for placing new code) increase the difficulty of exploit success,
however there is no reason for this bus_dma_tag structure to be
writeable, except history: the API does not pass things as const and
such a change to the tree would be a massive painful diff.
We know writes are not occuring, so we can force the structure
into .rodata, without using const.
This is for arm64 -- the some should be done to all other architectures.
ok kettenis
don't forward packets with a source ip of 0.0.0.0.
my initial motivation here is that ip_output special cases 0.0.0.0
and replaces it with an ip from the local system under the assumption
that an unset ip originates from the local system.
in addition to this, my reading of rfc1122 makes me think it's
illegal from a standards point of view too, and sthen@ points out
that rfc6890 agrees. this makes fixing the stack problem easy because
we can just drop the packet.
this check is done for forwarded packets, but we should continue
to treat packets from 0.0.0.0 on a connected network as valid because
protocols like dhcp and igmp need to use it when they don't have
an ip yet. ie, we should accept packets from 0.0.0.0, but not forward
them.
i discovered this because there's a clever clogs dhcp implementation
somewhere at work that knows it hasn't got an address yet, but it tries
[6 lines not shown]
Implement the bits to support HW crypto and with the wpakey in mwx(4).
The HW is able to handle everything in HW but I only tested WPA2.
Committed over the hackathon wifi which uses wpa.
