![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / slaacctl
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.22.2.1 / (download) - annotate - [select for diffs], Mon Mar 21 16:41:17 2022 UTC (2 years, 2 months ago) by bluhm
Branch: OPENBSD_6_9
Changes since 1.22: +1 -7 lines
Diff to previous 1.22 (colored) next main 1.23 (colored)
Prevent crash of unprivileged engine process (pledged stdio). The length field of a DNS label in the DNS search list option is an 8 bit unsigned value. parse_dnssl() treats the search list option as an array of char, which are signed on most archs. When we read this value into an int variable it gets sign extended, allowing it to bypass sanity checks and eventually we pass it as the length to memcpy which treats it as a huge unsigned value leading to a heap overflow. An easy fix would be change the signature of parse_dnssl to parse_dnssl(uint8_t* data, int datalen). However, the DNS search list option is unused and the function fails to check if the parsed value is a valid domain name. The function is also getting in the way of future work so it's best to just delete it. The problem was found and reported by qualys, thanks! from florian@; OK bluhm@ this is errata/6.9/033_slaacd.patch.sig
Revision 1.22.4.1 / (download) - annotate - [select for diffs], Mon Mar 21 16:39:56 2022 UTC (2 years, 2 months ago) by bluhm
Branch: OPENBSD_7_0
Changes since 1.22: +1 -7 lines
Diff to previous 1.22 (colored) next main 1.23 (colored)
Prevent crash of unprivileged engine process (pledged stdio). The length field of a DNS label in the DNS search list option is an 8 bit unsigned value. parse_dnssl() treats the search list option as an array of char, which are signed on most archs. When we read this value into an int variable it gets sign extended, allowing it to bypass sanity checks and eventually we pass it as the length to memcpy which treats it as a huge unsigned value leading to a heap overflow. An easy fix would be change the signature of parse_dnssl to parse_dnssl(uint8_t* data, int datalen). However, the DNS search list option is unused and the function fails to check if the parsed value is a valid domain name. The function is also getting in the way of future work so it's best to just delete it. The problem was found and reported by qualys, thanks! from florian@; OK bluhm@ this is errata/7.0/017_slaacd.patch.sig
Revision 1.23 / (download) - annotate - [select for diffs], Mon Mar 21 16:25:47 2022 UTC (2 years, 2 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
HEAD
Changes since 1.22: +1 -7 lines
Diff to previous 1.22 (colored)
Prevent crash of unprivileged engine process (pledged stdio). The length field of a DNS label in the DNS search list option is an 8 bit unsigned value. parse_dnssl() treats the search list option as an array of char, which are signed on most archs. When we read this value into an int variable it gets sign extended, allowing it to bypass sanity checks and eventually we pass it as the length to memcpy which treats it as a huge unsigned value leading to a heap overflow. An easy fix would be change the signature of parse_dnssl to parse_dnssl(uint8_t* data, int datalen). However, the DNS search list option is unused and the function fails to check if the parsed value is a valid domain name. The function is also getting in the way of future work so it's best to just delete it. The problem was found and reported by qualys, thanks! OK bluhm
Revision 1.22 / (download) - annotate - [select for diffs], Sun Mar 21 18:25:24 2021 UTC (3 years, 2 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_6_9_BASE
Branch point for: OPENBSD_7_0,
OPENBSD_6_9
Changes since 1.21: +5 -4 lines
Diff to previous 1.21 (colored)
Use new terminology of RFC 8981 and (mechanically) replace "privacy" with "temporary".
Revision 1.21 / (download) - annotate - [select for diffs], Sat Feb 27 10:28:12 2021 UTC (3 years, 3 months ago) by florian
Branch: MAIN
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)
Path #defines are traditionally prefixed with _PATH. pointed out by deraadt
Revision 1.20 / (download) - annotate - [select for diffs], Mon Sep 14 09:07:05 2020 UTC (3 years, 8 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.19: +4 -11 lines
Diff to previous 1.19 (colored)
Let slaacd handle all rdomains in a single daemon. Suggested by claudio and matthieu Testing matthieu Putting it in now to get enough testing before release so that there is enough time to back it out, suggested by deraadt
Revision 1.19 / (download) - annotate - [select for diffs], Thu Apr 16 05:28:30 2020 UTC (4 years, 1 month ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.18: +11 -4 lines
Diff to previous 1.18 (colored)
Make the control socket name depend on the routing domain we are in. That way, when slaacd gets started in a different rdomain with route exec things just work, no need to provide an alternative control socket. Pointed out by claudio Original diff by benno, but I like my bikeshed purple. OK benno, claudio
Revision 1.18 / (download) - annotate - [select for diffs], Mon Nov 11 05:48:46 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.17: +41 -1 lines
Diff to previous 1.17 (colored)
Send DNS proposals on route socket when new nameservers are learned
from router advertisements.
unwind(8) can solicit DNS proposals by sending an empty RTM_PROPOSAL
message with priority RTP_PROPOSAL_SOLICIT.
Revision 1.17 / (download) - annotate - [select for diffs], Fri Nov 1 18:15:28 2019 UTC (4 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored)
Correctly group initialization of AF_UNIX socket. spotted by deraadt in new code, sweep by me. OK deraadt
Revision 1.16 / (download) - annotate - [select for diffs], Sun Oct 20 16:22:22 2019 UTC (4 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.15: +1 -2 lines
Diff to previous 1.15 (colored)
Remove redundant newline. pointed out by deraadt@
Revision 1.15 / (download) - annotate - [select for diffs], Fri Jul 27 06:26:38 2018 UTC (5 years, 10 months ago) by bket
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.14: +3 -1 lines
Diff to previous 1.14 (colored)
Enable slaacctl(8) to print information on an advertised MTU. OK florian@
Revision 1.14 / (download) - annotate - [select for diffs], Fri Apr 27 10:02:15 2018 UTC (6 years, 1 month ago) by florian
Branch: MAIN
Changes since 1.13: +4 -1 lines
Diff to previous 1.13 (colored)
pledge earlier in preparation of pledgepath
Revision 1.13 / (download) - annotate - [select for diffs], Mon Aug 28 15:35:48 2017 UTC (6 years, 9 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored)
print id first to make this symetrical to address proposals
Revision 1.12 / (download) - annotate - [select for diffs], Tue Aug 22 13:56:49 2017 UTC (6 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.11: +2 -2 lines
Diff to previous 1.11 (colored)
typo
Revision 1.11 / (download) - annotate - [select for diffs], Fri Aug 18 18:43:33 2017 UTC (6 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.10: +20 -9 lines
Diff to previous 1.10 (colored)
Show timeouts for addresses and default routers.
Revision 1.10 / (download) - annotate - [select for diffs], Fri Aug 18 18:42:58 2017 UTC (6 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.9: +2 -1 lines
Diff to previous 1.9 (colored)
print default router IP
Revision 1.9 / (download) - annotate - [select for diffs], Fri Aug 18 18:42:20 2017 UTC (6 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.8: +4 -9 lines
Diff to previous 1.8 (colored)
nano second resolution is meaningless
Revision 1.8 / (download) - annotate - [select for diffs], Fri Aug 18 16:32:06 2017 UTC (6 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.7: +18 -5 lines
Diff to previous 1.7 (colored)
Use "infinity" for pltime / vltime. It's a bit easier on the eyes than 4294967295. While here standardize on a width of 10.
Revision 1.7 / (download) - annotate - [select for diffs], Tue May 30 18:18:08 2017 UTC (7 years ago) by deraadt
Branch: MAIN
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)
whitespace encountered during review
Revision 1.6 / (download) - annotate - [select for diffs], Sun May 28 09:35:56 2017 UTC (7 years ago) by florian
Branch: MAIN
Changes since 1.5: +30 -1 lines
Diff to previous 1.5 (colored)
propose and configure default gateway
Revision 1.5 / (download) - annotate - [select for diffs], Sat May 27 18:37:09 2017 UTC (7 years ago) by florian
Branch: MAIN
Changes since 1.4: +2 -1 lines
Diff to previous 1.4 (colored)
print router preference
Revision 1.4 / (download) - annotate - [select for diffs], Sat May 27 10:53:59 2017 UTC (7 years ago) by florian
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)
do not use %hhu
Revision 1.3 / (download) - annotate - [select for diffs], Sat May 27 10:52:16 2017 UTC (7 years ago) by florian
Branch: MAIN
Changes since 1.2: +33 -1 lines
Diff to previous 1.2 (colored)
show address proposals in slaacdctl show interface output
Revision 1.2 / (download) - annotate - [select for diffs], Sat May 27 10:40:43 2017 UTC (7 years ago) by florian
Branch: MAIN
Changes since 1.1: +1 -18 lines
Diff to previous 1.1 (colored)
no longer carry addresses in struct radv_prefix
Revision 1.1 / (download) - annotate - [select for diffs], Mon Apr 10 13:35:42 2017 UTC (7 years, 2 months ago) by florian
Branch: MAIN
The canonical name for ctl programs is without 'd'. Pointed out by Brad. OK deraadt@