CVS log for src/sys/external/bsd/libnv/dist/nvpair.c
![[BACK]](/icons/back.gif)
Up to [cvs.NetBSD.org] / src / sys / external / bsd / libnv / dist
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Revision 1.11.2.1: download - view: text, markup, annotated - select for diffs
Thu Sep 5 10:12:31 2024 UTC (6 months, 2 weeks ago) by martin
Branches: netbsd-9
Diff to: previous 1.11: preferred, colored; next MAIN 1.12: preferred, colored
Changes since revision 1.11: +6 -2
lines
Pull up following revision(s) (requested by riastradh in ticket #1885):
sys/external/bsd/libnv/dist/nvpair.c: revision 1.13
libnv: Check for NUL within bounds when unpacking string arrays.
This avoids buffer overrun in the subsequent nv_strdup, which can be
triggered by root at securelevel 1 via ioctl(IOC_NPF_*) on /dev/npf.
Matches upstream FreeBSD change by Mariusz Zaborski.
CVE-2024-45288
PR security/58652: libnv: Integer overflow and buffer overrun
vulnerabilities
Revision 1.11.28.1: download - view: text, markup, annotated - select for diffs
Thu Sep 5 10:03:31 2024 UTC (6 months, 2 weeks ago) by martin
Branches: netbsd-10
CVS tags: netbsd-10-1-RELEASE
Diff to: previous 1.11: preferred, colored; next MAIN 1.12: preferred, colored
Changes since revision 1.11: +6 -2
lines
Pull up following revision(s) (requested by riastradh in ticket #820):
sys/external/bsd/libnv/dist/nvpair.c: revision 1.13
libnv: Check for NUL within bounds when unpacking string arrays.
This avoids buffer overrun in the subsequent nv_strdup, which can be
triggered by root at securelevel 1 via ioctl(IOC_NPF_*) on /dev/npf.
Matches upstream FreeBSD change by Mariusz Zaborski.
CVE-2024-45288
PR security/58652: libnv: Integer overflow and buffer overrun
vulnerabilities
Revision 1.13: download - view: text, markup, annotated - select for diffs
Wed Sep 4 12:57:10 2024 UTC (6 months, 2 weeks ago) by riastradh
Branches: MAIN
CVS tags: HEAD
Diff to: previous 1.12: preferred, colored
Changes since revision 1.12: +6 -2
lines
libnv: Check for NUL within bounds when unpacking string arrays.
This avoids buffer overrun in the subsequent nv_strdup, which can be
triggered by root at securelevel 1 via ioctl(IOC_NPF_*) on /dev/npf.
Matches upstream FreeBSD change by Mariusz Zaborski
<oshogbo@FreeBSD.org>.
CVE-2024-45288
PR security/58652: libnv: Integer overflow and buffer overrun
vulnerabilities
Revision 1.12: download - view: text, markup, annotated - select for diffs
Wed Sep 4 12:57:00 2024 UTC (6 months, 2 weeks ago) by riastradh
Branches: MAIN
Diff to: previous 1.11: preferred, colored
Changes since revision 1.11: +11 -11
lines
libnv: Avoid arithmetic overflow in array allocation.
1. Teach nv_calloc and nv_strdup to detect arithmetic overflow.
2. Convert nv_malloc(sizeof(...) * N) to nv_calloc(N, sizeof(...)).
I reviewed all the remaining nv_malloc calls, because some of them
have the multiplication separated from the nv_malloc call. Of the
remaining callers:
- nv_calloc (now) checks for overflow
- nv_strdup (now) checks for overflow
- nvlist_create uses a fixed sizeof(...) without arithmetic
- nvlist_xpack doesn't directly check bounds, but as long as the wire
format is smaller than the in-memory size, that's not a problem
- nvlist_recv checks for sizeof(nvlhdr) + nvlhdr.nvlh_size overflow
- nvpair_unpack_binary uses nvp->nvp_datasize without arithmetic
- nvpair_unpack_bool_array checks for unsigned overflow
- nvpair_unpack_number_array checks for unsigned overflow
- nvpair_unpack_descriptor_array checks for unsigned overflow
- nvpair_create_binary uses caller-supplied size without arithmetic
Matches upstream FreeBSD change by Mariusz Zaborski
<oshogbo@FreeBSD.org>.
CVE-2024-45287
PR security/58652: libnv: Integer overflow and buffer overrun
vulnerabilities
Revision 1.6.4.3: download - view: text, markup, annotated - select for diffs
Mon Apr 13 08:05:01 2020 UTC (4 years, 11 months ago) by martin
Branches: phil-wifi
Diff to: previous 1.6.4.2: preferred, colored; branchpoint 1.6: preferred, colored; next MAIN 1.7: preferred, colored
Changes since revision 1.6.4.2: +6 -5
lines
Mostly merge changes from HEAD upto 20200411
Revision 1.11: download - view: text, markup, annotated - select for diffs
Wed Jul 24 14:25:56 2019 UTC (5 years, 8 months ago) by martin
Branches: MAIN
CVS tags: thorpej-ifq-base,
thorpej-ifq,
thorpej-i2c-spi-conf2-base,
thorpej-i2c-spi-conf2,
thorpej-i2c-spi-conf-base,
thorpej-i2c-spi-conf,
thorpej-futex2-base,
thorpej-futex2,
thorpej-futex-base,
thorpej-futex,
thorpej-cfargs2-base,
thorpej-cfargs2,
thorpej-cfargs-base,
thorpej-cfargs,
thorpej-altq-separation-base,
thorpej-altq-separation,
phil-wifi-20200421,
phil-wifi-20200411,
phil-wifi-20200406,
phil-wifi-20191119,
perseant-exfatfs-base-20240630,
perseant-exfatfs-base,
perseant-exfatfs,
netbsd-9-base,
netbsd-9-4-RELEASE,
netbsd-9-3-RELEASE,
netbsd-9-2-RELEASE,
netbsd-9-1-RELEASE,
netbsd-9-0-RELEASE,
netbsd-9-0-RC2,
netbsd-9-0-RC1,
netbsd-10-base,
netbsd-10-0-RELEASE,
netbsd-10-0-RC6,
netbsd-10-0-RC5,
netbsd-10-0-RC4,
netbsd-10-0-RC3,
netbsd-10-0-RC2,
netbsd-10-0-RC1,
is-mlppp-base,
is-mlppp,
cjep_sun2x-base1,
cjep_sun2x-base,
cjep_sun2x,
cjep_staticlib_x-base1,
cjep_staticlib_x-base,
cjep_staticlib_x,
bouyer-xenpvh-base2,
bouyer-xenpvh-base1,
bouyer-xenpvh-base,
bouyer-xenpvh,
bouyer-sunxi-drm-base,
bouyer-sunxi-drm,
ad-namecache-base3,
ad-namecache-base2,
ad-namecache-base1,
ad-namecache-base,
ad-namecache
Branch point for: netbsd-9,
netbsd-10
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +3 -3
lines
Adapt for userland compilation
Revision 1.10: download - view: text, markup, annotated - select for diffs
Wed Jul 24 12:13:13 2019 UTC (5 years, 8 months ago) by sevan
Branches: MAIN
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +3 -3
lines
off by 1
Revision 1.9: download - view: text, markup, annotated - select for diffs
Wed Jul 24 11:34:55 2019 UTC (5 years, 8 months ago) by sevan
Branches: MAIN
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +3 -2
lines
need sys/kmem.h for kmem_free()
Revision 1.8: download - view: text, markup, annotated - select for diffs
Wed Jul 24 11:12:30 2019 UTC (5 years, 8 months ago) by martin
Branches: MAIN
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +3 -3
lines
PR kern/54406: the result of vasprintf (in the kernel) should be freed
by kmem_free(). Spotted by Mindaugas.
Revision 1.7: download - view: text, markup, annotated - select for diffs
Tue Jul 23 00:49:16 2019 UTC (5 years, 8 months ago) by rmind
Branches: MAIN
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +4 -4
lines
- nvpair_create_stringf: use the in-kernel vasprintf().
- Make nvlist_add_stringf() availabe in the kernel.
Revision 1.6.4.2: download - view: text, markup, annotated - select for diffs
Mon Jun 10 22:08:38 2019 UTC (5 years, 9 months ago) by christos
Branches: phil-wifi
Diff to: previous 1.6.4.1: preferred, colored; branchpoint 1.6: preferred, colored
Changes since revision 1.6.4.1: +2172 -0
lines
Sync with HEAD
Revision 1.6.4.1
Fri Feb 15 22:49:24 2019 UTC (6 years, 1 month ago) by christos
Branches: phil-wifi
FILE REMOVED
Changes since revision 1.6: +0 -2172
lines
file nvpair.c was added on branch phil-wifi on 2019-06-10 22:08:38 +0000
Revision 1.6: download - view: text, markup, annotated - select for diffs
Fri Feb 15 22:49:24 2019 UTC (6 years, 1 month ago) by rmind
Branches: MAIN
CVS tags: phil-wifi-20190609,
isaki-audio2-base,
isaki-audio2
Branch point for: phil-wifi
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +4 -12
lines
nvpair_remove_nvlist_array: revert part of the rev 1.4 change (it was applied
by mistake because the libnv upsteam code on Github has deviated from FreeBSD,
i.e. it has a different nvlist_set_array_next() logic).
Revision 1.5: download - view: text, markup, annotated - select for diffs
Tue Feb 12 12:52:49 2019 UTC (6 years, 1 month ago) by rmind
Branches: MAIN
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +3 -2
lines
libnv: Free the data array for NV_TYPE_DESCRIPTOR_ARRAY case.
Obtained from FreeBSD rev 343987 by oshogbo@.
Revision 1.4: download - view: text, markup, annotated - select for diffs
Tue Feb 12 12:49:23 2019 UTC (6 years, 1 month ago) by rmind
Branches: MAIN
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +13 -6
lines
libnv: fix multiple memory leaks.
- nvpair_create_stringv: free the temporary string; this fix affects
nvlist_add_stringf() and nvlist_add_stringv().
- nvpair_remove_nvlist_array (NV_TYPE_NVLIST_ARRAY case): free the chain
of nvpairs (as resetting it prevents nvlist_destroy() from freeing it).
Note: freeing the chain in nvlist_destroy() is not sufficient, because
it would still leak through nvlist_take_nvlist_array(). This affects
all nvlist_*_nvlist_array() users.
Found by clang/gcc ASAN. These fixes have been contributed to the
upstream (FreeBSD) repository.
Revision 1.3.2.2: download - view: text, markup, annotated - select for diffs
Sun Sep 30 01:45:55 2018 UTC (6 years, 5 months ago) by pgoyette
Branches: pgoyette-compat
CVS tags: pgoyette-compat-merge-20190127
Diff to: previous 1.3.2.1: preferred, colored; branchpoint 1.3: preferred, colored; next MAIN 1.4: preferred, colored
Changes since revision 1.3.2.1: +2172 -0
lines
Ssync with HEAD
Revision 1.3.2.1
Sat Sep 8 14:32:25 2018 UTC (6 years, 6 months ago) by pgoyette
Branches: pgoyette-compat
FILE REMOVED
Changes since revision 1.3: +0 -2172
lines
file nvpair.c was added on branch pgoyette-compat on 2018-09-30 01:45:55 +0000
Revision 1.3: download - view: text, markup, annotated - select for diffs
Sat Sep 8 14:32:25 2018 UTC (6 years, 6 months ago) by christos
Branches: MAIN
CVS tags: pgoyette-compat-20190127,
pgoyette-compat-20190118,
pgoyette-compat-1226,
pgoyette-compat-1126,
pgoyette-compat-1020,
pgoyette-compat-0930
Branch point for: pgoyette-compat
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +4 -2
lines
fix kernel build.
Revision 1.2: download - view: text, markup, annotated - select for diffs
Sat Sep 8 14:02:15 2018 UTC (6 years, 6 months ago) by christos
Branches: MAIN
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +38 -16
lines
Add NetBSD stuff.
Revision 1.1.1.1 (vendor branch): download - view: text, markup, annotated - select for diffs
Sat Sep 8 13:27:48 2018 UTC (6 years, 6 months ago) by christos
Branches: FREEBSD
CVS tags: libnv-20180908
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +0 -0
lines
Import libnv from FreeBSD
Revision 1.1: download - view: text, markup, annotated - select for diffs
Sat Sep 8 13:27:48 2018 UTC (6 years, 6 months ago) by christos
Branches: MAIN
Initial revision
CVSweb <webmaster@jp.NetBSD.org>