FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=release%2F14.4.0-p4 2025-12-19T09:16:43Z 2025-12-19T09:16:43Z Kyle Evans kevans@FreeBSD.org 2025-07-24T14:59:07Z urn:sha1:d913e3fe23b538bf602a58d5cdf1438c16a8e41d tftpd seems to be the last program in base that implicitly relies on setgroups() to set the egid. This is a security landmine in portable software as most operating systems don't behave this way, so do an explicit setgid() in case the kernel doesn't set it already. While we're here, FreeBSD's setgroups() has supported nominally clearing all supplemental groups since 1997. It still leaves the egid in our cr_groups[0] because we don't have an out-of-band way to store the egid, and on other systems it'll clear the supplemental group entirely as one would want. Reviewed by: allanjude (previous version), des, olce Differential Revision: https://reviews.freebsd.org/D51149 (cherry picked from commit 5138a20765c76cdc8f245d3d7caeffe9a9011bb2) 2024-11-19T14:15:06Z Mark Johnston markj@FreeBSD.org 2024-11-03T14:43:38Z urn:sha1:b837ead1d46ff7ae8f715b18277929d8579496c7 The tftpd tests all follow the same pattern: 1. open a UDP socket, 2. fork a child to exec tftpd, which subsequently handles requests on the socket, 3. use a client socket to send some message to the tftpd daemon. However, tftpd's first action is to mark its socket as non-blocking and then read a request from it. If no data is present in the socket, tftpd exits immediately with an error. So, there is a race; we often see tftpd test timeouts when running tests in parallel. These timeouts also arise periodically in CI runs. One solution is to restructure each test to create the server socket, then write the request to the client socket, then fork tftpd. This closes the race. However, this involves a lot of churn. This patch fixes the problem a different way, by adding a new -b flag to tftpd which makes it block to read the initial request. Each test is modified to use -b, closing the race. Reviewed by: imp, asomers MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D47404 (cherry picked from commit 79c342aaf86feb4efbd15383f54e4fe7bdc9da7b) 2024-07-09T21:40:26Z Dag-Erling Smørgrav des@FreeBSD.org 2024-07-05T22:05:49Z urn:sha1:77362b5eb7a558d4327187bd6997df4051301059 MFC after: 3 days Sponsored by: Klara, Inc. Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D45871 (cherry picked from commit c15290fb9d8fdf4b11b9c6e7406b67c73a98402d) 2024-05-14T06:58:40Z Dag-Erling Smørgrav des@FreeBSD.org 2024-05-10T21:15:37Z urn:sha1:626ee3cac8458b355d4330c2099240d3ca881589 MFC after: 3 days Sponsored by: Klara, Inc. Reviewed by: imp, markj Differential Revision: https://reviews.freebsd.org/D45129 (cherry picked from commit 816c4d3dcf99adcd40a03d93431237ddbd23bbdf) tftpd: Drop unneeded includes. MFC after: 3 days Sponsored by: Klara, Inc. Reviewed by: imp, markj Differential Revision: https://reviews.freebsd.org/D45130 (cherry picked from commit 1111da6b7c612c571453a23a8dd02fd5e7e40b18) tftpd: Add missing include. This went unnoticed due to namespace pollution in our headers. MFC after: 3 days Sponsored by: Klara, Inc. Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D45131 (cherry picked from commit ae285a8cbf1212bdc1b3f81219635bc1395fadee) tftpd: Satisfy clang-analyzer. * Replace `random()` with `arc4random()`. * Change some variable types. * Drop some unused assignments. MFC after: 3 days Sponsored by: Klara, Inc. Reviewed by: imp, markj Differential Revision: https://reviews.freebsd.org/D45132 (cherry picked from commit 4d09eb87c5d5bec2e2832f50537e2ce6f75f4117) tftpd: silence gcc overflow warnings GCC 13 complains that we might be writing too much to an on-stack buffer when createing a filename. In practice there is a check that filename isn't too long given the time format and other static characters so GCC is incorrect, but GCC isn't wrong that we're potentially trying to put a MAXPATHLEN length string + some other characters into a MAXPATHLEN buffer (if you ignore the check GCC can't realistically evaluate at compile time). Switch to snprintf to populate filename to ensure that future logic errors don't result in a stack overflow. Shorten the questionably named yyyymmdd buffer enough to slience the warning (checking the snprintf return value isn't sufficent) while preserving maximum flexibility for admins who use the -F option. MFC after: 3 days Sponsored by: Klara, Inc. Reviewed by: brooks Differential Revision: https://reviews.freebsd.org/D45086 (cherry picked from commit 25945af47e7a1d06c44c8c160045a866e90569ab) 2024-05-02T09:02:21Z Dag-Erling Smørgrav des@FreeBSD.org 2024-04-25T18:35:15Z urn:sha1:986cceda16d8de091524314b50325d52fe403d75 * Limit the use of `ssize_t` to only where it's needed. * Correct one case of `int` being used for a length. MFC after: 1 week Sponsored by: Klara, Inc. Reviewed by: kevans Differential Revision: https://reviews.freebsd.org/D44954 (cherry picked from commit 1ed44fcc44b2c04db330663589541608135402f4) tftpd: Clean up the tests. MFC after: 1 week Sponsored by: Klara, Inc. Reviewed by: kevans Differential Revision: https://reviews.freebsd.org/D44955 (cherry picked from commit 7ab7ecfcfe777f7816e3e01df5f277060b2b609a) tftpd: Check the server status after each test. * In the setup phase, wait for the server to start (or fail to start) before proceeding with the test. This makes it possible to write test cases that don't expect a response from the server without ending up in a race over the server PID file. * After running each test, wait up to 30 seconds for the server to exit and check that the exit status matches what the test case says to expect (usually 0). * We still kill and collect the server in the cleanup phase, in case the test ended early. MFC after: 1 week Sponsored by: Klara, Inc. Reviewed by: kevans Differential Revision: https://reviews.freebsd.org/D44956 (cherry picked from commit 83a6e984ac01657819418746f722163367ec30db) tftpd: Immediately reject any request shorter than 4 bytes. MFC after: 1 week Sponsored by: Klara, Inc. Reviewed by: kevans Differential Revision: https://reviews.freebsd.org/D44957 (cherry picked from commit 9f231af307b80eb222d9761bbd81fa4e130bb3d7) tftpd: Untangle a conditional. MFC after: 1 week Sponsored by: Klara, Inc. Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D45026 (cherry picked from commit 21b5829d28b1e02e9f30bfa439238c382dd19114) 2023-08-16T17:55:15Z Warner Losh imp@FreeBSD.org 2023-08-16T17:55:15Z urn:sha1:b2c76c41be32f904179efed29c0ca04d53f3996c Remove /^\.\\"\s*\$FreeBSD\$$\n/ 2023-08-16T17:55:03Z Warner Losh imp@FreeBSD.org 2023-08-16T17:55:03Z urn:sha1:d0b2dbfa0ecf2bbc9709efc5e20baf8e4b44bbbf Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/ 2023-08-16T17:54:42Z Warner Losh imp@FreeBSD.org 2023-08-16T17:54:42Z urn:sha1:1d386b48a555f61cb7325543adbbb5c3f3407a66 Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/ 2023-07-20T21:38:30Z Dmitry Morozovsky marck@FreeBSD.org 2023-07-20T21:38:30Z urn:sha1:615d167cb88ca895278a26b22052f663c5228407 It was not a typo: -d takes an optional argument, which is indicated with a double colon. This reverts commit 3cbc8e752b92442c784306731e94fd904de3373c. Spotted by: kevans 2023-07-20T21:24:28Z Dmitry Morozovsky marck@FreeBSD.org 2023-07-20T21:24:28Z urn:sha1:3cbc8e752b92442c784306731e94fd904de3373c MFC after: 1 month X-MFC-With: 273a307d0b80743fb08e23237b3f74dc94a8fa2a X-MFC-With: 03c2616dc530e5b23f06f9aa421012154590e578