From owner-svn-src-stable-9@freebsd.org  Wed Sep  2 20:06:49 2015
Return-Path: <owner-svn-src-stable-9@freebsd.org>
Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6A7BD9C97C1;
 Wed,  2 Sep 2015 20:06:49 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 5901F903;
 Wed,  2 Sep 2015 20:06:49 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.70])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t82K6n6d003787;
 Wed, 2 Sep 2015 20:06:49 GMT (envelope-from delphij@FreeBSD.org)
Received: (from delphij@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id t82K6kCR003777;
 Wed, 2 Sep 2015 20:06:46 GMT (envelope-from delphij@FreeBSD.org)
Message-Id: <201509022006.t82K6kCR003777@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: delphij set sender to
 delphij@FreeBSD.org using -f
From: Xin LI <delphij@FreeBSD.org>
Date: Wed, 2 Sep 2015 20:06:46 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject: svn commit: r287409 - in stable/9/contrib/bind9/lib/dns: .
 include/dst rdata/generic
X-SVN-Group: stable-9
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable-9@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for only the 9-stable src tree
 <svn-src-stable-9.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-9/>
List-Post: <mailto:svn-src-stable-9@freebsd.org>
List-Help: <mailto:svn-src-stable-9-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 20:06:49 -0000

Author: delphij
Date: Wed Sep  2 20:06:46 2015
New Revision: 287409
URL: https://svnweb.freebsd.org/changeset/base/287409

Log:
  Fix remote denial of service vulnerability when parsing malformed
  key.
  
  Fix remote denial of service vulnerability caused by an incorrect
  boundary check in openpgpkey_61.c.
  
  Security:	CVE-2015-5722, FreeBSD-SA-15:23.bind
  Security:	CVE-2015-5986

Modified:
  stable/9/contrib/bind9/lib/dns/hmac_link.c
  stable/9/contrib/bind9/lib/dns/include/dst/dst.h
  stable/9/contrib/bind9/lib/dns/ncache.c
  stable/9/contrib/bind9/lib/dns/openssldh_link.c
  stable/9/contrib/bind9/lib/dns/openssldsa_link.c
  stable/9/contrib/bind9/lib/dns/opensslecdsa_link.c
  stable/9/contrib/bind9/lib/dns/opensslrsa_link.c
  stable/9/contrib/bind9/lib/dns/rdata/generic/openpgpkey_61.c
  stable/9/contrib/bind9/lib/dns/resolver.c

Modified: stable/9/contrib/bind9/lib/dns/hmac_link.c
==============================================================================
--- stable/9/contrib/bind9/lib/dns/hmac_link.c	Wed Sep  2 19:49:55 2015	(r287408)
+++ stable/9/contrib/bind9/lib/dns/hmac_link.c	Wed Sep  2 20:06:46 2015	(r287409)
@@ -76,7 +76,7 @@ hmacmd5_createctx(dst_key_t *key, dst_co
 	hmacmd5ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacmd5_t));
 	if (hmacmd5ctx == NULL)
 		return (ISC_R_NOMEMORY);
-	isc_hmacmd5_init(hmacmd5ctx, hkey->key, ISC_SHA1_BLOCK_LENGTH);
+	isc_hmacmd5_init(hmacmd5ctx, hkey->key, ISC_MD5_BLOCK_LENGTH);
 	dctx->ctxdata.hmacmd5ctx = hmacmd5ctx;
 	return (ISC_R_SUCCESS);
 }
@@ -139,7 +139,7 @@ hmacmd5_compare(const dst_key_t *key1, c
 	else if (hkey1 == NULL || hkey2 == NULL)
 		return (ISC_FALSE);
 
-	if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH))
+	if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_MD5_BLOCK_LENGTH))
 		return (ISC_TRUE);
 	else
 		return (ISC_FALSE);
@@ -150,17 +150,17 @@ hmacmd5_generate(dst_key_t *key, int pse
 	isc_buffer_t b;
 	isc_result_t ret;
 	unsigned int bytes;
-	unsigned char data[ISC_SHA1_BLOCK_LENGTH];
+	unsigned char data[ISC_MD5_BLOCK_LENGTH];
 
 	UNUSED(callback);
 
 	bytes = (key->key_size + 7) / 8;
-	if (bytes > ISC_SHA1_BLOCK_LENGTH) {
-		bytes = ISC_SHA1_BLOCK_LENGTH;
-		key->key_size = ISC_SHA1_BLOCK_LENGTH * 8;
+	if (bytes > ISC_MD5_BLOCK_LENGTH) {
+		bytes = ISC_MD5_BLOCK_LENGTH;
+		key->key_size = ISC_MD5_BLOCK_LENGTH * 8;
 	}
 
-	memset(data, 0, ISC_SHA1_BLOCK_LENGTH);
+	memset(data, 0, ISC_MD5_BLOCK_LENGTH);
 	ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0));
 
 	if (ret != ISC_R_SUCCESS)
@@ -169,7 +169,7 @@ hmacmd5_generate(dst_key_t *key, int pse
 	isc_buffer_init(&b, data, bytes);
 	isc_buffer_add(&b, bytes);
 	ret = hmacmd5_fromdns(key, &b);
-	memset(data, 0, ISC_SHA1_BLOCK_LENGTH);
+	memset(data, 0, ISC_MD5_BLOCK_LENGTH);
 
 	return (ret);
 }
@@ -223,7 +223,7 @@ hmacmd5_fromdns(dst_key_t *key, isc_buff
 
 	memset(hkey->key, 0, sizeof(hkey->key));
 
-	if (r.length > ISC_SHA1_BLOCK_LENGTH) {
+	if (r.length > ISC_MD5_BLOCK_LENGTH) {
 		isc_md5_init(&md5ctx);
 		isc_md5_update(&md5ctx, r.base, r.length);
 		isc_md5_final(&md5ctx, hkey->key);
@@ -236,6 +236,8 @@ hmacmd5_fromdns(dst_key_t *key, isc_buff
 	key->key_size = keylen * 8;
 	key->keydata.hmacmd5 = hkey;
 
+	isc_buffer_forward(data, r.length);
+
 	return (ISC_R_SUCCESS);
 }
 
@@ -512,6 +514,8 @@ hmacsha1_fromdns(dst_key_t *key, isc_buf
 	key->key_size = keylen * 8;
 	key->keydata.hmacsha1 = hkey;
 
+	isc_buffer_forward(data, r.length);
+
 	return (ISC_R_SUCCESS);
 }
 
@@ -790,6 +794,8 @@ hmacsha224_fromdns(dst_key_t *key, isc_b
 	key->key_size = keylen * 8;
 	key->keydata.hmacsha224 = hkey;
 
+	isc_buffer_forward(data, r.length);
+
 	return (ISC_R_SUCCESS);
 }
 
@@ -1068,6 +1074,8 @@ hmacsha256_fromdns(dst_key_t *key, isc_b
 	key->key_size = keylen * 8;
 	key->keydata.hmacsha256 = hkey;
 
+	isc_buffer_forward(data, r.length);
+
 	return (ISC_R_SUCCESS);
 }
 
@@ -1346,6 +1354,8 @@ hmacsha384_fromdns(dst_key_t *key, isc_b
 	key->key_size = keylen * 8;
 	key->keydata.hmacsha384 = hkey;
 
+	isc_buffer_forward(data, r.length);
+
 	return (ISC_R_SUCCESS);
 }
 
@@ -1624,6 +1634,8 @@ hmacsha512_fromdns(dst_key_t *key, isc_b
 	key->key_size = keylen * 8;
 	key->keydata.hmacsha512 = hkey;
 
+	isc_buffer_forward(data, r.length);
+
 	return (ISC_R_SUCCESS);
 }
 

Modified: stable/9/contrib/bind9/lib/dns/include/dst/dst.h
==============================================================================
--- stable/9/contrib/bind9/lib/dns/include/dst/dst.h	Wed Sep  2 19:49:55 2015	(r287408)
+++ stable/9/contrib/bind9/lib/dns/include/dst/dst.h	Wed Sep  2 20:06:46 2015	(r287409)
@@ -69,6 +69,7 @@ typedef struct dst_context 	dst_context_
 #define DST_ALG_HMACSHA256	163	/* XXXMPA */
 #define DST_ALG_HMACSHA384	164	/* XXXMPA */
 #define DST_ALG_HMACSHA512	165	/* XXXMPA */
+#define DST_ALG_INDIRECT	252
 #define DST_ALG_PRIVATE		254
 #define DST_ALG_EXPAND		255
 #define DST_MAX_ALGS		255

Modified: stable/9/contrib/bind9/lib/dns/ncache.c
==============================================================================
--- stable/9/contrib/bind9/lib/dns/ncache.c	Wed Sep  2 19:49:55 2015	(r287408)
+++ stable/9/contrib/bind9/lib/dns/ncache.c	Wed Sep  2 20:06:46 2015	(r287409)
@@ -614,13 +614,11 @@ dns_ncache_getsigrdataset(dns_rdataset_t
 		dns_name_fromregion(&tname, &remaining);
 		INSIST(remaining.length >= tname.length);
 		isc_buffer_forward(&source, tname.length);
-		remaining.length -= tname.length;
-		remaining.base += tname.length;
+		isc_region_consume(&remaining, tname.length);
 
 		INSIST(remaining.length >= 2);
 		type = isc_buffer_getuint16(&source);
-		remaining.length -= 2;
-		remaining.base += 2;
+		isc_region_consume(&remaining, 2);
 
 		if (type != dns_rdatatype_rrsig ||
 		    !dns_name_equal(&tname, name)) {
@@ -632,8 +630,7 @@ dns_ncache_getsigrdataset(dns_rdataset_t
 		INSIST(remaining.length >= 1);
 		trust = isc_buffer_getuint8(&source);
 		INSIST(trust <= dns_trust_ultimate);
-		remaining.length -= 1;
-		remaining.base += 1;
+		isc_region_consume(&remaining, 1);
 
 		raw = remaining.base;
 		count = raw[0] * 256 + raw[1];

Modified: stable/9/contrib/bind9/lib/dns/openssldh_link.c
==============================================================================
--- stable/9/contrib/bind9/lib/dns/openssldh_link.c	Wed Sep  2 19:49:55 2015	(r287408)
+++ stable/9/contrib/bind9/lib/dns/openssldh_link.c	Wed Sep  2 20:06:46 2015	(r287409)
@@ -266,8 +266,10 @@ openssldh_destroy(dst_key_t *key) {
 
 static void
 uint16_toregion(isc_uint16_t val, isc_region_t *region) {
-	*region->base++ = (val & 0xff00) >> 8;
-	*region->base++ = (val & 0x00ff);
+	*region->base = (val & 0xff00) >> 8;
+	isc_region_consume(region, 1);
+	*region->base = (val & 0x00ff);
+	isc_region_consume(region, 1);
 }
 
 static isc_uint16_t
@@ -278,7 +280,8 @@ uint16_fromregion(isc_region_t *region) 
 	val = ((unsigned int)(cp[0])) << 8;
 	val |= ((unsigned int)(cp[1]));
 
-	region->base += 2;
+	isc_region_consume(region, 2);
+
 	return (val);
 }
 
@@ -319,16 +322,16 @@ openssldh_todns(const dst_key_t *key, is
 	}
 	else
 		BN_bn2bin(dh->p, r.base);
-	r.base += plen;
+	isc_region_consume(&r, plen);
 
 	uint16_toregion(glen, &r);
 	if (glen > 0)
 		BN_bn2bin(dh->g, r.base);
-	r.base += glen;
+	isc_region_consume(&r, glen);
 
 	uint16_toregion(publen, &r);
 	BN_bn2bin(dh->pub_key, r.base);
-	r.base += publen;
+	isc_region_consume(&r, publen);
 
 	isc_buffer_add(data, dnslen);
 
@@ -369,10 +372,12 @@ openssldh_fromdns(dst_key_t *key, isc_bu
 		return (DST_R_INVALIDPUBLICKEY);
 	}
 	if (plen == 1 || plen == 2) {
-		if (plen == 1)
-			special = *r.base++;
-		else
+		if (plen == 1) {
+			special = *r.base;
+			isc_region_consume(&r, 1);
+		} else {
 			special = uint16_fromregion(&r);
+		}
 		switch (special) {
 			case 1:
 				dh->p = &bn768;
@@ -387,10 +392,9 @@ openssldh_fromdns(dst_key_t *key, isc_bu
 				DH_free(dh);
 				return (DST_R_INVALIDPUBLICKEY);
 		}
-	}
-	else {
+	} else {
 		dh->p = BN_bin2bn(r.base, plen, NULL);
-		r.base += plen;
+		isc_region_consume(&r, plen);
 	}
 
 	/*
@@ -421,15 +425,14 @@ openssldh_fromdns(dst_key_t *key, isc_bu
 				return (DST_R_INVALIDPUBLICKEY);
 			}
 		}
-	}
-	else {
+	} else {
 		if (glen == 0) {
 			DH_free(dh);
 			return (DST_R_INVALIDPUBLICKEY);
 		}
 		dh->g = BN_bin2bn(r.base, glen, NULL);
 	}
-	r.base += glen;
+	isc_region_consume(&r, glen);
 
 	if (r.length < 2) {
 		DH_free(dh);
@@ -441,7 +444,7 @@ openssldh_fromdns(dst_key_t *key, isc_bu
 		return (DST_R_INVALIDPUBLICKEY);
 	}
 	dh->pub_key = BN_bin2bn(r.base, publen, NULL);
-	r.base += publen;
+	isc_region_consume(&r, publen);
 
 	key->key_size = BN_num_bits(dh->p);
 

Modified: stable/9/contrib/bind9/lib/dns/openssldsa_link.c
==============================================================================
--- stable/9/contrib/bind9/lib/dns/openssldsa_link.c	Wed Sep  2 19:49:55 2015	(r287408)
+++ stable/9/contrib/bind9/lib/dns/openssldsa_link.c	Wed Sep  2 20:06:46 2015	(r287409)
@@ -29,8 +29,6 @@
  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id$ */
-
 #ifdef OPENSSL
 #ifndef USE_EVP
 #define USE_EVP 1
@@ -137,6 +135,7 @@ openssldsa_sign(dst_context_t *dctx, isc
 	DSA *dsa = key->keydata.dsa;
 	isc_region_t r;
 	DSA_SIG *dsasig;
+	unsigned int klen;
 #if USE_EVP
 	EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
 	EVP_PKEY *pkey;
@@ -188,6 +187,7 @@ openssldsa_sign(dst_context_t *dctx, isc
 					       ISC_R_FAILURE));
 	}
 	free(sigbuf);
+
 #elif 0
 	/* Only use EVP for the Digest */
 	if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &siglen)) {
@@ -209,11 +209,17 @@ openssldsa_sign(dst_context_t *dctx, isc
 					       "DSA_do_sign",
 					       DST_R_SIGNFAILURE));
 #endif
-	*r.base++ = (key->key_size - 512)/64;
+
+	klen = (key->key_size - 512)/64;
+	if (klen > 255)
+		return (ISC_R_FAILURE);
+	*r.base = klen;
+	isc_region_consume(&r, 1);
+
 	BN_bn2bin_fixed(dsasig->r, r.base, ISC_SHA1_DIGESTLENGTH);
-	r.base += ISC_SHA1_DIGESTLENGTH;
+	isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
 	BN_bn2bin_fixed(dsasig->s, r.base, ISC_SHA1_DIGESTLENGTH);
-	r.base += ISC_SHA1_DIGESTLENGTH;
+	isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
 	DSA_SIG_free(dsasig);
 	isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH * 2 + 1);
 
@@ -446,15 +452,16 @@ openssldsa_todns(const dst_key_t *key, i
 	if (r.length < (unsigned int) dnslen)
 		return (ISC_R_NOSPACE);
 
-	*r.base++ = t;
+	*r.base = t;
+	isc_region_consume(&r, 1);
 	BN_bn2bin_fixed(dsa->q, r.base, ISC_SHA1_DIGESTLENGTH);
-	r.base += ISC_SHA1_DIGESTLENGTH;
+	isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
 	BN_bn2bin_fixed(dsa->p, r.base, key->key_size/8);
-	r.base += p_bytes;
+	isc_region_consume(&r, p_bytes);
 	BN_bn2bin_fixed(dsa->g, r.base, key->key_size/8);
-	r.base += p_bytes;
+	isc_region_consume(&r, p_bytes);
 	BN_bn2bin_fixed(dsa->pub_key, r.base, key->key_size/8);
-	r.base += p_bytes;
+	isc_region_consume(&r, p_bytes);
 
 	isc_buffer_add(data, dnslen);
 
@@ -479,29 +486,30 @@ openssldsa_fromdns(dst_key_t *key, isc_b
 		return (ISC_R_NOMEMORY);
 	dsa->flags &= ~DSA_FLAG_CACHE_MONT_P;
 
-	t = (unsigned int) *r.base++;
+	t = (unsigned int) *r.base;
+	isc_region_consume(&r, 1);
 	if (t > 8) {
 		DSA_free(dsa);
 		return (DST_R_INVALIDPUBLICKEY);
 	}
 	p_bytes = 64 + 8 * t;
 
-	if (r.length < 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) {
+	if (r.length < ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) {
 		DSA_free(dsa);
 		return (DST_R_INVALIDPUBLICKEY);
 	}
 
 	dsa->q = BN_bin2bn(r.base, ISC_SHA1_DIGESTLENGTH, NULL);
-	r.base += ISC_SHA1_DIGESTLENGTH;
+	isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
 
 	dsa->p = BN_bin2bn(r.base, p_bytes, NULL);
-	r.base += p_bytes;
+	isc_region_consume(&r, p_bytes);
 
 	dsa->g = BN_bin2bn(r.base, p_bytes, NULL);
-	r.base += p_bytes;
+	isc_region_consume(&r, p_bytes);
 
 	dsa->pub_key = BN_bin2bn(r.base, p_bytes, NULL);
-	r.base += p_bytes;
+	isc_region_consume(&r, p_bytes);
 
 	key->key_size = p_bytes * 8;
 

Modified: stable/9/contrib/bind9/lib/dns/opensslecdsa_link.c
==============================================================================
--- stable/9/contrib/bind9/lib/dns/opensslecdsa_link.c	Wed Sep  2 19:49:55 2015	(r287408)
+++ stable/9/contrib/bind9/lib/dns/opensslecdsa_link.c	Wed Sep  2 20:06:46 2015	(r287409)
@@ -14,8 +14,6 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id$ */
-
 #include <config.h>
 
 #ifdef HAVE_OPENSSL_ECDSA
@@ -159,9 +157,9 @@ opensslecdsa_sign(dst_context_t *dctx, i
 					       "ECDSA_do_sign",
 					       DST_R_SIGNFAILURE));
 	BN_bn2bin_fixed(ecdsasig->r, r.base, siglen / 2);
-	r.base += siglen / 2;
+	isc_region_consume(&r, siglen / 2);
 	BN_bn2bin_fixed(ecdsasig->s, r.base, siglen / 2);
-	r.base += siglen / 2;
+	isc_region_consume(&r, siglen / 2);
 	ECDSA_SIG_free(ecdsasig);
 	isc_buffer_add(sig, siglen);
 	ret = ISC_R_SUCCESS;

Modified: stable/9/contrib/bind9/lib/dns/opensslrsa_link.c
==============================================================================
--- stable/9/contrib/bind9/lib/dns/opensslrsa_link.c	Wed Sep  2 19:49:55 2015	(r287408)
+++ stable/9/contrib/bind9/lib/dns/opensslrsa_link.c	Wed Sep  2 20:06:46 2015	(r287409)
@@ -965,6 +965,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_b
 	RSA *rsa;
 	isc_region_t r;
 	unsigned int e_bytes;
+	unsigned int length;
 #if USE_EVP
 	EVP_PKEY *pkey;
 #endif
@@ -972,6 +973,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_b
 	isc_buffer_remainingregion(data, &r);
 	if (r.length == 0)
 		return (ISC_R_SUCCESS);
+	length = r.length;
 
 	rsa = RSA_new();
 	if (rsa == NULL)
@@ -982,17 +984,18 @@ opensslrsa_fromdns(dst_key_t *key, isc_b
 		RSA_free(rsa);
 		return (DST_R_INVALIDPUBLICKEY);
 	}
-	e_bytes = *r.base++;
-	r.length--;
+	e_bytes = *r.base;
+	isc_region_consume(&r, 1);
 
 	if (e_bytes == 0) {
 		if (r.length < 2) {
 			RSA_free(rsa);
 			return (DST_R_INVALIDPUBLICKEY);
 		}
-		e_bytes = ((*r.base++) << 8);
-		e_bytes += *r.base++;
-		r.length -= 2;
+		e_bytes = (*r.base) << 8;
+		isc_region_consume(&r, 1);
+		e_bytes += *r.base;
+		isc_region_consume(&r, 1);
 	}
 
 	if (r.length < e_bytes) {
@@ -1000,14 +1003,13 @@ opensslrsa_fromdns(dst_key_t *key, isc_b
 		return (DST_R_INVALIDPUBLICKEY);
 	}
 	rsa->e = BN_bin2bn(r.base, e_bytes, NULL);
-	r.base += e_bytes;
-	r.length -= e_bytes;
+	isc_region_consume(&r, e_bytes);
 
 	rsa->n = BN_bin2bn(r.base, r.length, NULL);
 
 	key->key_size = BN_num_bits(rsa->n);
 
-	isc_buffer_forward(data, r.length);
+	isc_buffer_forward(data, length);
 
 #if USE_EVP
 	pkey = EVP_PKEY_new();

Modified: stable/9/contrib/bind9/lib/dns/rdata/generic/openpgpkey_61.c
==============================================================================
--- stable/9/contrib/bind9/lib/dns/rdata/generic/openpgpkey_61.c	Wed Sep  2 19:49:55 2015	(r287408)
+++ stable/9/contrib/bind9/lib/dns/rdata/generic/openpgpkey_61.c	Wed Sep  2 20:06:46 2015	(r287409)
@@ -76,6 +76,8 @@ fromwire_openpgpkey(ARGS_FROMWIRE) {
 	 * Keyring.
 	 */
 	isc_buffer_activeregion(source, &sr);
+	if (sr.length < 1)
+		return (ISC_R_UNEXPECTEDEND);
 	isc_buffer_forward(source, sr.length);
 	return (mem_tobuffer(target, sr.base, sr.length));
 }

Modified: stable/9/contrib/bind9/lib/dns/resolver.c
==============================================================================
--- stable/9/contrib/bind9/lib/dns/resolver.c	Wed Sep  2 19:49:55 2015	(r287408)
+++ stable/9/contrib/bind9/lib/dns/resolver.c	Wed Sep  2 20:06:46 2015	(r287409)
@@ -9058,6 +9058,12 @@ dns_resolver_algorithm_supported(dns_res
 
 	REQUIRE(VALID_RESOLVER(resolver));
 
+	/*
+	 * DH is unsupported for DNSKEYs, see RFC 4034 sec. A.1.
+	 */
+	if ((alg == DST_ALG_DH) || (alg == DST_ALG_INDIRECT))
+		return (ISC_FALSE);
+
 #if USE_ALGLOCK
 	RWLOCK(&resolver->alglock, isc_rwlocktype_read);
 #endif
@@ -9077,6 +9083,7 @@ dns_resolver_algorithm_supported(dns_res
 #endif
 	if (found)
 		return (ISC_FALSE);
+
 	return (dst_algorithm_supported(alg));
 }
 

From owner-svn-src-stable-9@freebsd.org  Wed Sep  2 21:13:07 2015
Return-Path: <owner-svn-src-stable-9@freebsd.org>
Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 381829C3368;
 Wed,  2 Sep 2015 21:13:07 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 2844119E4;
 Wed,  2 Sep 2015 21:13:07 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.70])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t82LD7hS033207;
 Wed, 2 Sep 2015 21:13:07 GMT (envelope-from gjb@FreeBSD.org)
Received: (from gjb@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id t82LD7JN033206;
 Wed, 2 Sep 2015 21:13:07 GMT (envelope-from gjb@FreeBSD.org)
Message-Id: <201509022113.t82LD7JN033206@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org
 using -f
From: Glen Barber <gjb@FreeBSD.org>
Date: Wed, 2 Sep 2015 21:13:07 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject: svn commit: r287412 - stable/9/release/doc/share/xml
X-SVN-Group: stable-9
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable-9@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for only the 9-stable src tree
 <svn-src-stable-9.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-9/>
List-Post: <mailto:svn-src-stable-9@freebsd.org>
List-Help: <mailto:svn-src-stable-9-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 21:13:07 -0000

Author: gjb
Date: Wed Sep  2 21:13:06 2015
New Revision: 287412
URL: https://svnweb.freebsd.org/changeset/base/287412

Log:
  Document SA-15:23.
  
  Sponsored by:	The FreeBSD Foundation

Modified:
  stable/9/release/doc/share/xml/security.xml

Modified: stable/9/release/doc/share/xml/security.xml
==============================================================================
--- stable/9/release/doc/share/xml/security.xml	Wed Sep  2 21:03:20 2015	(r287411)
+++ stable/9/release/doc/share/xml/security.xml	Wed Sep  2 21:13:06 2015	(r287412)
@@ -224,6 +224,13 @@
 	<entry>25&nbsp;August&nbsp;2015</entry>
 	<entry><para>Multiple vulnerabilities</para></entry>
       </row>
+
+      <row>
+	<entry><link xlink:href="&security.url;/FreeBSD-SA-15:23.bind.asc">FreeBSD-SA-15:23.bind</link></entry>
+	<entry>2&nbsp;September&nbsp;2015</entry>
+	<entry><para>Remote denial of service
+	    vulnerability</para></entry>
+      </row>
     </tbody>
   </tgroup>
 </informaltable>

From owner-svn-src-stable-9@freebsd.org  Thu Sep  3 16:38:27 2015
Return-Path: <owner-svn-src-stable-9@freebsd.org>
Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CFD829C97BA;
 Thu,  3 Sep 2015 16:38:27 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id C044C891;
 Thu,  3 Sep 2015 16:38:27 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.70])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t83GcRdl041918;
 Thu, 3 Sep 2015 16:38:27 GMT (envelope-from jhb@FreeBSD.org)
Received: (from jhb@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id t83GcQaE041914;
 Thu, 3 Sep 2015 16:38:26 GMT (envelope-from jhb@FreeBSD.org)
Message-Id: <201509031638.t83GcQaE041914@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org
 using -f
From: John Baldwin <jhb@FreeBSD.org>
Date: Thu, 3 Sep 2015 16:38:26 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject: svn commit: r287434 - stable/9/sys/dev/ipmi
X-SVN-Group: stable-9
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable-9@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for only the 9-stable src tree
 <svn-src-stable-9.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-9/>
List-Post: <mailto:svn-src-stable-9@freebsd.org>
List-Help: <mailto:svn-src-stable-9-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 16:38:28 -0000

Author: jhb
Date: Thu Sep  3 16:38:26 2015
New Revision: 287434
URL: https://svnweb.freebsd.org/changeset/base/287434

Log:
  MFC 248705,253812,253813:
  - Unlock IPMI sc while performing requests via KCS and SMIC interfaces.
  - empirical testing showed that 3 seconds is just too slow for GET_DEVICE_ID
    to return on newer Dell hardware.  Bump to 6 second timeouts until someone
    has a better idea on how to handle this
  - Check for ipmi_attached in ipmi_isa_probe as a suggested alternative to
    ipmi_isa_attach.  This keeps unintended but harmless noise about "ipmi1"
    from appearing in the boot up sequence.

Modified:
  stable/9/sys/dev/ipmi/ipmi_isa.c
  stable/9/sys/dev/ipmi/ipmi_kcs.c
  stable/9/sys/dev/ipmi/ipmi_smic.c
  stable/9/sys/dev/ipmi/ipmivars.h
Directory Properties:
  stable/9/sys/   (props changed)
  stable/9/sys/dev/   (props changed)

Modified: stable/9/sys/dev/ipmi/ipmi_isa.c
==============================================================================
--- stable/9/sys/dev/ipmi/ipmi_isa.c	Thu Sep  3 12:56:57 2015	(r287433)
+++ stable/9/sys/dev/ipmi/ipmi_isa.c	Thu Sep  3 16:38:26 2015	(r287434)
@@ -78,6 +78,14 @@ static int
 ipmi_isa_probe(device_t dev)
 {
 
+	/*
+	 * Give other drivers precedence.  Unfortunately, this doesn't
+	 * work if we have an SMBIOS table that duplicates a PCI device
+	 * that's later on the bus than the PCI-ISA bridge.
+	 */
+	if (ipmi_attached)
+		return (ENXIO);
+
 	/* Skip any PNP devices. */
 	if (isa_get_logicalid(dev) != 0)
 		return (ENXIO);
@@ -175,14 +183,6 @@ ipmi_isa_attach(device_t dev)
 	    !ipmi_hint_identify(dev, &info))
 		return (ENXIO);
 
-	/*
-	 * Give other drivers precedence.  Unfortunately, this doesn't
-	 * work if we have an SMBIOS table that duplicates a PCI device
-	 * that's later on the bus than the PCI-ISA bridge.
-	 */
-	if (ipmi_attached)
-		return (EBUSY);
-
 	switch (info.iface_type) {
 	case KCS_MODE:
 		count = 2;

Modified: stable/9/sys/dev/ipmi/ipmi_kcs.c
==============================================================================
--- stable/9/sys/dev/ipmi/ipmi_kcs.c	Thu Sep  3 12:56:57 2015	(r287433)
+++ stable/9/sys/dev/ipmi/ipmi_kcs.c	Thu Sep  3 16:38:26 2015	(r287434)
@@ -473,6 +473,7 @@ kcs_loop(void *arg)
 
 	IPMI_LOCK(sc);
 	while ((req = ipmi_dequeue_request(sc)) != NULL) {
+		IPMI_UNLOCK(sc);
 		ok = 0;
 		for (i = 0; i < 3 && !ok; i++)
 			ok = kcs_polled_request(sc, req);
@@ -480,6 +481,7 @@ kcs_loop(void *arg)
 			req->ir_error = 0;
 		else
 			req->ir_error = EIO;
+		IPMI_LOCK(sc);
 		ipmi_complete_request(sc, req);
 	}
 	IPMI_UNLOCK(sc);

Modified: stable/9/sys/dev/ipmi/ipmi_smic.c
==============================================================================
--- stable/9/sys/dev/ipmi/ipmi_smic.c	Thu Sep  3 12:56:57 2015	(r287433)
+++ stable/9/sys/dev/ipmi/ipmi_smic.c	Thu Sep  3 16:38:26 2015	(r287434)
@@ -362,6 +362,7 @@ smic_loop(void *arg)
 
 	IPMI_LOCK(sc);
 	while ((req = ipmi_dequeue_request(sc)) != NULL) {
+		IPMI_UNLOCK(sc);
 		ok = 0;
 		for (i = 0; i < 3 && !ok; i++) {
 			IPMI_IO_LOCK(sc);
@@ -372,6 +373,7 @@ smic_loop(void *arg)
 			req->ir_error = 0;
 		else
 			req->ir_error = EIO;
+		IPMI_LOCK(sc);
 		ipmi_complete_request(sc, req);
 	}
 	IPMI_UNLOCK(sc);

Modified: stable/9/sys/dev/ipmi/ipmivars.h
==============================================================================
--- stable/9/sys/dev/ipmi/ipmivars.h	Thu Sep  3 12:56:57 2015	(r287433)
+++ stable/9/sys/dev/ipmi/ipmivars.h	Thu Sep  3 16:38:26 2015	(r287434)
@@ -222,7 +222,7 @@ struct ipmi_ipmb {
 	((sc)->ipmi_io_res[1] != NULL ? OUTB_MULTIPLE(sc, x, value) :	\
 	    OUTB_SINGLE(sc, x, value))
 
-#define MAX_TIMEOUT 3 * hz
+#define MAX_TIMEOUT 6 * hz
 
 int	ipmi_attach(device_t);
 int	ipmi_detach(device_t);

From owner-svn-src-stable-9@freebsd.org  Thu Sep  3 16:43:39 2015
Return-Path: <owner-svn-src-stable-9@freebsd.org>
Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id DA4629C9AA1;
 Thu,  3 Sep 2015 16:43:38 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id CA6E7CD8;
 Thu,  3 Sep 2015 16:43:38 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.70])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t83Ghcuh045871;
 Thu, 3 Sep 2015 16:43:38 GMT (envelope-from jhb@FreeBSD.org)
Received: (from jhb@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id t83GhbSO045866;
 Thu, 3 Sep 2015 16:43:37 GMT (envelope-from jhb@FreeBSD.org)
Message-Id: <201509031643.t83GhbSO045866@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org
 using -f
From: John Baldwin <jhb@FreeBSD.org>
Date: Thu, 3 Sep 2015 16:43:37 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject: svn commit: r287435 - in stable: 10/sys/dev/ipmi 9/sys/dev/ipmi
X-SVN-Group: stable-9
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable-9@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for only the 9-stable src tree
 <svn-src-stable-9.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-9/>
List-Post: <mailto:svn-src-stable-9@freebsd.org>
List-Help: <mailto:svn-src-stable-9-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 16:43:39 -0000

Author: jhb
Date: Thu Sep  3 16:43:35 2015
New Revision: 287435
URL: https://svnweb.freebsd.org/changeset/base/287435

Log:
  MFC 281941:
  Watchdog drivers need to support rearming the watchdog in contexts which
  are not permitted to sleep.  Only use the IPMI watchdog with backends
  which poll driver-initiated requests to meet this requirement.
  
  In practice this means that watchdogs will no longer be used on systems
  that use the SSIF backend.

Modified:
  stable/9/sys/dev/ipmi/ipmi.c
  stable/9/sys/dev/ipmi/ipmi_kcs.c
  stable/9/sys/dev/ipmi/ipmi_smic.c
  stable/9/sys/dev/ipmi/ipmivars.h
Directory Properties:
  stable/9/sys/   (props changed)
  stable/9/sys/dev/   (props changed)

Changes in other areas also in this revision:
Modified:
  stable/10/sys/dev/ipmi/ipmi.c
  stable/10/sys/dev/ipmi/ipmi_kcs.c
  stable/10/sys/dev/ipmi/ipmi_smic.c
  stable/10/sys/dev/ipmi/ipmivars.h
Directory Properties:
  stable/10/   (props changed)

Modified: stable/9/sys/dev/ipmi/ipmi.c
==============================================================================
--- stable/9/sys/dev/ipmi/ipmi.c	Thu Sep  3 16:38:26 2015	(r287434)
+++ stable/9/sys/dev/ipmi/ipmi.c	Thu Sep  3 16:43:35 2015	(r287435)
@@ -753,17 +753,22 @@ ipmi_startup(void *arg)
 	}
 	device_printf(dev, "Number of channels %d\n", i);
 
-	/* probe for watchdog */
-	IPMI_INIT_DRIVER_REQUEST(req, IPMI_ADDR(IPMI_APP_REQUEST, 0),
-	    IPMI_GET_WDOG, 0, 0);
-
-	ipmi_submit_driver_request(sc, req, 0);
-
-	if (req->ir_compcode == 0x00) {
-		device_printf(dev, "Attached watchdog\n");
-		/* register the watchdog event handler */
-		sc->ipmi_watchdog_tag = EVENTHANDLER_REGISTER(watchdog_list,
-		    ipmi_wd_event, sc, 0);
+	/*
+	 * Probe for watchdog, but only for backends which support
+	 * polled driver requests.
+	 */
+	if (sc->ipmi_driver_requests_polled) {
+		IPMI_INIT_DRIVER_REQUEST(req, IPMI_ADDR(IPMI_APP_REQUEST, 0),
+		    IPMI_GET_WDOG, 0, 0);
+
+		ipmi_submit_driver_request(sc, req, 0);
+
+		if (req->ir_compcode == 0x00) {
+			device_printf(dev, "Attached watchdog\n");
+			/* register the watchdog event handler */
+			sc->ipmi_watchdog_tag = EVENTHANDLER_REGISTER(
+			    watchdog_list, ipmi_wd_event, sc, 0);
+		}
 	}
 
 	sc->ipmi_cdev = make_dev(&ipmi_cdevsw, device_get_unit(dev),

Modified: stable/9/sys/dev/ipmi/ipmi_kcs.c
==============================================================================
--- stable/9/sys/dev/ipmi/ipmi_kcs.c	Thu Sep  3 16:38:26 2015	(r287434)
+++ stable/9/sys/dev/ipmi/ipmi_kcs.c	Thu Sep  3 16:43:35 2015	(r287435)
@@ -520,6 +520,7 @@ ipmi_kcs_attach(struct ipmi_softc *sc)
 	sc->ipmi_startup = kcs_startup;
 	sc->ipmi_enqueue_request = ipmi_polled_enqueue_request;
 	sc->ipmi_driver_request = kcs_driver_request;
+	sc->ipmi_driver_requests_polled = 1;
 
 	/* See if we can talk to the controller. */
 	status = INB(sc, KCS_CTL_STS);

Modified: stable/9/sys/dev/ipmi/ipmi_smic.c
==============================================================================
--- stable/9/sys/dev/ipmi/ipmi_smic.c	Thu Sep  3 16:38:26 2015	(r287434)
+++ stable/9/sys/dev/ipmi/ipmi_smic.c	Thu Sep  3 16:43:35 2015	(r287435)
@@ -415,6 +415,7 @@ ipmi_smic_attach(struct ipmi_softc *sc)
 	sc->ipmi_startup = smic_startup;
 	sc->ipmi_enqueue_request = ipmi_polled_enqueue_request;
 	sc->ipmi_driver_request = smic_driver_request;
+	sc->ipmi_driver_requests_polled = 1;
 
 	/* See if we can talk to the controller. */
 	flags = INB(sc, SMIC_FLAGS);

Modified: stable/9/sys/dev/ipmi/ipmivars.h
==============================================================================
--- stable/9/sys/dev/ipmi/ipmivars.h	Thu Sep  3 16:38:26 2015	(r287434)
+++ stable/9/sys/dev/ipmi/ipmivars.h	Thu Sep  3 16:43:35 2015	(r287435)
@@ -105,6 +105,7 @@ struct ipmi_softc {
 	int			ipmi_opened;
 	struct cdev		*ipmi_cdev;
 	TAILQ_HEAD(,ipmi_request) ipmi_pending_requests;
+	int			ipmi_driver_requests_polled;
 	eventhandler_tag	ipmi_watchdog_tag;
 	int			ipmi_watchdog_active;
 	struct intr_config_hook	ipmi_ich;

From owner-svn-src-stable-9@freebsd.org  Thu Sep  3 18:23:11 2015
Return-Path: <owner-svn-src-stable-9@freebsd.org>
Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2E33A9CA66B;
 Thu,  3 Sep 2015 18:23:11 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 12AE58A;
 Thu,  3 Sep 2015 18:23:11 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.70])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t83INAuc089038;
 Thu, 3 Sep 2015 18:23:10 GMT (envelope-from jhb@FreeBSD.org)
Received: (from jhb@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id t83INANS089034;
 Thu, 3 Sep 2015 18:23:10 GMT (envelope-from jhb@FreeBSD.org)
Message-Id: <201509031823.t83INANS089034@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org
 using -f
From: John Baldwin <jhb@FreeBSD.org>
Date: Thu, 3 Sep 2015 18:23:10 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject: svn commit: r287439 - in stable: 10/lib/libutil 9/lib/libutil
X-SVN-Group: stable-9
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable-9@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for only the 9-stable src tree
 <svn-src-stable-9.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-9/>
List-Post: <mailto:svn-src-stable-9@freebsd.org>
List-Help: <mailto:svn-src-stable-9-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 18:23:11 -0000

Author: jhb
Date: Thu Sep  3 18:23:07 2015
New Revision: 287439
URL: https://svnweb.freebsd.org/changeset/base/287439

Log:
  MFC 283622:
  Add <sys/user.h> to the SYNOPSIS of the kinfo_get*() functions since these
  functions all return types that are defined in that header.

Modified:
  stable/9/lib/libutil/kinfo_getallproc.3
  stable/9/lib/libutil/kinfo_getfile.3
  stable/9/lib/libutil/kinfo_getproc.3
  stable/9/lib/libutil/kinfo_getvmmap.3
Directory Properties:
  stable/9/lib/libutil/   (props changed)

Changes in other areas also in this revision:
Modified:
  stable/10/lib/libutil/kinfo_getallproc.3
  stable/10/lib/libutil/kinfo_getfile.3
  stable/10/lib/libutil/kinfo_getproc.3
  stable/10/lib/libutil/kinfo_getvmmap.3
Directory Properties:
  stable/10/   (props changed)

Modified: stable/9/lib/libutil/kinfo_getallproc.3
==============================================================================
--- stable/9/lib/libutil/kinfo_getallproc.3	Thu Sep  3 18:14:31 2015	(r287438)
+++ stable/9/lib/libutil/kinfo_getallproc.3	Thu Sep  3 18:23:07 2015	(r287439)
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd July 9, 2009
+.Dd May 27, 2015
 .Os
 .Dt KINFO_GETALLPROC 3
 .Sh NAME
@@ -35,6 +35,7 @@
 .Lb libutil
 .Sh SYNOPSIS
 .In sys/types.h
+.In sys/user.h
 .In libutil.h
 .Ft struct kinfo_proc *
 .Fn kinfo_getallproc "int *cntp"

Modified: stable/9/lib/libutil/kinfo_getfile.3
==============================================================================
--- stable/9/lib/libutil/kinfo_getfile.3	Thu Sep  3 18:14:31 2015	(r287438)
+++ stable/9/lib/libutil/kinfo_getfile.3	Thu Sep  3 18:23:07 2015	(r287439)
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd December 6, 2008
+.Dd May 27, 2015
 .Dt KINFO_GETFILE 3
 .Os
 .Sh NAME
@@ -35,6 +35,7 @@
 .Lb libutil
 .Sh SYNOPSIS
 .In sys/types.h
+.In sys/user.h
 .In libutil.h
 .Ft struct kinfo_file *
 .Fn kinfo_getfile "pid_t pid" "int *cntp"

Modified: stable/9/lib/libutil/kinfo_getproc.3
==============================================================================
--- stable/9/lib/libutil/kinfo_getproc.3	Thu Sep  3 18:14:31 2015	(r287438)
+++ stable/9/lib/libutil/kinfo_getproc.3	Thu Sep  3 18:23:07 2015	(r287439)
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd March 1, 2013
+.Dd May 27, 2015
 .Os
 .Dt KINFO_GETPROC 3
 .Sh NAME
@@ -35,6 +35,7 @@
 .Lb libutil
 .Sh SYNOPSIS
 .In sys/types.h
+.In sys/user.h
 .In libutil.h
 .Ft struct kinfo_proc *
 .Fn kinfo_getproc "pid_t pid"

Modified: stable/9/lib/libutil/kinfo_getvmmap.3
==============================================================================
--- stable/9/lib/libutil/kinfo_getvmmap.3	Thu Sep  3 18:14:31 2015	(r287438)
+++ stable/9/lib/libutil/kinfo_getvmmap.3	Thu Sep  3 18:23:07 2015	(r287439)
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd December 6, 2008
+.Dd May 27, 2015
 .Dt KINFO_GETVMMAP 3
 .Os
 .Sh NAME
@@ -35,6 +35,7 @@
 .Lb libutil
 .Sh SYNOPSIS
 .In sys/types.h
+.In sys/user.h
 .In libutil.h
 .Ft struct kinfo_vmentry *
 .Fn kinfo_getvmmap "pid_t pid" "int *cntp"

From owner-svn-src-stable-9@freebsd.org  Fri Sep  4 00:42:06 2015
Return-Path: <owner-svn-src-stable-9@freebsd.org>
Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D138D9C93F4;
 Fri,  4 Sep 2015 00:42:06 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id C16D63E8;
 Fri,  4 Sep 2015 00:42:06 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.70])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t840g6Z0047064;
 Fri, 4 Sep 2015 00:42:06 GMT (envelope-from delphij@FreeBSD.org)
Received: (from delphij@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id t840g6Mt047063;
 Fri, 4 Sep 2015 00:42:06 GMT (envelope-from delphij@FreeBSD.org)
Message-Id: <201509040042.t840g6Mt047063@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: delphij set sender to
 delphij@FreeBSD.org using -f
From: Xin LI <delphij@FreeBSD.org>
Date: Fri, 4 Sep 2015 00:42:06 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject: svn commit: r287447 - stable/9/usr.bin/bluetooth/btsockstat
X-SVN-Group: stable-9
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable-9@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for only the 9-stable src tree
 <svn-src-stable-9.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-9/>
List-Post: <mailto:svn-src-stable-9@freebsd.org>
List-Help: <mailto:svn-src-stable-9-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Sep 2015 00:42:06 -0000

Author: delphij
Date: Fri Sep  4 00:42:05 2015
New Revision: 287447
URL: https://svnweb.freebsd.org/changeset/base/287447

Log:
  MFC r287345:
  
  Drop group privileges after opening the kvm descriptor, otherwise, the code
  would not drop privileges as expected.
  
  While there also add checks for the drop and bail out immediately if we
  failed.

Modified:
  stable/9/usr.bin/bluetooth/btsockstat/btsockstat.c
Directory Properties:
  stable/9/usr.bin/bluetooth/   (props changed)

Modified: stable/9/usr.bin/bluetooth/btsockstat/btsockstat.c
==============================================================================
--- stable/9/usr.bin/bluetooth/btsockstat/btsockstat.c	Fri Sep  4 00:41:29 2015	(r287446)
+++ stable/9/usr.bin/bluetooth/btsockstat/btsockstat.c	Fri Sep  4 00:42:05 2015	(r287447)
@@ -154,9 +154,9 @@ main(int argc, char *argv[])
 	 * Discard setgid privileges if not the running kernel so that
 	 * bad guys can't print interesting stuff from kernel memory.
 	 */
-
 	if (memf != NULL)
-		setgid(getgid());
+		if (setgid(getgid()) != 0)
+			err(1, "setgid");
 
 	kvmd = kopen(memf);
 	if (kvmd == NULL)
@@ -583,15 +583,9 @@ kopen(char const *memf)
 	kvm_t	*kvmd = NULL;
 	char	 errbuf[_POSIX2_LINE_MAX];
 
-	/*
-	 * Discard setgid privileges if not the running kernel so that 
-	 * bad guys can't print interesting stuff from kernel memory.
-	 */
-
-	if (memf != NULL)
-		setgid(getgid());   
-
 	kvmd = kvm_openfiles(NULL, memf, NULL, O_RDONLY, errbuf);
+	if (setgid(getgid()) != 0)
+		err(1, "setgid");
 	if (kvmd == NULL) {
 		warnx("kvm_openfiles: %s", errbuf);
 		return (NULL);

From owner-svn-src-stable-9@freebsd.org  Fri Sep  4 14:18:21 2015
Return-Path: <owner-svn-src-stable-9@freebsd.org>
Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A7EA69C910A
 for <svn-src-stable-9@mailman.ysv.freebsd.org>;
 Fri,  4 Sep 2015 14:18:21 +0000 (UTC)
 (envelope-from s.tyshchenko@identika.pro)
Received: from scale222.ru (scale222.ru [51.254.99.22])
 (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 570D618B0
 for <svn-src-stable-9@freebsd.org>; Fri,  4 Sep 2015 14:18:20 +0000 (UTC)
 (envelope-from s.tyshchenko@identika.pro)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=scale222.ru;
 s=default; 
 h=Content-Type:List-Unsubscribe:Message-ID:Sender:From:Date:MIME-Version:Subject:To;
 bh=aX1WtmcNrS4DfKhEcsue7lriL4I3kbp/ZYx3KpGaics=; 
 b=bIYYRMBgMIR5W91IbCPa9vi61YOhePIaD+OGxgg5nxRT+pxcgZlk1QitF92V+0JwO5uuBbhlsI/LbGj/QgiAMrR5NKtvvcFSxLnJ5/VufRXJFdSnHjdj/weAR7Q7XdLB/CnwoXt6G3BBak/GJdVddb8IqAlnUxAaCF7wVN8DRZU=;
Received: from root by scale222.ru with local (Exim 4.80)
 (envelope-from <s.tyshchenko@identika.pro>) id 1ZXron-0006vr-Iq
 for svn-src-stable-9@freebsd.org; Fri, 04 Sep 2015 16:18:17 +0200
To: svn-src-stable-9@freebsd.org
Subject: Plastic ProductS
MIME-Version: 1.0
Date: Fri, 4 Sep 2015 16:18:17 +0200
From: Sergey Tyshchenko <s.tyshchenko@identika.pro>
Sender: s.tyshchenko@identika.pro
Message-ID: <243144874.27121@scale222.ru>
X-Priority: 3
X-Mailer: scale222.ru mailer. Ver. 1.1.
Precedence: bulk
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: base64
X-Content-Filtered-By: Mailman/MimeDel 2.1.20
X-BeenThere: svn-src-stable-9@freebsd.org
X-Mailman-Version: 2.1.20
List-Id: SVN commit messages for only the 9-stable src tree
 <svn-src-stable-9.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-9/>
List-Post: <mailto:svn-src-stable-9@freebsd.org>
List-Help: <mailto:svn-src-stable-9-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable-9>, 
 <mailto:svn-src-stable-9-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Sep 2015 14:18:21 -0000

TWFudWZhY3R1cmUgb2YgwqBwcmludGVkIHByb2R1Y3RzIGZyb20gQUJTIHBsYXN0aWMsIGFjcnls
aWMsIFBFVCBtZXRob2Qgb2YgdmFjdXVtIGZvcm1pbmcuIFNlcmllcyBwcm9kdWN0aW9uIG9mIExl
dHRlcnMsIHNpZ25zLCBsaWdodCBib3hlcyAobGlnaHRib3gpLCBQT1MgbWF0ZXJpYWwgZm9yIHJl
dGFpbCBjaGFpbnMuRXhhbXBsZXMgb2Ygb3VyIHdvcms6wqBodHRwOi8vaWRlbnRpa2EucHJvL2Nv
dW50ZXJfbGluay9wcmVzZW50YXRpb25fZW4ucGRm4oCLDQoJCQkJCQkJCQkJCQkJCQkJCQkJDQoJ
CQkJCQkJCQkJCQkJCQkJCQkJDQoJCQkJCQkJCQkJCQkJCQkJCQkJCQ0KCQkJCQkJCQkJCQkJCQkJ
CQkJCQkNCgkJCQkJCQkJCQkJCQkJCQkJCQkJDQoJCQkJCQkJCQkJCQkJCQkJCQkJCQ0KCQkJCQkJ
CQkJCQkJCQkJCQkJCQkNCgkJCQkJCQkJCQkJCQkJCQkNCgkJCQkJCQkJCQkJCQkJCQkNCgkJCQkJ
CQkJCQkJCQkJCQkNCgkJCQkJCQkJCQkJCQkJCQkNCgkJCQkJCQkJCQkJCQkJCQkJDQoJCQkJCQkJ
CQkJCQkJCQkJCQkNCgkJCQkJCQkJCQkJCQkJCQkJCQkNCgkJCQkJCQkJCQkJCQkJCQkJCQkJU2Vy
Z2V5IFR5c2hjaGVua29DRU8gfMKgSURFTlRJS0EuUFJPVmliZXI6wqArMzgwNTA1NTY2OTY1wqB8
IFdoYXRzQXBwOsKgKzM4MDUwNTU2Njk2NVNreXBlOiB0LnNlcmdleS5tcy50eXNoY2hlbmtvQGlk
ZW50aWthLnBybyB8wqBpZGVudGlrYS5wcm8wMzA0MCB8IEdvbG9zaWl2c2t5aSBBdmUuIDcwIHwg
b2ZmaWNlIDUwMiB8IEtpZXbCoA==