From 34e87fb5d9ce607f5701ab4c31d837ad8133e2d1 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 30 Apr 2019 12:27:57 +1000 Subject: Remove unused variables from RLIMIT_NOFILE test. --- configure.ac | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index 30be6c182..9022ee9c9 100644 --- a/configure.ac +++ b/configure.ac @@ -3342,8 +3342,7 @@ AC_RUN_IFELSE( #include ]],[[ struct rlimit rl_zero; - int fd, r; - fd_set fds; + int r; rl_zero.rlim_cur = rl_zero.rlim_max = 0; r = setrlimit(RLIMIT_NOFILE, &rl_zero); -- cgit v1.2.3 From 285546b73e2c172565c992a695927ac8cf3b4cc6 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 10 May 2019 15:04:42 +1000 Subject: Use "doc" man page format if mandoc present. Previously configure would not select the "doc" man page format if mandoc was present but nroff was not. This checks for mandoc first and removes a now-superflous AC_PATH_PROG. Based on a patch from vehk at vehk.de and feedback from schwarze at usta.de. --- configure.ac | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index 9022ee9c9..17a11deef 100644 --- a/configure.ac +++ b/configure.ac @@ -41,11 +41,11 @@ AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) AC_PATH_PROG([SH], [sh]) AC_PATH_PROG([GROFF], [groff]) -AC_PATH_PROG([NROFF], [nroff]) +AC_PATH_PROG([NROFF], [nroff awf]) AC_PATH_PROG([MANDOC], [mandoc]) AC_SUBST([TEST_SHELL], [sh]) -dnl select manpage formatter +dnl select manpage formatter to be used to build "cat" format pages. if test "x$MANDOC" != "x" ; then MANFMT="$MANDOC" elif test "x$NROFF" != "x" ; then @@ -4626,9 +4626,9 @@ AC_ARG_WITH([mantype], ] ) if test -z "$MANTYPE"; then - TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" - AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath]) - if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then + if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then + MANTYPE=doc + elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then MANTYPE=doc elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then MANTYPE=man -- cgit v1.2.3 From 6fd4aa2aafbce90acb11a328ca0aa0696cb01c6b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 15 May 2019 16:19:14 +1000 Subject: Fix typo in man page formatter selector. --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index 17a11deef..23f4de7ef 100644 --- a/configure.ac +++ b/configure.ac @@ -53,7 +53,7 @@ elif test "x$NROFF" != "x" ; then elif test "x$GROFF" != "x" ; then MANFMT="$GROFF -mandoc -Tascii" else - AC_MSG_WARN([no manpage formatted found]) + AC_MSG_WARN([no manpage formatter found]) MANFMT="false" fi AC_SUBST([MANFMT]) -- cgit v1.2.3 From 4efe1adf05ee5d3fce44320fcff68735891f4ee6 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 8 Jul 2019 13:38:39 +1000 Subject: remove realpath() compat replacement We shipped a BSD implementation of realpath() because sftp-server depended on its behaviour. OpenBSD is now moving to a more strictly POSIX-compliant realpath(2), so sftp-server now unconditionally requires its own BSD-style realpath implementation. As such, there is no need to carry another independant implementation in openbsd-compat. ok dtucker@ --- .depend | 4 +- Makefile.in | 2 +- configure.ac | 28 ----- defines.h | 4 - openbsd-compat/Makefile.in | 1 - openbsd-compat/openbsd-compat.h | 12 --- openbsd-compat/realpath.c | 229 ---------------------------------------- 7 files changed, 3 insertions(+), 277 deletions(-) delete mode 100644 openbsd-compat/realpath.c (limited to 'configure.ac') diff --git a/.depend b/.depend index 6d5934cf9..54e889523 100644 --- a/.depend +++ b/.depend @@ -63,7 +63,7 @@ kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h kex.o: misc.h monitor.h ssherr.h sshbuf.h digest.h kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h ssh2.h kexdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h ssherr.h kexgen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h ssh2.h sshbuf.h digest.h ssherr.h kexgex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kexgexc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h @@ -151,7 +151,7 @@ sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h sshd.o: cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h ssherr.h ssherr.o: ssherr.h sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h sshkey-xmss.h match.h xmss_fast.h openbsd-compat/openssl-compat.h +sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h match.h openbsd-compat/openssl-compat.h sshlogin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshlogin.h ssherr.h loginrec.h log.h sshbuf.h misc.h servconf.h sshpty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h log.h misc.h sshtty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h diff --git a/Makefile.in b/Makefile.in index 6abb60fd0..8b6754a68 100644 --- a/Makefile.in +++ b/Makefile.in @@ -197,7 +197,7 @@ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-realpath.o sftp-server-main.o - $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ sftp-server.o sftp-common.o sftp-realpath.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) diff --git a/configure.ac b/configure.ac index 23f4de7ef..532bdee83 100644 --- a/configure.ac +++ b/configure.ac @@ -588,7 +588,6 @@ case "$host" in #include ] ) check_for_aix_broken_getaddrinfo=1 - AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.]) AC_DEFINE([SETEUID_BREAKS_SETUID], [1], [Define if your platform breaks doing a seteuid before a setuid]) AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) @@ -948,7 +947,6 @@ mips-sony-bsd|mips-sony-newsos4) conf_wtmp_location=/usr/adm/wtmp maildir=/usr/spool/mail AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) - AC_DEFINE([BROKEN_REALPATH]) AC_DEFINE([USE_PIPES]) AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) ;; @@ -2024,32 +2022,6 @@ AC_CHECK_FUNCS([setresgid], [ ) ]) -AC_CHECK_FUNCS([realpath], [ - dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given - dnl path name", however some implementations of realpath (and some - dnl versions of the POSIX spec) do not work on non-existent files, - dnl so we use the OpenBSD implementation on those platforms. - AC_MSG_CHECKING([if realpath works with non-existent files]) - AC_RUN_IFELSE( - [AC_LANG_PROGRAM([[ -#include -#include -#include - ]], [[ - char buf[PATH_MAX]; - if (realpath("/opensshnonexistentfilename1234", buf) == NULL) - if (errno == ENOENT) - exit(1); - exit(0); - ]])], - [AC_MSG_RESULT([yes])], - [AC_DEFINE([BROKEN_REALPATH], [1], - [realpath does not work with nonexistent files]) - AC_MSG_RESULT([no])], - [AC_MSG_WARN([cross compiling: assuming working])] - ) -]) - AC_MSG_CHECKING([for working fflush(NULL)]) AC_RUN_IFELSE( [AC_LANG_PROGRAM([[#include ]], [[fflush(NULL); exit(0);]])], diff --git a/defines.h b/defines.h index 8f4213062..46f88a431 100644 --- a/defines.h +++ b/defines.h @@ -108,10 +108,6 @@ enum # define MAXPATHLEN PATH_MAX # else /* PATH_MAX */ # define MAXPATHLEN 64 -/* realpath uses a fixed buffer of size MAXPATHLEN, so force use of ours */ -# ifndef BROKEN_REALPATH -# define BROKEN_REALPATH 1 -# endif /* BROKEN_REALPATH */ # endif /* PATH_MAX */ #endif /* MAXPATHLEN */ diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index c1e14cbd0..2cc343636 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -38,7 +38,6 @@ OPENBSD=base64.o \ pwcache.o \ readpassphrase.o \ reallocarray.o \ - realpath.o \ recallocarray.o \ rmd160.o \ rresvport.o \ diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index f58646886..86d45317b 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -81,18 +81,6 @@ void *reallocarray(void *, size_t, size_t); void *recallocarray(void *, size_t, size_t, size_t); #endif -#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) -/* - * glibc's FORTIFY_SOURCE can redefine this and prevent us picking up the - * compat version. - */ -# ifdef BROKEN_REALPATH -# define realpath(x, y) _ssh_compat_realpath(x, y) -# endif - -char *realpath(const char *path, char *resolved); -#endif - #ifndef HAVE_RRESVPORT_AF int rresvport_af(int *alport, sa_family_t af); #endif diff --git a/openbsd-compat/realpath.c b/openbsd-compat/realpath.c deleted file mode 100644 index a2f090e55..000000000 --- a/openbsd-compat/realpath.c +++ /dev/null @@ -1,229 +0,0 @@ -/* $OpenBSD: realpath.c,v 1.20 2015/10/13 20:55:37 millert Exp $ */ -/* - * Copyright (c) 2003 Constantin S. Svintsoff - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The names of the authors may not be used to endorse or promote - * products derived from this software without specific prior written - * permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* OPENBSD ORIGINAL: lib/libc/stdlib/realpath.c */ - -#include "includes.h" - -#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) - -#include -#include -#include - -#include -#include -#include -#include -#include -#include - -#ifndef SYMLOOP_MAX -# define SYMLOOP_MAX 32 -#endif - -/* A slightly modified copy of this file exists in libexec/ld.so */ - -/* - * char *realpath(const char *path, char resolved[PATH_MAX]); - * - * Find the real name of path, by removing all ".", ".." and symlink - * components. Returns (resolved) on success, or (NULL) on failure, - * in which case the path which caused trouble is left in (resolved). - */ -char * -realpath(const char *path, char *resolved) -{ - struct stat sb; - char *p, *q, *s; - size_t left_len, resolved_len; - unsigned symlinks; - int serrno, slen, mem_allocated; - char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX]; - - if (path[0] == '\0') { - errno = ENOENT; - return (NULL); - } - - serrno = errno; - - if (resolved == NULL) { - resolved = malloc(PATH_MAX); - if (resolved == NULL) - return (NULL); - mem_allocated = 1; - } else - mem_allocated = 0; - - symlinks = 0; - if (path[0] == '/') { - resolved[0] = '/'; - resolved[1] = '\0'; - if (path[1] == '\0') - return (resolved); - resolved_len = 1; - left_len = strlcpy(left, path + 1, sizeof(left)); - } else { - if (getcwd(resolved, PATH_MAX) == NULL) { - if (mem_allocated) - free(resolved); - else - strlcpy(resolved, ".", PATH_MAX); - return (NULL); - } - resolved_len = strlen(resolved); - left_len = strlcpy(left, path, sizeof(left)); - } - if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) { - errno = ENAMETOOLONG; - goto err; - } - - /* - * Iterate over path components in `left'. - */ - while (left_len != 0) { - /* - * Extract the next path component and adjust `left' - * and its length. - */ - p = strchr(left, '/'); - s = p ? p : left + left_len; - if (s - left >= (ptrdiff_t)sizeof(next_token)) { - errno = ENAMETOOLONG; - goto err; - } - memcpy(next_token, left, s - left); - next_token[s - left] = '\0'; - left_len -= s - left; - if (p != NULL) - memmove(left, s + 1, left_len + 1); - if (resolved[resolved_len - 1] != '/') { - if (resolved_len + 1 >= PATH_MAX) { - errno = ENAMETOOLONG; - goto err; - } - resolved[resolved_len++] = '/'; - resolved[resolved_len] = '\0'; - } - if (next_token[0] == '\0') - continue; - else if (strcmp(next_token, ".") == 0) - continue; - else if (strcmp(next_token, "..") == 0) { - /* - * Strip the last path component except when we have - * single "/" - */ - if (resolved_len > 1) { - resolved[resolved_len - 1] = '\0'; - q = strrchr(resolved, '/') + 1; - *q = '\0'; - resolved_len = q - resolved; - } - continue; - } - - /* - * Append the next path component and lstat() it. If - * lstat() fails we still can return successfully if - * there are no more path components left. - */ - resolved_len = strlcat(resolved, next_token, PATH_MAX); - if (resolved_len >= PATH_MAX) { - errno = ENAMETOOLONG; - goto err; - } - if (lstat(resolved, &sb) != 0) { - if (errno == ENOENT && p == NULL) { - errno = serrno; - return (resolved); - } - goto err; - } - if (S_ISLNK(sb.st_mode)) { - if (symlinks++ > SYMLOOP_MAX) { - errno = ELOOP; - goto err; - } - slen = readlink(resolved, symlink, sizeof(symlink) - 1); - if (slen < 0) - goto err; - symlink[slen] = '\0'; - if (symlink[0] == '/') { - resolved[1] = 0; - resolved_len = 1; - } else if (resolved_len > 1) { - /* Strip the last path component. */ - resolved[resolved_len - 1] = '\0'; - q = strrchr(resolved, '/') + 1; - *q = '\0'; - resolved_len = q - resolved; - } - - /* - * If there are any path components left, then - * append them to symlink. The result is placed - * in `left'. - */ - if (p != NULL) { - if (symlink[slen - 1] != '/') { - if (slen + 1 >= - (ptrdiff_t)sizeof(symlink)) { - errno = ENAMETOOLONG; - goto err; - } - symlink[slen] = '/'; - symlink[slen + 1] = 0; - } - left_len = strlcat(symlink, left, sizeof(symlink)); - if (left_len >= sizeof(symlink)) { - errno = ENAMETOOLONG; - goto err; - } - } - left_len = strlcpy(left, symlink, sizeof(left)); - } - } - - /* - * Remove trailing slash except when the resolved pathname - * is a single "/". - */ - if (resolved_len > 1 && resolved[resolved_len - 1] == '/') - resolved[resolved_len - 1] = '\0'; - return (resolved); - -err: - if (mem_allocated) - free(resolved); - return (NULL); -} -#endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */ -- cgit v1.2.3 From 8729498a5d239980a91d32f031b34e8c58c52f62 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 10 Jul 2019 09:43:19 +1000 Subject: fix typo that prevented detection of Linux VRF Reported by hexiaowen AT huawei.com --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index 532bdee83..958e99fd4 100644 --- a/configure.ac +++ b/configure.ac @@ -816,7 +816,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE([SYS_RDOMAIN_LINUX], [1], [Support routing domains using Linux VRF]), [], [ #ifdef HAVE_SYS_TYPES_H -# include +# include #endif ]) AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], -- cgit v1.2.3 From 45478898f9590b5cc8bc7104e573b84be67443b0 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 16 Jul 2019 09:20:23 +1000 Subject: Hook memmem compat code into build. This fixes builds on platforms that don't have it (at least old DragonFly, probably others). --- configure.ac | 1 + openbsd-compat/Makefile.in | 1 + openbsd-compat/memmem.c | 5 +++++ openbsd-compat/openbsd-compat.h | 4 ++++ 4 files changed, 11 insertions(+) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index 958e99fd4..63e017733 100644 --- a/configure.ac +++ b/configure.ac @@ -1751,6 +1751,7 @@ AC_CHECK_FUNCS([ \ llabs \ login_getcapbool \ md5_crypt \ + memmem \ memmove \ memset_s \ mkdtemp \ diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 2cc343636..1162dc550 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -34,6 +34,7 @@ OPENBSD=base64.o \ inet_ntoa.o \ inet_ntop.o \ md5.o \ + memmem.o \ mktemp.o \ pwcache.o \ readpassphrase.o \ diff --git a/openbsd-compat/memmem.c b/openbsd-compat/memmem.c index 823443b08..3e5e6b5e6 100644 --- a/openbsd-compat/memmem.c +++ b/openbsd-compat/memmem.c @@ -27,6 +27,10 @@ * SUCH DAMAGE. */ +#include "includes.h" + +#ifndef HAVE_MEMMEM + #include /* @@ -62,3 +66,4 @@ memmem(const void *l, size_t l_len, const void *s, size_t s_len) return NULL; } DEF_WEAK(memmem); +#endif /* HAVE_MEMMEM */ diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 86d45317b..fda6706f8 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -73,6 +73,10 @@ int getpagesize(void); char *getcwd(char *pt, size_t size); #endif +#ifdef HAVE_MEMMEM +void *memmem(const void *, size_t, const void *, size_t); +#endif + #ifndef HAVE_REALLOCARRAY void *reallocarray(void *, size_t, size_t); #endif -- cgit v1.2.3 From 11cba2a4523fda447e2554ea457484655bedc831 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 23 Jul 2019 21:51:22 +1000 Subject: Re-apply portability changes to current sha2.{c,h}. Rather than attempt to apply 14 years' worth of changes to OpenBSD's sha2 I imported the current versions directly then re-applied the portability changes. This also allowed re-syncing digest-libc.c against upstream. --- configure.ac | 16 ++++++---------- digest-libc.c | 28 ++++++++++++++++------------ digest-openssl.c | 8 ++++++-- mac.c | 4 ---- openbsd-compat/sha2.c | 36 +++++++++++++++++++++++++++++++++++- openbsd-compat/sha2.h | 25 ++++++++++++++++++++++--- 6 files changed, 85 insertions(+), 32 deletions(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index 63e017733..1c35b090b 100644 --- a/configure.ac +++ b/configure.ac @@ -1699,6 +1699,9 @@ AC_CHECK_FUNCS([ \ Blowfish_expandstate \ Blowfish_expand0state \ Blowfish_stream2word \ + SHA256Update \ + SHA384Update \ + SHA512Update \ asprintf \ b64_ntop \ __b64_ntop \ @@ -2849,16 +2852,9 @@ if test "x$openssl" = "xyes" ; then fi AC_CHECK_FUNCS([crypt DES_crypt]) - # Search for SHA256 support in libc and/or OpenSSL - AC_CHECK_FUNCS([SHA256_Update EVP_sha256], , - [unsupported_algorithms="$unsupported_algorithms \ - hmac-sha2-256 \ - hmac-sha2-512 \ - diffie-hellman-group-exchange-sha256 \ - hmac-sha2-256-etm@openssh.com \ - hmac-sha2-512-etm@openssh.com" - ] - ) + # Check for SHA256, SHA384 and SHA512 support in OpenSSL + AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) + # Search for RIPE-MD support in OpenSSL AC_CHECK_FUNCS([EVP_ripemd160], , [unsupported_algorithms="$unsupported_algorithms \ diff --git a/digest-libc.c b/digest-libc.c index c2b0b2403..12737e5d5 100644 --- a/digest-libc.c +++ b/digest-libc.c @@ -28,7 +28,11 @@ #if 0 #include #include +#endif +#ifdef HAVE_SHA1_H #include +#endif +#ifdef HAVE_SHA2_H #include #endif @@ -83,30 +87,30 @@ const struct ssh_digest digests[SSH_DIGEST_MAX] = { "SHA256", SHA256_BLOCK_LENGTH, SHA256_DIGEST_LENGTH, - sizeof(SHA256_CTX), - (md_init_fn *) SHA256_Init, - (md_update_fn *) SHA256_Update, - (md_final_fn *) SHA256_Final + sizeof(SHA2_CTX), + (md_init_fn *) SHA256Init, + (md_update_fn *) SHA256Update, + (md_final_fn *) SHA256Final }, { SSH_DIGEST_SHA384, "SHA384", SHA384_BLOCK_LENGTH, SHA384_DIGEST_LENGTH, - sizeof(SHA384_CTX), - (md_init_fn *) SHA384_Init, - (md_update_fn *) SHA384_Update, - (md_final_fn *) SHA384_Final + sizeof(SHA2_CTX), + (md_init_fn *) SHA384Init, + (md_update_fn *) SHA384Update, + (md_final_fn *) SHA384Final }, { SSH_DIGEST_SHA512, "SHA512", SHA512_BLOCK_LENGTH, SHA512_DIGEST_LENGTH, - sizeof(SHA512_CTX), - (md_init_fn *) SHA512_Init, - (md_update_fn *) SHA512_Update, - (md_final_fn *) SHA512_Final + sizeof(SHA2_CTX), + (md_init_fn *) SHA512Init, + (md_update_fn *) SHA512Update, + (md_final_fn *) SHA512Final } }; diff --git a/digest-openssl.c b/digest-openssl.c index da7ed72bc..11efbf7c0 100644 --- a/digest-openssl.c +++ b/digest-openssl.c @@ -34,12 +34,16 @@ #ifndef HAVE_EVP_RIPEMD160 # define EVP_ripemd160 NULL -#endif /* HAVE_EVP_RIPEMD160 */ +#endif #ifndef HAVE_EVP_SHA256 # define EVP_sha256 NULL +#endif +#ifndef HAVE_EVP_SHA384 # define EVP_sha384 NULL +#endif +#ifndef HAVE_EVP_SHA512 # define EVP_sha512 NULL -#endif /* HAVE_EVP_SHA256 */ +#endif struct ssh_digest_ctx { int alg; diff --git a/mac.c b/mac.c index 51dc11d76..9a504e892 100644 --- a/mac.c +++ b/mac.c @@ -58,10 +58,8 @@ static const struct macalg macs[] = { /* Encrypt-and-MAC (encrypt-and-authenticate) variants */ { "hmac-sha1", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 0 }, { "hmac-sha1-96", SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 0 }, -#ifdef HAVE_EVP_SHA256 { "hmac-sha2-256", SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 0 }, { "hmac-sha2-512", SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 0 }, -#endif { "hmac-md5", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 0 }, { "hmac-md5-96", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 }, { "umac-64@openssh.com", SSH_UMAC, 0, 0, 128, 64, 0 }, @@ -70,10 +68,8 @@ static const struct macalg macs[] = { /* Encrypt-then-MAC variants */ { "hmac-sha1-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 }, { "hmac-sha1-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 1 }, -#ifdef HAVE_EVP_SHA256 { "hmac-sha2-256-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 1 }, { "hmac-sha2-512-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 1 }, -#endif { "hmac-md5-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 }, { "hmac-md5-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 }, { "umac-64-etm@openssh.com", SSH_UMAC, 0, 0, 128, 64, 1 }, diff --git a/openbsd-compat/sha2.c b/openbsd-compat/sha2.c index f16cf9cd0..eca0644c6 100644 --- a/openbsd-compat/sha2.c +++ b/openbsd-compat/sha2.c @@ -34,7 +34,14 @@ * $From: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $ */ -#include +/* OPENBSD ORIGINAL: lib/libc/hash/sha2.c */ + +#include "includes.h" + +#if !defined(HAVE_SHA256UPDATE) || !defined(HAVE_SHA384UPDATE) || \ + !defined(HAVE_SHA512UPDATE) + +#define MAKE_CLONE(x, y) /* no-op out */ #include #include @@ -264,6 +271,7 @@ static const u_int64_t sha512_initial_hash_value[8] = { }; #if !defined(SHA2_SMALL) +#if 0 /* Initial hash value H for SHA-224: */ static const u_int32_t sha224_initial_hash_value[8] = { 0xc1059ed8UL, @@ -275,6 +283,7 @@ static const u_int32_t sha224_initial_hash_value[8] = { 0x64f98fa7UL, 0xbefa4fa4UL }; +#endif /* 0 */ /* Initial hash value H for SHA-384 */ static const u_int64_t sha384_initial_hash_value[8] = { @@ -288,6 +297,7 @@ static const u_int64_t sha384_initial_hash_value[8] = { 0x47b5481dbefa4fa4ULL }; +#if 0 /* Initial hash value H for SHA-512-256 */ static const u_int64_t sha512_256_initial_hash_value[8] = { 0x22312194fc2bf72cULL, @@ -336,6 +346,7 @@ SHA224Final(u_int8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *context) } DEF_WEAK(SHA224Final); #endif /* !defined(SHA2_SMALL) */ +#endif /* 0 */ /*** SHA-256: *********************************************************/ void @@ -917,6 +928,25 @@ DEF_WEAK(SHA384Transform); DEF_WEAK(SHA384Update); DEF_WEAK(SHA384Pad); +/* Equivalent of MAKE_CLONE (which is a no-op) for SHA384 funcs */ +void +SHA384Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH]) +{ + return SHA512Transform(state, data); +} + +void +SHA384Update(SHA2_CTX *context, const u_int8_t *data, size_t len) +{ + SHA512Update(context, data, len); +} + +void +SHA384Pad(SHA2_CTX *context) +{ + SHA512Pad(context); +} + void SHA384Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *context) { @@ -936,6 +966,7 @@ SHA384Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *context) } DEF_WEAK(SHA384Final); +#if 0 /*** SHA-512/256: *********************************************************/ void SHA512_256Init(SHA2_CTX *context) @@ -973,3 +1004,6 @@ SHA512_256Final(u_int8_t digest[SHA512_256_DIGEST_LENGTH], SHA2_CTX *context) } DEF_WEAK(SHA512_256Final); #endif /* !defined(SHA2_SMALL) */ +#endif /* 0 */ + +#endif /* HAVE_SHA{256,384,512}UPDATE */ diff --git a/openbsd-compat/sha2.h b/openbsd-compat/sha2.h index 52ddb3f79..bf7dafc52 100644 --- a/openbsd-compat/sha2.h +++ b/openbsd-compat/sha2.h @@ -34,9 +34,16 @@ * $From: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $ */ -#ifndef _SHA2_H -#define _SHA2_H +/* OPENBSD ORIGINAL: include/sha2.h */ +#ifndef _SSHSHA2_H +#define _SSHSHA2_H + +#include "includes.h" +#include + +#if !defined(HAVE_SHA256UPDATE) || !defined(HAVE_SHA384UPDATE) || \ + !defined(HAVE_SHA512UPDATE) /*** SHA-256/384/512 Various Length Definitions ***********************/ #define SHA224_BLOCK_LENGTH 64 @@ -66,6 +73,7 @@ typedef struct _SHA2_CTX { u_int8_t buffer[SHA512_BLOCK_LENGTH]; } SHA2_CTX; +#if 0 __BEGIN_DECLS void SHA224Init(SHA2_CTX *); void SHA224Transform(u_int32_t state[8], const u_int8_t [SHA224_BLOCK_LENGTH]); @@ -83,7 +91,9 @@ char *SHA224FileChunk(const char *, char *, off_t, off_t) char *SHA224Data(const u_int8_t *, size_t, char *) __attribute__((__bounded__(__string__,1,2))) __attribute__((__bounded__(__minbytes__,3,SHA224_DIGEST_STRING_LENGTH))); +#endif /* 0 */ +#ifndef HAVE_SHA256UPDATE void SHA256Init(SHA2_CTX *); void SHA256Transform(u_int32_t state[8], const u_int8_t [SHA256_BLOCK_LENGTH]); void SHA256Update(SHA2_CTX *, const u_int8_t *, size_t) @@ -100,7 +110,9 @@ char *SHA256FileChunk(const char *, char *, off_t, off_t) char *SHA256Data(const u_int8_t *, size_t, char *) __attribute__((__bounded__(__string__,1,2))) __attribute__((__bounded__(__minbytes__,3,SHA256_DIGEST_STRING_LENGTH))); +#endif /* HAVE_SHA256UPDATE */ +#ifndef HAVE_SHA384UPDATE void SHA384Init(SHA2_CTX *); void SHA384Transform(u_int64_t state[8], const u_int8_t [SHA384_BLOCK_LENGTH]); void SHA384Update(SHA2_CTX *, const u_int8_t *, size_t) @@ -117,7 +129,9 @@ char *SHA384FileChunk(const char *, char *, off_t, off_t) char *SHA384Data(const u_int8_t *, size_t, char *) __attribute__((__bounded__(__string__,1,2))) __attribute__((__bounded__(__minbytes__,3,SHA384_DIGEST_STRING_LENGTH))); +#endif /* HAVE_SHA384UPDATE */ +#ifndef HAVE_SHA512UPDATE void SHA512Init(SHA2_CTX *); void SHA512Transform(u_int64_t state[8], const u_int8_t [SHA512_BLOCK_LENGTH]); void SHA512Update(SHA2_CTX *, const u_int8_t *, size_t) @@ -134,7 +148,9 @@ char *SHA512FileChunk(const char *, char *, off_t, off_t) char *SHA512Data(const u_int8_t *, size_t, char *) __attribute__((__bounded__(__string__,1,2))) __attribute__((__bounded__(__minbytes__,3,SHA512_DIGEST_STRING_LENGTH))); +#endif /* HAVE_SHA512UPDATE */ +#if 0 void SHA512_256Init(SHA2_CTX *); void SHA512_256Transform(u_int64_t state[8], const u_int8_t [SHA512_256_BLOCK_LENGTH]); void SHA512_256Update(SHA2_CTX *, const u_int8_t *, size_t) @@ -152,5 +168,8 @@ char *SHA512_256Data(const u_int8_t *, size_t, char *) __attribute__((__bounded__(__string__,1,2))) __attribute__((__bounded__(__minbytes__,3,SHA512_256_DIGEST_STRING_LENGTH))); __END_DECLS +#endif /* 0 */ + +#endif /* HAVE_SHA{256,384,512}UPDATE */ -#endif /* _SHA2_H */ +#endif /* _SSHSHA2_H */ -- cgit v1.2.3 From 28744182cf90e0073b76a9e98de58a47e688b2c4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 30 Aug 2019 13:21:38 +1000 Subject: proc_pidinfo()-based closefrom() for OS X Refactor closefrom() to use a single brute-force close() loop fallback. Based on patch from likan_999.student@sina.com in bz#3049. ok dtucker@ --- configure.ac | 3 ++ openbsd-compat/bsd-closefrom.c | 88 ++++++++++++++++++++++++++++++++---------- 2 files changed, 70 insertions(+), 21 deletions(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index 1c35b090b..8c6c4637c 100644 --- a/configure.ac +++ b/configure.ac @@ -679,6 +679,9 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_CHECK_LIB([sandbox], [sandbox_apply], [ SSHDLIBS="$SSHDLIBS -lsandbox" ]) + # proc_pidinfo()-based closefrom() replacement. + AC_CHECK_HEADERS([libproc.h]) + AC_CHECK_FUNCS([proc_pidinfo]) ;; *-*-dragonfly*) SSHDLIBS="$SSHDLIBS -lcrypt" diff --git a/openbsd-compat/bsd-closefrom.c b/openbsd-compat/bsd-closefrom.c index b56476a2d..8b9a56278 100644 --- a/openbsd-compat/bsd-closefrom.c +++ b/openbsd-compat/bsd-closefrom.c @@ -46,6 +46,9 @@ # include # endif #endif +#if defined(HAVE_LIBPROC_H) +# include +#endif #ifndef OPEN_MAX # define OPEN_MAX 256 @@ -55,21 +58,73 @@ __unused static const char rcsid[] = "$Sudo: closefrom.c,v 1.11 2006/08/17 15:26:54 millert Exp $"; #endif /* lint */ +#ifndef HAVE_FCNTL_CLOSEM /* * Close all file descriptors greater than or equal to lowfd. */ +static void +closefrom_fallback(int lowfd) +{ + long fd, maxfd; + + /* + * Fall back on sysconf() or getdtablesize(). We avoid checking + * resource limits since it is possible to open a file descriptor + * and then drop the rlimit such that it is below the open fd. + */ +#ifdef HAVE_SYSCONF + maxfd = sysconf(_SC_OPEN_MAX); +#else + maxfd = getdtablesize(); +#endif /* HAVE_SYSCONF */ + if (maxfd < 0) + maxfd = OPEN_MAX; + + for (fd = lowfd; fd < maxfd; fd++) + (void) close((int) fd); +} +#endif /* HAVE_FCNTL_CLOSEM */ + #ifdef HAVE_FCNTL_CLOSEM void closefrom(int lowfd) { (void) fcntl(lowfd, F_CLOSEM, 0); } -#else +#elif defined(HAVE_LIBPROC_H) && defined(HAVE_PROC_PIDINFO) void closefrom(int lowfd) { - long fd, maxfd; -#if defined(HAVE_DIRFD) && defined(HAVE_PROC_PID) + int i, r, sz; + pid_t pid = getpid(); + struct proc_fdinfo *fdinfo_buf = NULL; + + sz = proc_pidinfo(pid, PROC_PIDLISTFDS, 0, NULL, 0); + if (sz == 0) + return; /* no fds, really? */ + else if (sz == -1) + goto fallback; + if ((fdinfo_buf = malloc(sz)) == NULL) + goto fallback; + r = proc_pidinfo(pid, PROC_PIDLISTFDS, 0, fdinfo_buf, sz); + if (r < 0 || r >= sz) + goto fallback; + for (i = 0; i < sz / (int)PROC_PIDLISTFD_SIZE; i++) { + if (fdinfo_buf[i].proc_fd >= lowfd) + close(fdinfo_buf[i].proc_fd); + } + free(fdinfo_buf); + return; + fallback: + free(fdinfo_buf); + closefrom_fallback(lowfd); + return; +} +#elif defined(HAVE_DIRFD) && defined(HAVE_PROC_PID) +void +closefrom(int lowfd) +{ + long fd; char fdpath[PATH_MAX], *endp; struct dirent *dent; DIR *dirp; @@ -85,25 +140,16 @@ closefrom(int lowfd) (void) close((int) fd); } (void) closedir(dirp); - } else -#endif - { - /* - * Fall back on sysconf() or getdtablesize(). We avoid checking - * resource limits since it is possible to open a file descriptor - * and then drop the rlimit such that it is below the open fd. - */ -#ifdef HAVE_SYSCONF - maxfd = sysconf(_SC_OPEN_MAX); -#else - maxfd = getdtablesize(); -#endif /* HAVE_SYSCONF */ - if (maxfd < 0) - maxfd = OPEN_MAX; - - for (fd = lowfd; fd < maxfd; fd++) - (void) close((int) fd); + return; } + /* /proc/$$/fd strategy failed, fall back to brute force closure */ + closefrom_fallback(lowfd); +} +#else +void +closefrom(int lowfd) +{ + closefrom_fallback(lowfd); } #endif /* !HAVE_FCNTL_CLOSEM */ #endif /* HAVE_CLOSEFROM */ -- cgit v1.2.3 From e0e7e3d0e26f2c30697e6d0cfc293414908963c7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 30 Aug 2019 14:26:19 +1000 Subject: tweak warning flags Enable -Wextra if compiler supports it Set -Wno-error=format-truncation if available to prevent expected string truncations in openbsd-compat from breaking -Werror builds --- configure.ac | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index 8c6c4637c..3e93c0276 100644 --- a/configure.ac +++ b/configure.ac @@ -152,9 +152,11 @@ CFLAGS="$saved_CFLAGS" if test "$GCC" = "yes" || test "$GCC" = "egcs"; then OSSH_CHECK_CFLAG_COMPILE([-pipe]) - OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) + OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) + OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) OSSH_CHECK_CFLAG_COMPILE([-Wall]) + OSSH_CHECK_CFLAG_COMPILE([-Wextra]) OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) -- cgit v1.2.3