diff options
author | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2018-11-06 15:42:44 +0100 |
---|---|---|
committer | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2018-11-15 10:56:14 +0100 |
commit | e0b4edbdcc3558d3f38af8398f995c2e9f019f07 (patch) | |
tree | ea91a5fcfb9b6a66a8c0b74cf68ff8d450ce17e0 /freebsd/sbin | |
parent | Disable or make static kern_* functions (diff) | |
download | rtems-libbsd-e0b4edbdcc3558d3f38af8398f995c2e9f019f07.tar.bz2 |
Update to FreeBSD head 2018-11-15
Git mirror commit a18b0830c4be01b39489a891b63d6023ada6358a.
Update #3472.
Diffstat (limited to 'freebsd/sbin')
-rw-r--r-- | freebsd/sbin/dhclient/bpf.c | 8 | ||||
-rw-r--r-- | freebsd/sbin/dhclient/dhclient.c | 22 | ||||
-rw-r--r-- | freebsd/sbin/ifconfig/af_nd6.c | 8 | ||||
-rw-r--r-- | freebsd/sbin/pfctl/parse.y | 8 | ||||
-rw-r--r-- | freebsd/sbin/pfctl/pfctl_parser.c | 4 | ||||
-rw-r--r-- | freebsd/sbin/ping/ping.c | 103 | ||||
-rw-r--r-- | freebsd/sbin/route/route.c | 10 |
7 files changed, 90 insertions, 73 deletions
diff --git a/freebsd/sbin/dhclient/bpf.c b/freebsd/sbin/dhclient/bpf.c index e1bfacdc..55a8586f 100644 --- a/freebsd/sbin/dhclient/bpf.c +++ b/freebsd/sbin/dhclient/bpf.c @@ -59,6 +59,8 @@ __FBSDID("$FreeBSD$"); #include <netinet/udp.h> #include <netinet/if_ether.h> +#include <capsicum_helpers.h> + #define BPF_FORMAT "/dev/bpf%d" /* @@ -166,7 +168,7 @@ if_register_send(struct interface_info *info) error("Cannot lock bpf"); cap_rights_init(&rights, CAP_WRITE); - if (cap_rights_limit(info->wfdesc, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(info->wfdesc, &rights) < 0) error("Can't limit bpf descriptor: %m"); /* @@ -272,9 +274,9 @@ if_register_receive(struct interface_info *info) error("Cannot lock bpf"); cap_rights_init(&rights, CAP_IOCTL, CAP_EVENT, CAP_READ); - if (cap_rights_limit(info->rfdesc, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(info->rfdesc, &rights) < 0) error("Can't limit bpf descriptor: %m"); - if (cap_ioctls_limit(info->rfdesc, cmds, 2) < 0 && errno != ENOSYS) + if (caph_ioctls_limit(info->rfdesc, cmds, 2) < 0) error("Can't limit ioctls for bpf descriptor: %m"); } diff --git a/freebsd/sbin/dhclient/dhclient.c b/freebsd/sbin/dhclient/dhclient.c index d155d454..2aedd2f7 100644 --- a/freebsd/sbin/dhclient/dhclient.c +++ b/freebsd/sbin/dhclient/dhclient.c @@ -514,7 +514,7 @@ main(int argc, char *argv[]) close(pipe_fd[0]); privfd = pipe_fd[1]; cap_rights_init(&rights, CAP_READ, CAP_WRITE); - if (cap_rights_limit(privfd, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(privfd, &rights) < 0) error("can't limit private descriptor: %m"); if ((fd = open(path_dhclient_db, O_RDONLY|O_EXLOCK|O_CREAT, 0)) == -1) @@ -528,7 +528,7 @@ main(int argc, char *argv[]) if (shutdown(routefd, SHUT_WR) < 0) error("can't shutdown route socket: %m"); cap_rights_init(&rights, CAP_EVENT, CAP_READ); - if (cap_rights_limit(routefd, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(routefd, &rights) < 0) error("can't limit route socket: %m"); endpwent(); @@ -1930,12 +1930,10 @@ rewrite_client_leases(void) error("can't create %s: %m", path_dhclient_db); cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_FSYNC, CAP_FTRUNCATE, CAP_SEEK, CAP_WRITE); - if (cap_rights_limit(fileno(leaseFile), &rights) < 0 && - errno != ENOSYS) { + if (caph_rights_limit(fileno(leaseFile), &rights) < 0) { error("can't limit lease descriptor: %m"); } - if (cap_fcntls_limit(fileno(leaseFile), CAP_FCNTL_GETFL) < 0 && - errno != ENOSYS) { + if (caph_fcntls_limit(fileno(leaseFile), CAP_FCNTL_GETFL) < 0) { error("can't limit lease descriptor fcntls: %m"); } } else { @@ -2462,20 +2460,24 @@ go_daemon(void) cap_rights_init(&rights); - if (pidfile != NULL) + if (pidfile != NULL) { pidfile_write(pidfile); + if (caph_rights_limit(pidfile_fileno(pidfile), &rights) < 0) + error("can't limit pidfile descriptor: %m"); + } + if (nullfd != -1) { close(nullfd); nullfd = -1; } - if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(STDIN_FILENO, &rights) < 0) error("can't limit stdin: %m"); cap_rights_init(&rights, CAP_WRITE); - if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(STDOUT_FILENO, &rights) < 0) error("can't limit stdout: %m"); - if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(STDERR_FILENO, &rights) < 0) error("can't limit stderr: %m"); } diff --git a/freebsd/sbin/ifconfig/af_nd6.c b/freebsd/sbin/ifconfig/af_nd6.c index 1d9bdd73..964c96b0 100644 --- a/freebsd/sbin/ifconfig/af_nd6.c +++ b/freebsd/sbin/ifconfig/af_nd6.c @@ -69,9 +69,17 @@ static const char rcsid[] = #endif /* __rtems__ */ #define MAX_SYSCTL_TRY 5 +#ifdef DRAFT_IETF_6MAN_IPV6ONLY_FLAG +#define ND6BITS "\020\001PERFORMNUD\002ACCEPT_RTADV\003PREFER_SOURCE" \ + "\004IFDISABLED\005DONT_SET_IFROUTE\006AUTO_LINKLOCAL" \ + "\007NO_RADR\010NO_PREFER_IFACE\011NO_DAD" \ + "\012IPV6_ONLY" \ + "\020DEFAULTIF" +#else #define ND6BITS "\020\001PERFORMNUD\002ACCEPT_RTADV\003PREFER_SOURCE" \ "\004IFDISABLED\005DONT_SET_IFROUTE\006AUTO_LINKLOCAL" \ "\007NO_RADR\010NO_PREFER_IFACE\011NO_DAD\020DEFAULTIF" +#endif static int isnd6defif(int); void setnd6flags(const char *, int, int, const struct afswtch *); diff --git a/freebsd/sbin/pfctl/parse.y b/freebsd/sbin/pfctl/parse.y index adb6e1c9..8b6808a6 100644 --- a/freebsd/sbin/pfctl/parse.y +++ b/freebsd/sbin/pfctl/parse.y @@ -776,8 +776,16 @@ numberstring : NUMBER { ; varset : STRING '=' varstring { + char *s = $1; if (pf->opts & PF_OPT_VERBOSE) printf("%s = \"%s\"\n", $1, $3); + while (*s++) { + if (isspace((unsigned char)*s)) { + yyerror("macro name cannot contain " + "whitespace"); + YYERROR; + } + } if (symset($1, $3, 0) == -1) err(1, "cannot store variable %s", $1); free($1); diff --git a/freebsd/sbin/pfctl/pfctl_parser.c b/freebsd/sbin/pfctl/pfctl_parser.c index 81e23e84..25e2a59b 100644 --- a/freebsd/sbin/pfctl/pfctl_parser.c +++ b/freebsd/sbin/pfctl/pfctl_parser.c @@ -1380,6 +1380,9 @@ ifa_lookup(const char *ifa_name, int flags) last_if = p->ifname; if ((flags & PFI_AFLAG_NOALIAS) && p->af == AF_INET && got4) continue; + if ((flags & PFI_AFLAG_NOALIAS) && p->af == AF_INET6 && + IN6_IS_ADDR_LINKLOCAL(&p->addr.v.a.addr.v6)) + continue; if ((flags & PFI_AFLAG_NOALIAS) && p->af == AF_INET6 && got6) continue; if (p->af == AF_INET) @@ -1414,6 +1417,7 @@ ifa_lookup(const char *ifa_name, int flags) set_ipmask(n, 128); } n->ifindex = p->ifindex; + n->ifname = strdup(p->ifname); n->next = NULL; n->tail = n; diff --git a/freebsd/sbin/ping/ping.c b/freebsd/sbin/ping/ping.c index 376564b7..74cc2fbb 100644 --- a/freebsd/sbin/ping/ping.c +++ b/freebsd/sbin/ping/ping.c @@ -305,7 +305,8 @@ main(int argc, char *const *argv) #endif struct sockaddr_in *to; double t; - u_long alarmtimeout, ultmp; + u_long alarmtimeout; + long ltmp; int almost_done, ch, df, hold, i, icmp_len, mib[4], preload; int ssend_errno, srecv_errno, tos, ttl; char ctrl[CMSG_SPACE(sizeof(struct timeval))]; @@ -385,12 +386,12 @@ main(int argc, char *const *argv) options |= F_AUDIBLE; break; case 'c': - ultmp = strtoul(optarg, &ep, 0); - if (*ep || ep == optarg || ultmp > LONG_MAX || !ultmp) + ltmp = strtol(optarg, &ep, 0); + if (*ep || ep == optarg || ltmp > LONG_MAX || ltmp <=0) errx(EX_USAGE, "invalid count of packets to transmit: `%s'", optarg); - npackets = ultmp; + npackets = ltmp; break; case 'D': options |= F_HDRINCL; @@ -408,46 +409,46 @@ main(int argc, char *const *argv) setbuf(stdout, (char *)NULL); break; case 'G': /* Maximum packet size for ping sweep */ - ultmp = strtoul(optarg, &ep, 0); - if (*ep || ep == optarg) + ltmp = strtol(optarg, &ep, 0); + if (*ep || ep == optarg || ltmp <= 0) errx(EX_USAGE, "invalid packet size: `%s'", optarg); - if (uid != 0 && ultmp > DEFDATALEN) { + if (uid != 0 && ltmp > DEFDATALEN) { errno = EPERM; err(EX_NOPERM, - "packet size too large: %lu > %u", - ultmp, DEFDATALEN); + "packet size too large: %ld > %u", + ltmp, DEFDATALEN); } options |= F_SWEEP; - sweepmax = ultmp; + sweepmax = ltmp; break; case 'g': /* Minimum packet size for ping sweep */ - ultmp = strtoul(optarg, &ep, 0); - if (*ep || ep == optarg) + ltmp = strtol(optarg, &ep, 0); + if (*ep || ep == optarg || ltmp <= 0) errx(EX_USAGE, "invalid packet size: `%s'", optarg); - if (uid != 0 && ultmp > DEFDATALEN) { + if (uid != 0 && ltmp > DEFDATALEN) { errno = EPERM; err(EX_NOPERM, - "packet size too large: %lu > %u", - ultmp, DEFDATALEN); + "packet size too large: %ld > %u", + ltmp, DEFDATALEN); } options |= F_SWEEP; - sweepmin = ultmp; + sweepmin = ltmp; break; case 'h': /* Packet size increment for ping sweep */ - ultmp = strtoul(optarg, &ep, 0); - if (*ep || ep == optarg || ultmp < 1) + ltmp = strtol(optarg, &ep, 0); + if (*ep || ep == optarg || ltmp < 1) errx(EX_USAGE, "invalid increment size: `%s'", optarg); - if (uid != 0 && ultmp > DEFDATALEN) { + if (uid != 0 && ltmp > DEFDATALEN) { errno = EPERM; err(EX_NOPERM, - "packet size too large: %lu > %u", - ultmp, DEFDATALEN); + "packet size too large: %ld > %u", + ltmp, DEFDATALEN); } options |= F_SWEEP; - sweepincr = ultmp; + sweepincr = ltmp; break; case 'I': /* multicast interface */ if (inet_aton(optarg, &ifaddr) == 0) @@ -473,15 +474,15 @@ main(int argc, char *const *argv) loop = 0; break; case 'l': - ultmp = strtoul(optarg, &ep, 0); - if (*ep || ep == optarg || ultmp > INT_MAX) + ltmp = strtol(optarg, &ep, 0); + if (*ep || ep == optarg || ltmp > INT_MAX || ltmp < 0) errx(EX_USAGE, "invalid preload value: `%s'", optarg); if (uid) { errno = EPERM; err(EX_NOPERM, "-l flag"); } - preload = ultmp; + preload = ltmp; break; case 'M': switch(optarg[0]) { @@ -499,10 +500,10 @@ main(int argc, char *const *argv) } break; case 'm': /* TTL */ - ultmp = strtoul(optarg, &ep, 0); - if (*ep || ep == optarg || ultmp > MAXTTL) + ltmp = strtol(optarg, &ep, 0); + if (*ep || ep == optarg || ltmp > MAXTTL || ltmp < 0) errx(EX_USAGE, "invalid TTL: `%s'", optarg); - ttl = ultmp; + ttl = ltmp; options |= F_TTL; break; case 'n': @@ -544,24 +545,24 @@ main(int argc, char *const *argv) source = optarg; break; case 's': /* size of packet to send */ - ultmp = strtoul(optarg, &ep, 0); - if (*ep || ep == optarg) + ltmp = strtol(optarg, &ep, 0); + if (*ep || ep == optarg || ltmp < 0) errx(EX_USAGE, "invalid packet size: `%s'", optarg); - if (uid != 0 && ultmp > DEFDATALEN) { + if (uid != 0 && ltmp > DEFDATALEN) { errno = EPERM; err(EX_NOPERM, - "packet size too large: %lu > %u", - ultmp, DEFDATALEN); + "packet size too large: %ld > %u", + ltmp, DEFDATALEN); } - datalen = ultmp; + datalen = ltmp; break; case 'T': /* multicast TTL */ - ultmp = strtoul(optarg, &ep, 0); - if (*ep || ep == optarg || ultmp > MAXTTL) + ltmp = strtol(optarg, &ep, 0); + if (*ep || ep == optarg || ltmp > MAXTTL || ltmp < 0) errx(EX_USAGE, "invalid multicast TTL: `%s'", optarg); - mttl = ultmp; + mttl = ltmp; options |= F_MTTL; break; case 't': @@ -587,10 +588,10 @@ main(int argc, char *const *argv) break; case 'z': options |= F_HDRINCL; - ultmp = strtoul(optarg, &ep, 0); - if (*ep || ep == optarg || ultmp > MAXTOS) + ltmp = strtol(optarg, &ep, 0); + if (*ep || ep == optarg || ltmp > MAXTOS || ltmp < 0) errx(EX_USAGE, "invalid TOS: `%s'", optarg); - tos = ultmp; + tos = ltmp; break; default: usage(); @@ -642,11 +643,7 @@ main(int argc, char *const *argv) if (inet_aton(source, &sock_in.sin_addr) != 0) { shostname = source; } else { - if (capdns != NULL) - hp = cap_gethostbyname2(capdns, source, - AF_INET); - else - hp = gethostbyname2(source, AF_INET); + hp = cap_gethostbyname2(capdns, source, AF_INET); if (!hp) errx(EX_NOHOST, "cannot resolve %s: %s", source, hstrerror(h_errno)); @@ -674,10 +671,7 @@ main(int argc, char *const *argv) if (inet_aton(target, &to->sin_addr) != 0) { hostname = target; } else { - if (capdns != NULL) - hp = cap_gethostbyname2(capdns, target, AF_INET); - else - hp = gethostbyname2(target, AF_INET); + hp = cap_gethostbyname2(capdns, target, AF_INET); if (!hp) errx(EX_NOHOST, "cannot resolve %s: %s", target, hstrerror(h_errno)); @@ -695,7 +689,7 @@ main(int argc, char *const *argv) if (capdns != NULL) { const char *types[1]; - types[0] = "ADDR"; + types[0] = "ADDR2NAME"; if (cap_dns_type_limit(capdns, types, 1) < 0) err(1, "unable to limit access to system.dns service"); } @@ -1789,10 +1783,7 @@ pr_addr(struct in_addr ina) if (options & F_NUMERIC) return inet_ntoa(ina); - if (capdns != NULL) - hp = cap_gethostbyaddr(capdns, (char *)&ina, 4, AF_INET); - else - hp = gethostbyaddr((char *)&ina, 4, AF_INET); + hp = cap_gethostbyaddr(capdns, (char *)&ina, 4, AF_INET); if (hp == NULL) return inet_ntoa(ina); @@ -1887,8 +1878,8 @@ capdns_setup(void) cap_close(capcas); if (capdnsloc == NULL) err(1, "unable to open system.dns service"); - types[0] = "NAME"; - types[1] = "ADDR"; + types[0] = "NAME2ADDR"; + types[1] = "ADDR2NAME"; if (cap_dns_type_limit(capdnsloc, types, 2) < 0) err(1, "unable to limit access to system.dns service"); families[0] = AF_INET; diff --git a/freebsd/sbin/route/route.c b/freebsd/sbin/route/route.c index 80404d66..10c2f2e9 100644 --- a/freebsd/sbin/route/route.c +++ b/freebsd/sbin/route/route.c @@ -1109,10 +1109,13 @@ newroute(int argc, char **argv) } printf("\n"); } + } - fibnum = 0; - TAILQ_FOREACH(fl, &fibl_head, fl_next) { - if (fl->fl_error != 0) { + fibnum = 0; + TAILQ_FOREACH(fl, &fibl_head, fl_next) { + if (fl->fl_error != 0) { + error = 1; + if (!qflag) { printf("%s %s %s", cmd, (nrflags & F_ISHOST) ? "host" : "net", dest); if (*gateway) @@ -1146,7 +1149,6 @@ newroute(int argc, char **argv) break; } printf(": %s\n", errmsg); - error = 1; } } } |