Date: Wed, 16 Mar 2016 04:37:26 +0000 (UTC) From: Gleb Smirnoff <glebius@FreeBSD.org> To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r296928 - in user/cperciva/freebsd-update-build/patches: 10.1-RELEASE 10.2-RELEASE 9.3-RELEASE Message-ID: <201603160437.u2G4bQJ4015634@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: glebius Date: Wed Mar 16 04:37:26 2016 New Revision: 296928 URL: https://svnweb.freebsd.org/changeset/base/296928 Log: Two ENs on hyperv and an advisory on OpenSSH. Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/31-EN-16:04.hyperv user/cperciva/freebsd-update-build/patches/10.1-RELEASE/31-SA-16:14.openssh-xauth user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-EN-16:04.hyperv user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-EN-16:05.hyperv user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-SA-16:14.openssh-xauth user/cperciva/freebsd-update-build/patches/9.3-RELEASE/39-SA-16:14.openssh-xauth Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/31-EN-16:04.hyperv ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/31-EN-16:04.hyperv Wed Mar 16 04:37:26 2016 (r296928) @@ -0,0 +1,48 @@ +--- sys/dev/hyperv/utilities/hv_kvp.c.orig ++++ sys/dev/hyperv/utilities/hv_kvp.c +@@ -44,6 +44,7 @@ + #include <sys/reboot.h> + #include <sys/lock.h> + #include <sys/taskqueue.h> ++#include <sys/selinfo.h> + #include <sys/sysctl.h> + #include <sys/poll.h> + #include <sys/proc.h> +@@ -114,6 +115,8 @@ + static struct hv_kvp_msg *hv_kvp_dev_buf; + struct proc *daemon_task; + ++static struct selinfo hv_kvp_selinfo; ++ + /* + * Global state to track and synchronize multiple + * KVP transaction requests from the host. +@@ -628,6 +631,9 @@ + + /* Send the msg to user via function deamon_read - setting sema */ + sema_post(&kvp_globals.dev_sema); ++ ++ /* We should wake up the daemon, in case it's doing poll() */ ++ selwakeup(&hv_kvp_selinfo); + } + + +@@ -940,7 +946,7 @@ + * for daemon to read. + */ + static int +-hv_kvp_dev_daemon_poll(struct cdev *dev __unused, int events, struct thread *td __unused) ++hv_kvp_dev_daemon_poll(struct cdev *dev __unused, int events, struct thread *td) + { + int revents = 0; + +@@ -953,6 +959,9 @@ + */ + if (kvp_globals.daemon_busy == true) + revents = POLLIN; ++ else ++ selrecord(td, &hv_kvp_selinfo); ++ + mtx_unlock(&kvp_globals.pending_mutex); + + return (revents); Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/31-SA-16:14.openssh-xauth ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/31-SA-16:14.openssh-xauth Wed Mar 16 04:37:26 2016 (r296928) @@ -0,0 +1,62 @@ +--- crypto/openssh/session.c.orig ++++ crypto/openssh/session.c +@@ -46,6 +46,7 @@ + + #include <arpa/inet.h> + ++#include <ctype.h> + #include <errno.h> + #include <fcntl.h> + #include <grp.h> +@@ -274,6 +275,21 @@ + do_cleanup(authctxt); + } + ++/* Check untrusted xauth strings for metacharacters */ ++static int ++xauth_valid_string(const char *s) ++{ ++ size_t i; ++ ++ for (i = 0; s[i] != '\0'; i++) { ++ if (!isalnum((u_char)s[i]) && ++ s[i] != '.' && s[i] != ':' && s[i] != '/' && ++ s[i] != '-' && s[i] != '_') ++ return 0; ++ } ++ return 1; ++} ++ + /* + * Prepares for an interactive session. This is called after the user has + * been successfully authenticated. During this message exchange, pseudo +@@ -347,7 +363,13 @@ + s->screen = 0; + } + packet_check_eom(); +- success = session_setup_x11fwd(s); ++ if (xauth_valid_string(s->auth_proto) && ++ xauth_valid_string(s->auth_data)) ++ success = session_setup_x11fwd(s); ++ else { ++ success = 0; ++ error("Invalid X11 forwarding data"); ++ } + if (!success) { + free(s->auth_proto); + free(s->auth_data); +@@ -2178,7 +2200,13 @@ + s->screen = packet_get_int(); + packet_check_eom(); + +- success = session_setup_x11fwd(s); ++ if (xauth_valid_string(s->auth_proto) && ++ xauth_valid_string(s->auth_data)) ++ success = session_setup_x11fwd(s); ++ else { ++ success = 0; ++ error("Invalid X11 forwarding data"); ++ } + if (!success) { + free(s->auth_proto); + free(s->auth_data); Added: user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-EN-16:04.hyperv ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-EN-16:04.hyperv Wed Mar 16 04:37:26 2016 (r296928) @@ -0,0 +1,48 @@ +--- sys/dev/hyperv/utilities/hv_kvp.c.orig ++++ sys/dev/hyperv/utilities/hv_kvp.c +@@ -44,6 +44,7 @@ + #include <sys/reboot.h> + #include <sys/lock.h> + #include <sys/taskqueue.h> ++#include <sys/selinfo.h> + #include <sys/sysctl.h> + #include <sys/poll.h> + #include <sys/proc.h> +@@ -114,6 +115,8 @@ + static struct hv_kvp_msg *hv_kvp_dev_buf; + struct proc *daemon_task; + ++static struct selinfo hv_kvp_selinfo; ++ + /* + * Global state to track and synchronize multiple + * KVP transaction requests from the host. +@@ -628,6 +631,9 @@ + + /* Send the msg to user via function deamon_read - setting sema */ + sema_post(&kvp_globals.dev_sema); ++ ++ /* We should wake up the daemon, in case it's doing poll() */ ++ selwakeup(&hv_kvp_selinfo); + } + + +@@ -940,7 +946,7 @@ + * for daemon to read. + */ + static int +-hv_kvp_dev_daemon_poll(struct cdev *dev __unused, int events, struct thread *td __unused) ++hv_kvp_dev_daemon_poll(struct cdev *dev __unused, int events, struct thread *td) + { + int revents = 0; + +@@ -953,6 +959,9 @@ + */ + if (kvp_globals.daemon_busy == true) + revents = POLLIN; ++ else ++ selrecord(td, &hv_kvp_selinfo); ++ + mtx_unlock(&kvp_globals.pending_mutex); + + return (revents); Added: user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-EN-16:05.hyperv ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-EN-16:05.hyperv Wed Mar 16 04:37:26 2016 (r296928) @@ -0,0 +1,28 @@ +--- sys/dev/hyperv/netvsc/hv_netvsc_drv_freebsd.c.orig ++++ sys/dev/hyperv/netvsc/hv_netvsc_drv_freebsd.c +@@ -128,6 +128,15 @@ + #define HV_NV_SC_PTR_OFFSET_IN_BUF 0 + #define HV_NV_PACKET_OFFSET_IN_BUF 16 + ++/* ++ * A unified flag for all outbound check sum flags is useful, ++ * and it helps avoiding unnecessary check sum calculation in ++ * network forwarding scenario. ++ */ ++#define HV_CSUM_FOR_OUTBOUND \ ++ (CSUM_IP|CSUM_IP_UDP|CSUM_IP_TCP|CSUM_IP_SCTP|CSUM_IP_TSO| \ ++ CSUM_IP_ISCSI|CSUM_IP6_UDP|CSUM_IP6_TCP|CSUM_IP6_SCTP| \ ++ CSUM_IP6_TSO|CSUM_IP6_ISCSI) + + /* + * Data types +@@ -570,7 +579,8 @@ + packet->vlan_tci & 0xfff; + } + +- if (0 == m_head->m_pkthdr.csum_flags) { ++ /* Only check the flags for outbound and ignore the ones for inbound */ ++ if (0 == (m_head->m_pkthdr.csum_flags & HV_CSUM_FOR_OUTBOUND)) { + goto pre_send; + } + Added: user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-SA-16:14.openssh-xauth ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-SA-16:14.openssh-xauth Wed Mar 16 04:37:26 2016 (r296928) @@ -0,0 +1,62 @@ +--- crypto/openssh/session.c.orig ++++ crypto/openssh/session.c +@@ -46,6 +46,7 @@ + + #include <arpa/inet.h> + ++#include <ctype.h> + #include <errno.h> + #include <fcntl.h> + #include <grp.h> +@@ -274,6 +275,21 @@ + do_cleanup(authctxt); + } + ++/* Check untrusted xauth strings for metacharacters */ ++static int ++xauth_valid_string(const char *s) ++{ ++ size_t i; ++ ++ for (i = 0; s[i] != '\0'; i++) { ++ if (!isalnum((u_char)s[i]) && ++ s[i] != '.' && s[i] != ':' && s[i] != '/' && ++ s[i] != '-' && s[i] != '_') ++ return 0; ++ } ++ return 1; ++} ++ + /* + * Prepares for an interactive session. This is called after the user has + * been successfully authenticated. During this message exchange, pseudo +@@ -347,7 +363,13 @@ + s->screen = 0; + } + packet_check_eom(); +- success = session_setup_x11fwd(s); ++ if (xauth_valid_string(s->auth_proto) && ++ xauth_valid_string(s->auth_data)) ++ success = session_setup_x11fwd(s); ++ else { ++ success = 0; ++ error("Invalid X11 forwarding data"); ++ } + if (!success) { + free(s->auth_proto); + free(s->auth_data); +@@ -2178,7 +2200,13 @@ + s->screen = packet_get_int(); + packet_check_eom(); + +- success = session_setup_x11fwd(s); ++ if (xauth_valid_string(s->auth_proto) && ++ xauth_valid_string(s->auth_data)) ++ success = session_setup_x11fwd(s); ++ else { ++ success = 0; ++ error("Invalid X11 forwarding data"); ++ } + if (!success) { + free(s->auth_proto); + free(s->auth_data); Added: user/cperciva/freebsd-update-build/patches/9.3-RELEASE/39-SA-16:14.openssh-xauth ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/9.3-RELEASE/39-SA-16:14.openssh-xauth Wed Mar 16 04:37:26 2016 (r296928) @@ -0,0 +1,62 @@ +--- crypto/openssh/session.c.orig ++++ crypto/openssh/session.c +@@ -46,6 +46,7 @@ + + #include <arpa/inet.h> + ++#include <ctype.h> + #include <errno.h> + #include <fcntl.h> + #include <grp.h> +@@ -274,6 +275,21 @@ + do_cleanup(authctxt); + } + ++/* Check untrusted xauth strings for metacharacters */ ++static int ++xauth_valid_string(const char *s) ++{ ++ size_t i; ++ ++ for (i = 0; s[i] != '\0'; i++) { ++ if (!isalnum((u_char)s[i]) && ++ s[i] != '.' && s[i] != ':' && s[i] != '/' && ++ s[i] != '-' && s[i] != '_') ++ return 0; ++ } ++ return 1; ++} ++ + /* + * Prepares for an interactive session. This is called after the user has + * been successfully authenticated. During this message exchange, pseudo +@@ -347,7 +363,13 @@ + s->screen = 0; + } + packet_check_eom(); +- success = session_setup_x11fwd(s); ++ if (xauth_valid_string(s->auth_proto) && ++ xauth_valid_string(s->auth_data)) ++ success = session_setup_x11fwd(s); ++ else { ++ success = 0; ++ error("Invalid X11 forwarding data"); ++ } + if (!success) { + free(s->auth_proto); + free(s->auth_data); +@@ -2178,7 +2200,13 @@ + s->screen = packet_get_int(); + packet_check_eom(); + +- success = session_setup_x11fwd(s); ++ if (xauth_valid_string(s->auth_proto) && ++ xauth_valid_string(s->auth_data)) ++ success = session_setup_x11fwd(s); ++ else { ++ success = 0; ++ error("Invalid X11 forwarding data"); ++ } + if (!success) { + free(s->auth_proto); + free(s->auth_data);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201603160437.u2G4bQJ4015634>