search for: crypto_free

No response yet, so resending. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords ---------- Forwarded message ---------- Date: Fri, 12 Oct 2001 09:44:54 +0300 (EEST) From: Pekka Savola <pekkas at netcore.fi> To: Damien Miller

http://bugzilla.mindrot.org/show_bug.cgi?id=968 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #760| |ok? Flag| | ------- Additional Comments From djm at mindrot.org 2005-02-16 11:24 -------

...\ + nbdkit_debug ((fs), ##__VA_ARGS__); \ + } while (0) + /* Maximum read or write request that we will handle. */ #define MAX_REQUEST_SIZE (64 * 1024 * 1024) @@ -286,13 +300,6 @@ extern void crypto_init (bool tls_set_on_cli); extern void crypto_free (void); extern int crypto_negotiate_tls (int sockin, int sockout); -/* debug.c */ -#define debug(fs, ...) \ - do { \ - if_verbose \ - nbdkit_debug ((fs), ##__VA_...

Hi, dovecot 2.0.3 After closing the imap(s) connection dovecot crashes: imap-login: Info: Aborted login (no auth attempts): rip=... lip=... mpid=0 master: Error: service(imap-login): child 18636 killed with signal 11 (core not dumped - set service imap-login { drop_priv_before_exec=yes }) master: Warning: Killed with signal 15 (by pid=18643 uid=0 code=kill) It also happens if I only telnet

Unfortunately you cannot restore argv by setting *p = '=' :-( The reason is we advertize that plugins are allowed to save they ‘const char *key’ pointer passed to them in .config, but assigning *p = '=' changes the key string from "key" back to "key=value". Surprisingly only test-eval.sh actually broke, but other plugins are undoubtedly affected. My alternate

v1 was here: https://www.redhat.com/archives/libguestfs/2019-November/msg00003.html This version depends on: https://www.redhat.com/archives/libguestfs/2019-November/msg00004.html and this series: https://www.redhat.com/archives/libguestfs/2019-November/msg00009.html The delta has been reduced slightly because of changes made possible by cleaning up and fixing the quit path in nbdkit. It's

..."Try setting ‘--tls-certificates=/path/to/certificates’ or read\n" + "the \"TLS\" section in nbdkit(1).\n", + program_name); + } + + tls = 0; + debug ("TLS disabled: could not load TLS certificates"); + } } void crypto_free (void) { - if (tls > 0) - gnutls_certificate_free_credentials (x509_creds); + if (tls > 0) { + switch (crypto_auth) { + case CRYPTO_AUTH_CERTIFICATES: + gnutls_certificate_free_credentials (x509_creds); + break; + case CRYPTO_AUTH_PSK: + gnutls_psk_free_server_cr...

...70,7 @@ main (int argc, char *argv[]) if (dump_plugin) { top->dump_fields (top); top->free (top); - for (i = 1; i < argc; ++i) - free (keys[i]); - free (keys); + free_interns (); exit (EXIT_SUCCESS); } @@ -717,9 +708,7 @@ main (int argc, char *argv[]) crypto_free (); close_quit_pipe (); - for (i = 1; i < argc; ++i) - free (keys[i]); - free (keys); + free_interns (); /* Note: Don't exit here, otherwise this won't work when compiled * for libFuzzer. diff --git a/server/nbdkit.syms b/server/nbdkit.syms index a67669b7..9e293444 1006...

...69,7 @@ main (int argc, char *argv[]) if (dump_plugin) { top->dump_fields (top); top->free (top); - for (i = 1; i < argc; ++i) - free (keys[i]); - free (keys); + free_interns (); exit (EXIT_SUCCESS); } @@ -717,9 +707,7 @@ main (int argc, char *argv[]) crypto_free (); close_quit_pipe (); - for (i = 1; i < argc; ++i) - free (keys[i]); - free (keys); + free_interns (); /* Note: Don't exit here, otherwise this won't work when compiled * for libFuzzer. diff --git a/server/nbdkit.syms b/server/nbdkit.syms index 212e36aa..d17878b7 1006...

...reference to `RSA_new' /usr/local/ssl/lib/libssl.so: undefined reference to `BIO_write' /usr/local/ssl/lib/libssl.so: undefined reference to `sk_set_cmp_func' /usr/local/ssl/lib/libssl.so: undefined reference to `EVP_PKEY_assign' /usr/local/ssl/lib/libssl.so: undefined reference to `CRYPTO_free' /usr/local/ssl/lib/libssl.so: undefined reference to `OBJ_NAME_add' /usr/local/ssl/lib/libssl.so: undefined reference to `sk_new' /usr/local/ssl/lib/libssl.so: undefined reference to `EVP_PKEY_type' /usr/local/ssl/lib/libssl.so: undefined reference to `X509_TRUST_get_by_id' /us...

...140,7 +140,7 @@ extern void connection_set_close (struct connection *, connection_close_function /* crypto.c */ #define root_tls_certificates_dir sysconfdir "/pki/" PACKAGE_NAME -extern void crypto_init (int tls_set_on_cli); +extern void crypto_init (bool tls_set_on_cli); extern void crypto_free (void); extern int crypto_negotiate_tls (struct connection *conn, int sockin, int sockout); diff --git a/server/connections.c b/server/connections.c index 0d1bd74..0a89315 100644 --- a/server/connections.c +++ b/server/connections.c @@ -78,13 +78,13 @@ struct connection { uint32_t cflags;...

libFuzzer is Clang's fuzzer, and alternative to using AFL: https://llvm.org/docs/LibFuzzer.html I implemented an alternative method of fuzzing for libnbd earlier today and it's pretty simple: https://github.com/libguestfs/libnbd/commit/c19a6fbae9a21a7d4693418706c59e81ed256875 However it's considerably more difficult to use libFuzzer with non-library code -- in this case nbdkit.

This is ready for review but needs a bit more real-world testing before I'd be happy about it going upstream. It also needs tests. It does interoperate with qemu, at least in my limited tests. Rich.

...onnection_set_close (struct connection *, + connection_close_function) + __attribute__((__nonnull__ (1, 2))); /* crypto.c */ #define root_tls_certificates_dir sysconfdir "/pki/" PACKAGE_NAME extern void crypto_init (bool tls_set_on_cli); extern void crypto_free (void); -extern int crypto_negotiate_tls (struct connection *conn, int sockin, int sockout); +extern int crypto_negotiate_tls (struct connection *conn, + int sockin, int sockout) + __attribute__((__nonnull__ (1))); /* debug.c */ #define debug nbdkit_debug @@ -20...

v2: * Improved documentation. * Added a test (interop with qemu client).

v1 was here: https://www.redhat.com/archives/libguestfs/2019-January/msg00008.html In v2 I have provided two patches: The first patch extends attribute((nonnull)) to most internal functions, but not to the external API. The second patch uses a macro so that attribute((format)) is only used in the public API on GCC or Clang. At least in theory these headers could be used by a C compiler which

...#39;t * matter what this is as long as nbdkit always returns the same @@ -268,9 +258,7 @@ extern int protocol_recv_request_send_reply (struct connection *conn) #define root_tls_certificates_dir sysconfdir "/pki/" PACKAGE_NAME extern void crypto_init (bool tls_set_on_cli); extern void crypto_free (void); -extern int crypto_negotiate_tls (struct connection *conn, - int sockin, int sockout) - __attribute__((__nonnull__ (1))); +extern int crypto_negotiate_tls (int sockin, int sockout); /* debug.c */ #define debug(fs, ...) \...

v1 was here: https://www.redhat.com/archives/libguestfs/2020-February/msg00081.html v2 replaces struct connection *conn = GET_CONN; with GET_CONN; which sets conn implicitly and asserts that it is non-NULL. If we actually want to test if conn is non-NULL or behave differently, then you must use threadlocal_get_conn() instead, and some existing uses do that. Rich.

The third patch is a large but mechanical change which gets rid of passing around struct connection * entirely within the server, preferring instead to reference the connection through thread-local storage. I hope this is a gateway to simplifying other parts of the code. Rich.

More patches on the way for improving .list_exports signature and adding .export_description, but this is the promised code showing why nbdkit_string_intern is useful. Patch 4 is somewhat RFC: we could either add new API to take the boilerplate from: foo_config(const char *key, const char *value) { if (strcmp (key, "file") == 0) { CLEANUP_FREE char *tmp = nbdkit_realpath (value);