unknown_ext_print: avoid casting away const
The BIO_dump_indent() API masterpiece expects a const char pointer as
input. Don't cast away const when suppressing pointer sign warnings.
Prompted by a report by N. Dossche
ok kenjiro
Ensure X509V3_EXT_print() only returns 0 and 1
In a rare mistake by schwarze, X509V3_EXT_print() is documented to return
0 and 1. This is also what most internal callers expect.
However, if either X509V3_EXT_DUMP_UNKNOWN or X509V3_EXT_PARSE_UNKNOWN is
set, the extension has an unknown NID or on failure to deserialize the
extension value, the return values of BIO_dump_indent() (which is number
of bytes written or -1 on error) and ASN1_parse_dump() (which is 0, 1, or
2 on EOC) are propagated.
Follow what OpenSSL did and translate to Boolean returns. Error indicators
are rather useless here since most errors are ignored anyway. Most callers
do if (!X509V3_EXT_print(...)) but they also pass a zero flag.
Reported by N. Dossche
ok kenjiro
After ifconfig qwz0 down followed by ifconfig qwz0 up, the second up
would fail with SIOCSIFFLAGS: Resource temporarily unavailable, and
after the first failure the device could not be brought up at all
until reboot. The same symptom appeared when changing nwid while the
interface was up (which internally does down+up).
To fix this issue, we do following changes:
1. Keep the firmware running for the lifetime of the device attachment,
matching what Linux ath12k does. ifconfig down/up no longer power-cycles
the chip; it only tears down and re-establishes the per-BSS association.
2. Reset wmi.unified_ready before sending WMI_INIT so the host
actually waits for the firmware's ready event instead of returning
immediately from a stale flag.
3. Transition firmware to MHI state M3 before resetting the device in
power_down, so the chip starts from a clean slate on the next power-up.
relayd: allow explicit paths for certificates, keys and OCSP staples
Extend the "keypair" keyword in relayd.conf to support optional explicit paths.
Previously, relayd enforced a naming convention, looking up files in /etc/ssl
and /etc/ssl/private based on the keypair name.
This change allows other applications to manage their certificates without
having to comply with relayd's internal naming logic.
Input and OK kirill@, help form tb@
frag6_input(): must always decrement counter when dropping fragment
Currently frag6_input() does not decrement counter in one case:
- it is processing fragment with offset 0 which arrives after
the last fragment (fragment with max. offset)
- there are more IPv6 extension headers between IPv6 header
and IPv6 fragment header
- re-assembled packet exceeds IPV6_MAXPACKET size limit
if conditions above are met, then fragment gets dropped without
decrementing counters. This commit fixes that.
The issue was pointed out by Frank Denis.
OK bluhm@
Make __pledge_open(2) of /etc/localtime and /usr/share/zoneinfo much
more strict. If /etc/localtime is a symbolic link, allow one translation
which must land cleanly in /usr/share/zoneinfo (.. is checked for) otherwise
error with EACCES. In /usr/share/zoneinfo, do not allow symbolic links and
error with ELOOP.
Alfredo Ortega observed the non-strict handling, but agrees no specific
exploitability exists. Changing this took almost a month with many
discarded prototypes.
ok beck dgl
If the main process receives an oversized passwd or group entry message from
the ldap client process, discard it rather than overflowing the struct
idm_req on the stack.
Pointed out by Frank Denis
ok claudio@
Rework the re-evaluation of a prefix if PREFIX_FLAG_FILTERED changed.
The fix committed in rev 1.291 is not quite right. The problem is that
prefix_evaluate() uses prefix_best() which calls prefix_eligible().
It is wrong to alter the eligible state of a prefix while it is still
on the rib list.
Instead remove the prefix first, toggle the state, then readd it again.
Even though prefix_evaluate() is called twice the code complexity is
about the same since the 2 calls only do half the work.
OK tb@
