Sync 20220916

ChangeLog

@@ -1,3 +1,90 @@
+2022-03-31 17:27  naddy
+
+	* usr.sbin/dhcpd/: dhcp-options.5, dhcpd.8, dhcpd.conf.5: man
+	  pages: add missing commas between subordinate and main clauses
+
+	  jmc@ dislikes a comma before "then" in a conditional, so leave
+	  those untouched.
+
+	  ok jmc@
+
+2022-01-28 06:33  guenther
+
+	* usr.sbin/dhcpd/memory.c: When it's the possessive of 'it', it's
+	  spelled "its", without the apostrophe.
+
+2022-01-16 21:20  naddy
+
+	* usr.sbin/dhcpd/parse.c: dhcpd: fix -Wunused-but-set-variable
+	  warning
+
+	  ok krw@
+
+2022-01-05 11:01  tb
+
+	* usr.sbin/dhcpd/sync.c: dhcpd: straightforward conversion to
+	  HMAC_CTX on the heap, similar to what was done in spamd a while
+	  back.
+
+	  ok florian
+
+2021-12-13 18:28  deraadt
+
+	* usr.sbin/dhcpd/log.h: including sys/cdefs.h manually started as a
+	  result of netbsd trying to macro-build a replacement for sccsid,
+	  and was done without any concern for namespace damage.
+	  Unfortunately this practice started infecting other code as
+	  others were unaware they didn't need the file.  ok millert
+	  guenther
+
+2021-11-20 11:47  kn
+
+	* usr.sbin/dhcpd/dispatch.c: Start on DOWN interfaces
+
+	  Do not skip interfaces during startup because they're not UP.
+
+	  dhcpd(8) can start listening on such interfaces just fine (given
+	  suitable IPs on them) and interfaces may come UP later in time.
+
+	  Otherwise dhcpd would fail to start completely if it didn't find
+	  any interface that would be UP early on and administrators had to
+	  restart dhcpd.
+
+	  Other daemons and nc(1)'s `-l' listen just fine on DOWN
+	  interfaces as well.
+
+	  Noticed while switching a bridge(4)/vether(4) setup to
+	  veb(4)/vport(4) and hostname.vport without explicit "up" (vport
+	  does not implicitly pulls itself UP when configuring an address).
+
+	  OK dlg florian
+
+2021-10-24 21:24  deraadt
+
+	* usr.sbin/dhcpd/pfutils.c: For open/openat, if the flags parameter
+	  does not contain O_CREAT, the 3rd (variadic) mode_t parameter is
+	  irrelevant.  Many developers in the past have passed mode_t (0,
+	  044, 0644, or such), which might lead future people to copy this
+	  broken idiom, and perhaps even believe this parameter has some
+	  meaning or implication or application. Delete them all.  This
+	  comes out of a conversation where tb@ noticed that a strange (but
+	  intentional) pledge behaviour is to always knock-out high-bits
+	  from mode_t on a number of system calls as a safety factor, and
+	  his bewilderment that this appeared to be happening against valid
+	  modes (at least visually), but no sorry, they are all irrelevant
+	  junk.  They could all be 0xdeafbeef.	ok millert
+
+2021-07-12 15:09  beck
+
+	* usr.sbin/dhcpd/pfutils.c: Change the error reporting pattern
+	  throughout the tree when unveil fails to report the path that the
+	  failure occured on. Suggested by deraadt@ after some tech
+	  discussion.
+
+	  Work done and verified by Ashton Fagg <[email protected]>
+
+	  ok deraadt@ semarie@ claudio@
+
 2020-11-10 16:42  krw
 
 	* usr.sbin/dhcpd/: dhcpd.h, hash.c, memory.c: Remove prototypes for

src/usr.sbin/dhcpd/dhcp-options.5

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: dhcp-options.5,v 1.31 2019/05/08 22:00:55 krw Exp $
+.\"	$OpenBSD: dhcp-options.5,v 1.32 2022/03/31 17:27:29 naddy Exp $
 .\"
 .\" Copyright (c) 1995, 1996, 1997, 1998 The Internet Software Consortium.
 .\" All rights reserved.
@@ -36,7 +36,7 @@
 .\" see ``http://www.isc.org/isc''.  To learn more about Vixie
 .\" Enterprises, see ``http://www.vix.com''.
 .\"
-.Dd $Mdocdate: May 8 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt DHCP-OPTIONS 5
 .Os
 .Sh NAME
@@ -294,7 +294,7 @@ used during DNS name resolution.
 When
 .Xr dhclient 8
 constructs
-.Xr resolv.conf 5
+.Xr resolv.conf 5 ,
 it will use this list of domains in preference to any information
 provided by the
 .Ic domain-name

src/usr.sbin/dhcpd/dhcpd.8

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: dhcpd.8,v 1.29 2017/08/29 08:20:18 jmc Exp $
+.\"	$OpenBSD: dhcpd.8,v 1.30 2022/03/31 17:27:29 naddy Exp $
 .\"
 .\" Copyright (c) 1995, 1996 The Internet Software Consortium.
 .\" All rights reserved.
@@ -36,7 +36,7 @@
 .\" see ``http://www.isc.org/''.  To learn more about Vixie
 .\" Enterprises, see ``http://www.vix.com''.
 .\"
-.Dd $Mdocdate: August 29 2017 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt DHCPD 8
 .Os
 .Sh NAME
@@ -202,7 +202,7 @@ will run in the foreground and log to
 An alias for
 .Fl d .
 .It Fl L Ar leased_ip_table
-When an address is leased
+When an address is leased,
 .Nm
 will insert it into the
 .Xr pf 4

src/usr.sbin/dhcpd/dhcpd.conf.5

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: dhcpd.conf.5,v 1.26 2020/05/16 16:58:11 jmc Exp $
+.\"	$OpenBSD: dhcpd.conf.5,v 1.27 2022/03/31 17:27:29 naddy Exp $
 .\"
 .\" Copyright (c) 1995, 1996, 1997, 1998, 1998, 1999
 .\" The Internet Software Consortium.    All rights reserved.
@@ -36,7 +36,7 @@
 .\" see ``http://www.isc.org/isc''.  To learn more about Vixie
 .\" Enterprises, see ``http://www.vix.com''.
 .\"
-.Dd $Mdocdate: May 16 2020 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt DHCPD.CONF 5
 .Os
 .Sh NAME
@@ -875,7 +875,7 @@ to be false.
 .Pp
 When
 .Ic echo-client-id
-is true
+is true ,
 .Xr dhcpd 8
 copies option dhcp-client-identifier (code 61)
 from

src/usr.sbin/dhcpd/dispatch.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: dispatch.c,v 1.43 2017/04/12 19:17:30 krw Exp $ */
+/*	$OpenBSD: dispatch.c,v 1.44 2021/11/20 11:47:02 kn Exp $ */
 
 /*
  * Copyright (c) 1995, 1996, 1997, 1998, 1999
@@ -112,13 +112,12 @@ discover_interfaces(int *rdomain)
 	for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next) {
 		/*
 		 * See if this is the sort of interface we want to
-		 * deal with.  Skip loopback, point-to-point and down
+		 * deal with.  Skip loopback and point-to-point
 		 * interfaces, except don't skip down interfaces if we're
 		 * trying to get a list of configurable interfaces.
 		 */
 		if ((ifa->ifa_flags & IFF_LOOPBACK) ||
 		    (ifa->ifa_flags & IFF_POINTOPOINT) ||
-		    (!(ifa->ifa_flags & IFF_UP)) ||
 		    (!(ifa->ifa_flags & IFF_BROADCAST)))
 			continue;
 

src/usr.sbin/dhcpd/log.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: log.h,v 1.1 2017/02/13 19:13:14 krw Exp $ */
+/*	$OpenBSD: log.h,v 1.2 2021/12/13 18:28:40 deraadt Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <[email protected]>
@@ -20,7 +20,6 @@
 #define LOG_H
 
 #include <stdarg.h>
-#include <sys/cdefs.h>
 
 void	log_init(int, int);
 void	log_procinit(const char *);

src/usr.sbin/dhcpd/memory.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: memory.c,v 1.30 2020/11/10 16:42:17 krw Exp $ */
+/*	$OpenBSD: memory.c,v 1.31 2022/01/28 06:33:27 guenther Exp $ */
 
 /*
  * Copyright (c) 1995, 1996, 1997, 1998 The Internet Software Consortium.
@@ -653,7 +653,7 @@ release_lease(struct lease *lease)
 
 
 /*
- * Abandon the specified lease for the specified time. sets it's
+ * Abandon the specified lease for the specified time. sets its
  * particulars to zero, the end time appropriately and re-hash it as
  * appropriate. abandons permanently if abtime is 0
  */

src/usr.sbin/dhcpd/parse.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.c,v 1.27 2020/04/16 23:23:21 dtucker Exp $	*/
+/*	$OpenBSD: parse.c,v 1.28 2022/01/16 21:20:25 naddy Exp $	*/
 
 /* Common parser code for dhcpd and dhclient. */
 
@@ -293,9 +293,8 @@ parse_lease_time(FILE *cfile, time_t *timep)
 	const char *errstr;
 	char *val;
 	uint32_t value;
-	int token;
 
-	token = next_token(&val, cfile);
+	next_token(&val, cfile);
 
 	value = strtonum(val, 0, UINT32_MAX, &errstr);
 	if (errstr) {

src/usr.sbin/dhcpd/pfutils.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfutils.c,v 1.21 2019/08/08 06:59:44 mestre Exp $ */
+/*	$OpenBSD: pfutils.c,v 1.23 2021/10/24 21:24:18 deraadt Exp $ */
 /*
  * Copyright (c) 2006 Chris Kuethe <[email protected]>
  *
@@ -52,7 +52,7 @@ pftable_handler()
 	struct pollfd pfd[1];
 	int l, r, fd, nfds;
 
-	if ((fd = open(_PATH_DEV_PF, O_RDWR|O_NOFOLLOW, 0660)) == -1)
+	if ((fd = open(_PATH_DEV_PF, O_RDWR|O_NOFOLLOW)) == -1)
 		fatal("can't open pf device");
 
 	if (setgroups(1, &pw->pw_gid) ||
@@ -62,7 +62,7 @@ pftable_handler()
 
 	/* no filesystem visibility */
 	if (unveil("/", "") == -1)
-		fatal("unveil");
+		fatal("unveil /");
 	if (unveil(NULL, NULL) == -1)
 		fatal("unveil");
 

src/usr.sbin/dhcpd/sync.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: sync.c,v 1.23 2017/02/13 23:04:05 krw Exp $	*/
+/*	$OpenBSD: sync.c,v 1.24 2022/01/05 11:01:59 tb Exp $	*/
 
 /*
  * Copyright (c) 2008 Bob Beck <[email protected]>
@@ -393,7 +393,7 @@ sync_lease(struct lease *lease)
 	char pad[DHCP_ALIGNBYTES];
 	u_int16_t leaselen, padlen;
 	int i = 0;
-	HMAC_CTX ctx;
+	HMAC_CTX *ctx;
 	u_int hmac_len;
 
 	if (sync_key == NULL)
@@ -403,8 +403,10 @@ sync_lease(struct lease *lease)
 	memset(&lv, 0, sizeof(lv));
 	memset(&pad, 0, sizeof(pad));
 
-	HMAC_CTX_init(&ctx);
-	HMAC_Init(&ctx, sync_key, strlen(sync_key), EVP_sha1());
+	if ((ctx = HMAC_CTX_new()) == NULL)
+		goto bad;
+	if (!HMAC_Init_ex(ctx, sync_key, strlen(sync_key), EVP_sha1(), NULL))
+		goto bad;
 
 	leaselen = sizeof(lv);
 	padlen = DHCP_ALIGN(leaselen) - leaselen;
@@ -416,7 +418,8 @@ sync_lease(struct lease *lease)
 	hdr.sh_length = htons(sizeof(hdr) + sizeof(lv) + padlen + sizeof(end));
 	iov[i].iov_base = &hdr;
 	iov[i].iov_len = sizeof(hdr);
-	HMAC_Update(&ctx, iov[i].iov_base, iov[i].iov_len);
+	if (!HMAC_Update(ctx, iov[i].iov_base, iov[i].iov_len))
+		goto bad;
 	i++;
 
 	/* Add single DHCP sync address entry */
@@ -434,25 +437,31 @@ sync_lease(struct lease *lease)
 	    piaddr(lease->ip_addr), ntohl(lv.lv_starts), ntohl(lv.lv_ends));
 	iov[i].iov_base = &lv;
 	iov[i].iov_len = sizeof(lv);
-	HMAC_Update(&ctx, iov[i].iov_base, iov[i].iov_len);
+	if (!HMAC_Update(ctx, iov[i].iov_base, iov[i].iov_len))
+		goto bad;
 	i++;
 
 	iov[i].iov_base = pad;
 	iov[i].iov_len = padlen;
-	HMAC_Update(&ctx, iov[i].iov_base, iov[i].iov_len);
+	if (!HMAC_Update(ctx, iov[i].iov_base, iov[i].iov_len))
+		goto bad;
 	i++;
 
 	/* Add end marker */
 	end.st_type = htons(DHCP_SYNC_END);
 	end.st_length = htons(sizeof(end));
 	iov[i].iov_base = &end;
 	iov[i].iov_len = sizeof(end);
-	HMAC_Update(&ctx, iov[i].iov_base, iov[i].iov_len);
+	if (!HMAC_Update(ctx, iov[i].iov_base, iov[i].iov_len))
+		goto bad;
 	i++;
 
-	HMAC_Final(&ctx, hdr.sh_hmac, &hmac_len);
+	if (!HMAC_Final(ctx, hdr.sh_hmac, &hmac_len))
+		goto bad;
 
 	/* Send message to the target hosts */
 	sync_send(iov, i);
-	HMAC_CTX_cleanup(&ctx);
+
+ bad:
+	HMAC_CTX_free(ctx);
 }