| Age | Commit message (Collapse) | Author |
|---|
|
state is undefined after EINTR. just abort universally.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
detected via clang -Weverything
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
rw is enough. i unified everything there.
next commit will remove rw_type and instead
run positional i/o depending on whether the
offset is zero. i'm simplifying the API a lot.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
-DUSE_ARC4=1
use that
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
these can be set explicitly in the compiler flags,
e.g.
make CC="cc -DUSE_OPENAT=1 -DUSE_URANDOM=1"
these options, if set to 1, will cause you to use
the code as if it were running on non-linux systems
such as openbsd. of course, some differences will
still exist, but this is useful for portability
testing when compiling on linux.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
and remove manual prototypes; fchmod, realpath
and so on rely on the _XOPEN_SOURCE macro.
the POSIX macro wasn't needed: _XOPEN_SOURCE
is sufficient.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
use the POSIX one
declare prototypes where necessary.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i wasn't using strict mode enough in make:
make strict
now it compiles cleanly. mostly removing
unused variables, fixing implicit conversions,
etc.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
where possible, try not to clobber sys errno. override
it only when relatively safe.
also: when a syscall succeeds, it may set errno. this
is rare, but permitted (nothing specified against it
in specs, and the specs say that errno is undefined
on success).
i'm not libc, but i'm wrapping around it, so i need
to be careful in how i handle the errno value.
also:
i removed the requirement for directories to be
executable, in mkhtemp.c, because this isn't required
and will only break certain setups.
in world_writeable and sticky, i made the checks stricter:
the faccessat check was being skipped on some paths, so
i've closed that loophole now.
i also generally cleaned up some code, as part of the errno
handling refactoring, where it made sense to do so, plus a
few other bits of code cleanup.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
accidentally removed in previous refactor
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
absolutely unified.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i forgot to do this!
with this, I/O should be bullet proof now.
i already loop this on other I/O commands.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
generalise it in rand.c because this logic will
be useful for other programs in the future.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
use open_on_eintr for gbe files
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
abort on error, and do EINTR looping
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
remove close_warn and close_no_err
make close_on_eintr a void, and abort
on error instead of returning -1.
a failed file closure is a world-ending
event. burn accordingly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i now use a singleton hook function per program:
nvmutil, mkhtemp and lottery
call this at the startup of your program:
(void) errhook(exit_cleanup);
then provide that function. make it static,
so that each program has its own version.
if you're writing a program that handles lots
of files for example, and you want to do certain
cleanup on exit (including error exit), this can
be quite useful.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
yes, a common thing in C programs is one or all
of the following:
* use after frees
* double free (on non-NULL pointer)
* over-writing currently used pointer (mem leak)
i try to reduce the chance of this in my software,
by running free() through a filter function,
free_if_not_null, that returns if a function
is being freed twice - because it sets NULL
after freeing, but will only free if it's not
null already.
this patch adds two functions: smalloc and vmalloc,
for strings and voids. using these makes the program
abort if:
* non-null pointer given for initialisation
* pointer to pointer is null (of course)
* size of zero given, for malloc (zero bytes)
i myself was caught out by this change, prompting
me to make the following fix in fs_dirname_basename()
inside lib/file.c:
- char *buf;
+ char *buf = NULL;
Yes.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
clamp rand to eliminate modulo sampling; high
values on the randomisation will bias the result.
not really critical for mac addresses, but there's
no reason not to have this. this patches reduces
the chance that two libreboot users will generate
the same mac addresses!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
should be null on bad return
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
and the module bias handling is fully correct
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
extremely theoretical, with a T. T for theoretical.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
not really a thing. bufsiz would never be zero,
unless the demon takes over linux
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
to test the effectiveness of the rand function
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
similar to the logic about other failure states
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
now you can send an arbitrary number of bytes
with random numbers
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
also re-add /dev/urandom support, as a config option
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
build-time option. do not allow fallback; on
a system where getrandom is used, it should
be used exclusively.
on some systems, getrandom may not be available,
even if they have a newer kernel.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
