commit 2ebf478107ecb3c554fceb26d01bca59c6d0ed1e Author: djm@openbsd.org Date: Wed Feb 23 21:21:49 2022 +0000 upstream: free(3) wants stdlib.h OpenBSD-Commit-ID: 227a8c70a95b4428c49e46863c9ef4bd318a3b8a diff --git a/auth-rhosts.c b/auth-rhosts.c index cac5cd84..4fc9252a 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rhosts.c,v 1.55 2022/02/23 11:15:57 djm Exp $ */ +/* $OpenBSD: auth-rhosts.c,v 1.56 2022/02/23 21:21:49 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -19,6 +19,7 @@ #include #include +#include #ifdef HAVE_NETGROUP_H # include #endif @@ -26,7 +27,7 @@ #include #include #include -#include +#include #include #include "packet.h" commit 6c4a67ece33d9551429490898bb3c793a689e913 Author: Colin Watson Date: Thu Feb 24 16:04:18 2022 +0000 Improve detection of -fzero-call-used-regs=all support GCC doesn't tell us whether this option is supported unless it runs into the situation where it would need to emit corresponding code. diff --git a/m4/openssh.m4 b/m4/openssh.m4 index 4f9c3792..8c33c701 100644 --- a/m4/openssh.m4 +++ b/m4/openssh.m4 @@ -14,6 +14,8 @@ AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ #include #include +/* Trivial function to help test for -fzero-call-used-regs */ +void f(int n) {} int main(int argc, char **argv) { (void)argv; /* Some math to catch -ftrapv problems in the toolchain */ @@ -21,6 +23,7 @@ int main(int argc, char **argv) { float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + f(0); printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does commit 995cf19fbef0b10dbcf1dd8d6382cec9194e08c5 Author: Darren Tucker Date: Sat Feb 26 14:06:14 2022 +1100 Allow ppoll_time64 in seccomp sandbox. Should fix sandbox violations on (some? at least i386 and armhf) 32bit Linux platforms. Patch from chutzpahu at gentoo.org and cjwatson at debian.org via bz#3396. diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index 2e065ba3..4ce80cb2 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c @@ -276,6 +276,9 @@ static const struct sock_filter preauth_insns[] = { #ifdef __NR_ppoll SC_ALLOW(__NR_ppoll), #endif +#ifdef __NR_ppoll_time64 + SC_ALLOW(__NR_ppoll_time64), +#endif #ifdef __NR_poll SC_ALLOW(__NR_poll), #endif commit 238ac091dd57316bc9690d9cc42229fe21ce0def Author: djm@openbsd.org Date: Tue Mar 1 01:59:19 2022 +0000 upstream: pack pollfd array before server_accept_loop() ppoll() call, and terminate sshd if ppoll() returns errno==EINVAL avoids spin in ppoll when MaxStartups > RLIMIT_NOFILE, reported by Daniel Micay feedback/ok deraadt OpenBSD-Commit-ID: dbab1c24993ac977ec24d83283b8b7528f7c2c15 diff --git a/sshd.c b/sshd.c index ef18ba46..30aeb806 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.583 2022/02/01 07:57:32 dtucker Exp $ */ +/* $OpenBSD: sshd.c,v 1.584 2022/03/01 01:59:19 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1129,9 +1129,9 @@ static void server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) { struct pollfd *pfd = NULL; - int i, j, ret; + int i, j, ret, npfd; int ostartups = -1, startups = 0, listening = 0, lameduck = 0; - int startup_p[2] = { -1 , -1 }; + int startup_p[2] = { -1 , -1 }, *startup_pollfd; char c = 0; struct sockaddr_storage from; socklen_t fromlen; @@ -1142,6 +1142,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) /* pipes connected to unauthenticated child sshd processes */ startup_pipes = xcalloc(options.max_startups, sizeof(int)); startup_flags = xcalloc(options.max_startups, sizeof(int)); + startup_pollfd = xcalloc(options.max_startups, sizeof(int)); for (i = 0; i < options.max_startups; i++) startup_pipes[i] = -1; @@ -1157,6 +1158,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) sigaddset(&nsigset, SIGTERM); sigaddset(&nsigset, SIGQUIT); + /* sized for worst-case */ pfd = xcalloc(num_listen_socks + options.max_startups, sizeof(struct pollfd)); @@ -1196,24 +1198,31 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) pfd[i].fd = listen_socks[i]; pfd[i].events = POLLIN; } + npfd = num_listen_socks; for (i = 0; i < options.max_startups; i++) { - pfd[num_listen_socks+i].fd = startup_pipes[i]; - if (startup_pipes[i] != -1) - pfd[num_listen_socks+i].events = POLLIN; + startup_pollfd[i] = -1; + if (startup_pipes[i] != -1) { + pfd[npfd].fd = startup_pipes[i]; + pfd[npfd].events = POLLIN; + startup_pollfd[i] = npfd++; + } } /* Wait until a connection arrives or a child exits. */ - ret = ppoll(pfd, num_listen_socks + options.max_startups, - NULL, &osigset); - if (ret == -1 && errno != EINTR) + ret = ppoll(pfd, npfd, NULL, &osigset); + if (ret == -1 && errno != EINTR) { error("ppoll: %.100s", strerror(errno)); + if (errno == EINVAL) + cleanup_exit(1); /* can't recover */ + } sigprocmask(SIG_SETMASK, &osigset, NULL); if (ret == -1) continue; for (i = 0; i < options.max_startups; i++) { if (startup_pipes[i] == -1 || - !(pfd[num_listen_socks+i].revents & (POLLIN|POLLHUP))) + startup_pollfd[i] == -1 || + !(pfd[startup_pollfd[i]].revents & (POLLIN|POLLHUP))) continue; switch (read(startup_pipes[i], &c, sizeof(c))) { case -1: commit 244f64071150d8e78b114a32c0e5ca1a0d21d54c Author: Darren Tucker Date: Tue Mar 8 20:04:06 2022 +1100 Default to not using sandbox when cross compiling. On most systems poll(2) does not work when the number of FDs is reduced with setrlimit, so assume it doesn't when cross compiling and we can't run the test. bz#3398. diff --git a/configure.ac b/configure.ac index 17fb1e60..a165d087 100644 --- a/configure.ac +++ b/configure.ac @@ -3574,8 +3574,8 @@ AC_RUN_IFELSE( select_works_with_rlimit=yes], [AC_MSG_RESULT([no]) select_works_with_rlimit=no], - [AC_MSG_WARN([cross compiling: assuming yes]) - select_works_with_rlimit=yes] + [AC_MSG_WARN([cross compiling: assuming no]) + select_works_with_rlimit=no] ) AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[ commit 5880200867e440f8ab5fd893c93db86555990443 Author: Darren Tucker Date: Fri Mar 11 18:43:58 2022 +1100 Resync fmt_scaled. with OpenBSD. Fixes underflow reported in bz#3401. diff --git a/openbsd-compat/fmt_scaled.c b/openbsd-compat/fmt_scaled.c index 2f76ef93..87d40d2d 100644 --- a/openbsd-compat/fmt_scaled.c +++ b/openbsd-compat/fmt_scaled.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fmt_scaled.c,v 1.17 2018/05/14 04:39:04 djm Exp $ */ +/* $OpenBSD: fmt_scaled.c,v 1.21 2022/03/11 07:29:53 dtucker Exp $ */ /* * Copyright (c) 2001, 2002, 2003 Ian F. Darwin. All rights reserved. @@ -54,9 +54,9 @@ typedef enum { } unit_type; /* These three arrays MUST be in sync! XXX make a struct */ -static unit_type units[] = { NONE, KILO, MEGA, GIGA, TERA, PETA, EXA }; -static char scale_chars[] = "BKMGTPE"; -static long long scale_factors[] = { +static const unit_type units[] = { NONE, KILO, MEGA, GIGA, TERA, PETA, EXA }; +static const char scale_chars[] = "BKMGTPE"; +static const long long scale_factors[] = { 1LL, 1024LL, 1024LL*1024, @@ -153,10 +153,8 @@ scan_scaled(char *scaled, long long *result) } } - if (sign) { + if (sign) whole *= sign; - fpart *= sign; - } /* If no scale factor given, we're done. fraction is discarded. */ if (!*p) { @@ -191,7 +189,8 @@ scan_scaled(char *scaled, long long *result) /* truncate fpart so it doesn't overflow. * then scale fractional part. */ - while (fpart >= LLONG_MAX / scale_fact) { + while (fpart >= LLONG_MAX / scale_fact || + fpart <= LLONG_MIN / scale_fact) { fpart /= 10; fract_digits--; } @@ -200,7 +199,10 @@ scan_scaled(char *scaled, long long *result) for (i = 0; i < fract_digits -1; i++) fpart /= 10; } - whole += fpart; + if (sign == -1) + whole -= fpart; + else + whole += fpart; *result = whole; return 0; } @@ -222,12 +224,16 @@ fmt_scaled(long long number, char *result) unsigned int i; unit_type unit = NONE; + /* Not every negative long long has a positive representation. */ + if (number == LLONG_MIN) { + errno = ERANGE; + return -1; + } + abval = llabs(number); - /* Not every negative long long has a positive representation. - * Also check for numbers that are just too darned big to format - */ - if (abval < 0 || abval / 1024 >= scale_factors[SCALE_LENGTH-1]) { + /* Also check for numbers that are just too darned big to format. */ + if (abval / 1024 >= scale_factors[SCALE_LENGTH-1]) { errno = ERANGE; return -1; }