about summary refs log tree commit diff
path: root/src/misc
Commit message (Collapse)AuthorAgeFilesLines
* fix typo in setpriority syscall wrapperRich Felker2013-04-011-1/+1
|
* fix multiple bugs in syslog interfacesRich Felker2013-03-231-24/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1. as reported by William Haddon, the value returned by snprintf was wrongly used as a length passed to sendto, despite it possibly exceeding the buffer length. this could lead to invalid reads and leaking additional data to syslog. 2. openlog was storing a pointer to the ident string passed by the caller, rather than copying it. this bug is shared with (and even documented in) other implementations like glibc, but such behavior does not seem to meet the requirements of the standard. 3. extremely long ident provided to openlog, or corrupt ident due to the above issue, could possibly have resulted in buffer overflows. despite having the potential for smashing the stack, i believe the impact is low since ident points to a short string literal in typical application usage (and per the above bug, other usages will break horribly on other implementations). 4. when used with LOG_NDELAY, openlog was not connecting the newly-opened socket; sendto was being used instead. this defeated the main purpose of LOG_NDELAY: preparing for chroot. 5. the default facility was not being used at all, so all messages without an explicit facility passed to syslog were getting logged at the kernel facility. 6. setlogmask was not thread-safe; no synchronization was performed updating the mask. the fix uses atomics rather than locking to avoid introducing a lock in the fast path for messages whose priority is not in the mask. 7. in some code paths, the syslog lock was being unlocked twice; this could result in releasing a lock that was actually held by a different thread. some additional enhancements to syslog such as a default identifier based on argv[0] or similar may still be desired; at this time, only the above-listed bugs have been fixed.
* move new linux syscall wrapper functions to proper source dirRich Felker2012-12-072-16/+0
|
* fix trailing whitespace issues that crept in here and thereRich Felker2012-12-072-2/+2
|
* add arch_prctl syscall (amd64/x32 only)rofl0r2012-12-061-0/+9
|
* add personality syscallrofl0r2012-12-061-0/+7
|
* add getopt reset supportRich Felker2012-09-302-2/+18
| | | | | | | based on proposed patches by Daniel Cegiełka, with minor changes: - use a weak symbol for optreset so it doesn't clash with namespace - also reset optpos (position in multi-option arg like -lR) - also make getopt_long support reset
* fix some more O_CLOEXEC/SOCK_CLOEXEC issuesRich Felker2012-09-291-1/+1
|
* emulate SOCK_CLOEXEC and SOCK_NONBLOCK for old (pre-2.6.27) kernelsRich Felker2012-09-291-2/+1
| | | | | | | | | | | | | | | also update syslog to use SOCK_CLOEXEC rather than separate fcntl step, to make it safe in multithreaded programs that run external programs. emulation is not atomic; it could be made atomic by holding a lock on forking during the operation, but this seems like overkill. my goal is not to achieve perfect behavior on old kernels (which have plenty of other imperfect behavior already) but to avoid catastrophic breakage in (1) syslog, which would give no output on old kernels with the change to use SOCK_CLOEXEC, and (2) programs built on a new kernel where configure scripts detected a working SOCK_CLOEXEC, which later get run on older kernels (they may otherwise fail to work completely).
* fix dirname to handle input of form "foo/" correctlyRich Felker2012-09-261-6/+5
| | | | also optimized a bit.
* add setdomainname syscall, fix getdomainname (previously a stub)Rich Felker2012-09-092-1/+17
|
* cleanup src/linux and src/misc trees, etc.Rich Felker2012-09-0720-2697/+158
| | | | | | | | | | | | previously, it was pretty much random which one of these trees a given function appeared in. they have now been organized into: src/linux: non-POSIX linux syscalls (possibly shard with other nixen) src/legacy: various obsolete/legacy functions, mostly wrappers src/misc: still mostly uncategorized; some misc POSIX, some nonstd src/crypt: crypt hash functions further cleanup will be done later.
* fix constraint violation in ftwRich Felker2012-09-061-1/+4
| | | | void* does not implicitly convert to function pointer types.
* use restrict everywhere it's required by c99 and/or posix 2008Rich Felker2012-09-062-2/+2
| | | | | | | | to deal with the fact that the public headers may be used with pre-c99 compilers, __restrict is used in place of restrict, and defined appropriately for any supported compiler. we also avoid the form [restrict] since older versions of gcc rejected it due to a bug in the original c99 standard, and instead use the form *restrict.
* fix missing statics in crypt_sha256 codeRich Felker2012-08-301-3/+3
|
* anti-DoS rounds count limits for blowfish and des cryptRich Felker2012-08-292-2/+2
| | | | | all of the limits could use review, but err on the side of avoiding excessive rounds for now.
* limit sha512 rounds to similar runtime to sha256 limitRich Felker2012-08-291-1/+1
| | | | | | | these limits could definitely use review, but for now, i feel consistency and erring on the side of preventing servers from getting bogged down by excessively-slow user-provided settings (think .htpasswd) are the best policy. blowfish should be updated to match.
* add sha256/sha512 cryptRich Felker2012-08-294-1/+700
| | | | | | | based on versions sent to the list by nsz, with some simplification and debloating. i'd still like to get them a bit smaller, or ideally merge them into a single file with most of the code being shared, but that can be done later.
* optimize legacy ffs functionRich Felker2012-08-231-4/+2
|
* add blowfish hash support to cryptRich Felker2012-08-103-8/+806
| | | | | | | there are still some discussions going on about tweaking the code, but at least thing brings us to the point of having something working in the repository. hopefully the remaining major hashes (md5,sha) will follow soon.
* make crypt return an unmatchable hash rather than NULL on failureRich Felker2012-08-091-5/+2
| | | | | | | | | | | | | | | | unfortunately, a large portion of programs which call crypt are not prepared for its failure and do not check that the return value is non-null before using it. thus, always "succeeding" but giving an unmatchable hash is reportedly a better behavior than failing on error. it was suggested that we could do this the same way as other implementations and put the null-to-unmatchable translation in the wrapper rather than the individual crypt modules like crypt_des, but when i tried to do it, i found it was making the logic in __crypt_r for keeping track of which hash type we're working with and whether it succeeded or failed much more complex, and potentially error-prone. the way i'm doing it now seems to have essentially zero cost, anyway.
* fix missing static in getusershell (namespace pollution)Rich Felker2012-08-021-1/+1
|
* replace old and ugly crypt implementationRich Felker2012-06-293-2574/+1055
| | | | | | | | | | | | | | | | | | | | | | | | | the new version is largely the work of Solar Designer, with minor changes for integration with musl. compared to the old code, text size is reduced by about 7k, stack space usage by about 70k, and performance is greatly improved by avoiding expensive calculation of constant tables on each run. this version also adds support for extended des-based password hashes, which allow for unlimited key (password) length and configurable iteration counts. i've also published the interface for crypt_r in a new crypt.h header. especially since this is not a standard interface, i did not feel compelled to match the glibc abi for the crypt_data structure. the glibc structure is way too big to allocate on the stack; in fact it's so big that the first usage may cause the main thread to exceed its pre-committed stack size of 128k and thus could cause the program to crash even on systems with overcommit disabled. the only legitimate use of crypt_data for crypt_r is to store the hash string to return, so i've reserved 256 bytes, which should be more than sufficient (longest known password hashes are ~60 characters, and beyond that is possibly even exceeding some implementations' passwd file field size limit).
* fix ptsname_r to conform to the upcoming posix requirementsRich Felker2012-06-202-4/+13
| | | | it should return the error code rather than 0/-1 and setting errno.
* add isastream (obsolete STREAMS junk)Rich Felker2012-05-061-0/+7
| | | | | | apparently some packages see stropts.h and want to be able to use this. the implementation checks that the file descriptor is valid by using fcntl/F_GETFD so it can report an error if not (as specified).
* implement stub versions of sched_*Rich Felker2012-05-031-10/+0
| | | | | these actually work, but for now they prohibit actually setting priority levels and report min/max priority as 0.
* ditch the priority inheritance locks; use malloc's version of lockRich Felker2012-04-241-9/+9
| | | | | | | | | | | | | | | | | | | i did some testing trying to switch malloc to use the new internal lock with priority inheritance, and my malloc contention test got 20-100 times slower. if priority inheritance futexes are this slow, it's simply too high a price to pay for avoiding priority inversion. maybe we can consider them somewhere down the road once the kernel folks get their act together on this (and perferably don't link it to glibc's inefficient lock API)... as such, i've switch __lock to use malloc's implementation of lightweight locks, and updated all the users of the code to use an array with a waiter count for their locks. this should give optimal performance in the vast majority of cases, and it's simple. malloc is still using its own internal copy of the lock code because it seems to yield measurably better performance with -O3 when it's inlined (20% or more difference in the contention stress test).
* implement getusershell, etc. legacy functionsRich Felker2012-04-221-0/+33
| | | | | I actually wrote these a month ago but forgot to integrate them. ugly, probably-harmful-to-use functions, but some legacy apps want them...
* add getresuid and getresgid syscall wrappersRich Felker2012-04-222-0/+16
|
* wordexp must set the we_offs entries of we_wordv to null pointersRich Felker2012-04-161-0/+4
|
* fix crash in wordfree if we_offs is not initialized by the callerRich Felker2012-04-161-0/+2
| | | | | | | I'm not sure if it's legal for wordexp to modify this field, but this is the only easy/straightforward fix, and applications should not care. if it's an issue, i can work out a different (but more complex) solution later.
* implement a64l and l64a (legacy xsi stuff)Rich Felker2012-03-011-0/+26
|
* fix (hopefully) PTRACE_TRACEME (command 0) argument handlingRich Felker2012-02-231-2/+2
|
* fix get_current_dir_name behaviorRich Felker2012-02-171-2/+6
|
* add get_current_dir_name functionRich Felker2012-02-171-0/+12
|
* add legacy futimes and lutimes functionsRich Felker2012-01-242-0/+26
| | | | | based on patch by sh4rm4. these functions are deprecated; futimens and utimensat should be used instead in new programs.
* use prlimit syscall for getrlimit/setrlimitRich Felker2012-01-202-4/+14
| | | | | | this allows the full range of 64-bit limit arguments even on 32-bit systems. fallback to the old syscalls on old kernels that don't support prlimit.
* add prlimit syscall wrapperRich Felker2012-01-201-0/+8
|
* alias basename to glibc name for it, to meet abi goalsRich Felker2012-01-181-0/+3
| | | | | | note that regardless of the name used, basename is always conformant. it never takes on the bogus gnu behavior, unlike glibc where basename is nonconformant when declared manually without including libgen.h.
* fix ptrace (maybe)Rich Felker2011-09-161-1/+8
|
* implement ptrace syscall wrapper (untested)Rich Felker2011-09-151-0/+18
|
* remove some stray trailing space charactersRich Felker2011-09-131-1/+1
|
* fix some bugs in setxid and update setrlimit to use __synccallRich Felker2011-07-301-2/+27
| | | | | | | | setrlimit is supposed to be per-process, not per-thread, but again linux gets it wrong. work around this in userspace. not only is it needed for correctness; setxid also depends on the resource limits for all threads being the same to avoid situations where temporarily unlimiting the limit succeeds in some threads but fails in others.
* check for fd exhaustion in forkptyRich Felker2011-07-221-2/+15
| | | | | | | we cannot report failure after forking, so the idea is to ensure prior to fork that fd 0,1,2 exist. this will prevent dup2 from possibly hitting a resource limit and failing in the child process. fcntl rather than dup2 is used prior to forking to avoid race conditions.
* incorrect check for open failure in openpty functionRich Felker2011-07-221-1/+1
| | | | -1, not 0, indicates failure
* wordexp cannot use we_offs unless WRDE_DOOFFS flag is setRich Felker2011-06-251-1/+2
| | | | | | previously, a potentially-indeterminate value from we_offs was being used, resulting in wrong we_wordc and subsequent crashes in the caller.
* fix memory leak on failure in realpathRich Felker2011-06-181-4/+4
|
* add useless, obsolescent function ulimitRich Felker2011-05-291-0/+19
|
* properly create new session/controlling terminal in forkptyRich Felker2011-04-201-1/+4
|
* implement (nonstandard) forkptyRich Felker2011-04-201-0/+22
|