| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
8GB of entropy is a tad extreme
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i previously used error status and set return values
indirectly. i still do that, but where possible, i
also now return the real value.
this is because these string functions can no longer
return with error status; on error, they all abort.
this forces the program maintainer to keep their code
reliable, and removes the need to check the error status
after using syscalls, because these libc wrappers mitigate
that and make use of libc for you, including errors.
this is part of a general effort to promote safe use
of the C programming language, especially in libreboot!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
on the conditions where these functions encounter
an unexpected error, we currently return -1
this means that the caller must check. which means
the caller won't check. nobody does. i often forget.
force the caller (me) to be correct, instead.
the current calling convention is that the real
return value is stored in a pointer, provided inside
the function signature, on a given string function,
and the function's return value is merely an indicator.
this calling convention is retained for now; the next
patch will change it, such that the real value is also
the function's return value. this is more flexible.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
operate per word, not per byte
this is also done on sdup, which uses a slightly
inefficient method: the new string allocation is
that of the maximum size, rather than what we
need. for example, if you wanted a 20 character
string (21 including null), you would still allocate
4096 bytes if that was the maximum length.
it's a bit naughty, and i have half a mind to
keep sdup on the old implementation, but i'll leave
it be for now.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This reverts commit e54862fcccca0325da8ae2879c1fa965267d3df0.
nope. not ready yet. will fix it later.
|
|
i added a fake -t option, which doesn't actually
read optarg, so that -t usage can just override
the normal template. mkhtemp isn't ready for
distros yet, but it's ready for lbmk.
i hacked the makefile to also copy the binary to
mktemp, and i set PATH in lbmk so that this binary
is used insttead of the one on your system.
that way, upstream projects use it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
delete tmpfiles after operation. fixes a bug where
tmpfiles are left behind after running the dump
command.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
showing the size for 64-bit high integers seems silly
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i forgot to do this!
with this, I/O should be bullet proof now.
i already loop this on other I/O commands.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
spoiler alert: it's slow as molasses
part 2 will be presented at a later date
(yes, please don't fill 8GB of memory with
random data and hexdump it)
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
scatn in strings.c was buggy, so i replaced it; it
concatenates any number of things.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the functions no longer return errors, so i don't
need to handle them.
furthermore, the handling in state.c is redundant,
so i've removed that too.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
generalise it in rand.c because this logic will
be useful for other programs in the future.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
make it more reliable; it can't segfault
now, under any circumstance. not even
once.
the problem arised when lbsetname was not
called in a program, before calling the
function: lbgetprogname. a segfault would
occur, due to it being NULL.
not every os/libc has getprogname, so i have
my own implementation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
not c90
i use stdint now on a few files. i had this
idea in my head to use C89 for some reason,
but this is pointless.
c99 however is worthy as a minimum, because
for example, compilers like tcc will adhere
to its spec (for the most part), so this is
the minimum reasonable requirement on modern
unix systems.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this is a more generic one that i implemented
for "lottery.c" (which is really just a tester
of my rset function in lib/rand.c)
i could probably actually write a full hexdump
program in libreboot-utils to be honest.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we have a policy:
symlinks do not exist.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i currently return pointers to these, without copying.
they can fade because of this. make them static, since that
is what they should be anyway.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
use open_on_eintr for gbe files
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
abort on error, and do EINTR looping
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
free can take a null, that's fine, but my pointer
to the pointer being freed should not be null. that
is a bug.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
remove close_warn and close_no_err
make close_on_eintr a void, and abort
on error instead of returning -1.
a failed file closure is a world-ending
event. burn accordingly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
on error state, i was resetting errno
unconditionally, which would then mask
the real error.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i now use a singleton hook function per program:
nvmutil, mkhtemp and lottery
call this at the startup of your program:
(void) errhook(exit_cleanup);
then provide that function. make it static,
so that each program has its own version.
if you're writing a program that handles lots
of files for example, and you want to do certain
cleanup on exit (including error exit), this can
be quite useful.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i no longer care about openbsd 5.9. we assume unveil
is available, as has been the case for the past 12
years.
i use wrappers for unveil and pledge, which means that
i call them on every os. on OSes that don't have these,
i just return. it's somewhat inelegant, but also means
that i see errors more easily, e.g. misnamed variables
inside previous ifdef OpenBSD blocks.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
yes, a common thing in C programs is one or all
of the following:
* use after frees
* double free (on non-NULL pointer)
* over-writing currently used pointer (mem leak)
i try to reduce the chance of this in my software,
by running free() through a filter function,
free_if_not_null, that returns if a function
is being freed twice - because it sets NULL
after freeing, but will only free if it's not
null already.
this patch adds two functions: smalloc and vmalloc,
for strings and voids. using these makes the program
abort if:
* non-null pointer given for initialisation
* pointer to pointer is null (of course)
* size of zero given, for malloc (zero bytes)
i myself was caught out by this change, prompting
me to make the following fix in fs_dirname_basename()
inside lib/file.c:
- char *buf;
+ char *buf = NULL;
Yes.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
clamp rand to eliminate modulo sampling; high
values on the randomisation will bias the result.
not really critical for mac addresses, but there's
no reason not to have this. this patches reduces
the chance that two libreboot users will generate
the same mac addresses!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i had a bunch of hacks in here because i was
previously using very buggy rand. now it's ok.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
should be null on bad return
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
and the module bias handling is fully correct
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
extremely theoretical, with a T. T for theoretical.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
not really a thing. bufsiz would never be zero,
unless the demon takes over linux
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
