IABSD.fr/src/lib/libutil

Branch :


Log

Author Commit Date CI Message
a2f4fefd 2025-06-06 22:01:39 .Lb libutil ; OK tedu@
c8758384 2025-06-05 08:55:07 Add back #include <sys/types.h> for pid_t This makes imsg.h is self-standing again and unbreaks the build of audio/amused whose player.c managed to include imsg.h before pulling in sys/types.h. ok claudio
78ca79c0 2025-06-04 09:09:25 Bump minor version because of symbol additions.
a6a83a45 2025-06-04 09:08:52 More imsg function additions: imsgbuf_get() will replace imsg_get() in the long run. Has much simpler return value since nobody uses the imsg_get() return value for anything. imsg_ibufq_push() and imsg_ibufq_pop() allows to push and pop imsg into an ibufq so they can be processed at a later stage or from a different task. OK tb@
7dadfe6f 2025-06-04 09:07:58 Kill internal use of imsg_add() and use ibuf_add() instead. Also ibuf_free() now preserves the errno so no need for any extra dance. OK tb@
41a801a1 2025-06-04 09:06:56 Preserve errno in ibuf_free() so we don't have to do it in the callers. OK tb@
a2618958 2025-06-04 09:06:21 Add a few extra len == 0 checks just to avoid possible UB via memcpy and memset. OK tb@
309618ec 2025-06-04 09:04:52 Add ibufq API to support multithreaded use of ibufs ibufq_new() allocates a new struct ibufqueue ibufq_free() flushes all ibufs and frees the ibufqueue ibufq_push() enqueues an ibuf onto the queue ibufq_pop() dequeues an ibuf from the queue ibufq_queuelen() returns the current queue length ibufq_concat() concatenates all ibufs from the 2nd queue to the end of the first queue. msgbuf_concat() enqueue all ibufs from the ibuf queue into the msgbuf. Adjust the internal msgbuf code to use ibufq as well. OK tb@
9a015d61 2025-06-04 09:03:05 Implement following new helper functions: ibuf_add_strbuf, ibuf_get_strbuf functions to insert or parse a fixed size string buffer. These function ensure that the returned string is always NUL terminated and return errors (errno EOVERFLOW) when the string is truncated to fit into the buffer. Two new convenience functions for imsg parsing imsg_get_buf() and imsg_get_strbuf(). The first simply wraps ibuf_get() and the latter ibuf_get_strbuf(). imsg_get_buf() is like imsg_get_data() but does not enforce that all data has to be pulled in one go. Two functions to adjust the max payload of a buffer: imsg_set_maxsize() and ibuf_set_maxsize(). Align imsgbuf_set_maxsize() with imsg_set_maxsize() and use the payload size (excluding the IMSG_HEADER_SIZE). man page updates by tb@ OK tb@
1c8bb539 2025-06-04 09:00:44 Make imsg.h freestanding by adding sys/queue.h to imsg.h and use stdint.h and stddef.h to get types and NULL. OK tb@
8f48e2ab 2025-03-05 11:01:12 Fix prototypes of ibuf_write and msgbuf_read/write Like for ibuf_read this leaves it implicit that the writev, recvmsg, and sendmsg are called on that fd, respectively, which isn't ideal. This will hopefully be improved with manpage changes that go along with the next iteration of the API. ok claudio
a4ff2ce6 2024-11-29 04:35:13 Garbage collect the unused imsg_hdr in imsg_close() ok claudio
ff59764d 2024-11-26 13:57:31 Adjust the reader callback API to return an ibuf and to also claim the fd which is passed as argument. This is needed because on Linux the control messages used to pass fds are not acting as a barrier and ensuring that the fd is passed with the first byte of the read call. Instead we need to mark the message that holds to fd and the scan for that message in the stream. While there also adjust imsgbuf_set_maxsize() to return an int to indicate an error if the requested size is out of range. Problem reported and fix tested by nicm@ on a linux system. OK tb@
ab837574 2024-11-22 07:20:50 Bring the weird msgbuf_free() into a slightly more usual form ok claudio
31993a21 2024-11-22 02:11:09 Fix NULL deref in msgbuf_free() From Henry Ford
728ad841 2024-11-21 13:46:50 Bump libutil major OK tb@
2621cab2 2024-11-21 13:04:01 Update ibuf and imsg manpage to include all new functions. OK tb@
04d83f12 2024-11-21 13:03:21 Add ibuf_read and msgbuf_read to read from a socket and msgbuf_get to return the ibufs generated by the previous two functions. Error out if the hdrsz argument in msgbuf_new_reader is 0 or too big. Also check that the rbuf is allocated in ibuf_read and msgbuf_read. If not return EINVAL. Implement the imsg API using these functions and introduce imsgbuf_set_maxsize() to alter the maximum message size and imsgbuf_allow_fdpass() to allow fd passing (which is now off by default). Also cleanup the internals a bit and make imsgbuf_init() return int. OK tb@
156c3c53 2024-11-21 13:01:07 Make struct msgbuf opaque. Introduce msgbuf_new() and msgbuf_free() for that. This does not yet fix the imsgbuf_init() function which can now error. OK tb@
4494689a 2024-11-21 13:00:14 Remove fd from struct msgbuf, instead pass the fd to imsg_write and msgbuf_write OK tb@
04886c2d 2024-11-21 12:59:33 Reshuffle code and rename some internal functions. OK tb@
3b84e804 2024-11-21 12:58:46 Retire ibuf_add_buf, replaced by better named ibuf_add_ibuf OK tb@
ec85761e 2024-11-21 12:58:09 Only ldapd tried to handle fd exhaustion during imsg fd passing. Remove the getdtablecount code from imsgbuf_read() and instead move the getdtablecount code into ldapd. Handle EMSGSIZE (the error returned when there are not enough free file descriptor slots) inside imsgbuf_read() by retrying the read to receive the data but without fd. A caller expecting an fd should check the return value of imsg_get_fd. OK tb@
c362c6de 2024-11-21 12:54:52 Adjust imsgbuf_read to return an int with either 1, 0 or -1. Handle EAGAIN by a simple return 1 (same for the fd check). This way the caller will poll again and then retry later. OK tb@
a17071b2 2024-11-21 12:54:10 Introduce imsgbuf_queuelen() which returns the number of messages ready for transmission. Returns 0 if nothing is pending. OK tb@
d5c9e083 2024-11-21 12:53:11 Rename imsg_init, imsg_clear, imsg_read, imsg_write and imsg_flush to imsgbuf_init, imsgbuf_clear, imsgbuf_read, imsgbuf_write and imsgbuf_flush. This separates the imsgbuf API from the per-imsg API. OK tb@
317c8015 2024-11-21 12:49:58 Simplify imsg_write, msgbuf_write and ibuf_write return codes. Return 0 on success or when a temporary error happened (EAGAIN, ENOBUFS). Return -1 on error and set errno otherwise. Kill the old 0 return for EOF. This is not how write operations work. OK tb@
44c57f07 2024-11-21 12:49:14 Introduce imsg_write() and use it instead of msgbuf_write(). This is just a thin wrapper around msgbuf_write() but it makes the API more consistent. OK tb@
c9f0bc00 2024-11-21 12:48:34 imsg_flush() should retry the write on EAGAIN errors. OK tb@
6d41500a 2024-11-21 12:48:02 Refine imsg_forward(), do not close fd, just don't forward it. imsg_free() will close the unclaimed fds at the end. OK tb@
8d7d8ae7 2024-11-21 12:47:27 Use ibuf_fd_set() and ibuf_fd_get() to handle the fd passing in imsgs. ibufs already close forgotten fds on free so now imsg_free behaves the same way. OK tb@
48950d6e 2024-11-21 12:44:06 Allow 0 sized ibuf_open() and mark stack buffers by setting the fd to -2. For imsgs we want to be able to use ibufs even for empty messages and stash the fd into those ibufs. For that adjust the ibuf code to allow that. This adds an internal IBUF_FD_MARK_ON_STACK define that is now used for on stack ibufs instead of setting max to 0. OK tb@
013d718a 2024-11-21 12:42:57 nline ibuf_realloc() in ibuf_reserve() it is the only user and the function is simple enough. OK tb@
442dea11 2024-11-21 12:42:14 Add ibuf_get_string() to the ibuf API (used by bgpd and xlockmore) OK tb@
479c151d 2024-09-20 02:00:46 remove unneeded semicolons; checked by millert@
eff908c2 2024-08-26 13:57:34 Replace recallocarray() with a realloc() + memset() combo. recallocarray(), with its guarantee that memory becoming unallocated is explicitly discarded, is too slow. In rpki-client forming one particular ibuf takes more then 4mins because every recallocarray() call ends up doing a fresh malloc + memcpy + freezero call. For sensitive data use ibuf_open() instead of ibuf_dynamic() to avoid any memory reallocations. OK tb@
47373215 2023-12-29 11:48:47 Cleanup required headers form imsg.h. Right now only sys/queue.h is required to be included for imsg.h. The only exception is if imsg_composev() is used, then sys/uio.h is needed to access struct iovec. OK tb@
9e2e9c88 2023-12-13 00:37:42 filedescriptor -> file descriptor
04426297 2023-12-12 15:49:21 Move ibuf API from imsg_init.3 to ibuf_add.3 Document all new functions added and adjust examples in imsg_init.3 to follow the new way of handling messages. OK tb@
4658a150 2023-12-12 15:47:40 Extend imsg and ibuf API with useful getter methods For ibufs: - various getters for ibufs (ibuf_get* and ibuf_skip) - additional ibuf set/add functions that don't alter byte order - ibuf_truncate and ibuf_rewind - ibuf_from_buffer and ibuf_from_ibuf to populate a reader ibuf - a getter for the msgbuf queuelen For imsg: - various getters for imsg (especially imsg_get_data() which can be used in most cases as a simple one call api with all error checks). All the imsg.hdr fields can also be accessed by getters. - The imsg data is now actually an ibuf but the old imsg.data pointer is kept for now to not break every imsg application. - Introduce imsg_forward to simply forward a message from one channel to an other (used in the control socket code). Since this requires a major bump take the oportunity to also cleanup some function signatures to use size_t for length fields. Also internal data structures are removed from the public header. With and OK tb@
6b967270 2023-11-18 07:14:13 Rename internal function imsg_get_fd() to imsg_dequeue_fd(). OK tb@
c1465023 2023-11-17 15:35:15 The term peerid originated from bgpd. It is time to generalize this and just call it id. This only targets the function arguments but not the struct imsg_hdr field since that is a major API break. OK tb@
41d3eade 2023-11-17 13:43:32 rename struct imsgbuf *ibuf to *imsgbuf since ibuf is too close to struct ibuf and just causes confusion for little gain. OK tb@ stsp@
40632fed 2023-11-10 12:12:02 Give ober_printf_elements() a ber_element array, similar to ober_scanf_elements(). This allows us to move down and back up multiple levels in with nested sequences and sets. While here, on failure, make sure we free (and unlink if needed) all elements we created. OK claudio@, tb@
d8d5a064 2023-10-24 14:05:23 Require callers to use ibuf_fd_get() to extract the passed fd from an ibuf. In imsg_free() close any fd that was not claimed automatically to prevent filedescriptor leaks. In ibuf_dequeue() remvoe code which is now part of imsg_free(). OK tb@
592d8d7b 2023-09-28 17:00:21 add a missing .Fa macro
22f3b8ce 2023-09-28 16:41:36 fix two wrong function names in the description; from <Lucas at sexy dot is>
ad1cd115 2023-08-22 12:50:27 Don't fail in ober_scanf_elements() when encountering empty sequences. Ok martijn@
5f037247 2023-06-20 06:53:29 responsibilty -> responsibility
a2d0b1a3 2023-06-20 05:56:19 - filedescriptor -> file descriptor, as per the rest of the page - missing full stop
19778535 2023-06-19 17:19:50 Improve the ibuf API by adding these functions: Functions extending ibuf_add to work with more specific data types ibuf_add_buf, ibuf_add_zero, ibuf_add_n8, ibuf_add_n16, ibuf_add_n32, ibuf_add_n64 Functions replacing ibuf_seek where data at a specific offset is modified ibuf_set, ibuf_set_n8, ibuf_set_n16, ibuf_set_n32, ibuf_set_n64 Functions to check, get and set the filedescriptor stored on the ibuf ibuf_fd_avail, ibuf_fd_get, ibuf_fd_set and ibuf_data() to access the data buffer, to be used together with ibuf_size() On top of this add an optimized imsg_compose_ibuf() where an ibuf is wrapped into an imsg in an efficent way. Finally remove msgbuf_drain since it is not used by anything outside of the ibuf code. Because of this removal bump the major of libutil. Remove ibuf_data() in iked since the same function is now provided by libutil. OK tb@
e2fc7023 2023-05-23 12:41:28 Avoid calling malloc with a zero length argument. ibuf_open() will return an error in this case while ibuf_dynamic() accepts a 0 len argument and just initialized the buffer and length to zero. A later ibuf_realloc() call will take care of allocating the buffer. Additionally switch from malloc() to calloc() when allocating the buffer this way the buffer is initalized and in ibuf_reserve() an addtional memset() is used to make sure that the reserved data is zeroed. OK tb@
5b133f3f 2023-03-08 04:43:04 Delete obsolete /* ARGSUSED */ lint comments. ok miod@ millert@
893695ce 2023-01-04 13:00:11 Christos Zoulas agreed to rescind clause 3 and 4 in NetBSD fsck.8 rev 1.35 fsutil.h rev 1.14 pathnames.h rev 1.2 netgroup_mkdb.8 rev 1.9 netgroup_mkdb.c rev 1.18 str.c rev 1.7 str.h rev 1.4 rdate.8 rev 1.11 rdate.c rev 1.19 extern.h rev 1.14 getnetgrent.c rev 1.41 netgroup.h rev 1.10 fparseln.3 rev 1.4 fparseln.c rev 1.10 our stringlist.c/stringlist.h are derived from getnetgrent.c rfc868time.c from rdate.c newfs/pathnames.h from fsck/pathnames.h https://mail-index.netbsd.org/source-changes/2009/10/21/msg002182.html Not all files are covered as some had copyright assigned to TNF in 1998.
2c53affb 2022-12-27 17:10:05 spelling fixes; from paul tagliamonte any changes not taken noted on tech, but chiefly here i did not take the cancelation - cancellation changes;
469af3a4 2022-11-03 17:58:10 When decoding a sequence/set, make sure that: - We don't create an uninitialized element when there are no subelements to decode - If subelements overflow we return EINVAL While here fix an eyesore of a line continuation. OK claudio@
531ea1fd 2022-08-26 21:47:16 Backout "Only return file descriptors to block or character devices" mount_mfs(8) no monger mounts "/build" with the following fstab(5) entry: /dev/sd0b /build mfs rw,noperm,nodev,nosuid,-s=2064348,noauto as found out by bluhm the hard way.
2533f6f4 2022-08-25 17:09:54 Only return file descriptors to block or character devices If the requested path contained a slash, opendev(3) blindly opened the file and returned a file descriptor to it. Check for block or character devices (according to OPENDEV_BLCK) and fail for other types. Spotted through installboot(8) which happily opened a stage file as device when forgetting the device argument: # installboot -v ./biosboot Using / as root installing bootstrap on ./biosboot using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot installboot: disklabel: ./biosboot: Inappropriate ioctl for device This makes it fail earlier, as expected: # installboot -v ./biosboot installboot: open: ./biosboot: Block device required The case where opendev(3) is passed a string not containing a slash, i.e. a supposed DUID, is fine, as diskmap(4) will ensure that only valid device paths are returned, if the DUID is valid. Feedback OK millert
f9b15afb 2022-05-19 08:05:23 Document that imsg_add(3) frees its msg argument on failure. ok op@ claudio@
7e97ed9a 2022-05-11 17:23:56 Mark pw_error as __dead in prototype to match the function definition. From Matthew Martin.
c1a45aed 2022-04-23 08:57:52 Verify sizes before arithmetic operations Unsigned overflows are not a bug in C but we have to make sure that requested buffer sizes will be actually available. If not, set errno to ERANGE and return an error value. ok deraadt, millert
15dba4e4 2022-04-20 21:55:17 Use glob to expand wildcards in "other device" paths rather than a custom implementation that only allowed matching all files in a directory. ok millert
78fa49ea 2022-04-20 14:00:19 Make the termp and winp arguments for openpty, et al. const. This matches the prototypes in glibc and musl libc. From Matthew Martin. OK tb@
41ce3b17 2022-03-31 17:27:13 man pages: add missing commas between subordinate and main clauses jmc@ dislikes a comma before "then" in a conditional, so leave those untouched. ok jmc@
241bb7db 2022-03-11 09:04:59 Revert previous commit. The problem it was attempting to fix was already fixed by tb@ in rev 1.20. Spotted by tb@
39af7dcc 2022-03-11 07:29:53 Check for underflow as well as overflow when scaling negative numbers. ok millert@
25a24f0b 2022-02-18 23:17:13 Avoid gendered language in man pages when not referring to a specific person. Rewrite or use singular they. ok thfr@ sthen@ daniel@ ian@ job@ kmos@ jcs@ ratchov@ phessler@ and others I'm likely missing on an earlier version. feedback tj@, feedback and ok jmc@
e363f310 2022-01-28 10:41:44 Only memcpy() into imsg->data if datalen is not 0. Passing a NULL pointer to memcpy() is UB no matter if len is 0. Reported by fouzhe on openbgpd-portable github page. OK tb@
8455d632 2021-10-31 16:42:32 bump major after struct size change
48b76637 2021-10-31 16:42:08 Bump BER_MAX_OID_LEN to 128 From martijn, discussed with claudio, ok sthen
b7041c07 2021-10-24 21:24:15 For open/openat, if the flags parameter does not contain O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
893ac8ce 2021-10-21 08:17:33 Sync ober_oid_cmp with ax_oid_cmp from libagentx. This flips the returned signedness and adds the weight of 2 for parent-child relationship in both direction. This makes ober_oid_cmp consistent with the rest of the *_cmp based functions. OK tb@
62cb8703 2021-08-29 19:00:20 fix an obvious mixup regarding the order of lines in the SYNOPSIS, and an omission below HISTORY
63beb567 2021-08-29 13:27:11 Add ober_dup. Needed for upcoming SNMPv3 support for trap receiver in snmpd(8). OK jmatthew@ OK deraadt@ for bumping libutil now.
f4be339c 2021-06-20 14:08:42 scan_scaled: fix rescaling for negative numbers As found by djm by fuzzing ssh, scan_scaled can overflow for negative numbers when rescaling is needed. This is because the rescaled fractional part is added without taking the sign into account. ok ian jca
f0a07bbb 2021-03-31 19:31:35 tweak column widths of a .Bl -column table and avoid an over-long source line while here; OK martijn@ jmc@
2325ad59 2021-03-31 17:42:24 change the barrier so that fd's are always passed and received with the first byte of the imsg they belong to. idea, tweaks and ok claudio@
afa7f157 2021-03-12 07:24:49 fix previous
c5d247d8 2021-03-12 05:18:00 spelling
7af96dc2 2021-03-05 07:34:46 Stop abusing display blocks under the authors section in order to respect literal line breaks. This has the unwanted side effect of rendering the authors section using a monospace font over at man.openbsd.org. Instead use br macros to force line breaks. With help from and ok jmc@
4e0a17bc 2021-03-03 20:15:54 s/byte/character Discussed with claudio@ Feedback jmc@
561e0011 2021-02-22 17:15:02 Make the ober_get_* set of function to accept a NULL-pointer. This allows us to do ber-type checking inside ober_scanf_elements, which will allow for stricter ASN.1 parsing in the future. Manpage feedback and OK claudio@, jmc@ OK claudio@
b8d19846 2021-01-28 19:56:33 Add '$' to ober_scanf_elements(). This allows us to enforce end of sequence/set without having to manually check be_next for NULL. No lib bump needed according to millert@ OK millert@ rob@
f273e380 2021-01-22 18:27:52 Gracefully handle any erroneous closing bracket/brace trailers in ober_scanf_elements(). OK martijn@
68ec4783 2021-01-22 03:20:56 Valid integer and enumerated types always have non-zero length. Perform check to ensure we avoid a possible (undefined) negative shift. Found with clang static analyzer. Tweaked and OK martijn@
692fa786 2021-01-13 09:56:28 Make imsg.h a bit more self-contained by prototyping struct iovec. OK martijn@ mvs@ deraadt@
8f6effc9 2020-12-15 13:40:22 typo fix from aisha tammy; ok nicm
00183df2 2020-10-16 09:29:04 double word fixes; from varik valefor
87afc19e 2020-10-12 22:08:32 make fixed-sized fixed-value mib[] arrays be const ok guenther tb millert
7c0d3159 2020-09-04 06:17:57 Create ERRORS section for ober_read_elements. Tweaks and OK tb@ OK jmc@
00f4a9fb 2020-09-03 19:09:57 Missed one case of errno not being set in previous. double check and OK tb@
1f7940ee 2020-09-03 17:01:15 Make sure ober_read_elements sets errno on every case where NULL is returned. OK deraadt@ tb@
278b6199 2020-08-02 18:35:48 Squelch warning by using idiom from libc bcrypt(3) Clang 10 warns about the expression sizeof(cdata) / sizeof(uint64_t) as cdata is an array of uint32_t and it expects that the intent of this is to compute the number of array elements. Use BCRYPT_WORDS / 2 instead. Same diff as millert's commit sys/lib/libsa/bcrypt_pbkdf.c -r1.2, which was ok kettenis. deraadt confirms that this satisfies clang 10.
f8994d87 2019-12-31 10:34:14 Increase BER_MAX_OID_LEN from 32 to 64. Not every snmp OID found in the wild fits inside 32 elements, like UsmUserEntry objects. OK rob@, claudio@
4bc7f070 2019-11-21 16:13:39 zero tmpout too. reminded by related diff from tim
0912caf5 2019-11-21 16:07:24 overwrite the key in failure modes in case the caller doesn't check. ok deraadt
11ff2ca8 2019-10-25 04:00:10 Adjust whitespace, so Ta macros are aligned vertically as already done in ober_add_string.3 and as it was before the ber -> ober rename.
696b5899 2019-10-24 12:39:26 The ber_* namespace is used by liblber since time immemorial, so move our BER API to the unused ober_* prefix to avoid some breakage in ports. Problem diagnosed by jmatthew with ber_free() in samba, but there are many others as pointed out by sthen. tests & ok rob ok sthen (who had an almost identical diff for libutil) "go head hit it" deraadt
44946945 2019-08-30 03:57:56 uucplock(3) is incorrectly named in some places, it is actually uu_lock(3) (more unclear is if anything in ports uses this, as our base no longer does)
2b859d28 2019-08-15 06:11:18 Revert previous. There were some users of the quirky behaviour that were missed during code scan.