Kevin Day [Sat, 13 Jul 2024 04:28:38 +0000 (23:28 -0500)]
Update: Use copy of flag to avoid possible race conditions with controller_thread_is_enabled().
The thread.enabled is checked multiple times in controller_thread_is_enabled() but this value may have changed.
Make a constant copy and reference that copy so that any changes after the first read will not affect the function results.
Kevin Day [Sat, 13 Jul 2024 03:08:12 +0000 (22:08 -0500)]
Bugfix: Controller parameter type is f_number_unsigned_t and not uint8_t.
The array of codes is an array of f_number_unsigned_t and not uint8_t.
I was probably thinking about the array only needs to be of type uint8_t long, which would be represented by the counter.
I probably then accidentally set the value type to be uint8_t to match that.
Kevin Day [Fri, 12 Jul 2024 03:33:15 +0000 (22:33 -0500)]
Bugfix: Incorrect thread unlock in controller_rule_process().
When the lock is grabbed but a failure occurs an if condition handles that case.
After that block is a second block that then attempts to unlock that same lock.
Given that the lock failed, this lock cannot be in a locked state.
Kevin Day [Thu, 11 Jul 2024 05:21:10 +0000 (00:21 -0500)]
Cleanup: Execute process child id structure.
Make the variable "child" more verbose in its name to make it clear that it is coming from the process.
This makes it more clear why there is a write lock obtained to change this.
Kevin Day [Wed, 10 Jul 2024 02:30:32 +0000 (21:30 -0500)]
Update: Provide fallback should the locks on exit fail to catch and update function using pointer.
The previous commit 49a3d41d1c17734b0a8299b356f1e299386f4a42 removed the forced fallback to avoid potential race conditions.
The reason for having that fallback is to ensure that the exit process is guaranteed and not potentially blocked by a lock.
Provide an alternative that makes several attempts to properly lock on exit.
Only when those extra attempts fails should the failsafe/fallback be used.
Update controller_thread_process_cancel() to have the global data as a pointer.
Kevin Day [Mon, 8 Jul 2024 03:00:09 +0000 (22:00 -0500)]
Bugfix: Controller error printing function has wrong locking.
The locking being used in controller_rule_item_print_error() is based on the special case for when fll_error_print() is used.
The fll_error_print() is not being used so do not use the special case locking.
Kevin Day [Mon, 8 Jul 2024 00:12:48 +0000 (19:12 -0500)]
Security: Remove simulate feature that actually executes a script.
The simulate is setup to actually execute scripts via a fake script execution.
This is not intended to do anything other than to catch problems in the script setup.
I have come to the realization that a malicious actor could setup a custom scripting engine to be executed on simulation.
An oblivious user could then be performing a simulation with the expectation that nothing actually happens while the malicious scripting engine performs some nefarious activity.
Strip out the fake script execution to prevent this behavior.
This is a loss of some functionality but I prefer the safety over this potential bad behavior.
This is not actually needed because a 32-bit long should not overflow with just 1000000000.
The logic I replaced it with was sloppy anyway and left out some cases.
The long representing nanoseconds can store greater than 999999999.
Make sure that is handled before adding to the tv_nsec.
Kevin Day [Sun, 7 Jul 2024 04:35:59 +0000 (23:35 -0500)]
Update: Rewrite timing logic in controller.
Check if both numbers added together are greater than or equal to half a second.
If they are, then an overflow will happen.
Subtract the half seconds instead of handling an overflow.
This does not handle the case where the milliseconds or nanoseconds are greater than one second.
This only handles the cases where they are greater than half a second.
Kevin Day [Sun, 7 Jul 2024 04:33:33 +0000 (23:33 -0500)]
Bugfix: Replace f_signal_mask() with f_thread_signal_mask().
The f_thread_signal_mask() is being used to setup the signals.
If that fails, the unmask process is incorrectly using f_signal_mask() when instead f_thread_signal_mask() should be used.
Kevin Day [Fri, 5 Jul 2024 00:28:00 +0000 (19:28 -0500)]
Bugfix: New line is not being printed because sequence is missing.
The new line parameter is present but the replacement sequence is missing.
This results in the new line not printing.
Add the missing '%r' replacement sequence.
Remove the new line parameter in cases where the new line should not be printed.
Kevin Day [Fri, 14 Jun 2024 02:53:39 +0000 (21:53 -0500)]
Security: Console parameter single short values array is too small.
The short parameters "needs" variable now increases the array size before assignment.
The following command line calls are used to expose the problem and its resolution:
# fss_basic_list_read specifications/fss.txt +Q -cn "Featureless Settings Specifications" | iki_read +Q -w -rrrrrrrr anti-KISS 'anti-<abbr title="Keep It Simple Stupid">KISS</abbr>' ASCII '<abbr title="American Standard Code for Information Interchange">ASCII</abbr>' BOM '<abbr title="Byte Order Mark">BOM</abbr>' FSS '<abbr title="Featureless Settings Specifications">FSS</abbr>' KISS '<abbr title="Keep It Simple Stupid">KISS</abbr>' UTF-8 '<abbr title="Unicode Transformation Format 8-bit">UTF-8</abbr>' URL '<abbr title="Byte Order Mark">URL</abbr>' XML '<abbr title="Extensible Markup Language">XML</abbr>' -WWW character '<code class="code">' "</code>" code '<code class="code">' '</code>' italic '<em class="em">' '</em>'
Kevin Day [Tue, 11 Jun 2024 23:22:10 +0000 (18:22 -0500)]
Bugfix: Enable missing support for grave (backtick) is IKI.
The FSS and IKI standards were previously updated to support grave (backtick).
The FSS read and write functions were updated but I apparently didn't do the IKI.
Kevin Day [Tue, 11 Jun 2024 00:05:21 +0000 (19:05 -0500)]
Bugfix: The fl_directory_create() needs to also handle F_file_found_not.
Creating an entire directory tree is not working as expected when creating non-existent directories that are two levels or greater deep.
For example take "a/b/c", if "a" exists but neither "a/b" nor "a/b/c" then the create fails.
For example take "a/b", if "a exists but not "a/b" then the create succeeds (or appears to because I never noticed the bug before).
The ENOENT (aka: F_file_found_not) is sometimes returned rather than ENOTDIR (aka: F_false) from f_directory_exists().
Process the ENOENT F_file_found_not.
I noticed some problems in the logic of the fl_directory_create() function as well.
The memcpy() needs to start from the same offset as the source copy offset.
Otherwise, the copy is overwriting the string.
Make sure to place the NULL at the "at_path" rather at "at_path - at_tree".
The initial assignment of "tree.used" is not necessary.
Kevin Day [Mon, 10 Jun 2024 02:54:46 +0000 (21:54 -0500)]
Bugfix: Controller simulation is using error output rather than normal output in one case.
The normal output should be used rather than the error output.
The condition upon printing should also be on normal verbosity rather than error verbosity.
Kevin Day [Fri, 7 Jun 2024 05:22:47 +0000 (00:22 -0500)]
Security: Incorrect sizeof() used in process pointers of the Controller program.
The "processs" structure is an array of pointers to Controller processes.
This gets rather confusing in that what the pointers are pointing to must be allocated (and deallocated) as well.
The allocation and de-allocaton process is consistent and doesn't memory leak.
However, both of these are using a sizeof() with a pointer type rather than the raw type for the inner value.
The allocation logic on the outer array is using the raw type when a pointer should be used.
Essentially, I accidentally reversed the allocation logic.
I am amazed that this worked for so long without getting noticed.
Building the Controller program as a stand alone program somehow revealed this bug.
This has the added bonus of allocating less memory.
For example, using a test run without any entry file to execute:
Before this change:
total heap usage: 54 allocs, 54 frees, 46,622 bytes allocated
After this change:
total heap usage: 54 allocs, 54 frees, 26,751 bytes allocated
Kevin Day [Thu, 6 Jun 2024 01:15:40 +0000 (20:15 -0500)]
Feature: Add "Magic Bit" to the FSS-000F (Simple Packet) format.
Make the FSS-000F (Simple Packet) format more generalized and flexible by allowing other payload formats than only formally supporting FSS-000E (Payload).
This adds a new optional "Magic Block" that is designated via the "Magic Bit", which is the third bit from the left.
This should make it easy to store the Simple Packet as a local file.
This should make it easier for routing to optimize processing of the packet by quickly identifying the packet.
The "Control Block" and the "Size Block" have static sizes and positions, which should make it easy to identify the "Magic Block".
The third bit should be checked and then the "Magic Block" should be checked when trying to quickly identify the packet type via the "Magic Block".
Kevin Day [Wed, 5 Jun 2024 00:57:57 +0000 (19:57 -0500)]
Cleanup: Use proper closing context on print.
The closing context now matches the opening context.
The closing contexts are generally the same and so this is not a big deal.
This would only be a problem if the values of contexts where changed in some significant way.
The first/last code was backported in the past to make the scripts more forward-compatible.
I have decided to remove the first/last printing feature after significant testing and review.
The 0.7 development and later no longer has the first/last and so the backported code is no longer needed.
The problem is that in the case where the quote is already within a quoted string then it should not be escaped.
This only applies for the quote that would not be a valid closing quote.
Kevin Day [Thu, 9 May 2024 01:50:50 +0000 (20:50 -0500)]
Security: Potential buffer overflow on 0 length array.
The length_name_item variable can potentially be zero.
The assignment of "name_item[length_name_item] = 0;" will then result in an assignment on a 0 length array.
Kevin Day [Mon, 15 Apr 2024 04:09:09 +0000 (23:09 -0500)]
Update: Add experimental ctags generation and ctags file.
This is used by projects like geany.
Unfortunately, the code is terrible and the documentation is like rotten eggs.
They seem to somehow put hard-coded paths in the ctag files which makes absolute no sense.
Then, the geany project provides completely different ctag files that do not have this path nonsense.
The geany documentation does not relate to their actual ctag files and the ones provided by their example.
The Universal-ctags documentation, while having a lot of words, is misleading, awkward, and doesn't even describe how to get rid of these paths nor how to omit the paths.
Following the parts that does seem to read as if it means removing the path does absolutely not this.
The geany does not even import this file properly, despite the command coming directly from geany's documentation.
Using geany to generate this produces better results but also includes a lot of other junk that is unwanted.
It also includes the file paths.
Having the file paths makes these generated ctag files completely useless as it requires some other person to have the exact same absolute file path structure.
For now, attempt to strip out the absolute path using a sed command.
Kevin Day [Wed, 10 Apr 2024 02:25:38 +0000 (21:25 -0500)]
Cleanup: The OSLv1 license usage, fixing license reference.
The license should read "open-standard-license-1.0-or-later" rather than "open-standard-license-1.0".
The license file itself is already labelled this.
These files simply were not correctly updated.
Kevin Day [Mon, 8 Apr 2024 01:48:48 +0000 (20:48 -0500)]
Update: Add support for disable pthread mutex prioceiling for systems that do not support it.
The pthread mutex prioceiling and pthread mutex attr prioceiling functions are not supported on PostmarketOS for Pinephone.
The PostmarketOS for Pinephone is an A64 Arm system based on the Alpine Linux distribution.
Kevin Day [Fri, 29 Mar 2024 21:41:32 +0000 (16:41 -0500)]
Cleanup: Incorrect example in IKI specification.
The example in the iki.txt specification has several errors.
Of particular note is the first code is incorrectly escaped and the terminating single quote discludes the example block.
The Objects and Contents example results is entirely incorrect.
There is no change to the specification rules itself and I do not technically need to change the version.
However, given how long it has been incorrect I have decided to up the version date to make the correct file easier to identify.
Kevin Day [Fri, 29 Mar 2024 04:10:45 +0000 (23:10 -0500)]
Bugfix: Problematic handling of object files.
The object files are not being compiled correctly when performing a static build.
There may now be multiple object sources files which are now built individually.
The build object sources must be built without source code files.
The logic is relocated into a fake_build_library_static_object() function to build the object files.
These files are then included when static linking.
A new build stage is also added to accommodate this.
Building the objects should not include libraries linked.
Remove the logic that auto-adds the library linkage when building objects.
Break out the "path_sources" Object into multiple sub-parts:
- "path_sources_headers".
- "path_sources_library".
- "path_sources_object".
- "path_sources_program".
- "path_sources_script".
Update the documentation and specification files accordingly.
Add missing version dates to the specifications.
Update the bootstrap.sh script with these changes.
Fix incidental problems discovered in the bootstrap.sh script:
- Remove already compiled warning as it is not needed and is not exhaustive.
- Improve handling of directory detection and simplify the relating code.
- The built setting files are now being properly checked (a regression caused them to not be properly checked).
Kevin Day [Sun, 17 Mar 2024 23:21:34 +0000 (18:21 -0500)]
Update: Add stand alone fss_basic_list_read, fss_basic_list_write, fss_extended_list_read, and fss_extended_list_write.
I took the lazy approach and copied the fss_basic_read and fss_basic_write.
These projects will have most of the same dependencies with only a few changes.
This lazy approach means that I may have included unnecessary data.
Kevin Day [Wed, 13 Mar 2024 02:07:57 +0000 (21:07 -0500)]
Update: FSS-000E specification, adding "salt" and "time" as suggested headers.
I intend to keep the recommended and now suggested headers to a bare minimum.
I have decided that "salt" and "time" should be common enough and important enough to add to this small list.
Kevin Day [Wed, 6 Mar 2024 02:52:16 +0000 (20:52 -0600)]
Bugfix: FSS Extended Write is not properly quoting quotes.
When writing using a quote character that is not the selected quote to use when writing, these other quote character must still be quoted.
Take for example this:
# fss_extended_write -oc "'" '"' -oc '"' "'" -oc ' `' "\` " -oc "'" "'"
"'" "\""
"\"" "'"
"`" "` "
"'" "'"
Quoting the quotes is necessary to ensure that the FSS Extended Read properly works.
Otherwise the [' '] would be read as an Object without Content when instead the code should be ["'" "'"] which would be read as an Object of ' and a Content of '.
Kevin Day [Sun, 3 Mar 2024 23:08:45 +0000 (17:08 -0600)]
Bugfix: FSS Extended Write is improperly associated Content with its respective Object.
The following is an example of the bad behavior:
# fss_extended_write -oc A B -oc C D -oc E F
A B D
C F
E
The expected behavior instead should be:
# fss_extended_write -oc A B -oc C D -oc E F
A B
C D
E F
The problem is that when "-oc" is used for the next set that object and content parameter have the same parameter index position.
The operator for testing for this should therefore be ">=" rather than ">".
Kevin Day [Sun, 3 Mar 2024 23:07:12 +0000 (17:07 -0600)]
Cleanup: Style in FSS Extended Write.
The style changed over time and this code did not get updated.
There are probably more such places but I am not looking for it.
This just happened to be convenient.
Kevin Day [Fri, 1 Mar 2024 05:03:54 +0000 (23:03 -0600)]
Bugfix: If the first character has a width greater than one then F_utf_fragment is incorrectly returned when using quotes.
A F_utf_fragment is incorrectly when writing a string that would use quotes and that first character has a width greater than one.
The code is incrementing the string by 1.
This should instead be incrementing by the character width.
The loop itself should increment by the character width as well.
This bug has been exposed by unit tests from the 0.7 development branch.
Kevin Day [Wed, 28 Feb 2024 02:34:14 +0000 (20:34 -0600)]
Cleanup: The OSLv1 license, fixing grammar and clarifying intent.
This does not change the license other than fixing grammar and making the intent more consistent and clear.
This also adds a day to the license data that represents that last time this license has been modified.
The version number is changed only when there is a functional or substantial change to the license.
I have noticed that in some places individuals decide the "includes" is a restrictive word.
It is not, especially given that it is literally an inclusive word.
This changes the wording from "includes" or "including" to something like "including but not limited to" avoid any of that non-sense.
The proper application of the English language would result in the "but not limited to" being redundant and pointless.
This specific language is added just in case somebody does not understand the English language when it comes to the word "including".
Try to be consistent and use "lawful" instead of "legal" (except in cases where both are mentioned).
Generally, referring to "lawful" here also includes "legal".
The "lawful" is chosen to represent actual law rather than the more questionable "legal" terminology.
The wording of "access to use, implement, etc.." can be misinterpreted such that the "access to" is applied to implement (and etc..) such that it becomes "access to implement".
The actual intent and design is not simply around "access to implement".
Instead, it is around "to implement", period.
Clarify this by splitting out "access to use" into "to access", "to use", etc...
Kevin Day [Sun, 25 Feb 2024 16:27:18 +0000 (10:27 -0600)]
Update: Disable -fstrict-flex-arrays=3 flag because it doesn't work on GCC 11.
I just did tests on GCC 11, which is not too old.
The -fstrict-flex-arrays flag does not work there.
For now, just disable the flag by setting it to the non-existent gcc_13 mode.
The mode can be added to the mode list and enabled if so desired.
I may make version specific modes available in the future (or not) but that will require some planning.
The fakefile should be designed to test the GCC version, but I would rather avoid such logic by design.
Let the distributor or the system administrator handle such decisions.
Kevin Day [Sat, 24 Feb 2024 23:42:26 +0000 (17:42 -0600)]
Update: Make the Open Standard License 1.0 formal.
I don't see any opportunities to get this reviewed and finalized and so I am formalizing it as-is.
I can always improve it if the opportunity arrives and increment the version number.
There are no changes to the license other than remove the "informal" and "draft" parts.
Kevin Day [Sat, 24 Feb 2024 21:10:34 +0000 (15:10 -0600)]
Feature: Add -a/--analyze to test.sh script.
Adding the -a/--analyze parameter to the test.sh script should allow for easier testing with the analyze option.
The idea here is to make it easier to perform these checks and to improve the quality of the releases.
This does not relate to the API or ABI and so adding this feature is not a problem for the 0.6.x stable release series.
The following changes are made:
- TAB_SIZE = 2
- PROJECT_NUMBER = 0.6.9
Setting "JAVADOC_AUTOBRIEF = yes" may be something worth looking into but for now the default of "JAVADOC_AUTOBRIEF = no" is being used.
It is unclear whether or not the "@see" is being processed without looking closes (and given the size of this, I did not do that).
I decided to leave the SEE ALSO sections that are generated, regardless of their state.
I noticed and removed man page documentation comments that somehow ended up in unit test data files.
The program function documentation is also generated and provided now.
This was not done so in the past.
Performing the process of generating and then reviewing the generated man pages exposed a number of problems that I fixed in commits prior to this commit.
Most of the changes are code clean ups but a security concern regarding handling a NULL pointer in a parameter was caught and identified during this process.
The commit referenced above mentioned the doxy2man but never documented the process.
The doxy2man used can be found at https://github.com/gsauthof/doxy2man.git .
The commit hash used for the generation is 5ce113f4d2a3fc6712f8eb8606a6b0899dc6f8d1 (dated Wed Aug 31 09:06:46 2016 +0200).
The doxy2man tool was performed against every XML file generated from doxywizard via a Bash for loop over each XML file.
I may make a copy of this doxy2man tool to help preserve this useful tool.
This is a massive set of changes (almost 1600 man pages) and so my review is rather lax and generalized.
Kevin Day [Sat, 24 Feb 2024 05:35:47 +0000 (23:35 -0600)]
Security: The fl_print_format_convert() is missing the check on the pointer and update the related documentation comments.
The documentation comments have the status return values in the wrong spot.
Relocate them to below the variable.
This caused me to notice that this function is missing the standard NULL check on a pointer parameter.
The 0.7 versions make this parameter optional.
Do the same thing as the 0.7 versions and make this optional.
Kevin Day [Wed, 21 Feb 2024 02:02:38 +0000 (20:02 -0600)]
Update: Back port the ability to explicitly skip a program in the bootstrap example script.
The controller program is not yet migrated to compile under 0.7.x.
This adds the ability to the bootstrap example script to allow for simply skipping packages.
Kevin Day [Sun, 18 Feb 2024 04:11:20 +0000 (22:11 -0600)]
Update: Backport improved return code failure reporting to firewall from 0.7 development.
The return code may be returned as non-zero for error returned by iptables.
This error is now being reported.
This error does not prevent the firewall from continuing.
Kevin Day [Thu, 15 Feb 2024 04:47:49 +0000 (22:47 -0600)]
Bugfix: Firewall length check from range is not calculating 0 correctly.
When the range.start is greater than the range.stop, then the length is 0.
Rather than checking for this, this just subtracts range.start from range.stop then adds 1.
This results in the case of say (0 - 1) + 1, which may not be 0 due to overflow behaviors.
Play it safe and explicitly test for this rather than hoping that the overflow operates ideally.
Kevin Day [Thu, 1 Feb 2024 05:37:12 +0000 (23:37 -0600)]
Update: Add hopefully more secure compiler flags by default.
Use the "-Wl" for specifying the linker flags.
- Make sure "now", "relro", and "nodlopen" are set.
Add FORTIFY_SOURCE set to 3.
Add stack-clash-protection and strict-flex-arrays set to 3.
This project is designed around NULL checks.
- Make sure the no-delete-null-pointer-checks flag is set to prevent the compiler from removing these security/integrity checks.
Use stack-protector-strong rather than stack-protector for test flags.
- Future versions may enable stack-protector-strong by default for regular compiling.
projects / fll / log