aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDuncaen <mail@duncano.de>2017-05-25 16:24:41 +0200
committerDuncaen <mail@duncano.de>2017-05-25 16:24:41 +0200
commit8bb3dd2300f887ed2487850cf5e305f1eb09a5f9 (patch)
tree946aa5164a4694a4548c92194ded3b39a5d8502e
parent00bda52d272cd76e1e2a50d3b2131dbd1acabf1f (diff)
downloadlobase-8bb3dd2300f887ed2487850cf5e305f1eb09a5f9.tar.gz
lib/libopenbsd: update
-rw-r--r--lib/libopenbsd/crypt/arc4random.c2
-rw-r--r--lib/libopenbsd/crypt/arc4random_uniform.c2
-rw-r--r--lib/libopenbsd/gen/basename.39
-rw-r--r--lib/libopenbsd/gen/dirname.39
-rw-r--r--lib/libopenbsd/gen/errc.c1
-rw-r--r--lib/libopenbsd/gen/fts.c11
-rw-r--r--lib/libopenbsd/gen/glob.c55
-rw-r--r--lib/libopenbsd/gen/verrc.c1
-rw-r--r--lib/libopenbsd/hash/md5.310
-rw-r--r--lib/libopenbsd/hash/rmd160.38
-rw-r--r--lib/libopenbsd/hash/sha1.314
-rw-r--r--lib/libopenbsd/regex/engine.c4
-rw-r--r--lib/libopenbsd/regex/regcomp.c14
-rw-r--r--lib/libopenbsd/stdio/fgetwln.s144
-rw-r--r--lib/libopenbsd/stdlib/malloc.3250
15 files changed, 252 insertions, 282 deletions
diff --git a/lib/libopenbsd/crypt/arc4random.c b/lib/libopenbsd/crypt/arc4random.c
index e659a6e..8a4ecc9 100644
--- a/lib/libopenbsd/crypt/arc4random.c
+++ b/lib/libopenbsd/crypt/arc4random.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: arc4random.c,v 1.53 2015/09/10 18:53:50 bcook Exp $ */
+/* $OpenBSD: arc4random.c,v 1.54 2015/09/13 08:31:47 guenther Exp $ */
/*
* Copyright (c) 1996, David Mazieres <dm@uun.org>
diff --git a/lib/libopenbsd/crypt/arc4random_uniform.c b/lib/libopenbsd/crypt/arc4random_uniform.c
index cbf01a2..23a15e3 100644
--- a/lib/libopenbsd/crypt/arc4random_uniform.c
+++ b/lib/libopenbsd/crypt/arc4random_uniform.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: arc4random_uniform.c,v 1.1 2014/07/12 13:24:54 deraadt Exp $ */
+/* $OpenBSD: arc4random_uniform.c,v 1.2 2015/09/13 08:31:47 guenther Exp $ */
/*
* Copyright (c) 2008, Damien Miller <djm@openbsd.org>
diff --git a/lib/libopenbsd/gen/basename.3 b/lib/libopenbsd/gen/basename.3
index 7394a25..1448e81 100644
--- a/lib/libopenbsd/gen/basename.3
+++ b/lib/libopenbsd/gen/basename.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: basename.3,v 1.22 2013/09/30 12:02:32 millert Exp $
+.\" $OpenBSD: basename.3,v 1.23 2017/05/08 14:45:47 millert Exp $
.\"
.\" Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
.\"
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: September 30 2013 $
+.Dd $Mdocdate: May 8 2017 $
.Dt BASENAME 3
.Os
.Sh NAME
@@ -70,8 +70,9 @@ The path component to be returned was larger than
.Sh STANDARDS
The
.Fn basename
-function conforms to
-.St -xpg4.2 .
+function conforms to the X/Open System Interfaces option of the
+.St -p1003.1-2008
+specification.
.Sh HISTORY
The
.Fn basename
diff --git a/lib/libopenbsd/gen/dirname.3 b/lib/libopenbsd/gen/dirname.3
index ffdbf71..7a6db4a 100644
--- a/lib/libopenbsd/gen/dirname.3
+++ b/lib/libopenbsd/gen/dirname.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: dirname.3,v 1.20 2013/09/30 12:02:32 millert Exp $
+.\" $OpenBSD: dirname.3,v 1.21 2017/05/08 14:45:47 millert Exp $
.\"
.\" Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
.\"
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: September 30 2013 $
+.Dd $Mdocdate: May 8 2017 $
.Dt DIRNAME 3
.Os
.Sh NAME
@@ -70,8 +70,9 @@ The path component to be returned was larger than
.Sh STANDARDS
The
.Fn dirname
-function conforms to
-.St -xpg4.2 .
+function conforms to the X/Open System Interfaces option of the
+.St -p1003.1-2008
+specification.
.Sh HISTORY
The
.Fn dirname
diff --git a/lib/libopenbsd/gen/errc.c b/lib/libopenbsd/gen/errc.c
index b556aa1..730822b 100644
--- a/lib/libopenbsd/gen/errc.c
+++ b/lib/libopenbsd/gen/errc.c
@@ -40,3 +40,4 @@ errc(int eval, int code, const char *fmt, ...)
verrc(eval, code, fmt, ap);
va_end(ap);
}
+DEF_WEAK(errc);
diff --git a/lib/libopenbsd/gen/fts.c b/lib/libopenbsd/gen/fts.c
index 3a5b55c..125a37f 100644
--- a/lib/libopenbsd/gen/fts.c
+++ b/lib/libopenbsd/gen/fts.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: fts.c,v 1.57 2017/02/15 15:58:40 schwarze Exp $ */
+/* $OpenBSD: fts.c,v 1.58 2017/03/17 15:14:40 deraadt Exp $ */
/*-
* Copyright (c) 1990, 1993, 1994
@@ -881,14 +881,14 @@ fts_sort(FTS *sp, FTSENT *head, int nitems)
if (nitems > sp->fts_nitems) {
struct _ftsent **a;
- sp->fts_nitems = nitems + 40;
if ((a = reallocarray(sp->fts_array,
- sp->fts_nitems, sizeof(FTSENT *))) == NULL) {
+ nitems + 40, sizeof(FTSENT *))) == NULL) {
free(sp->fts_array);
sp->fts_array = NULL;
sp->fts_nitems = 0;
return (head);
}
+ sp->fts_nitems = nitems + 40;
sp->fts_array = a;
}
for (ap = sp->fts_array, p = head; p; p = p->fts_link)
@@ -963,13 +963,14 @@ fts_palloc(FTS *sp, size_t more)
errno = ENAMETOOLONG;
return (1);
}
- sp->fts_pathlen += more;
- p = realloc(sp->fts_path, sp->fts_pathlen);
+ p = recallocarray(sp->fts_path, sp->fts_pathlen,
+ sp->fts_pathlen + more, 1);
if (p == NULL) {
free(sp->fts_path);
sp->fts_path = NULL;
return (1);
}
+ sp->fts_pathlen += more;
sp->fts_path = p;
return (0);
}
diff --git a/lib/libopenbsd/gen/glob.c b/lib/libopenbsd/gen/glob.c
index e521dcd..dafae84 100644
--- a/lib/libopenbsd/gen/glob.c
+++ b/lib/libopenbsd/gen/glob.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: glob.c,v 1.46 2015/12/28 22:08:18 mmcc Exp $ */
+/* $OpenBSD: glob.c,v 1.47 2017/05/08 14:53:27 millert Exp $ */
/*
* Copyright (c) 1989, 1993
* The Regents of the University of California. All rights reserved.
@@ -126,9 +126,6 @@ typedef char Char;
#define GLOB_LIMIT_STAT 2048
#define GLOB_LIMIT_READDIR 16384
-/* Limit of recursion during matching attempts. */
-#define GLOB_LIMIT_RECUR 64
-
struct glob_lim {
size_t glim_malloc;
size_t glim_stat;
@@ -161,7 +158,7 @@ static const Char *
static int globexp1(const Char *, glob_t *, struct glob_lim *);
static int globexp2(const Char *, const Char *, glob_t *,
struct glob_lim *);
-static int match(Char *, Char *, Char *, int);
+static int match(Char *, Char *, Char *);
#ifdef DEBUG
static void qprintf(const char *, Char *);
#endif
@@ -753,7 +750,7 @@ glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last,
break;
}
- if (!match(pathend, pattern, restpattern, GLOB_LIMIT_RECUR)) {
+ if (!match(pathend, pattern, restpattern)) {
*pathend = EOS;
continue;
}
@@ -883,17 +880,24 @@ globextend(const Char *path, glob_t *pglob, struct glob_lim *limitp,
/*
* pattern matching function for filenames. Each occurrence of the *
- * pattern causes a recursion level.
+ * pattern causes an iteration.
+ *
+ * Note, this function differs from the original as per the discussion
+ * here: https://research.swtch.com/glob
+ *
+ * Basically we removed the recursion and made it use the algorithm
+ * from Russ Cox to not go quadratic on cases like a file called
+ * ("a" x 100) . "x" matched against a pattern like "a*a*a*a*a*a*a*y".
*/
static int
-match(Char *name, Char *pat, Char *patend, int recur)
+match(Char *name, Char *pat, Char *patend)
{
int ok, negate_range;
Char c, k;
+ Char *nextp = NULL;
+ Char *nextn = NULL;
- if (recur-- == 0)
- return(GLOB_NOSPACE);
-
+loop:
while (pat < patend) {
c = *pat++;
switch (c & M_MASK) {
@@ -902,19 +906,19 @@ match(Char *name, Char *pat, Char *patend, int recur)
pat++; /* eat consecutive '*' */
if (pat == patend)
return(1);
- do {
- if (match(name, pat, patend, recur))
- return(1);
- } while (*name++ != EOS);
- return(0);
+ if (*name == EOS)
+ return(0);
+ nextn = name + 1;
+ nextp = pat - 1;
+ break;
case M_ONE:
if (*name++ == EOS)
- return(0);
+ goto fail;
break;
case M_SET:
ok = 0;
if ((k = *name++) == EOS)
- return(0);
+ goto fail;
if ((negate_range = ((*pat & M_MASK) == M_NOT)) != EOS)
++pat;
while (((c = *pat++) & M_MASK) != M_END) {
@@ -933,15 +937,24 @@ match(Char *name, Char *pat, Char *patend, int recur)
ok = 1;
}
if (ok == negate_range)
- return(0);
+ goto fail;
break;
default:
if (*name++ != c)
- return(0);
+ goto fail;
break;
}
}
- return(*name == EOS);
+ if (*name == EOS)
+ return(1);
+
+fail:
+ if (nextn) {
+ pat = nextp;
+ name = nextn;
+ goto loop;
+ }
+ return(0);
}
/* Free allocated data belonging to a glob_t structure. */
diff --git a/lib/libopenbsd/gen/verrc.c b/lib/libopenbsd/gen/verrc.c
index 51dd47d..b42599b 100644
--- a/lib/libopenbsd/gen/verrc.c
+++ b/lib/libopenbsd/gen/verrc.c
@@ -45,3 +45,4 @@ verrc(int eval, int code, const char *fmt, va_list ap)
(void)fprintf(stderr, "%s\n", strerror(code));
exit(eval);
}
+DEF_WEAK(verrc);
diff --git a/lib/libopenbsd/hash/md5.3 b/lib/libopenbsd/hash/md5.3
index 547f5f7..4c5cb67 100644
--- a/lib/libopenbsd/hash/md5.3
+++ b/lib/libopenbsd/hash/md5.3
@@ -16,9 +16,9 @@
.\" If we meet some day, and you think this stuff is worth it, you
.\" can buy me a beer in return. Poul-Henning Kamp
.\"
-.\" $OpenBSD: md5.3,v 1.5 2015/11/10 23:48:18 jmc Exp $
+.\" $OpenBSD: md5.3,v 1.6 2017/02/23 20:29:17 daniel Exp $
.\"
-.Dd $Mdocdate: November 10 2015 $
+.Dd $Mdocdate: February 23 2017 $
.Dt MD5INIT 3
.Os
.Sh NAME
@@ -67,9 +67,9 @@ MD5 has been broken; it should only be used where necessary for
backward compatibility.
The attack on MD5 is in the nature of finding
.Dq collisions
-\- that is, multiple
-inputs which hash to the same value; it is still unlikely for an attacker
-to be able to determine the exact original input given a hash value.
+\(em that is, multiple inputs which hash to the same value.
+It is still unlikely for an attacker to be able to determine the exact
+original input given a hash value.
.Pp
The
.Fn MD5Init ,
diff --git a/lib/libopenbsd/hash/rmd160.3 b/lib/libopenbsd/hash/rmd160.3
index ac4251d..3fb7525 100644
--- a/lib/libopenbsd/hash/rmd160.3
+++ b/lib/libopenbsd/hash/rmd160.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: rmd160.3,v 1.37 2016/07/28 03:52:41 tedu Exp $
+.\" $OpenBSD: rmd160.3,v 1.38 2016/09/04 09:24:38 tedu Exp $
.\"
.\" Copyright (c) 1997, 2004 Todd C. Miller <Todd.Miller@courtesan.com>
.\"
@@ -17,7 +17,7 @@
.\" See http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
.\" for detailed information about RIPEMD-160.
.\"
-.Dd $Mdocdate: July 28 2016 $
+.Dd $Mdocdate: September 4 2016 $
.Dt RMD160INIT 3
.Os
.Sh NAME
@@ -234,7 +234,3 @@ and
.Fn RMD160Data
helper functions are derived from code written by
.An Poul-Henning Kamp .
-.Sh CAVEATS
-If a message digest is to be copied to a multi-byte type (ie:
-an array of five 32-bit integers) it will be necessary to
-perform byte swapping on little endian machines such as the i386 and alpha.
diff --git a/lib/libopenbsd/hash/sha1.3 b/lib/libopenbsd/hash/sha1.3
index eeb6d10..f745e42 100644
--- a/lib/libopenbsd/hash/sha1.3
+++ b/lib/libopenbsd/hash/sha1.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sha1.3,v 1.44 2016/09/04 09:24:38 tedu Exp $
+.\" $OpenBSD: sha1.3,v 1.45 2017/02/23 20:46:08 daniel Exp $
.\"
.\" Copyright (c) 1997, 2004 Todd C. Miller <Todd.Miller@courtesan.com>
.\"
@@ -17,7 +17,7 @@
.\" See http://csrc.nist.gov/publications/fips/fips180-1/fip180-1.txt
.\" for the detailed standard
.\"
-.Dd $Mdocdate: September 4 2016 $
+.Dd $Mdocdate: February 23 2017 $
.Dt SHA1INIT 3
.Os
.Sh NAME
@@ -61,9 +61,13 @@ The algorithm takes a
message less than 2^64 bits as input and produces a 160-bit digest
suitable for use as a digital signature.
.Pp
-The SHA1 functions are considered to be more secure than the
-.Xr md5 3
-functions with which they share a similar interface.
+SHA-1 has been broken; it should only be used where necessary for
+backward compatibility.
+The attack on SHA-1 is in the nature of finding
+.Dq collisions
+\(em that is, multiple inputs which hash to the same value.
+It is still unlikely for an attacker to be able to determine the exact
+original input given a hash value.
.Pp
The
.Fn SHA1Init
diff --git a/lib/libopenbsd/regex/engine.c b/lib/libopenbsd/regex/engine.c
index 261956b..2fdf63a 100644
--- a/lib/libopenbsd/regex/engine.c
+++ b/lib/libopenbsd/regex/engine.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: engine.c,v 1.23 2016/05/26 05:46:44 martijn Exp $ */
+/* $OpenBSD: engine.c,v 1.24 2016/09/21 04:38:56 guenther Exp $ */
/*-
* Copyright (c) 1992, 1993, 1994 Henry Spencer.
@@ -156,7 +156,7 @@ matcher(struct re_guts *g, char *string, size_t nmatch, regmatch_t pmatch[],
if (g->must != NULL) {
for (dp = start; dp < stop; dp++)
if (*dp == g->must[0] && stop - dp >= g->mlen &&
- memcmp(dp, g->must, (size_t)g->mlen) == 0)
+ memcmp(dp, g->must, g->mlen) == 0)
break;
if (dp == stop) /* we didn't find g->must */
return(REG_NOMATCH);
diff --git a/lib/libopenbsd/regex/regcomp.c b/lib/libopenbsd/regex/regcomp.c
index e455a57..4feb274 100644
--- a/lib/libopenbsd/regex/regcomp.c
+++ b/lib/libopenbsd/regex/regcomp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: regcomp.c,v 1.28 2015/12/28 22:08:18 mmcc Exp $ */
+/* $OpenBSD: regcomp.c,v 1.31 2016/12/22 00:09:07 krw Exp $ */
/*-
* Copyright (c) 1992, 1993, 1994 Henry Spencer.
* Copyright (c) 1992, 1993, 1994
@@ -124,10 +124,7 @@ static char nuls[10]; /* place to point scanner in event of error */
#define NEXTn(n) (p->next += (n))
#define GETNEXT() (*p->next++)
#define SETERROR(e) seterr(p, (e))
-#define REQUIRE(co, e) ((co) || SETERROR(e))
-#define MUSTSEE(c, e) (REQUIRE(MORE() && PEEK() == (c), e))
-#define MUSTEAT(c, e) (REQUIRE(MORE() && GETNEXT() == (c), e))
-#define MUSTNOTSEE(c, e) (REQUIRE(!MORE() || PEEK() != (c), e))
+#define REQUIRE(co, e) (void) ((co) || SETERROR(e))
#define EMIT(op, sopnd) doemit(p, (sop)(op), (size_t)(sopnd))
#define INSERT(op, pos) doinsert(p, (sop)(op), HERE()-(pos)+1, pos)
#define AHEAD(pos) dofwd(p, pos, HERE()-(pos))
@@ -317,7 +314,7 @@ p_ere_exp(struct parse *p)
assert(p->pend[subno] != 0);
}
EMIT(ORPAREN, subno);
- MUSTEAT(')', REG_EPAREN);
+ REQUIRE(MORE() && GETNEXT() == ')', REG_EPAREN);
break;
case '^':
EMIT(OBOL, 0);
@@ -648,7 +645,7 @@ p_bracket(struct parse *p)
p_b_term(p, cs);
if (EAT('-'))
CHadd(cs, '-');
- MUSTEAT(']', REG_EBRACK);
+ REQUIRE(MORE() && GETNEXT() == ']', REG_EBRACK);
if (p->error != 0) { /* don't mess things up further */
freeset(p, cs);
@@ -1294,8 +1291,7 @@ dupl(struct parse *p,
return(ret);
if (!enlarge(p, p->ssize + len)) /* this many unexpected additions */
return(ret);
- (void) memcpy((char *)(p->strip + p->slen),
- (char *)(p->strip + start), (size_t)len*sizeof(sop));
+ (void) memcpy(p->strip + p->slen, p->strip + start, len * sizeof(sop));
p->slen += len;
return(ret);
}
diff --git a/lib/libopenbsd/stdio/fgetwln.s b/lib/libopenbsd/stdio/fgetwln.s
deleted file mode 100644
index 0fc118d..0000000
--- a/lib/libopenbsd/stdio/fgetwln.s
+++ /dev/null
@@ -1,144 +0,0 @@
- .file "fgetwln.c"
- .local fb_pool
- .comm fb_pool,768,32
- .local fb_pool_cur
- .comm fb_pool_cur,4,4
- .text
- .globl fgetwln
- .type fgetwln, @function
-fgetwln:
-.LFB5:
- .cfi_startproc
- pushq %rbp
- .cfi_def_cfa_offset 16
- .cfi_offset 6, -16
- movq %rsp, %rbp
- .cfi_def_cfa_register 6
- subq $48, %rsp
- movq %rdi, -40(%rbp)
- movq %rsi, -48(%rbp)
- movq $0, -16(%rbp)
- movl fb_pool_cur(%rip), %eax
- movslq %eax, %rdx
- movq %rdx, %rax
- addq %rax, %rax
- addq %rdx, %rax
- salq $3, %rax
- addq $fb_pool, %rax
- movq %rax, -8(%rbp)
- movq -8(%rbp), %rax
- movq (%rax), %rax
- cmpq -40(%rbp), %rax
- je .L2
- movq -8(%rbp), %rax
- movq (%rax), %rax
- testq %rax, %rax
- je .L2
- movl fb_pool_cur(%rip), %eax
- addl $1, %eax
- movl %eax, fb_pool_cur(%rip)
- movl fb_pool_cur(%rip), %eax
- cltd
- shrl $27, %edx
- addl %edx, %eax
- andl $31, %eax
- subl %edx, %eax
- movl %eax, fb_pool_cur(%rip)
- movl fb_pool_cur(%rip), %eax
- movslq %eax, %rdx
- movq %rdx, %rax
- addq %rax, %rax
- addq %rdx, %rax
- salq $3, %rax
- addq $fb_pool, %rax
- movq %rax, -8(%rbp)
-.L2:
- movq -8(%rbp), %rax
- movq -40(%rbp), %rdx
- movq %rdx, (%rax)
- jmp .L3
-.L10:
- movq -8(%rbp), %rax
- movq 16(%rax), %rax
- testq %rax, %rax
- je .L4
- movq -8(%rbp), %rax
- movq 16(%rax), %rax
- cmpq -16(%rbp), %rax
- ja .L5
-.L4:
- movq -8(%rbp), %rax
- movq 16(%rax), %rax
- testq %rax, %rax
- je .L6
- movq -8(%rbp), %rax
- movq 16(%rax), %rax
- leaq (%rax,%rax), %rdx
- movq -8(%rbp), %rax
- movq %rdx, 16(%rax)
- jmp .L7
-.L6:
- movq -8(%rbp), %rax
- movq $128, 16(%rax)
-.L7:
- movq -8(%rbp), %rax
- movq 16(%rax), %rcx
- movq -8(%rbp), %rax
- movq 8(%rax), %rax
- movl $4, %edx
- movq %rcx, %rsi
- movq %rax, %rdi
- movl $0, %eax
- call reallocarray
- cltq
- movq %rax, -32(%rbp)
- cmpq $0, -32(%rbp)
- jne .L8
- movq $0, -16(%rbp)
- jmp .L9
-.L8:
- movq -8(%rbp), %rax
- movq -32(%rbp), %rdx
- movq %rdx, 8(%rax)
-.L5:
- movq -8(%rbp), %rax
- movq 8(%rax), %rcx
- movq -16(%rbp), %rax
- leaq 1(%rax), %rdx
- movq %rdx, -16(%rbp)
- salq $2, %rax
- leaq (%rcx,%rax), %rdx
- movl -20(%rbp), %eax
- movl %eax, (%rdx)
- cmpl $10, -20(%rbp)
- je .L14
-.L3:
- movq -40(%rbp), %rax
- movq %rax, %rdi
- call fgetwc
- movl %eax, -20(%rbp)
- cmpl $-1, -20(%rbp)
- jne .L10
- jmp .L9
-.L14:
- nop
-.L9:
- movq -48(%rbp), %rax
- movq -16(%rbp), %rdx
- movq %rdx, (%rax)
- cmpq $0, -16(%rbp)
- je .L11
- movq -8(%rbp), %rax
- movq 8(%rax), %rax
- jmp .L13
-.L11:
- movl $0, %eax
-.L13:
- leave
- .cfi_def_cfa 7, 8
- ret
- .cfi_endproc
-.LFE5:
- .size fgetwln, .-fgetwln
- .ident "GCC: (GNU) 6.3.0"
- .section .note.GNU-stack,"",@progbits
diff --git a/lib/libopenbsd/stdlib/malloc.3 b/lib/libopenbsd/stdlib/malloc.3
index 1f80c35..1f5d9c7 100644
--- a/lib/libopenbsd/stdlib/malloc.3
+++ b/lib/libopenbsd/stdlib/malloc.3
@@ -30,17 +30,19 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $OpenBSD: malloc.3,v 1.101 2017/02/12 10:46:09 otto Exp $
+.\" $OpenBSD: malloc.3,v 1.115 2017/05/15 18:05:34 tb Exp $
.\"
-.Dd $Mdocdate: February 12 2017 $
+.Dd $Mdocdate: May 15 2017 $
.Dt MALLOC 3
.Os
.Sh NAME
.Nm malloc ,
.Nm calloc ,
-.Nm reallocarray ,
.Nm realloc ,
-.Nm free
+.Nm free ,
+.Nm reallocarray ,
+.Nm recallocarray ,
+.Nm freezero
.Nd memory allocation and deallocation
.Sh SYNOPSIS
.In stdlib.h
@@ -49,21 +51,33 @@
.Ft void *
.Fn calloc "size_t nmemb" "size_t size"
.Ft void *
-.Fn reallocarray "void *ptr" "size_t nmemb" "size_t size"
-.Ft void *
.Fn realloc "void *ptr" "size_t size"
.Ft void
.Fn free "void *ptr"
+.Ft void *
+.Fn reallocarray "void *ptr" "size_t nmemb" "size_t size"
+.Ft void *
+.Fn recallocarray "void *ptr" "size_t oldnmemb" "size_t nmemb" "size_t size"
+.Ft void
+.Fn freezero "void *ptr" "size_t size"
.Vt char *malloc_options ;
.Sh DESCRIPTION
+The standard functions
+.Fn malloc ,
+.Fn calloc ,
+and
+.Fn realloc
+allocate
+.Em objects ,
+regions of memory to store values.
The
.Fn malloc
function allocates uninitialized space for an object of
the specified
.Fa size .
.Fn malloc
-maintains multiple lists of free blocks according to size, allocating
-space from the appropriate list.
+maintains multiple lists of free objects according to size, allocating
+from the appropriate list or requesting memory from the kernel.
The allocated space is suitably aligned (after possible pointer coercion) for
storage of any type of object.
.Pp
@@ -82,6 +96,12 @@ function changes the size of the object pointed to by
to
.Fa size
bytes and returns a pointer to the (possibly moved) object.
+If
+.Fa ptr
+is not
+.Dv NULL ,
+it must be a pointer returned by an earlier call to an allocation or
+reallocation function that was not freed in between.
The contents of the object are unchanged up to the lesser
of the new and old sizes.
If the new size is larger, the value of the newly allocated portion
@@ -100,6 +120,26 @@ behaves like
and allocates a new object.
.Pp
The
+.Fn free
+function causes the space pointed to by
+.Fa ptr
+to be either placed on a list of free blocks to make it available for future
+allocation or, when appropriate, to be returned to the kernel using
+.Xr munmap 2 .
+If
+.Fa ptr
+is
+.Dv NULL ,
+no action occurs.
+If
+.Fa ptr
+was previously freed by
+.Fn free
+or a reallocation function,
+the behavior is undefined and the double free is a security concern.
+.Pp
+Designed for safe allocation of arrays,
+the
.Fn reallocarray
function is similar to
.Fn realloc
@@ -112,44 +152,82 @@ and checks for integer overflow in the calculation
*
.Fa size .
.Pp
+Used for the allocation of memory holding sensitive data,
+the
+.Fn recallocarray
+and
+.Fn freezero
+functions guarantee that memory becoming unallocated is explicitly
+.Em discarded ,
+meaning pages of memory are disposed via
+.Xr munmap 2
+and cached free objects are cleared with
+.Xr explicit_bzero 3 .
+.Pp
The
-.Fn free
-function causes the space pointed to by
+.Fn recallocarray
+function is similar to
+.Fn reallocarray
+except it ensures newly allocated memory is cleared similar to
+.Fn calloc .
+If
.Fa ptr
-to be either placed on a list of free pages to make it available for future
-allocation or, if required, to be returned to the kernel using
-.Xr munmap 2 .
+is
+.Dv NULL ,
+.Fa oldnmemb
+is ignored and the call is equivalent to
+.Fn calloc .
If
.Fa ptr
-is a
-.Dv NULL
-pointer, no action occurs.
+is not
+.Dv NULL ,
+.Fa oldnmemb
+must be a value such that
+.Fa oldnmemb
+*
+.Fa size
+is the size of the earlier allocation that returned
+.Fa ptr ,
+otherwise the behaviour is undefined.
+.Pp
+The
+.Fn freezero
+function is similar to the
+.Fn free
+function except it ensures memory is explicitly discarded.
If
.Fa ptr
-was previously freed by
-.Fn free ,
-.Fn realloc ,
-or
-.Fn reallocarray ,
-the behavior is undefined and the double free is a security concern.
+is
+.Dv NULL ,
+no action occurs.
+If
+.Fa ptr
+is not
+.Dv NULL ,
+the
+.Fa size
+argument must be equal or smaller than the size of the earlier allocation
+that returned
+.Fa ptr .
+.Fn freezero
+guarantees the memory range starting at
+.Fa ptr
+with length
+.Fa size
+is discarded while deallocating the whole object originally allocated.
.Sh RETURN VALUES
-Upon successful completion, the functions
-.Fn malloc ,
-.Fn calloc ,
-.Fn realloc ,
-and
-.Fn reallocarray
-return a pointer to the allocated space; otherwise, a
+Upon successful completion, the allocation functions
+return a pointer to the allocated space; otherwise,
.Dv NULL
-pointer is returned and
+is returned and
.Va errno
is set to
.Er ENOMEM .
.Pp
If
-.Fa size
-or
.Fa nmemb
+or
+.Fa size
is equal to 0, a unique pointer to an access protected,
zero sized object is returned.
Access via this pointer will generate a
@@ -161,20 +239,40 @@ If multiplying
and
.Fa size
results in integer overflow,
-.Fn calloc
-and
+.Fn calloc ,
.Fn reallocarray
+and
+.Fn recallocarray
return
.Dv NULL
and set
.Va errno
to
.Er ENOMEM .
+.Pp
+If
+.Fa ptr
+is not
+.Dv NULL
+and multiplying
+.Fa oldnmemb
+and
+.Fa size
+results in integer overflow
+.Fn recallocarray
+returns
+.Dv NULL
+and sets
+.Va errno
+to
+.Er EINVAL .
.Sh IDIOMS
Consider
.Fn calloc
-or the extension
+or the extensions
.Fn reallocarray
+and
+.Fn recallocarray
when there is multiplication in the
.Fa size
argument of
@@ -264,6 +362,15 @@ Use the following:
.Bd -literal -offset indent
newp = realloc(p, newsize);
.Ed
+.Pp
+The
+.Fn recallocarray
+function should be used for resizing objects containing sensitive data like
+keys.
+To avoid leaking information,
+it guarantees memory is cleared before placing it on the internal free list.
+Deallocation of such an object should be done by calling
+.Fn freezero .
.Sh ENVIRONMENT
.Bl -tag -width "/etc/malloc.conf"
.It Ev MALLOC_OPTIONS
@@ -287,7 +394,7 @@ size_t num, size;
if (size && num > SIZE_MAX / size)
errc(1, EOVERFLOW, "overflow");
-if ((p = malloc(size * num)) == NULL)
+if ((p = malloc(num * size)) == NULL)
err(1, NULL);
.Ed
.Pp
@@ -305,16 +412,17 @@ if (size < 0 || num < 0)
if (size && num > INT_MAX / size)
errc(1, EOVERFLOW, "overflow");
-if ((p = malloc(size * num)) == NULL)
+if ((p = malloc(num * size)) == NULL)
err(1, NULL);
.Ed
.Pp
Assuming the implementation checks for integer overflow as
.Ox
does, it is much easier to use
-.Fn calloc
+.Fn calloc ,
+.Fn reallocarray ,
or
-.Fn reallocarray .
+.Fn recallocarray .
.Pp
The above examples could be simplified to:
.Bd -literal -offset indent
@@ -328,14 +436,7 @@ if ((p = calloc(num, size)) == NULL)
err(1, NULL);
.Ed
.Sh DIAGNOSTICS
-If
-.Fn malloc ,
-.Fn calloc ,
-.Fn realloc ,
-.Fn reallocarray ,
-or
-.Fn free
-detect an error condition,
+If any of the functions detect an error condition,
a message will be printed to file descriptor
2 (not using stdio).
Errors will result in the process being aborted.
@@ -345,40 +446,36 @@ Here is a brief description of the error messages and what they mean:
.It Dq out of memory
If the
.Cm X
-option is specified it is an error for
-.Fn malloc ,
-.Fn calloc ,
-.Fn realloc ,
-or
-.Fn reallocarray
+option is specified it is an error for the allocation functions
to return
.Dv NULL .
-.It Dq malloc init mmap failed
-This is a rather weird condition that is most likely to indicate a
-seriously overloaded system or a ulimit restriction.
.It Dq bogus pointer (double free?)
An attempt to
-.Fn free ,
-.Fn realloc ,
+.Fn free
or
-.Fn reallocarray
-an unallocated pointer was made.
+reallocate an unallocated pointer was made.
.It Dq chunk is already free
There was an attempt to free a chunk that had already been freed.
.It Dq use after free
A chunk has been modified after it was freed.
.It Dq modified chunk-pointer
The pointer passed to
-.Fn free ,
-.Fn realloc ,
-or
-.Fn reallocarray
-has been modified.
+.Fn free
+or a reallocation function has been modified.
.It Dq chunk canary corrupted address offset@length
A byte after the requested size has been overwritten,
indicating a heap overflow.
The offset at which corruption was detected is printed before the @,
and the requested length of the allocation after the @.
+.It Dq recorded old size oldsize != size
+.Fn recallocarray
+has detected that the given old size does not equal the recorded size in its
+meta data.
+Enabling option
+.Cm C
+allows
+.Fn recallocarray
+to catch more of these cases.
.It Dq recursive call
An attempt was made to call recursively into these functions, i.e., from a
signal handler.
@@ -394,12 +491,6 @@ functions nor utilize any other functions which may call
routines).
.It Dq unknown char in MALLOC_OPTIONS
We found something we didn't understand.
-.It Dq malloc cache overflow/underflow
-The internal malloc page cache has been corrupted.
-.It Dq malloc free slot lost
-The internal malloc page cache has been corrupted.
-.It Dq guard size
-An inconsistent guard size was detected.
.It any other error
.Fn malloc
detected an internal error;
@@ -425,9 +516,9 @@ functions conform to
.St -ansiC .
.Pp
If
-.Fa size
-or
.Fa nmemb
+or
+.Fa size
are 0, the return value is implementation defined;
other conforming implementations may return
.Dv NULL
@@ -489,6 +580,14 @@ The
.Fn reallocarray
function appeared in
.Ox 5.6 .
+The
+.Fn recallocarray
+function appeared in
+.Ox 6.1 .
+The
+.Fn freezero
+function appeared in
+.Ox 6.2 .
.Sh CAVEATS
When using
.Fn malloc ,
@@ -515,9 +614,10 @@ An attacker may be able to leverage this heap corruption to execute arbitrary
code.
.Pp
Consider using
-.Fn calloc
-or
+.Fn calloc ,
.Fn reallocarray
+or
+.Fn recallocarray
instead of using multiplication in
.Fn malloc
and