upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-03-22 18:53:08 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/lib/libc
History
Marcel Moolenaar daab0b01ed Protect against DoS attacks, such as being described in CVE-2010-2632. 
The changes were derived from what has been committed to NetBSD, with
modifications. These are:
1.  Preserve the existsing GLOB_LIMIT behaviour by including the number
    of matches to the set of parameters to limit.
2.  Change some of the limits to avoid impacting normal use cases:
    GLOB_LIMIT_STRING - change from 65536 to ARG_MAX so that glob(3)
	can still provide a full command line of expanded names.
    GLOB_LIMIT_STAT - change from 128 to 1024 for no other reason than
	that 128 feels too low (it's not a limit that impacts the
	behaviour of the test program listed in CVE-2010-2632).
    GLOB_LIMIT_PATH - change from 1024 to 65536 so that glob(3) can
	still provide a fill command line of expanded names.
3.  Protect against buffer overruns when we hit the GLOB_LIMIT_STAT or
    GLOB_LIMIT_READDIR limits. We append SEP and EOS to pathend in
    those cases. Return GLOB_ABORTED instead of GLOB_NOSPACE when we
    would otherwise overrun the buffer.

This change also modifies the existing behaviour of glob(3) in case
GLOB_LIMIT is specifies by limiting the *new* matches and not all
matches. This is an important distinction when GLOB_APPEND is set or
when the caller uses a non-zero gl_offs. Previously pre-existing
matches or the value of gl_offs would be counted in the number of
matches even though the man page states that glob(3) would return
GLOB_NOSPACE when gl_matchc or more matches were found.

The limits that cannot be circumvented are GLOB_LIMIT_STRING and
GLOB_LIMIT_PATH all others can be crossed by simply calling glob(3)
again and with GLOB_APPEND set.

The entire description above applies only when GLOB_LIMIT has been
specified of course. No limits apply when this flag isn't set!

Obtained from: Juniper Networks, Inc
2012-12-01 21:26:46 +00:00
..
amd64 libc/amd64: Do not export .cerror. 2012-09-06 20:59:49 +00:00
arm Merging of projects/armv6, part 2 2012-08-15 03:09:00 +00:00
compat-43 Update the kill(2) and killpg(2) man pages to the modern permission 2012-10-22 03:37:00 +00:00
db Globally replace u_int*_t from (non-contributed) man pages. 2012-02-12 18:29:56 +00:00
gdtoa Implement xlocale APIs from Darwin, mainly for use by libc++. This adds a 2011-11-20 14:45:42 +00:00
gen Protect against DoS attacks, such as being described in CVE-2010-2632. 2012-12-01 21:26:46 +00:00
gmon mdoc: end list context with El. 2012-05-12 07:52:45 +00:00
i386 libc/i386: Do not export .cerror. 2012-09-05 21:41:05 +00:00
ia64 Make the sys/ucontext.h self-contained by changing the return type 2012-02-01 13:33:53 +00:00
iconv Fix Fo arguments. 2012-03-28 19:20:28 +00:00
include Implement the waitid() SUSv4 function using wait6() system call. 2012-11-13 12:55:52 +00:00
inet A new jail(8) with a configuration file, to replace the work currently done 2010-10-19 21:32:13 +00:00
isc A new jail(8) with a configuration file, to replace the work currently done 2010-10-19 21:32:13 +00:00
locale libc: Use O_CLOEXEC for various internal file descriptors. 2012-09-29 11:54:34 +00:00
mips Implement _set_tp 2012-03-06 03:30:09 +00:00
nameser A new jail(8) with a configuration file, to replace the work currently done 2010-10-19 21:32:13 +00:00
net Cleanup the code a bit, which improves the portability. 2012-11-19 19:26:19 +00:00
nls libc: Use O_CLOEXEC for various internal file descriptors. 2012-09-29 11:54:34 +00:00
posix1e Minor mdoc nits. 2012-05-13 14:16:04 +00:00
powerpc Doh... Don't add __eabi to an old version tag (i.e. FBSD_1.0). Add it to the 2012-05-25 16:30:42 +00:00
powerpc64 Do not restore the register holding the TLS pointer when doing various 2012-04-11 00:00:40 +00:00
quad A new jail(8) with a configuration file, to replace the work currently done 2010-10-19 21:32:13 +00:00
regex Remove some duplicated copyright notices. 2012-03-06 12:53:44 +00:00
resolv Remove meaningless self-assignment in res_send.c, otherwise clang will 2011-12-15 20:10:12 +00:00
rpc rpc: convert all uid and gid variables to u_int. 2012-10-04 04:15:18 +00:00
softfloat Conditionalize the __floatunsisf and __floatunsidf functions, added in 2012-01-20 14:44:21 +00:00
sparc64 Make the sys/ucontext.h self-contained by changing the return type 2012-02-01 13:33:53 +00:00
stdio The getline function returns the number of characters read, not 2012-12-01 15:25:41 +00:00
stdlib Remove undefined behavior from sranddev() and 2012-10-09 14:25:14 +00:00
stdtime Add more locale-specific functions to the relevant man pages and 2012-06-25 21:51:40 +00:00
string clarify the wording for 'first' and 'last' 2012-09-30 03:25:04 +00:00
sys Document that getpeername(2) and getsockname(2) can fail with EINVAL. 2012-11-23 10:14:54 +00:00
uuid Note that memory should be freed after uuid_to_string(3) call. 2012-03-01 14:39:01 +00:00
xdr Add a HISTORY section 2011-07-10 06:57:00 +00:00
yp libc: Use O_CLOEXEC for various internal file descriptors. 2012-09-29 11:54:34 +00:00
Makefile Disable NLS catalog use in libc if built with WITHOUT_NLS option. 2012-05-21 08:10:42 +00:00
Versions.def Add a FBSD_1.3 namespace for FreeBSD 10. 2011-10-10 15:42:33 +00:00