BSD Commit Log Search

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi

Merge branch 'freebsd/current/main' into hardened/current/master

Merge branch 'freebsd/14-stable/main' into hardened/14-stable/master

Merge branch 'freebsd/13-stable/main' into hardened/13-stable/master

libnv: verify that string is null terminated

During unpacking, we ensure that we do not read beyond the
declared size. However, unpack uses a function that copies
null-terminated strings. Prior to this commit, if the last string
was not null-terminated, it could result in copying data into a
buffer smaller than the allocated size.

Security:       FreeBSD-24:09.libnv
Security:       CVE-2024-45288
Security:       CAP-03
Reported by:    Synacktiv
Sponsored by:   The Alpha-Omega Project
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D46138

(cherry picked from commit 3aaaca1b51ad844ef9e9b3d945217ab3dd189bae)

libnv: allocate buffer in a safe way

Ensure that the calculation of size of array doesn't
overflow.

Security:       FreeBSD-24:09.libnv
Security:       CVE-2024-45287
Security:       CAP-02
Reported by:    Synacktiv
Reported by:    Taylor R Campbell (NetBSD)
Sponsored by:   The Alpha-Omega Project
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D46131

(cherry picked from commit 36fa90dbde0060aacb5677d0b113ee168e839071)

libnv: verify that string is null terminated

During unpacking, we ensure that we do not read beyond the
declared size. However, unpack uses a function that copies
null-terminated strings. Prior to this commit, if the last string
was not null-terminated, it could result in copying data into a
buffer smaller than the allocated size.

Security:       FreeBSD-24:09.libnv
Security:       CVE-2024-45288
Security:       CAP-03
Reported by:    Synacktiv
Sponsored by:   The Alpha-Omega Project
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D46138

(cherry picked from commit 3aaaca1b51ad844ef9e9b3d945217ab3dd189bae)

libnv: allocate buffer in a safe way

Ensure that the calculation of size of array doesn't
overflow.

Security:       FreeBSD-24:09.libnv
Security:       CVE-2024-45287
Security:       CAP-02
Reported by:    Synacktiv
Reported by:    Taylor R Campbell (NetBSD)
Sponsored by:   The Alpha-Omega Project
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D46131

(cherry picked from commit 36fa90dbde0060aacb5677d0b113ee168e839071)

libnv: verify that string is null terminated

During unpacking, we ensure that we do not read beyond the
declared size. However, unpack uses a function that copies
null-terminated strings. Prior to this commit, if the last string
was not null-terminated, it could result in copying data into a
buffer smaller than the allocated size.

Security:       FreeBSD-24:09.libnv
Security:       CVE-2024-45288
Security:       CAP-03
Reported by:    Synacktiv
Sponsored by:   The Alpha-Omega Project
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D46138

libnv: allocate buffer in a safe way

Ensure that the calculation of size of array doesn't
overflow.

Security:       FreeBSD-24:09.libnv
Security:       CVE-2024-45287
Security:       CAP-02
Reported by:    Synacktiv
Reported by:    Taylor R Campbell (NetBSD)
Sponsored by:   The Alpha-Omega Project
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D46131

Merge remote-tracking branch 'freebsd/stable/13' into hardened/13-stable/master

Conflicts:
        sys/i386/linux/imgact_linux.c (deleted)
        sys/kern/imgact_aout.c (deleted)

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.

Discussed with:         pfg
MFC After:              3 days
Sponsored by:           Netflix

(cherry picked from commit 4d846d260e2b9a3d4d0a701462568268cbfe7a5b)

Merge remote-tracking branch 'internal/hardened/current/master' into hardened/current/cross-dso-cfi

Conflicts:
        share/man/man5/src.conf.5 (unresolved)

Merge remote-tracking branch 'freebsd/main' into hardened/current/master

Conflicts:
        lib/csu/common/csu_common.h (deleted)
        share/man/man5/src.conf.5 (unresolved)
        sys/i386/linux/imgact_linux.c (deleted)
        sys/kern/imgact_aout.c (deleted)

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.

Discussed with:         pfg
MFC After:              3 days
Sponsored by:           Netflix

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi

Conflicts:
        share/man/man5/src.conf.5 (unresolved)

Merge branch 'freebsd/current/main' into hardened/current/master

libnv: Mark a variable only used in a custom assertion as unused.

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi

Conflicts:
        share/mk/src.opts.mk (unresolved)

Merge remote-tracking branch 'origin/freebsd/current/main' into hardened/current/master

libnv: Fix array unpack endianness logic

When a nvlist(9) is converted into a binary buffer by nvlist_pack(9),
the host endianness is encoded in the nvlist_header of the binary
buffer. The nvlist_unpack(9) function converts a given binary buffer
to an nvlist. In the conversion process the endianness encoded in the
nvlist_header is evaluated and -- should the encoded endianness differ
from the endianess of the decoding host -- endianness conversion is
applied to nvlist_header and nvpair_header elements as well as
to some nvpair values.

In 2015 @oshogbo extended libnv with array support (in 347a39b).
The unpacking code misses the possible need to convert the endianness
of the nvph_nitems element of nvpair_headers.

The patch (re)enables libnv to unpack nvlists regardless of the
endianness of the packing host.

Pull Request:   https://github.com/freebsd/freebsd-src/pull/528

libnv: fix double free

In r343986 we introduced a double free. The structure was already
freed fixed in the r302966. This problem was introduced
because the GitHub version was out of sync with the FreeBSD one.

Submitted by:   Mindaugas Rasiukevicius <rmind at netbsd.org>
MFC with:       r343986

(cherry picked from commit d97753b5c8f1d32fbcdcbb0d129b49f808245865)

libnv: fix revert

Reported by:    jenkins

(cherry picked from commit 3bea7b5b05f200df4cabee12e405b8feade16f0e)

libnv: fix memory leaks

nvpair_create_stringv: free the temporary string; this fix affects
nvlist_add_stringf() and nvlist_add_stringv().

nvpair_remove_nvlist_array (NV_TYPE_NVLIST_ARRAY case): free the chain
of nvpairs (as resetting it prevents nvlist_destroy() from freeing it).
Note: freeing the chain in nvlist_destroy() is not sufficient, because
it would still leak through nvlist_take_nvlist_array().  This affects
all nvlist_*_nvlist_array() use

Submitted by:   Mindaugas Rasiukevicius <rmind at netbsd.org>
Reported by:    clang/gcc ASAN
MFC after:      2 weeks

(cherry picked from commit b5d787d93b3d83f28e87e1f8cc740cb160f8f0ac)

Merge branch 'hardened/current/master' into hardened/current/uninit-autoinit

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi

Conflicts:
        Makefile.inc1 (unresolved)
        lib/csu/amd64/Makefile (unresolved)
        lib/csu/i386/Makefile (unresolved)
        share/man/man5/src.conf.5 (unresolved)

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  [ath_hal] Add KeyMiss for AR5212/AR5416 series chips.
  vm_page_free_prep(): correct description of the required page and object state.
  Fix libnv build post rename
  Fix "current" variable name conflict with openzfs
  Rename nvpair.c to bsd_nvpair.c to not conflict with openzfs' version.
  Chroot first appeared in 4.3-Reno, not in 4.4 in the BSD world, but in System III in the AT&T world.
  Chroot actually appeared in 7th Edition Unix.

Rename nvpair.c to bsd_nvpair.c to not conflict with openzfs' version.

Rename nvpair.c to bsd_nvpair.c to not conflict with openzfs' version.