During unpacking, we ensure that we do not read beyond the
declared size. However, unpack uses a function that copies
null-terminated strings. Prior to this commit, if the last string
was not null-terminated, it could result in copying data into a
buffer smaller than the allocated size.
Security: FreeBSD-24:09.libnv
Security: CVE-2024-45288
Security: CAP-03
Reported by: Synacktiv
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46138
Ensure that the calculation of size of array doesn't
overflow.
Security: FreeBSD-24:09.libnv
Security: CVE-2024-45287
Security: CAP-02
Reported by: Synacktiv
Reported by: Taylor R Campbell (NetBSD)
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46131
Fix csr_swap() macro so that we don't overwrite the argument (which is not
even possible when the argument is an immediate value)
Reviewed by: jrtc27
Differential Revision: https://reviews.freebsd.org/D46526
Using global taskqueue_thread XXX with the vnet tasks scheduled during
VNET destruction. VNET shutdown needs to wait for all vnet-scoped
SAs/SPs to be handled, and doing that from taskqueue_thread task
deadlocks because the same thread proceeds the removals.
Reviewed by: markj
Sponsored by: NVidia networking
Differential revision: https://reviews.freebsd.org/D46494
These are the same as the standard "base" images except:
* They don't have kernel or world debug symbols,
* They don't have FreeBSD tests,
* They don't have 32-bit libraries,
* They don't have LLDB,
* They don't have the Amazon SSM Agent pre-installed,
* They don't default to installing the awscli at first boot.
This reduces the amount of disk space in use when the EC2 instance
finishes booting from ~5 GB to ~1 GB.
Sponsored by: Amazon
Differential Revision: https://reviews.freebsd.org/D46509
Move it from VM_EXTRA_PACKAGES in ec2.conf to VM_EXTRA_PACKAGES in
ec2-{base,cloud-init}.conf
Sponsored by: Amazon
Differential Revision: https://reviews.freebsd.org/D46508
Having the "base" FreeBSD network configuration (aka. what is used
when not using cloud-init) in ec2.conf will allow us to reuse it in
other AMIs.
Sponsored by: Amazon
Differential Revision: https://reviews.freebsd.org/D46507
This makes it possible for a VM build configuration file to pass
options to make installworld/installkernel/distribution, e.g.
WITHOUT_DEBUG_FILES=YES in order to produce smaller images.
Note that these options are only applied at install time, not at
build time (since the same build is installed into many different
VM images), so not all src.conf options are usable here.
Sponsored by: Amazon
Differential Revision: https://reviews.freebsd.org/D46506
For EXT_CSD_PART_CONFIG_ACC_BOOT<n> and possibly others with suffixes
we fail to create proper disk aliases (symlinks), which shows up as
g_dev_taste: make_dev_alias_p() failed (name=mmcsd0, error=17)
In this case we ended up with the followng two:
/dev/mmcsd0 -> sdda0
/dev/mmcsd1 -> sdda0boot1
Note that (i) it should be mmcsd0boot1 and not mmcsd1 and that
(ii) there is no mmcsd0boot0 (failed above as it tried to create a
second mmcsd0).
Adjust the code (using a highly simplified version--compared to my
original approach--suggested by imp) using an extended format string
with (sdda/mmcsd) prefix as first argument to create proper names.
MFC after: 3 days
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D43538
For build reproducibility we set PE headers to an arbitrary timestamp.
Nothing in FreeBSD uses this timestamp, but bump it from 2016 to 2024 so
that the timestamp does not seem "too old" in case some third party tool
is used to inspect EFI boot components.
Reviewed by: imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46527
This both saves the buffer for freeing later and saves the packet
pointer and snapend to be restored when packet processing is complete,
even if an exception is thrown with longjmp.
This means that the hex/ASCII printing in pretty_print_packet()
processes the packet data as captured or read from the savefile, rather
than as modified by the PPP printer, so that the bounds checking is
correct.
That fixes CVE-2024-2397, which was caused by an exception being thrown
by the hex/ASCII printer (which should only happen if those routines are
called by a packet printer, not if they're called for the -X/-x/-A
flag), which jumps back to the setjmp() that surrounds the packet
printer. Hilarity^Winfinite looping ensues.
Also, restore ndo->ndo_packetp before calling the hex/ASCII printing
routine, in case nd_pop_all_packet_info() didn't restore it.
Reviewed by: emaste
If beep cannot open /dev/dsp provide more information to aid the user
in diagnosing a problem.
Reviewed by: christos
Sponsored by: The FreeBSD Foundation
Remove the reference to the nonexistent 'end' parameter. While here,
rephrase a bit.
I did the initial comment fix (commit "bitset: Fix __BIT_FFS_AT()'s
herald comment", f3ab0d86e8) as part of an experiment introducing
macros to operate on ranges of bits in a bitset and subject to
a predicate (a generalization of some code used in some pending
modifications of the ULE scheduler), which was finally ditched as being
too verbose and impractical to use. I however then forgot to remove the
reference to 'end'.
No functional change.
Noted by: emaste
Approved by: emaste (mentor)
MFC after: 3 days
MFC with: f3ab0d86e8
Sponsored by: The FreeBSD Foundation
As a consequence now ice_alloc_vsi_qmap() does not fail. Remove unneeded
error checks.
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D45852
