| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
about which options are turned on/off by 's' and 'S'
ok tedu
|
| |
|
|
| |
ok jca@ gilles@
|
| |
|
|
| |
from Rafael Neves; input jmc@; OK deraadt@
|
| |
|
|
|
| |
/dev/console so the value of "error" is never read. Also mention
that sendsyslog2 can fail due to ENOBUFS in the comment. OK deraadt@
|
| | |
|
| |
|
|
|
| |
This function doesn't even have an "n" argument, so that non-existent
argument clearly cannot restrict the return value.
|
| |
|
|
| |
Input and OK jmc@ ratchov@ semarie@
|
| | |
|
| | |
|
| |
|
|
|
|
| |
incomplete characters are not an error, do not throw EILSEQ, and
are not supposed to.
OK millert@
|
| | |
|
| |
|
|
| |
improvements sthen@, jmc@. okay millert@, jca@ jmc@
|
| |
|
|
|
|
| |
There is long-standing consensus that err(1, NULL) is the best idiom
after failure of malloc(3) and friends.
Quirk in the manual noticed by tb@.
|
| |
|
|
| |
ok tobias@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
but it is likely to remain in POSIX for the forseeable future,
and there is nothing wrong with using it, so remove the marker.
By contrast, POSIX 2008 now declared setitimer(3) obsolescent.
While here, remove a few cross references pointing to obsolete or
non-standard functions and update the POSIX reference.
Triggered by a question from <ChrisBennett at bennettconstruction dot us>.
OK millert@ tb@
|
| |
|
|
| |
David CARLIER
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
by POSIX and as FreeBSD, SunOS 10/11, and glibc also do it. Note
that an enquiry to the Austin Group led to the conclusion that this
change probably violates the C standard: C and POSIX unintentionally
conflict. But the POSIX behaviour makes more sense (easier to write
correct error handling code for it, and a lower risk that programs
miss errors) and is much more widespread, and the Austin Group
intends to approach the C committee in order to adjust the C standard.
See: http://austingroupbugs.net/view.php?id=1022
While here, do not set errno a second time, wcrtomb(3) already did that,
and it is required to do it by the standard.
OK millert@ and tedu@, and jca@ no longer objects
|
| | |
|
| |
|
|
| |
ok millert@
|
| | |
|
| |
|
|
|
|
|
| |
(well, a syscall, but this is the established practice) in the general
sense.
ok jmc@
|
| |
|
|
|
|
|
|
|
| |
The current code has already setted it by default since 1.74
any pledge failure tries to make a coredump (default rules for coredump still
applies: so setuid binaries don't create them locally).
ok deraadt@
|
| | |
|
| |
|
|
|
|
|
|
| |
The 'A' option elevated warnings to errors, and has been the default for some
time. Then warnings were effectively eliminated in favor of everything
being an error, but then the 'a' flag turned real errors into warnings!
Remove the 'a' option entirely. You shouldn't have used it anyway.
ok tb tdeval
|
| |
|
|
| |
The DESCRIPTION section already referred to "path" in some places.
|
| |
|
|
|
|
|
|
| |
the examples.
Diff from Juuso Lapinlampi < wub () partyvan ! eu >, thanks!
ok schwarze@
|
| |
|
|
|
|
|
| |
and when the file ends without a terminating Ln character,
fgetws(3) discarded any characters read and reported bogus EOF.
Never inspect errno(2) unless right after an error occurred!
OK millert@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. When fprintf(fp, "...%ls...", ...) encounters an encoding error,
do not destroy all the fp->_flags, which made the file permanently
unreadable and unwriteable.
2. Do not change fp->_flags at all in case of encoding errors.
Neither the manual nor POSIX ask for it, no other conversions set the
error indicator, and it isn't needed because the return value reports
failure and must be checked anyway.
3. Detect failure in mbrtowc(3), do not silently treat invalid bytes
in the format string as the end of the format string.
4. Detect failure of __find_arguments(), no matter whether due to
out of memory conditions or encoding errors, and gracefully fail
rather than accessing an invalid pointer.
5. Remove the pointless and slightly dangerous errno = EILSEQ overrides
after functions that already do that and are required by the standard
to do so.
OK jca@ on items 1, 2, and 5.
OK millert@ on the complete diff.
"Completely brutal mix of bugs." deraadt@
|
| | |
|
| |
|
|
| |
validate_junk. from Michal Mazurek
|
| |
|
|
|
|
|
| |
we expect it to be. This prevents out-of-bounds access or excessive
memory allocation on a malformed ELF header.
Found by Serguey Parkhomovsky with AFL. Improved by and ok kettenis@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok and valuable input from millert@
|
| |
|
|
| |
ok tedu@
|
| |
|
|
| |
ok tedu@
|
| |
|
|
|
|
| |
Spotted and diff provided by d ! lowe () openmailbox ! org, thanks!
ok schwarze@
|
| |
|
|
|
|
|
| |
encoding error occurs, so do it.
While here, do not set errno after mbrtowc(3) failure; mbrtowc(3)
already does that, and that behaviour is required by the standard.
ok jca@ guenther@ "nice find" deraadt@
|
| |
|
|
| |
millert@
|
| |
|
|
|
|
|
|
|
| |
This is slightly less robust, but RAND_MAX must be one below a power
of two in both variants anyway.
Based on a suggestion by Matthew Martin.
ok tedu@
|
| | |
|
| |
|
|
|
|
| |
with inputs from jmc@
ok jmc@ deraadt@
|
| |
|
|
|
|
|
|
| |
any file indicated by an environment variable" feature inside the
resolver is incompatible with what pledge "dns" is trying to be. It is
a misguided "feature" added way back in history which almost noone uses,
but everyone has to assume the risk from.
ok eric florian kettenis
|
| |
|
|
|
|
| |
enforce it for mkfifo(2) and mknod(2) (with "dpath" promise).
ok deraadt@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
reported by Jeunder Yu
|
deraadt
eric
bluhm
millert
jmc
schwarze
tim
tedu
mmcc
espie
jsg
otto
semarie
tb
chl