Kevin Day [Fri, 7 Jun 2024 05:22:47 +0000 (00:22 -0500)]
Security: Incorrect sizeof() used in process pointers of the Controller program.
The "processs" structure is an array of pointers to Controller processes.
This gets rather confusing in that what the pointers are pointing to must be allocated (and deallocated) as well.
The allocation and de-allocaton process is consistent and doesn't memory leak.
However, both of these are using a sizeof() with a pointer type rather than the raw type for the inner value.
The allocation logic on the outer array is using the raw type when a pointer should be used.
Essentially, I accidentally reversed the allocation logic.
I am amazed that this worked for so long without getting noticed.
Building the Controller program as a stand alone program somehow revealed this bug.
This has the added bonus of allocating less memory.
For example, using a test run without any entry file to execute:
Before this change:
total heap usage: 54 allocs, 54 frees, 46,622 bytes allocated
After this change:
total heap usage: 54 allocs, 54 frees, 26,751 bytes allocated
Kevin Day [Thu, 6 Jun 2024 01:15:40 +0000 (20:15 -0500)]
Feature: Add "Magic Bit" to the FSS-000F (Simple Packet) format.
Make the FSS-000F (Simple Packet) format more generalized and flexible by allowing other payload formats than only formally supporting FSS-000E (Payload).
This adds a new optional "Magic Block" that is designated via the "Magic Bit", which is the third bit from the left.
This should make it easy to store the Simple Packet as a local file.
This should make it easier for routing to optimize processing of the packet by quickly identifying the packet.
The "Control Block" and the "Size Block" have static sizes and positions, which should make it easy to identify the "Magic Block".
The third bit should be checked and then the "Magic Block" should be checked when trying to quickly identify the packet type via the "Magic Block".
Kevin Day [Wed, 5 Jun 2024 00:57:57 +0000 (19:57 -0500)]
Cleanup: Use proper closing context on print.
The closing context now matches the opening context.
The closing contexts are generally the same and so this is not a big deal.
This would only be a problem if the values of contexts where changed in some significant way.
The first/last code was backported in the past to make the scripts more forward-compatible.
I have decided to remove the first/last printing feature after significant testing and review.
The 0.7 development and later no longer has the first/last and so the backported code is no longer needed.
The problem is that in the case where the quote is already within a quoted string then it should not be escaped.
This only applies for the quote that would not be a valid closing quote.
Kevin Day [Thu, 9 May 2024 01:50:50 +0000 (20:50 -0500)]
Security: Potential buffer overflow on 0 length array.
The length_name_item variable can potentially be zero.
The assignment of "name_item[length_name_item] = 0;" will then result in an assignment on a 0 length array.
Kevin Day [Mon, 15 Apr 2024 04:09:09 +0000 (23:09 -0500)]
Update: Add experimental ctags generation and ctags file.
This is used by projects like geany.
Unfortunately, the code is terrible and the documentation is like rotten eggs.
They seem to somehow put hard-coded paths in the ctag files which makes absolute no sense.
Then, the geany project provides completely different ctag files that do not have this path nonsense.
The geany documentation does not relate to their actual ctag files and the ones provided by their example.
The Universal-ctags documentation, while having a lot of words, is misleading, awkward, and doesn't even describe how to get rid of these paths nor how to omit the paths.
Following the parts that does seem to read as if it means removing the path does absolutely not this.
The geany does not even import this file properly, despite the command coming directly from geany's documentation.
Using geany to generate this produces better results but also includes a lot of other junk that is unwanted.
It also includes the file paths.
Having the file paths makes these generated ctag files completely useless as it requires some other person to have the exact same absolute file path structure.
For now, attempt to strip out the absolute path using a sed command.
Kevin Day [Wed, 10 Apr 2024 02:25:38 +0000 (21:25 -0500)]
Cleanup: The OSLv1 license usage, fixing license reference.
The license should read "open-standard-license-1.0-or-later" rather than "open-standard-license-1.0".
The license file itself is already labelled this.
These files simply were not correctly updated.
Kevin Day [Mon, 8 Apr 2024 01:48:48 +0000 (20:48 -0500)]
Update: Add support for disable pthread mutex prioceiling for systems that do not support it.
The pthread mutex prioceiling and pthread mutex attr prioceiling functions are not supported on PostmarketOS for Pinephone.
The PostmarketOS for Pinephone is an A64 Arm system based on the Alpine Linux distribution.
Kevin Day [Fri, 29 Mar 2024 21:41:32 +0000 (16:41 -0500)]
Cleanup: Incorrect example in IKI specification.
The example in the iki.txt specification has several errors.
Of particular note is the first code is incorrectly escaped and the terminating single quote discludes the example block.
The Objects and Contents example results is entirely incorrect.
There is no change to the specification rules itself and I do not technically need to change the version.
However, given how long it has been incorrect I have decided to up the version date to make the correct file easier to identify.
Kevin Day [Fri, 29 Mar 2024 04:10:45 +0000 (23:10 -0500)]
Bugfix: Problematic handling of object files.
The object files are not being compiled correctly when performing a static build.
There may now be multiple object sources files which are now built individually.
The build object sources must be built without source code files.
The logic is relocated into a fake_build_library_static_object() function to build the object files.
These files are then included when static linking.
A new build stage is also added to accommodate this.
Building the objects should not include libraries linked.
Remove the logic that auto-adds the library linkage when building objects.
Break out the "path_sources" Object into multiple sub-parts:
- "path_sources_headers".
- "path_sources_library".
- "path_sources_object".
- "path_sources_program".
- "path_sources_script".
Update the documentation and specification files accordingly.
Add missing version dates to the specifications.
Update the bootstrap.sh script with these changes.
Fix incidental problems discovered in the bootstrap.sh script:
- Remove already compiled warning as it is not needed and is not exhaustive.
- Improve handling of directory detection and simplify the relating code.
- The built setting files are now being properly checked (a regression caused them to not be properly checked).
Kevin Day [Sun, 17 Mar 2024 23:21:34 +0000 (18:21 -0500)]
Update: Add stand alone fss_basic_list_read, fss_basic_list_write, fss_extended_list_read, and fss_extended_list_write.
I took the lazy approach and copied the fss_basic_read and fss_basic_write.
These projects will have most of the same dependencies with only a few changes.
This lazy approach means that I may have included unnecessary data.
Kevin Day [Wed, 13 Mar 2024 02:07:57 +0000 (21:07 -0500)]
Update: FSS-000E specification, adding "salt" and "time" as suggested headers.
I intend to keep the recommended and now suggested headers to a bare minimum.
I have decided that "salt" and "time" should be common enough and important enough to add to this small list.
Kevin Day [Wed, 6 Mar 2024 02:52:16 +0000 (20:52 -0600)]
Bugfix: FSS Extended Write is not properly quoting quotes.
When writing using a quote character that is not the selected quote to use when writing, these other quote character must still be quoted.
Take for example this:
# fss_extended_write -oc "'" '"' -oc '"' "'" -oc ' `' "\` " -oc "'" "'"
"'" "\""
"\"" "'"
"`" "` "
"'" "'"
Quoting the quotes is necessary to ensure that the FSS Extended Read properly works.
Otherwise the [' '] would be read as an Object without Content when instead the code should be ["'" "'"] which would be read as an Object of ' and a Content of '.
Kevin Day [Sun, 3 Mar 2024 23:08:45 +0000 (17:08 -0600)]
Bugfix: FSS Extended Write is improperly associated Content with its respective Object.
The following is an example of the bad behavior:
# fss_extended_write -oc A B -oc C D -oc E F
A B D
C F
E
The expected behavior instead should be:
# fss_extended_write -oc A B -oc C D -oc E F
A B
C D
E F
The problem is that when "-oc" is used for the next set that object and content parameter have the same parameter index position.
The operator for testing for this should therefore be ">=" rather than ">".
Kevin Day [Sun, 3 Mar 2024 23:07:12 +0000 (17:07 -0600)]
Cleanup: Style in FSS Extended Write.
The style changed over time and this code did not get updated.
There are probably more such places but I am not looking for it.
This just happened to be convenient.
Kevin Day [Fri, 1 Mar 2024 05:03:54 +0000 (23:03 -0600)]
Bugfix: If the first character has a width greater than one then F_utf_fragment is incorrectly returned when using quotes.
A F_utf_fragment is incorrectly when writing a string that would use quotes and that first character has a width greater than one.
The code is incrementing the string by 1.
This should instead be incrementing by the character width.
The loop itself should increment by the character width as well.
This bug has been exposed by unit tests from the 0.7 development branch.
Kevin Day [Wed, 28 Feb 2024 02:34:14 +0000 (20:34 -0600)]
Cleanup: The OSLv1 license, fixing grammar and clarifying intent.
This does not change the license other than fixing grammar and making the intent more consistent and clear.
This also adds a day to the license data that represents that last time this license has been modified.
The version number is changed only when there is a functional or substantial change to the license.
I have noticed that in some places individuals decide the "includes" is a restrictive word.
It is not, especially given that it is literally an inclusive word.
This changes the wording from "includes" or "including" to something like "including but not limited to" avoid any of that non-sense.
The proper application of the English language would result in the "but not limited to" being redundant and pointless.
This specific language is added just in case somebody does not understand the English language when it comes to the word "including".
Try to be consistent and use "lawful" instead of "legal" (except in cases where both are mentioned).
Generally, referring to "lawful" here also includes "legal".
The "lawful" is chosen to represent actual law rather than the more questionable "legal" terminology.
The wording of "access to use, implement, etc.." can be misinterpreted such that the "access to" is applied to implement (and etc..) such that it becomes "access to implement".
The actual intent and design is not simply around "access to implement".
Instead, it is around "to implement", period.
Clarify this by splitting out "access to use" into "to access", "to use", etc...
Kevin Day [Sun, 25 Feb 2024 16:27:18 +0000 (10:27 -0600)]
Update: Disable -fstrict-flex-arrays=3 flag because it doesn't work on GCC 11.
I just did tests on GCC 11, which is not too old.
The -fstrict-flex-arrays flag does not work there.
For now, just disable the flag by setting it to the non-existent gcc_13 mode.
The mode can be added to the mode list and enabled if so desired.
I may make version specific modes available in the future (or not) but that will require some planning.
The fakefile should be designed to test the GCC version, but I would rather avoid such logic by design.
Let the distributor or the system administrator handle such decisions.
Kevin Day [Sat, 24 Feb 2024 23:42:26 +0000 (17:42 -0600)]
Update: Make the Open Standard License 1.0 formal.
I don't see any opportunities to get this reviewed and finalized and so I am formalizing it as-is.
I can always improve it if the opportunity arrives and increment the version number.
There are no changes to the license other than remove the "informal" and "draft" parts.
Kevin Day [Sat, 24 Feb 2024 21:10:34 +0000 (15:10 -0600)]
Feature: Add -a/--analyze to test.sh script.
Adding the -a/--analyze parameter to the test.sh script should allow for easier testing with the analyze option.
The idea here is to make it easier to perform these checks and to improve the quality of the releases.
This does not relate to the API or ABI and so adding this feature is not a problem for the 0.6.x stable release series.
The following changes are made:
- TAB_SIZE = 2
- PROJECT_NUMBER = 0.6.9
Setting "JAVADOC_AUTOBRIEF = yes" may be something worth looking into but for now the default of "JAVADOC_AUTOBRIEF = no" is being used.
It is unclear whether or not the "@see" is being processed without looking closes (and given the size of this, I did not do that).
I decided to leave the SEE ALSO sections that are generated, regardless of their state.
I noticed and removed man page documentation comments that somehow ended up in unit test data files.
The program function documentation is also generated and provided now.
This was not done so in the past.
Performing the process of generating and then reviewing the generated man pages exposed a number of problems that I fixed in commits prior to this commit.
Most of the changes are code clean ups but a security concern regarding handling a NULL pointer in a parameter was caught and identified during this process.
The commit referenced above mentioned the doxy2man but never documented the process.
The doxy2man used can be found at https://github.com/gsauthof/doxy2man.git .
The commit hash used for the generation is 5ce113f4d2a3fc6712f8eb8606a6b0899dc6f8d1 (dated Wed Aug 31 09:06:46 2016 +0200).
The doxy2man tool was performed against every XML file generated from doxywizard via a Bash for loop over each XML file.
I may make a copy of this doxy2man tool to help preserve this useful tool.
This is a massive set of changes (almost 1600 man pages) and so my review is rather lax and generalized.
Kevin Day [Sat, 24 Feb 2024 05:35:47 +0000 (23:35 -0600)]
Security: The fl_print_format_convert() is missing the check on the pointer and update the related documentation comments.
The documentation comments have the status return values in the wrong spot.
Relocate them to below the variable.
This caused me to notice that this function is missing the standard NULL check on a pointer parameter.
The 0.7 versions make this parameter optional.
Do the same thing as the 0.7 versions and make this optional.
Kevin Day [Wed, 21 Feb 2024 02:02:38 +0000 (20:02 -0600)]
Update: Back port the ability to explicitly skip a program in the bootstrap example script.
The controller program is not yet migrated to compile under 0.7.x.
This adds the ability to the bootstrap example script to allow for simply skipping packages.
Kevin Day [Sun, 18 Feb 2024 04:11:20 +0000 (22:11 -0600)]
Update: Backport improved return code failure reporting to firewall from 0.7 development.
The return code may be returned as non-zero for error returned by iptables.
This error is now being reported.
This error does not prevent the firewall from continuing.
Kevin Day [Thu, 15 Feb 2024 04:47:49 +0000 (22:47 -0600)]
Bugfix: Firewall length check from range is not calculating 0 correctly.
When the range.start is greater than the range.stop, then the length is 0.
Rather than checking for this, this just subtracts range.start from range.stop then adds 1.
This results in the case of say (0 - 1) + 1, which may not be 0 due to overflow behaviors.
Play it safe and explicitly test for this rather than hoping that the overflow operates ideally.
Kevin Day [Thu, 1 Feb 2024 05:37:12 +0000 (23:37 -0600)]
Update: Add hopefully more secure compiler flags by default.
Use the "-Wl" for specifying the linker flags.
- Make sure "now", "relro", and "nodlopen" are set.
Add FORTIFY_SOURCE set to 3.
Add stack-clash-protection and strict-flex-arrays set to 3.
This project is designed around NULL checks.
- Make sure the no-delete-null-pointer-checks flag is set to prevent the compiler from removing these security/integrity checks.
Use stack-protector-strong rather than stack-protector for test flags.
- Future versions may enable stack-protector-strong by default for regular compiling.
Kevin Day [Wed, 31 Jan 2024 05:41:52 +0000 (23:41 -0600)]
Bugfix: FSS Basic List and FSS Extended List print comment at the start of the Content.
When the Content exists at the start of the Content, the comment character ('#') is printed when it should not be printed.
This is a bug where the code initializes the newline_last at the range.start.
The code logic then always expects the newline_last to represent an actual new line.
This is not necessarily the case for when newline_last is pointing to the initial range.start position.
Add a check when processing a comment to ensure that the newline_last is in fact a new line.
Kevin Day [Thu, 25 Jan 2024 04:50:30 +0000 (22:50 -0600)]
Bugfix: FSS Extended read fails to handle non-terminated quote as per specification.
This is a follow up to the problems discovered while writing unit tests (from the 0.7 development branch) and referenced in this commit: 70cbbe34121dc5679961df711e70724f13104489.
Given the line:
a " b c d.
The following Content should now be returned:
[0] = "
[1] = b
[2] = c
[3] = d.
This adds a new FSS state flag 'f_fss_state_quote_not_e' to give the caller the ability to manually designate that the quotes are being disabled.
Currently only the FSS Extended utilizes this flag.
Refactor the private function private_fl_fss_basic_read() into private_fl_fss_basic_or_extended_read() to make it more explicitly clear that it provides functionality fo both FSS Basic and FSS Extended.
This changes to the code such that when an unterminated quote is detected then the calling function will set the disable quote flag and then call the function again.
Kevin Day [Wed, 24 Jan 2024 05:53:34 +0000 (23:53 -0600)]
Bugfix: Incorrect stop position is calculated when FSS content ends at the start position on FSS read operations.
When the start position is say, 0, and the determined stop position ends up being 0, then an incorrect stop range is calculated.
This happens because the stop position is subtracting one from the current position.
Add checks to ensure that the stop position is never subtracted beyond the initial start position.
The initial start position is saved at the beginning of each affected FSS read function.
This now potentially returns a start range before the stop range.
The FSS read programs should also need to be updated following this commit to handle these cases.
Kevin Day [Fri, 19 Jan 2024 03:07:32 +0000 (21:07 -0600)]
Cleanup: Invalid environment define "CMOCKA_TEST_ABORT" in testfiles.
This invalid configuration doesn't break anything unless someone uncomments it.
Then, the expected functionality does not happen.
The fix is easy, just add "define " at the start of that line to the right of the comment character.
Kevin Day [Thu, 18 Jan 2024 02:47:23 +0000 (20:47 -0600)]
Bugfix: Functions private_fl_fss_basic_read() and private_fl_fss_basic_write() are missing "const".
The function implementations for private_fl_fss_basic_read() and private_fl_fss_basic_write() are missing the "const" type attribute in some parameters.
The declaration of these has the "const" type attribute as expected.
Kevin Day [Tue, 16 Jan 2024 15:55:47 +0000 (09:55 -0600)]
Refactor: The backtick into the grave, for the specifications.
This is a terminology change in the specifications and the code (both API or ABI) does not need to be changed.
Changing the code would be ideal, but this would break API and likely ABI.
The 0.6 version series will continue to use the word "backtick" in the code itself for this reason.
Kevin Day [Sun, 31 Dec 2023 02:33:33 +0000 (20:33 -0600)]
Update: Explicitly cast UTF conversion to/from to a uint32_t.
If the type is changed or the defines are used with different types, then the shift operators may become problematic.
Prevent this potential problem from happening through explicit casts to uint32_t.
Kevin Day [Sat, 16 Dec 2023 01:37:50 +0000 (19:37 -0600)]
Bugfix: Fix incorrect wording regarding negative times and add some clarification regarding defaults.
The time specification is mistakenly using the word "after" when it should be the word "before" for the example "2022:-5".
I decided that I needed to better clarify what I meant by default and not make it sound so strict.
Add additional language to better communicate that when the year is not specified, it is not specified.
There is no required interpretation and a default is simply a recommendation.
I am going to start trying to establish a habit of using UTC for my timestamps.
My local time zone, the date of the specification is still the 15 of December, 2023.
However, to stick with UTC for records purpose I need to the start doing this now.
There may be occasional inconsistencies for a while until I establish the habit of using UTC.
Kevin Day [Fri, 8 Dec 2023 02:29:47 +0000 (20:29 -0600)]
Update: The fss-000e (Payload) specification should allow for the "payload" Section to be optional.
In cases where packets that are being sent only need to send the "header", then it makes sense to not have a "payload" Section.
This should help reduce network traffic by avoiding the extra "payload:\n" characters when the payload Section is to be ignored.
Kevin Day [Wed, 15 Nov 2023 00:00:37 +0000 (18:00 -0600)]
Update: Specifications for Payload and Simple Packet.
Add "type" as a recommended Object in the header section for the Payload.
Change the size units being used in Simple Packet.
The numbers used in some areas are completely wrong 2^4 is not 32-bits.
Instead use the word "bytes" or "bits" and update the units.
The Payload Block Structure uses "bytes" rather than bits as that is the general focus of that section.
All others use "bits".
Additional changes from previous updates in the 0.7 are added here as well (version 2023/10/04).
Kevin Day [Mon, 28 Aug 2023 02:56:01 +0000 (21:56 -0500)]
Feature: Add -U/--under parameter to Featureless Make.
I discovered that the data build directory customization is incomplete while working on the Kevux Tools TacocaT program.
A new parameter to specify a sub-directory within the data directory, called "under", represented by -U and --under is now added.
This provides the ability to change the "build" part of the "data/build" directory.
This can even be an empty string.
The fakefile documentation and specification is updated because this parameter must now be reserved and exposed to IKI expansion.
I have not yet done a thorough test of this feature and I will hopefully do this before the next release.
I have performed a basic test and I can now compile the TacocaT program easily using this parameter.
Kevin Day [Sun, 27 Aug 2023 21:17:44 +0000 (16:17 -0500)]
Regression: Incorrect dependencies breaking some builds, specifically the stand alone builds.
I'm not sure when this happened but at a some point I cleaned up some of the dependencies but failed to perform the appropraite checks with the stand alone builds.
There are stale files, dependencies, and references that are causing the stand alone builds to fail.
Remove or add the correct dependencies as appropriate.
Kevin Day [Sat, 12 Aug 2023 21:48:26 +0000 (16:48 -0500)]
Cleanup: Remove duplicate headers present in the wrong file.
This is likely a result of an incomplete relocation of these functions to the private file.
They are not needed and removing them neither breaks API nor ABI.