nuageinit: validate set-name to prevent shell injection in variable names
Shell variable names cannot be safely quoted with shell_escape() —
only alphanumeric characters are valid. Add validation that set-name
only matches [a-zA-Z0-9]+; invalid values are rejected with a
warning and the rename is skipped entirely.
nuageinit: use single-quote shell escaping for hostname in rc.conf.d
The hostname value was written inside double quotes in
/etc/rc.conf.d/hostname. POSIX shell performs command substitution
inside double quotes, so a hostname containing $() or backticks would
be executed when the file is sourced (e.g., by rc(8)).
Switch to using the existing shell_escape() helper, which wraps values
in single quotes. In POSIX shell, single-quoted strings are completely
literal — no expansion or substitution of any kind is performed.
While the hostname is already validated to contain only
[a-zA-Z0-9.-], this change provides defense-in-depth so the output
format is safe regardless of future validation changes.
Reported by: Yazdan Soltani <yazdan.soltani at gmail.com>
devd/snd.conf: Handle absent control device properly
If virtual_oss is not enabled when these rules run on startup, dmesg
will show the following messages:
Starting devd.
virtual_oss_cmd: Could not open control device: /dev/vdsp.ctl: No such file or directory
virtual_oss_cmd: Could not open control device: /dev/vdsp.ctl: No such file or directory
Reported by: olce, Mark Millard <marklmi at yahoo.com>
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
netlink: Avoid potential undefined behaviour
Taking the address of an OOB array element is UB, even if not
dereferenced.
Reviewed by: des, bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57172
(cherry picked from commit 4d125ed6e7d445d574c11dc35c40ec3013559806)
elfdump: Decode SHT_LLVM_ADDRSIG section header type
Reported by: bz
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 3c07cfb25283d93f03cdac51158289853d0e17a8)
netlink: Avoid undefined behaviour
Even though it is not dereferenced, it is UB to take the address of an
out of bounds array element.
Reviewed by: pouria, bz, des, adrian
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57158
(cherry picked from commit 1a4ad649cb135501f0bee56a4214e8c904ca402e)
if_axge: remove AXGE_RX_MII_ERR from packet dropping criteria
Packets received with the following configuration are associated with
AXGE_RX_MII_ERR, which looks legit since there's no AXGE_RX_CRC_ERR
or AXGE_RX_DROP_PKT attached:
axge0: <ASIX Elec. Corp. AX88179, rev 2.10/1.00, addr 3> on usbus0
miibus0: <MII bus> on axge0
rgephy0: <RTL8169S/8110S/8211 1000BASE-T media interface> PHY 3 on miibus0
rgephy0: OUI 0x00e04c, model 0x0011, rev. 5
rgephy0: none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow
Without this, 'dhclient ue0' never gets valid lease as all the DHCP
replies are dropped by the driver.
This behaviour is align with the reference driver provided by the
vendor(ASIX_USB_NIC_Linux_Driver_Source_v3.5.0.tar.bz2).
MFC after: 2 weeks
libc: Use slow path in fenv in C++
C++ exposes cfenv functions via using ::func. Our name-mangling
mechanism rewrites all function calls causing symbols such as
std::feclearexcept to be transformed into std::__feclearexcept_int.
Since no such function exists, compilation fails.
The using ::feclearexpect declarations themselves are unaffected because
they are not function calls, which further exposes the mismatch
As a result, enable the fast path only for C and fall back to the slow
path in C++.
Reviewed by: kib
Fixes: 5bc64b7d417d
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57450
bsdinstall: Add virtual_oss service option
Since virtual_oss is now part of base, there is no reason not to provide
an installer option to enable it, and make it more visible to new users,
who might also benefit from the devd rules in /etc/devd/snd.conf, which
use virtual_oss, as well as 8532b4a43636 ("rc: virtual_oss: Create a
loopback device in the default configuration").
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: ivy
Pull-Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/31
(cherry picked from commit eb5aa5c337c8d52fc1a7e867f526ca770bbe6612)
stat: fix use of devname(3)
Besides being a little hard to parse through visually, this had its own
bug of inspecting st->st_mode to determine what to pass to devname(3),
which is only correct for st_rdev.
For st_dev, you're likely to be looking at files or directories and
attempting to assess what device they're located on, so the mode is
meaningless- we just have to assume that our filesystems are on
character devices and attempt to resolve st_dev as such.
Reviewed by: des, kib (previous version)
Differential Revision: https://reviews.freebsd.org/D56565
(cherry picked from commit 4d4acdbfc22c84081037f31cff4fb03d18373036)
stat: The devname test case requires root
Fixes: 4d4acdbfc22c ("stat: fix use of devname(3)")
[24 lines not shown]
stat: Nits in stat tests
* Use ourselves as test file instead of /COPYRIGHT, which may or may not
be present in the test environment.
* atf-check understands \n in strings, use it.
* Some file systems don't like creating small holes, so create large ones
instead. This means we need two variables: ps (page size) is the
minimum size of a data region and the alignment for a hole, while hs
(hole size) is the minimum size of the holes we create. This makes no
difference on FreeBSD but makes it easier to port the test to other
platforms.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D56304
(cherry picked from commit 8cbd3949297d56e3960dcde73bd7e2277ac4bee8)
stat: Nits in readlink tests
* The f_flag test may fail if a component of the full path to the
temporary directory is a symbolic link.
* The n_flag test had an empty head; give it a description.
* Use consistent quoting.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D56293
(cherry picked from commit 1c793e7cbe2ecded388fd51fb20274891620a6f4)
net80211: delete the deprecated ieee80211_wepkey struct
This hasn't been used in a long time, and since I am shuffling around
the net80211 crypto API a bunch, let's just delete it instead of
leaving it here and trying to figure out how to support it if it's
used by userland somehow.
Reviewed by: guest-seuros
Differential Revision: https://reviews.freebsd.org/D57312
