10 crypto/openssl/ssl/s3_srvr.c
View file
@@ -235,6 +235,7 @@ int ssl3_accept(SSL *s)
}

s->init_num=0;
s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;

if (s->state != SSL_ST_RENEGOTIATE)
{
@@ -697,6 +698,14 @@ int ssl3_check_client_hello(SSL *s)
int ok;
long n;

/* We only allow the client to restart the handshake once per
* negotiation. */
if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
{
SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
return -1;
}

/* this function is called when we really expect a Certificate message,
* so permit appropriate message length */
n=s->method->ssl_get_message(s,
@@ -725,6 +734,7 @@ int ssl3_check_client_hello(SSL *s)
s->s3->tmp.ecdh = NULL;
}
#endif
s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
return 2;
}
return 1;
2 crypto/openssl/ssl/ssl.h
View file
@@ -1739,6 +1739,7 @@ void ERR_load_SSL_strings(void);
#define SSL_F_SSL3_CALLBACK_CTRL 233
#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
#define SSL_F_SSL3_CHECK_CLIENT_HELLO 292
#define SSL_F_SSL3_CLIENT_HELLO 131
#define SSL_F_SSL3_CONNECT 132
#define SSL_F_SSL3_CTRL 213
@@ -1974,6 +1975,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_MISSING_TMP_RSA_KEY 172
#define SSL_R_MISSING_TMP_RSA_PKEY 173
#define SSL_R_MISSING_VERIFY_MESSAGE 174
#define SSL_R_MULTIPLE_SGC_RESTARTS 325
#define SSL_R_NON_SSLV2_INITIAL_PACKET 175
#define SSL_R_NO_CERTIFICATES_RETURNED 176
#define SSL_R_NO_CERTIFICATE_ASSIGNED 177
11 crypto/openssl/ssl/ssl3.h
View file
@@ -333,6 +333,17 @@ typedef struct ssl3_buffer_st
#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
#define SSL3_FLAGS_POP_BUFFER 0x0004
#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008

/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
* restart a handshake because of MS SGC and so prevents us
* from restarting the handshake in a loop. It's reset on a
* renegotiation, so effectively limits the client to one restart
* per negotiation. This limits the possibility of a DDoS
* attack where the client handshakes in a loop using SGC to
* restart. Servers which permit renegotiation can still be
* effected, but we can't prevent that.
*/
#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040

typedef struct ssl3_state_st
{
2 crypto/openssl/ssl/ssl_err.c
View file
@@ -137,6 +137,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"},
{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"},
{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"},
{ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"},
{ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"},
{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"},
@@ -375,6 +376,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"},
{ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"},
{ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"},
{ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"},
{ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"},
{ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"},
{ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"},
2 etc/mtree/BSD.usr.dist
View file
@@ -209,6 +209,8 @@
..
bootforth
..
csh
..
cvs
contrib
..
23 etc/root/dot.cshrc
View file
@@ -3,33 +3,44 @@
# .cshrc - csh resource script, read at beginning of execution by each shell
#
# see also csh(1), environ(7).
# more examples available at /usr/share/examples/csh/
#

alias h history 25
alias j jobs -l
alias la ls -a
alias la ls -aF
alias lf ls -FA
alias ll ls -lA
alias ll ls -lAF

# A righteous umask
umask 22

set path = (/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin $HOME/bin)

setenv EDITOR vi
setenv PAGER more
setenv PAGER less
setenv BLOCKSIZE K

if ($?prompt) then
# An interactive shell -- set some stuff up
set prompt = "`/bin/hostname -s`# "
if ($uid == 0) then
set user = root
endif
set prompt = "%n@%m:%/ %# "
set promptchars = "%#"

set filec
set history = 100
set savehist = 100
set history = 1000
set savehist = (1000 merge)
set autolist = ambiguous
# Use history to aid expansion
set autoexpand
set autorehash
set mail = (/var/mail/$USER)
if ( $?tcsh ) then
bindkey "^W" backward-delete-word
bindkey -k up history-search-backward
bindkey -k down history-search-forward
endif

endif
14 lib/libc/gen/err.3
View file
@@ -28,7 +28,7 @@
.\" From: @(#)err.3 8.1 (Berkeley) 6/9/93
.\" $FreeBSD$
.\"
.Dd March 6, 1999
.Dd March 29, 2012
.Dt ERR 3
.Os
.Sh NAME
@@ -212,6 +212,18 @@ if (error != 0)
.Xr printf 3 ,
.Xr strerror 3 ,
.Xr sysexits 3
.Sh STANDARDS
The
.Fn err
and
.Fn warn
families of functions are
.Bx
extensions.
As such they should not be used in truly portable code.
Use
.Fn strerror
or similar functions instead.
.Sh HISTORY
The
.Fn err
5 lib/libc/net/Symbol.map
View file
@@ -143,6 +143,11 @@ FBSD_1.0 {
setsourcefilter;
};

FBSD_1.3 {
sctp_recvv;
sctp_sendv;
};

FBSDprivate_1.0 {
_nsdispatch;
_nsyyerror; /* generated from nslexer.l */
17 lib/libc/sys/dup.2
View file
@@ -128,20 +128,27 @@ indicates the cause of the error.
.Sh ERRORS
The
.Fn dup
and
.Fn dup2
system calls fail if:
system call fails if:
.Bl -tag -width Er
.It Bq Er EBADF
The
.Fa oldd
or
.Fa newd
argument
is not a valid active descriptor
.It Bq Er EMFILE
Too many descriptors are active.
.El
The
.Fn dup2
system call fails if:
.Bl -tag -width Er
.It Bq Er EBADF
The
.Fa oldd
argument is not a valid active descriptor or the
.Fa newd
argument is negative or exceeds the maximum allowable descriptor number
.El
.Sh SEE ALSO
.Xr accept 2 ,
.Xr cap_new 2 ,
2 lib/libc/sys/fcntl.2
View file
@@ -539,8 +539,6 @@ The argument
.Fa cmd
is
.Dv F_DUPFD
or
.Dv F_DUP2FD
and the maximum number of file descriptors permitted for the
process are already in use,
or no file descriptors greater than or equal to
2 share/examples/Makefile
View file
@@ -8,6 +8,7 @@ LDIRS= BSD_daemon \
FreeBSD_version \
IPv6 \
bootforth \
csh \
cvsup \
diskless \
drivers \
@@ -49,6 +50,7 @@ XFILES= BSD_daemon/FreeBSD.pfa \
bootforth/menu.4th \
bootforth/menuconf.4th \
bootforth/screen.4th \
csh/dot.cshrc \
cvsup/README \
cvsup/cvs-supfile \
cvsup/doc-supfile \
66 share/examples/csh/dot.cshrc
View file
@@ -0,0 +1,66 @@
# Here are some example (t)csh options and configurations that you may find interesting
#
# $FreeBSD$
#

# Sets SSH_AUTH_SOCK to the user's ssh-agent socket path if running
if (${?SSH_AUTH_SOCK} != "1") then
setenv SSH_AUTH_SOCK `sockstat | grep "${USER}" | cut -d ' ' -f 6`
endif

# Change only root's prompt
if (`id -g` == 0)
set prompt="root@%m# "
endif

# This maps the "Delete" key to do the right thing
# Pressing CTRL-v followed by the key of interest will print the shell's
# mapping for the key
bindkey "^[[3~" delete-char-or-list-or-eof

# Make the Ins key work
bindkey "\e[2~" overwrite-mode

# Aliases used for completions
alias _PKGS_PkGs_PoRtS_ 'awk -F\| \{sub\(\"\/usr\/ports\/\"\,\"\"\,\$2\)\;print\ \$2\} /usr/ports/INDEX-name -r | cut -d . -f 1'
alias _PKGS_PkGs_PoRtS_ 'awk -F\| \{sub\(\"\/usr\/ports\/\"\,\"\"\,\$2\)\;print\ \$2\} /usr/ports/INDEX-`uname -r | cut -d . -f 1`&& pkg_info -E \*'

# Some common completions
complete chown 'p/1/u/'
complete dd 'c/[io]f=/f/ n/*/"(if of ibs obs bs skip seek count)"/='
complete kill 'c/-/S/' 'c/%/j/' 'n/*/`ps -ax | awk '"'"'{print $1}'"'"'`/'
complete killall 'c/-/S/' 'c/%/j/' 'n/*/`ps -ax | awk '"'"'{print $5}'"'"'`/'
complete kldunload 'n@*@`kldstat | awk \{sub\(\/\.ko\/,\"\",\$NF\)\;print\ \$NF\} | grep -v Name` @'
complete make 'n@*@`make -pn | sed -n -E "/^[#_.\/[:blank:]]+/d; /=/d; s/[[:blank:]]*:.*//gp;"`@'
complete man 'C/*/c/'
complete pkg_delete 'c/-/(i v D n p d f G x X r)/' 'n@*@`ls /var/db/pkg`@'
complete pkg_info 'c/-/(a b v p q Q c d D f g i I j k K r R m L s o G O x X e E l t V P)/' 'n@*@`\ls -1 /var/db/pkg | sed s%/var/db/pkg/%%`@'
complete portmaster 'c/--/(always-fetch check-depends check-port-dbdir clean-distfiles \
clean-packages delete-build-only delete-packages force-config help \
index index-first index-only list-origins local-packagedir no-confirm \
no-index-fetch no-term-title packages packages-build packages-if-newer \
packages-local packages-only show-work update-if-newer version)/' \
'c/-/(a b B C d D e f F g G h H i l L m n o p r R s t u v w x)/' \
'n@*@`_PKGS_PkGs_PoRtS_`@'
complete service 'c/-/(e l r v)/' 'p/1/`service -l`/' 'n/*/(start stop reload restart status rcvar onestart onestop)/'
complete sysctl 'n/*/`sysctl -Na`/'

# Alternate prompts
set prompt = '#'
set prompt = '%B%m%b%# '
set prompt = '%B%m%b:%c03:%# '
set prompt = '%{\033]0;%n@%m:%/\007%}%B%m%b:%c03:%# '
set prompt = "%n@%m %c04%m%# "
set prompt = "%n@%m:%c04 %# "
set prompt = "[%n@%m]%c04%# "
set ellipsis

# Color ls
alias ll ls -lAhG
alias ls ls -G

# Color on many system utilities
setenv CLICOLOR 1

# other autolist options
set autolist = TAB
22 share/skel/dot.cshrc
View file
@@ -3,32 +3,44 @@
# .cshrc - csh resource script, read at beginning of execution by each shell
#
# see also csh(1), environ(7).
# more examples available at /usr/share/examples/csh/
#

alias h history 25
alias j jobs -l
alias la ls -a
alias la ls -aF
alias lf ls -FA
alias ll ls -lA
alias ll ls -lAF

# A righteous umask
umask 22

set path = (/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin $HOME/bin)

setenv EDITOR vi
setenv PAGER more
setenv PAGER less
setenv BLOCKSIZE K

if ($?prompt) then
# An interactive shell -- set some stuff up
if ($uid == 0) then
set user = root
endif
set prompt = "%n@%m:%/ %# "
set promptchars = "%#"

set filec
set history = 100
set savehist = 100
set history = 1000
set savehist = (1000 merge)
set autolist = ambiguous
# Use history to aid expansion
set autoexpand
set autorehash
set mail = (/var/mail/$USER)
if ( $?tcsh ) then
bindkey "^W" backward-delete-word
bindkey -k up history-search-backward
bindkey -k down history-search-forward
endif

endif
2 sys/net/bpf_buffer.c
View file
@@ -2,7 +2,7 @@
* Copyright (c) 2007 Seccuris Inc.
* All rights reserved.
*
* This sofware was developed by Robert N. M. Watson under contract to
* This software was developed by Robert N. M. Watson under contract to
* Seccuris Inc.
*
* Redistribution and use in source and binary forms, with or without
2 sys/net/bpf_buffer.h
View file
@@ -2,7 +2,7 @@
* Copyright (c) 2007 Seccuris Inc.
* All rights reserved.
*
* This sofware was developed by Robert N. M. Watson under contract to
* This software was developed by Robert N. M. Watson under contract to
* Seccuris Inc.
*
* Redistribution and use in source and binary forms, with or without
2 sys/net/bpf_zerocopy.c
View file
@@ -2,7 +2,7 @@
* Copyright (c) 2007 Seccuris Inc.
* All rights reserved.
*
* This sofware was developed by Robert N. M. Watson under contract to
* This software was developed by Robert N. M. Watson under contract to
* Seccuris Inc.
*
* Redistribution and use in source and binary forms, with or without
2 sys/net/bpf_zerocopy.h
View file
@@ -2,7 +2,7 @@
* Copyright (c) 2007 Seccuris Inc.
* All rights reserved.
*
* This sofware was developed by Robert N. M. Watson under contract to
* This software was developed by Robert N. M. Watson under contract to
* Seccuris Inc.
*
* Redistribution and use in source and binary forms, with or without